Since I’m personally affected by the Citybee “hack” (it’s actually not even a hack, read on to find out why), I decided to put some info together in this post to make sense of it. I will try to update it as soon as I get more info myself. The information is not authoritative, but I will do my best to at least add arguments and source of information. Situation Evening 2021.02.15, Facebook groups started alerting about the leaked Citybee database (a database dump was…Continue Reading “Citybee hacked, database leaked.”

Most endeavors people undertake are subject to the 80/20 principle, sometimes referred to as “the vital few and the trivial many”. Web application security may be said to also be subject to it – most of the attacks can be dodged by hiding the error messages and infrastructure information, getting the auth and session management right, following secure development practice cheat-sheets that abound on the internet – the vital few. Having a Web Application Firewall (WAF) in front of your backend web server and a…Continue Reading “On: DOM based XSS injection. The workings and the protection”