-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
It is a well-known fact that I’m a vocal supporter of Bug Bounty programs. I do believe that running a fair and engaging bug bounty program is a great addition to any software security process. My personal experiences with Bug Bounties go back to the end of 2011 where somebody made me aware of the…
We’re constantly working on adding more security features and hardenings to Nextcloud, after all it’s your data and it has to be protected properly. While the Nextcloud 9 release fixes a critical security issue (we have informed upstream about this but in the meanwhile recommend upgrading as soon as possible) it also adds another new…
I have been a contributor to the ownCloud project since the beginning of 2012. Starting as a volunteer my contributions were small. I joined the IRC channel, helped people out there and only over time I did start working with the code base more deeply. The community aspect has always been my main fascination. Seeing people from…
If you ever have run a Linux-based operating system you are probably aware of the way that software is usually distributed on them: Using a software repository. Repositories are great for numerous reasons. Want to install an application on Debian? Easy. Just execute apt-get install ffmpeg and ffmpeg has been installed. Updating? A quick apt-get update plus apt-get upgrade and all is…
This post tries to prove that vulnerabilities can in fact be very subtle and that even people who master their toolkit and libraries can easily fall for them. It is based upon a vulnerability in ownCloud server fixed in June 2015. cURL is probably known to most readers of this blog. If not: It is a library…
Lukas' Random Thoughts 