The Swiss Cantons have offered online voting
to members of their electorate since 2004. Meanwhile, more than 200 binding
trials at Federal votes and elections have taken place in 15 cantons over the years.
In order to expand online voting to a broader
public, the Federal regulation obliges the Cantons to meet an additional set of
requirements. These include the system feature of full verifiability,
performing numerous audits and publishing the software components’ source code.
Continue reading Public Intrusion Test of Swiss Post’s E-Voting System
I regularly search for vulnerabilities on big services that allow it and have a Bug Bounty program. Here is a second paper which covers two vulnerabilities I discovered on Magento, a big ecommerce CMS that’s now part of Adobe Experience Cloud. These vulnerabilities have been responsibly disclosed to Magento team, and patched for Magento 2.3.0, 2.2.7 and 2.1.16.
Continue reading Magento – RCE & Local File Read with low privilege admin rights
Following last week-end’s Insomni’hack teaser and popular demand, here is a detailed write-up for my winhttpd challenge, that implemented a custom multi-threaded httpd and was running on the latest version of Windows 10:
Continue reading winhttpd writeup: private heaps pwning on Windows