we are very happy to tell you that Attack-Secure and Google Donated $200 USD for Children’s Cancer Hospital Egypt to help and support children who have cancer

we found reflected XSS in zagat.com and reported it to google and they awarded us with $100 USD 

Attack-Secure donated with $100 USD

Google Donated with $100 USD

Screenshot of Attack-Secure and Google Payment to Children’s Cancer Hospital Egypt:

NOW, it is your turn to help and support those children who have cancer

 “We can’t help everyone, but everyone can help someone.” Ronald Reagan

Here is the URL to make donations:  http://beta.57357.com/category/donation/

TIP : We Offer 50% DISCOUNT on all course plans with this code ( 57357 ) , this offer ends in 7/5/2013

1. Learn Python …

We have Good News Today.

We got listed in Facebook White Hat page for responsibly disclosed security vulnerabilities

https://www.facebook.com/whitehat/thanks/

look at this picture and you will find ( Attack-Secure.com ) :

We Reported a Critical Vulnerability in Facebook Camera App for Iphone and they awarded us with 3000 USD

You can read more about this vulnerability :

http://techcrunch.com/2012/12/24/security-loophole-in-facebooks-camera-app-allowed-hackers-to-hijack-accounts-over-wifi/

http://www.intego.com/mac-security-blog/facebook-camera-app-updated-to-fix-vulnerability/

We have a Good News Today.

We got listed in SoundCloud White Hat page for responsibly disclosed security vulnerabilities

http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure

look at this picture and you will find my name:

We have reported multiple security vulnerabilities and they sent a T-shirt to Me

Thanks SoundCloud

CODENAME: Samurai Skills Course

Here are the Links:

http://digitalforensicstips.com/2012/10/early-impressions-of-the-attack-secure-com-samurai-skills-course/

http://digitalforensicstips.com/2012/11/samurai-skills-update-2/

http://digitalforensicstips.com/2012/11/samurai-skills-update-3/

http://digitalforensicstips.com/2012/11/samurai-skills-update-4/

http://digitalforensicstips.com/2012/12/samurai-skills-update-5/

And

http://digitalforensicstips.com/2013/01/samurai-skills-update-6-review/

I Hope you will like it.

YES, we can

Finally we got listed in Google Hall of Fame ( Honorable Mention ) for 2012 

http://www.google.com/about/appsecurity/hall-of-fame/distinction/

AND

We got listed in Google Hall of Fame ( Reward Recipients ) for 2012

http://www.google.com/about/appsecurity/hall-of-fame/reward/

Search for : Mohamed Ramadan

We reported multiple security vulnerabilities  in Google websites and services.

I Have Contacted the Security Researcher ( Sow Ching Shiong ) who found the most critical flaw in Facebook , this bug enabled any hacker to change your password without any need to know your current or old password !

yeah just like that , very simple very dangerous

he wrote a post in his blog about the vulnerability 

Facebook Bug #4: Password Reset Vulnerability Found in www.facebook.com

Facebook fixed the vulnerability and rewarded him with just $500 USD !!!

FYI this bug was being sold in black market for $4000 USD according to this blog

http://krebsonsecurity.com/2013/01/facebook-yahoo-fix-valuable-ecurity-hole/

you can see the reply from facebook :

the wired thing that in first they told him it is not a security bug ! and they ignored it !!!

After providing the attack scenarios, POC and clarifications from the dev team, then only they accepted it as a valid bug. !

I think they should reconsider the bounty and raise it to $10000 USD or Higher.

this vulnerability is more dangerous than XSS and CSRF because you don’t need to send ANYTHING to the victim or even make any contact with the Victim all you need is the Victim name .

Tell Us what do you think about this issue ? do you think it is fair ?

UPDATE :

i got more information from the security researcher who found and reported the flaw to Facebook

First: They don’t see it as a valid bug.

Second: They are unsure that the bug is a privacy or security issue.
As such, the bug I reported does not qualify as a part of the bug
bounty program.

Yes, it’s not the most critical vulnerability. There are 3 attack scenarios:

First scenario:
A local attack, where a user has forgotten to lock their desktop or laptop.

Second scenario:
An internal attack, where the user’s session ID could be sniffed
because Facebook does not using HTTPS by default, could allow the
malicious attacker to hijack the session.

Third scenario:
An external attack could have leveraged an XSS or clickjacking flaw to
steal the session ID.

Once the password has been changed, what the attacker can do is:
1) Change the victim’s password for at least 2 times so that the
victim cannot recover his/her password by entering old password to get
back the account.
2) Change all the primary/secondary email address or mobile number to
the attacker one to prevent the victim to get back the account.

Although the victim still can fill up the online form and inform
Facebook that their account has been compromised but it might take
some time for Facebook to review the form. By that time, the victim’s
personal information has been stolen or account can be deactivated.

today is a great day because we got listed in twitter white hats and also we are offering a new discount for you

we have found and reported 2 security vulnerabilities in one of twitter websites ( Hope140.org ):

1-CSRF vulnerability in contact form

2-Apache httpOnly Cookie Disclosure

Here is twitter reply :

twitappsec, Jan 02 06:21 am (PST):

This page should now include CSRF protection. We’d love to hear from you that you verified that the issue is fixed now. Thanks!

Twitter Security Team

and

twitappsec, Jan 02 06:23 am (PST):

Hi. This should be fixed. Please take a moment to verify for us, if you’d like.

Twitter Security Team

https://twitter.com/about/security

look below and you will find this:

and you can get 30 % discount on our course , this offer ends in 15/1/2013

use this code : TWITTER

thanks twitter

Good news today

Facebook Rewarded me with $3,000 USD for reporting a critical vulnerability in Facebook Camera App for IPhone.

You can read the reply from Facebook Security team:

Learn more about this issue :

http://techcrunch.com/2012/12/24/security-loophole-in-facebooks-camera-app-allowed-hackers-to-hijack-accounts-over-wifi/

and

http://www.aitnews.com/latest_it_news/esecurity-news/84680.html

We have a Good News Today.

We got listed in GitHub White Hat page for responsibly disclosed security vulnerabilities

https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities

look at this picture and you will find my details :

We have reported multiple security vulnerabilities.

We reported :

1- CSRF Vulnerability

2- Blank form submission

3- Missing Captcha

4- Other unfixed vulnerabilites

we also got a t-shirt from GitHub

Thanks GitHub !