About Reaction Information Security
Reaction Information Security Ltd is an independent information security consultancy specialising in web application and network penetration tests.
Reviews
Advisories: Safend DPA stores private key data in a log file and could allow privilege escalation. http://ow.ly/fTTfD Fix scheduled
Disassembling Facebook scams... this is the second fb worm article by @troyhunt http://ow.ly/fTTVM
New advisories: Forescout NAC devices XSS, XSR and filter bypass http://ow.ly/fTSSa CVE-2012-4985 CVE-2012-4983 CVE-2012-4982
An older but nevertheless great article on hacking Java RMI, and why its important to guard your invokers http://ow.ly/fRXpa
Advisory: RealPlayer 15 buffer overflow - can result in code execution. No solution at this time. http://ow.ly/eSiph CVE-2012-4987
... Layton Tech reccommend migrating from HelpBox to their newer ServiceDesk product http://ow.ly/eShI9
Advisories: 7 new advisories for Layton Tech Helpbox including SQLi and auth bypass. http://ow.ly/eShwS
Maintaining reputation after an attack http://ow.ly/eH6U7 (article by @EllyZDNetAsia)
We are a CHECK 'Green Light' company, authorised to conduct health checks on protectively marked HMG systems http://ow.ly/exJd1
With the rise of iOS and Android in enterprise and BYOD policies, we're seeing a lot more mobile inf and app pentests recently
RT @RaghavKhunger: http://t.co/0JCMevw4 <- another great HTTP headers article we've referenced loads (by @4GuysFromRolla)
Verbose HTTP headers can make an attacker's life easier. @troyhunt's post probably explains this best http://ow.ly/exzch
We find that well-managed and fully commented firewalls tend to be the most secure! Good management = fewer extraneous rules
HTML5 is one of our favourite things, but be wary of what you put in localStorage #xss #cleartext http://ow.ly/eokim
More mobile apps are being used in the enterprise, and security can be tricky. Consider an iOS/Android app pentest for your company
Advisory: XnView heap overflow via malicious .jls files http://ow.ly/eohRC CVE-2012-4988
...other ConfigFree vulns include these two buffer overflows http://ow.ly/dZZyj (CVE-2012-4980) and http://ow.ly/dZZB8 (CVE-2012-4980)
If your Toshiba came with ConfigFree, consider removing it and certainly don't open .cf7 files! 3 vulns inc http://ow.ly/dZZeG CVE-2012-4981