Recent Posts

NotPetya does not make sense, except it does

5 minute read   -   July 12, 2017

NotPetya, a rapidly spreading malware that wipes the infected computer systems, made it to the news big time in 27th June. Now as the dust has settled down, ...

OWASP Top 10 2017 draft released

3 minute read   -   April 26, 2017

OWASP published a draft of Top 10 Application Security Risks 2017. It has already caused a lot of controversy among web security folks. So here is my viewpoi...

HTTP/2 Security Implications

7 minute read   -   July 28, 2016

HTTP/2 is a major revision of HTTP protocol. RFC of HTTP/2 was published in May 2015. Currently most client-server communications is done via HTTP/1.1. In pr...

Understanding TLS

7 minute read   -   May 05, 2016

This is an article I’ve meant to write for last two years. Getting TLS right seems to be a major challenge for many admins. And I do not mean only some rando...

Rowhammer.js - memory corruption via JavaScript

2 minute read   -   July 31, 2015

Recently I stumbled into an interesting paper. This paper introduces a bug / vulnerability called “Rowhammer.js”. In short: Rowhammer.js enables hardware-lev...