Meltdown and Spectre

With the recent disclosure of the hardware bugs Meltdown and Spectre, the infosec world has been thrown into a bit of chaos. The bottom line is “It’s a very serious bug in the CPU itself; your computer is most probably affected, but the major operating...

How Basic Data Structures are Leaky Abstractions

This blog post is based on a set of challenges presented at SecTalks Canberra. You can have a go at solving the challenges here – this post will have some spoilers.  Here’s a trick question: if I have a negative number, and I multiply it by negative one,...

Security Testing Buyer’s Guide

Introduction Ionize has a long history of providing security services to a wide range of clients, be it government, academic, or commercial sectors. In our experience, there is a large amount of confusion as to what style of security assessment will achieve the goals...

Stealing Amazon EC2 Keys via an XSS Vulnerability

On a recent engagement, our testers were faced with a single page web application which was used to generate PDF documents.  This web application contained a multi-step form that ultimately let the user download a PDF document containing the details they had entered....