About Opaque Opaque is a JavaScript package to allow secure password-based, client-server authentication without the server ever obtaining knowledge of the password.  Audit Description Through OTF’s Red Team Lab, 7ASecurity conducted a penetration test and whitebox security review of Opaque. A whitebox review is a form of application testing that provides the tester with complete knowledge of the application …

About Disguiser   Disguiser is a novel framework that enables end-to-end measurement for accurately and comprehensively investigating global internet censorship practices. It’s challenging to conduct large-scale internet censorship measurement, as it involves triggering censors through artificial requests and identifying abnormalities from corresponding responses. Due to the lack of “ground truth” on the expected responses from legitimate services, …

7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …

This blog post summarizes a whitebox security review conducted by 7ASecurity against the ArgoVPN platform. What is ArgoVPN? ArgoVPN is a free VPN with an unlimited bandwidth that is developed for Android devices. It allows users to visit blocked websites, online services, social media and messaging apps. The developers designed ArgoVPN to meet the needs …

7ASecurity had the privilege to collaborate with the Open Source Technology Improvement Fund (OSTIF), as well as the K-9 Mail and Thunderbird teams at Mozilla, in a recent security audit of the Mozilla K-9 Mail application. What is K-9 Mail? K-9 Mail is an open source email application that runs on most Android devices. Ideally, the application is reliable, intuitive and secure …

In case you missed it, I put together a blog post last week on the OWASP AppSec EU Security Conference in Trinity College, Dublin, Ireland with slides, pictures and experience Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “I would recommend to store at least half a …

Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Cloud Security Crytography Privacy Security FAIL General Outrageous Funny / Hilarious Hacking Incidents / Cybercrime   Document claims LulzSec has obtained 2011 UK Census records  [www.v3.co.uk] Infamous hacking group LulzSec is claiming to have obtained the entire …

Smile! it’s Friday! 🙂   In case you missed it I put together a blog post last week regarding my personal experience on the CISSP certification process, etc: CISSP exam, materials, preparation and experience   Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “A pen test should …

Category Index Hacking Incidents / Cybercrime Unpatched vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Forensics / Reverse Engineering Cryptography Wireless Security Mobile Security Cloud Security Privacy / Censorship Security FAIL Off Topic Funny Hacking Incidents / Cybercrime   Incident Analysis: Million Dollars Lost In A Minute  [carnal0wnage.attackresearch.com] Dudes, I and two …

Thanks to Tadek and Shaun for contributing to this security bulletin NOTE: I am still trying to catch up, some news items are a bit dated but worth mentioning, I tried to put newer items at the top of each section so that if you see something dated you already saw you can skip the …