[FD] Multiple vulnerabilities discovered in Qualys Cloud Agent

/vuln/detail/CVE-2022-29550 Read more: https://www.unqork.com/resources/unqork-and-qualys-partner-to-resolve-zero-day-vulnerabilities https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux Daniel Wood Head of Product Security, Unqork -- **This e-mail, and any

Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP

Can't you just run the app in an Android emulator and shark it? Sent from my iPhone > On Apr 30, 2017, at 06:02, secli...@email.tg wrote: > > I have a further update on the issue. After uninstalling the 360 security > android app, I found after repeated checks of Network Info on my phone via

Re: [FD] Google Chrome Address Spoofing (Request For Comment)

Yes this is a pretty good find. I can also confirm it works on iOS 8.3 (12F69) with Safari. DW Sent from my iPad On Jul 2, 2015, at 9:33 AM, Mustafa Al-Bassam m...@musalbas.com wrote: That's pretty neat. Played around with this and made a few discoveries. 1. It shows a valid certificate

Re: [FD] Regarding how can I request a CVE number?

Unfortunately, this has been happening to many people within the last year. My suggestion is to assign your own numbering schema to them and post the details. If they gain momentum then you may get one assigned anyway if it's serious enough. Sent from my iPhone On Mar 18, 2015, at 6:32 AM,

Re: [FD] Responsible disclosure: terms and conditions

Should also point out that getting EO insurance is a good idea. Daniel On Jun 8, 2014, at 1:34 PM, Dave Warren da...@hireahit.com wrote: On 2014-06-08 04:03, Paul Vixie wrote: this is concerning, for two reasons. first, for enforceability, a contract requires exchange of consideration.

Re: [FD] Responsible disclosure: terms and conditions

Keep in mind you can always be sued. No matter what 'legal' document you may have. I'm the third down on that attrition list. This brings to mind this recent blog from John Strand:

Re: [FD] So You Like Pain and Vulnerability Management? New Article.

Pedro, I think you misinterpreted the article. I can see how his writing style can be confusing with all the joking and contradictions throughout. I had to reread it twice to make sure I was taking away what was intended Just to be clear though, I agree and don't think it really adds value

Re: [FD] Legality of Open Source Tools

Toni, The English version has this information in Chapter 38, I didn't find it in a Chapter 34. The key to all this is the language of intent, using verbiage such as aggravated, unlawful, and to cause detriment. This is the same as the United States and many other countries; if you don't