High Severity

Bitcoin is a well-established virtual currency. Its popularity was largely fueled by a surprisingly strong display of growth in 2013, when the value of a single Bitcoin shot up from around $13 to...

https://www.highseverity.com/2016/05/forget-bitcoin-zimbabwean-dollars-is.html

Most web application security testers will agree that after several years of experience you start to develop an incredible "sixth sense" which allows you to estimate how secure (or insecure!) a ...

https://www.highseverity.com/2014/01/net-price-direct-exposing-my-personal.html

Google Reader is officially shutting down on 1 July 2013. Not everyone has jumped ship yet, so I wouldn't be surprised to see a lot of people suddenly looking for new ways to read their RSS feed...

https://www.highseverity.com/2013/06/rssreader-remote-code-execution.html

Exactly two years ago, I wrote about mastercard.com being taken down by a distributed denial of service (DDoS) attack. One of the interesting things about this attack at the time was that the at...

https://www.highseverity.com/2012/12/how-do-you-measure-success-of-ddos_8.html

Valve has fixed a man-in-the-middle vulnerability in the Windows Steam client, which would have allowed a correctly-positioned attacker to divert and decrypt HTTPS traffic without the victim's...

https://www.highseverity.com/2012/03/valve-fixes-https-vulnerability-in.html

Siemens Meter Services , a division of Siemens plc, claims to be the UK's leading independent expert provider of metering services. They are accredited with CORGI and Ofgem to provide gas meter ...

https://www.highseverity.com/2012/01/dodgy-doorstep-security-advice-from.html

This post highlights how even a small modification to a graphical user interface can be responsible for causing unintended security problems. When Ubuntu's remote desktop service (Vino) first ...

https://www.highseverity.com/2011/11/accidentally-opening-doors-on-ubuntu.html

It's always nice to see a manager or developer fully understand the severity of cross-site scripting (XSS). Displaying user-supplied input without sufficient encoding can have a serious impact o...

https://www.highseverity.com/2011/06/xss-in-confined-spaces.html

Here's a nice video demonstraction of how clickjacking can be used to exploit what would otherwise be an UNexploitable cross-site scripting vulnerability: For further details on the mechanics...

https://www.highseverity.com/2011/03/exploiting-xss-with-clickjacking.html

The London Stock Exchange website exposed some visitors to drive-by malware attacks today. Merely viewing the homepage at WWW.LONDONSTOCKEXCHANGE.COM (without clicking on anything) caused my Win...

https://www.highseverity.com/2011/02/london-stock-exchange-hit-by-malware.html

The Internation Space Station passed overhead at 18:36 this evening, with the space shuttle Discovery closing in and preparing to dock. Having never seen the ISS before, I thought I'd try and ge...

https://www.highseverity.com/2011/02/discovery-docking-with-international.html

Nearly everyone involved in security testing or website design has undoubtedly used the domains EXAMPLE.COM and EXAMPLE.NET to demonstrate something or other. These are special domain names, res...

https://www.highseverity.com/2011/01/examplecom-has-changed.html

When Quora went live a few weeks ago, I was one of many who rushed in to sign up for an account and see what all the excitement was about. It describes itself as "a continually improving collec...

https://www.highseverity.com/2011/01/quora-login-exposes-names-and-photos.html

I previously blogged about T-Mobile's silly fair use policy , but at least they make it clear what the data limit is. Tesco Mobile, on the other hand, seem to be intent on HIDING their fair use ...

https://www.highseverity.com/2011/01/tesco-mobiles-hidden-fair-use-policy.html

Gosh, I had no idea it was this easy to launch a distributed denial of service attack. I particularly like the bit where the hacker demonstrates the effectiveness of this method by carrying out ...

https://www.highseverity.com/2011/01/ddos-tutorial.html

UK mobile network operator T-Mobile is changing its Mobile Internet fair use policy to have a significantly reduced fair use limit of only 500Mb per month. Despite this change, T-Mobile are no...

https://www.highseverity.com/2011/01/t-mobiles-fair-use-policy-is.html

In the midst of the WikiLeaks hosting saga , it was only natural that I should start following WikiLeaks on Twitter . I remember saying at the time, "I'm probably on some government list now." ...

https://www.highseverity.com/2011/01/wikileaks-twitter-paranoia.html

Last month, Netcraft saw WikiLeaks.org being ousted from the United States. A loose-knit group named Anonymous then began launching distributed denial of service (DDoS) attacks against organisa...

https://www.highseverity.com/2011/01/interview-with-anonymous.html

Online security is something I have always been interested in. I've been doing security consultancy and web application security testing for several years at Netcraft , helping major banks and f...

https://www.highseverity.com/2011/01/welcome-to-high-severity.html