Written by isecguy25 April 201614 August 2021

Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]

Back in January, I discovered a serious flaw in the .as (American Samoa) domain registry (nic.as). The vulnerability allowed anyone to view the entire domain information for any .as domain – including the plain-text passwords of domain owners, administrative and technical contacts! Even more alarmingly, it was also possible to submit registry changes to details […]

Written by isecguy19 April 20167 August 2021

Webmasters: Your Content Security Policy could break PCI DSS compliance & leak sensitive data

A Content Security Policy (or CSP) is a set of rules which website owners can implement to approve origins of content that web browsers should or should not be allowed to load on their websites. For example, a CSP can be used to prevent a website from loading resources such as images, frames, or scripts […]

InfoSec Guy

UK-based software developer & award-winning security blogger, blogging about all things #InfoSec, #AppSec & #CyberSecurity related and striving towards a safer internet for all!

Month: April 2016

Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]

Webmasters: Your Content Security Policy could break PCI DSS compliance & leak sensitive data