Google helpdesk hacking-Nov 02, 2017
A few weeks ago we brought to your attention Ticket Trick Help Desk Hacking and explained the wide variety of systems which could be susceptable to this attack. Further information on the use of this attack vector to infiltrate Google’s help desk application, Buganizer, is available via the medium article.
Defeating Google's audio reCaptcha with 85% accuracy-Nov 01, 2017
The internet is a weird and wonderful place where two or more parties share a communication link to communicate with each other. For services that assume a human will interact them there is significant scope for abuse of that service by programs designed to take advantage of that service. Computationally it is very cheap to send data over the internet and any function which performs a function on the data received, unless returning a static zero length message, will incur more costs than the sender.
We discuss ways that bot writers can use tools to enable the defeat of reCaptcha to wreak havok
How to perform CSV injection attacks-Oct 08, 2017
As developers of business applications it is very common to create services that produce CSV files. CSV files comprise of tabular data on each row that is delimited by commas. Services for this format are simple to write and blazingly fast. Unfortunatly, partly because how quickly they can be produced, a lot of garbage can make its way into csv files. The fast majority of users will open csv files in the behometh, and much loved, Microsoft Excel. Excel is complete beast and will happily do many things with our csv file.
Ticket trick helpdesk hacking-Sep 21, 2017
A recent public announcement by Inti De Ceukelaire (@securinti) shed some light on an exploit that he has been able to use on multiple websites. He has named this exploit “Ticket trick helpdesk hacking”.