Verizon Rebuts Critics of Data-Collecting App

Verizon broke its silence today on what many believed would be a controversial rollout of an app made by Evie Labs called AppFlash, that had been identified by privacy advocates as spyware. The wireless carrier and broadband ISP defended itself Friday saying its critics were flat-out wrong. Veriz...

Pornhub: youporn email notification enable/disable and newsletter

Researcher discovered a CSRF affecting email notification and newsletter opt-in settings. Triaged as an exception, not eligible for bounty/reward...

wordpress plugin Germany-likes-opt-in-facebook cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. The wordpress plugin Germany-likes-opt-in-facebook suffers from an xss vulnerability due to improper filtering of user input,...

Wordpress plugin double-opt-in-for-download has multiple cross-site scripting vulnerabilities

double-opt-in-for-download is a Wordpress plugin that is used to capture the name and email address of visitors by offering a free download to the user's visitors in exchange for their email address with the Double Opt-In plugin! Wordpress plugin double-opt-in-for-download has an xss vulnerabilit...

Service worker meeting notes

On July 28th-29th we met up in the Mozilla offices in Toronto to discuss the core service worker spec. I'll try and cover the headlines here. Before I get stuck in to the meaty bits of the meeting, our intent here is to do what's best for developers and the future of the web, so if you disagree...

Facebook Messenger End-to-End Encryption Not On By Default

Facebook today began a test program rolling out opt-in end-to-end encryption for its Messenger service called Secret Conversations. The end-to-end encryption is based on the Signal protocol developed by Open Whisper Systems, the same protocol that stands up the crypto in the Signal and WhatsApp...

WordPress Plugin Double Opt-In for Download 2.0.9 - SQL Injection

WordPress Plugin Double Opt-In for Download 2.0.9 - SQL Injection Exploit Title: Double Opt-In for Download 2.0.9 Sql Injection Date: 06-06-2016 Software Link: https://wordpress.org/plugins/double-opt-in-for-download/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...

WordPress Plugin Double Opt-In for Download 2.0.9 - SQL Injection

Exploit Title: Double Opt-In for Download 2.0.9 Sql Injection Date: 06-06-2016 Software Link: https://wordpress.org/plugins/double-opt-in-for-download/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...

WordPress Double Opt-In for Download Plugin 2.0.9 - SQL Injection

This WordPress Double Opt-In for Download plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress Double Opt-In For Download 2.0.9 SQL Injection

Exploit Title: Double Opt-In for Download 2.0.9 Sql Injection Date: 06-06-2016 Software Link: https://wordpress.org/plugins/double-opt-in-for-download/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...

Facebook Messenger App — Choose either End-to-End Encryption or Artificial Intelligence

Facebook is set to introduce end-to-end encryption for its Messenger app, allowing more than its 900 Million users to send and receive messages that can not be read or intercepted by law enforcement or even the social network itself. However, it’s not the kind of end-to-end encrypted chat feature...

WordPress Double-Opt-in-for-Download插件SQL注入漏洞

No description provided by source...

HTTPS Available as Opt-In for Blogspot

Google said on Wednesday it has made HTTPS available as an opt-in for its Blogspot publishing service. Google and other technology providers have been ramping up encryption rollouts in the two years since the publication of the Snowden documents began. To date, Google has encrypted Gmail, search,...

WordPress G-Lock Double Opt-in Manager Plugin - Multiple Vulnerabilities

This plugin is prone to security bypass vulnerabilities. Solution Update the plugin...

EFF Raises Questions on Privacy Leaks in Ubuntu

The EFF is warning users of Ubuntu’s latest release that the open-source operating system sends their search queries to third parties, including Amazon, by default, and that some of their search results may be viewable by other users on the same network. The privacy leaks are present in Ubuntu...

FTC Finalizes Facebook Settlement over Privacy

The U.S. Federal Trade Commission today announced it had finalized its settlement with Facebook, which is now subject to biennial privacy audits for the next 20 years and requires its nearly 1 billion users opt in to any future privacy policy changes. The settlement announcement follows news that...

WordPress Plugin G-Lock Double Opt-in Manager - SQL Injection

source: https://www.securityfocus.com/bid/54767/info G-Lock Double Opt-in Manager plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromi...

WordPress G-Lock Double Opt-in Manager 2.6.2 SQL Injection

============================================================================ WordPress G-Lock Double Opt-in Manager Plugin SQL Injection version the admin-ajax will run the ajaxbackend eventually, and then all subscribers will be deleted, even though u r only a subscriber user!!!...

Mozilla Weighing Opt-In Requirement for Web Plugins

Mozilla is developing a feature in Firefox that would require some user interaction in order for Flash ads, Java scripts and other content that uses plugins to play. In addition to easing system slowdowns, the opt-in for Web plugins is expected to reduce threats posed by exploiting security...

Path Reverses Course After Revelation That App Uploads User Contacts

After a researcher discovered that any person who decides to download the Path app onto their mobile device is unknowingly sending their address book to a server belonging to the social network and photo-sharing service without prior notification, the company has released a new version of the app...