46 Articles 0 Followers
5 Feb 2020 2 minute read 0 comments Roberto D.
With an article published a few hours ago Kraken Security Labs illustrated a security flaw that concerns one of the hardware wallets for cryptocurrencies hitherto considered among the safest; in a long post, published on its website, it is illustrate...
29 Jan 2020 1 minute read 4 comments Matthew Rosenquist
New CPU Vulnerabilities Discovered RIDL/ZombieLoad and L1DES/CacheOut are just the latest variants of vulnerabilities discovered in Intel CPU’s that target Micro-architectural Data Sampling (MDS) weaknesses. Discovered over 7 months ago, researchers...
19 Jan 2020 4 minute read 4 comments art_of_bug
Welcome again. This is probably the last time we write about Neblio. We could create new and new reports because its code is incredibly buggy, but it makes no sense given the attitude of the Neblio development team. So, just to prove the point, here...
26 Dec 2019 8 minute read 0 comments art_of_bug
Welcome to the next episode. In September we have published NavCoin – Bypassing Header Spam Protection, which was a denial of service attack against the header spam filter in NavCoin. As far as we know, this issue has not been fixed in NavCoin yet. A...
27 Nov 2019 7 minute read 3 comments art_of_bug
Welcome back. Today we are back to Syscoin. Previously we have published two submissions to the bounty related to the implementation of the Sysethereum bridge. Today we present another vulnerability that we found later in the Sysethereum bridge impl...
31 Oct 2019 5 minute read 1 comment art_of_bug
Welcome back. Last time we explained how Neblio's attempt to fix the DoS vulnerability we reported many months ago did not actually work and that it only addressed our specific exploit implementation. We explained how to perform this attack against t...
14 Oct 2019 1 minute read 0 comments Matthew Rosenquist
I am really glad the crypto community has taken advantage of professional Bug Bounty programs, as they make a meaningful difference in finding vulnerabilities in software. It took the regular software industry decades to see the value. There is an...
13 Oct 2019 4 minute read 0 comments art_of_bug
Welcome. Remember our very first post? Recall that we didn't like the way Neblio team (not)communicated. We published a vulnerability in their code and waited for the reaction. At first it seemed like they acknowledged the problem with poor communic...
29 Sep 2019 7 minute read 0 comments art_of_bug
Welcome back. Today we open Qtum. We started to participate in Qtum's bug bounty program many months ago and we already submitted several findings there, all of which have been accepted. Today we present one of the vulnerabilities that have been fixe...
14 Sep 2019 6 minute read 5 comments art_of_bug
Welcome back. Today we will talk about NavCoin. We start with a little rant as we sometimes do when we feel things could have gone better. Then we disclose an unpatched vulnerability in NavCoin Core which was caused by copying and pasting the code fr...
