Jan 08, 2019 AppSec Application Security This Week for January 6 New year, new vulnerabilities. Or old vulnerabilities. How about Open Redirects, the vulnerability no one cares about other than the bad guys. https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-class-no-one-but-attackers-cares-about/ We gotta look back at The Year That Was. https://www.theregister.co.uk/2018/12/27/2018_the_year_in_security/ Someone cracked recaptcha. Again. https://github.com/ecthros/uncaptcha2 Chrome was leaking device info. I got caught by this too. https://threatpost.com/chrome-in-android-leaks-device-fingerprinting-info/140480/ Cool research on a malicious jpeg. https://isc.sans.edu/forums/diary/A+Malicious+JPEG/24490 https://isc.sans.edu/diary/A+Malicious+JPEG%3F+Second+Example/24494 That's the news, folks. Happy new year! Hope to see some of you at CodeMash.