The High Orbit Ion Cannon (HOIC) is an open source network stress testing application available on Sourceforge.net. It is most often used by hacktivists as an attack tool for denial of service (DoS) and distributed denial of service (DDoS) attacks. It is the successor of…
Author Archives Tomasz Andrzej Nidecki
THE AUTHOR
Tomasz Andrzej Nidecki
Principal Cybersecurity Writer
Principal Cybersecurity Writer
DoH: Mozilla, Cloudflare, and Google vs. the World
Three Internet giants: Mozilla, Google, and Cloudflare, are taking steps towards securing the DNS protocol for browser users. However, the DoH (DNS over HTTPS) standard will make it difficult to supervise the domains that users connect to. This causes increasing controversies, especially in the United…
Clickjacking – What Is It and How To Defend Yourself
In a clickjacking attack, the user is tricked into interacting with a UI element that they do not see. The attacker designs a malicious page with carefully positioned visual elements. The user is lured into clicking on these elements but, in reality, unknowingly clicks on…
Billions of IoT User Records Leaked via an Unprotected Database
ORVIBO, a Chinese manufacturer of smart home devices, left an unprotected Elasticsearch database accessible online through a web interface with no authentication. The database contained more than 2 billion user records representing more than a million users of ORVIBO smart home devices worldwide. The database…
Insecure Default Password Hashing in CMSs
Christoforos Ntantogian, Stefanos Malliaros, and Christos Xenakis from the Department of Digital Systems in the University of Piraeus (Greece) conducted research on password hashing in open-source web platforms including the most popular content management systems (CMS) and web application frameworks. The results published in their…
What Is OS Command Injection
OS command injection (operating system command injection or simply command injection) is a type of an injection vulnerability. The payload injected by the attacker is executed as operating system commands. OS command injection attacks are possible only if the web application code includes operating system…
Test Your XSS Skills Using Vulnerable Sites
Finding and proving application security vulnerabilities requires a lot of skill. However, many of them are easy to exploit. If you want to write better code, you should know how others may prey on your mistakes. We compiled a Top-10 list of web applications that…
What Is a Buffer Overflow
A buffer overflow vulnerability occurs when you give a program too much data. The excess data corrupts nearby space in memory and may alter other data. As a result, the program might report an error or behave differently. Such vulnerabilities are also called buffer overrun….
Authentication Bypass in WP Live Chat
WP Live Chat for WordPress is a very popular plugin used by many companies to provide online support. Currently, it has more than 50000 active installations. Very recently, researchers from Alert Logic found an authentication bypass vulnerability in this plugin. This vulnerability may be used…