PaloAlto Captive Portal XSS Attack

Posted on by David Vassallo

PaloAlto has issued a patch for a XSS attack on the captive portal that I disclosed a few months back. The official advisory can be found here: https://securityadvisories.paloaltonetworks.com/Home/Detail/66 (Detail taken from https://securityadvisories.paloaltonetworks.com/) The attack has been given a CVSS score of 6.1: (Screenshot taken from IBM X-Force: https://exchange.xforce.ibmcloud.com/vulnerabilities/118524) Below follows the original report submitted to PaloAlto … Continue reading PaloAlto Captive Portal XSS Attack

Signing GMail Messages with the Estonian eID PKI Card (Part 2)

Posted on by David Vassallo

In a previous blog post we explored how to sign messages using the Estonian eID card. In this video, we demonstrate how a receiver who got a signed email message would be able to verify that the email really did come from the advertised sender. https://youtu.be/Nx-jRPIAyEM I have uploaded the revised code to github, please … Continue reading Signing GMail Messages with the Estonian eID PKI Card (Part 2)