Archive for Security

Coinbase Bug Bounty Award

Coinbase is one of the best Bitcoin related sites/services. They’re certainly the easiest way to buy or sell Bitcoin if you have a U.S. bank account. When I saw their Bug Bounty program where they offer $1,000 USD worth of Bitcoin if you find a security vulnerability, it improved my trust in their security, but of course also made me want to look for security bugs…

Read the rest of this entry »

Stripe CTF 2.0 – Web Security

I did Stripe’s Capture the Flag 2.0 this year, “a security contest where you can try your hand at discovering and exploiting vulnerabilities in mock web applications”.

It was a lot of fun. Some of the levels were quite challenging and I had to figure out how to actually implement an exploit vulnerability that I’d only read about in passing before. Each level makes you both a) figure out what the vulnerability is, and b) actually exploit it. One thing that the Stripe guys did a nice job at was spreading out the challenges between PHP, browser JavaScript, node.js, Python, and Ruby, so that developers from any one language wouldn’t have an advantage.
Read the rest of this entry »

Yahoo! Time Capsule / Cali Fun / OpenDNS

I just got back from another trip to the Bay Area in California, where Yahoo! generously flew me out to be a part of their Time Capsule Camp event…
Read the rest of this entry »

Update on Google Calendar

As a follow-up to my post noting some issues I’ve found with Google Calendar – namely what seemed to be a security hole, I was extremely pleased to see an email from Google on the matter:

Read the rest of this entry »

Issues with Google Calendar

Update: Google responds.

Google has been doing a great job innovating lately through the integration of their products (Docs and Spreadsheets, Calendar and Gmail, etc). This integration, however, has not come without security issues arising. TechCrunch has covered several of them – but I believe I have found another… Read the rest of this entry »