Ionize and Cogito Group Strategic Partnership

Ionize and Cogito Group today announced a strategic partnership that will enable both companies to significantly strengthen the breadth and depth of their cyber security capabilities. Ionize and Cogito Group are both successful Australian cyber security companies with...

Meltdown and Spectre

With the recent disclosure of the hardware bugs Meltdown and Spectre, the infosec world has been thrown into a bit of chaos. The bottom line is “It’s a very serious bug in the CPU itself; your computer is most probably affected, but the major operating...

How Basic Data Structures are Leaky Abstractions

This blog post is based on a set of challenges presented at SecTalks Canberra. You can have a go at solving the challenges here – this post will have some spoilers.  Here’s a trick question: if I have a negative number, and I multiply it by negative one,...

Security Testing Buyer’s Guide

Introduction Ionize has a long history of providing security services to a wide range of clients, be it government, academic, or commercial sectors. In our experience, there is a large amount of confusion as to what style of security assessment will achieve the goals...

Stealing Amazon EC2 Keys via an XSS Vulnerability

On a recent engagement, our testers were faced with a single page web application which was used to generate PDF documents.  This web application contained a multi-step form that ultimately let the user download a PDF document containing the details they had entered....