Skip to main content

Posts

Showing posts with the label security

Vodafone India privacy problem: exposes phone numbers

Vodafone India is exposing website surfer/user's phone number to the partner website when using mobile data plan. It might be offering hidden API to those partner websites to uniquely identify users. I have noticed it around 1-year before, thought about blogging, but forgot it at that time. Now, I have got some time and so thought of explaining the issue. How I noticed the issue? Sometime ago, I've bought SanDisk microSD card. In the wrapper, they've mentioned about some offer about hungama (Still available in SanDisk website at www.sandisk.in/campaign/landing/hungama/offer_three). The URL mentioned was offers.hungama.com/sandisk3/ and when I opened that in my mobile browser, it was prompting with Welcome, 91-98XXXXXXXX . Phone number leaked by Vodafone India I was shocked as I never seen anything like that before. So, I immediately opened the same URL in my desktop browser and got completely different page: Desktop version of the same page And, aga...
1 comment
Read more

CakePHP security issue - even in thechaw.com (written by core dev)

CakePHP security issue Recently I have stumbled upon thechaw.com --written by CakePHP core dev and developed in CakePHP. I just wanted to check if they have fixed the old security issue in CakePHP and found that the issue is still open. Proof of concept CakePHP memory error In another time, found a famous memory error even in bakery.cakephp.org Bottom line CakePHP is open source and so you can fix these issues by yourself
Post a Comment
Read more