I want to update my blog with this new post:
– I learned good things from BlackHat 2010 although I was not there! JavaSnoop is a great tool by the way. Although there are some minor bugs, this tool is solving many of my problems!
– Some software are immune against my reports like Fortify! I’m not sure if it’s a good thing for them however! This is not my policy!
– Burpsuite Pro is great and I’m waiting for the new version after fixing my issues (current version is 1.3.07).
– A dangerous CSRF vulnerability in Secunia Community has been fixed – in which attacker could change a user’s email address and then use forgot password feature to reset his/her password – immediately after my report.
More info: http://secunia.com/community/forum/thread/show/4856/notification_of_fixed_csrf_issue
– CodeProject.com wants to fix a vulnerability that I’ve reported 1 month ago.
– I’ve reported a Microsoft .Net security vulnerability to them and I’ve just received their first “thank you” email. Now, I’m waiting to see what would happen.
– I reported a dangerous CSRF vulnerability in BlogFa.com to them several months ago. Although they’ve fixed that issue, they did not give me any credit! Should I report their flaws in future? I’m not so sure!
– I want to release a powerful tool for Steganography in text soon! This is my MSc. project that I’ve changed it a bit.