paytm & spear phishing

Before you deep dive in the technical information, I wish to confirm that this vulnerability has been FIXED. Thanks to PAYTM for taking a quick action. Looking forward for such quick response on security concerns. Kudos! Don’t get this wrong. I wish to share a vulnerability that can be leveraged by attackers to perform/ initiate a spear phishing attack. The website in discussion is paytm.com. There is an information disclosure vulnerability in the...

Dear bank, don’t phish me!

With so many vulnerabilities floating all around us, this is one of its type. This vulnerability has no impact on the user information, bank servers, data but still can be leveraged to perform tricks on the end-users. What if I ‘use’ this vulnerability (design-flaw) to phish end-users? Will they trust it? I think yes they will, as it is arriving from legit website so you have full rights to trust the relationship and messages it...

LinkedIn Vulnerability

LinkedIn is a business-oriented social networking site. Founded in December 2002 and launched in May 2003, it is mainly used for professional networking. As of 22 March 2011, LinkedIn reports more than 100 million registered users, spanning more than 200 countries and territories worldwide. There exists multiple vulnerabilities in LinkedIn in which it handles the cookies and transmits them over SSL. This vulnerability if exploited, can result in hijacking of user accounts, and/or modifying...