Soft Token Cloning Attacks and Mitigations

Two-factor authentication (2FA) is a technology that authenticates users by means of two different factors. Soft token apps for Android and iOS are modern implementations of the second factor. Many...

5 Rules For Becoming a Successful Security Researcher

Entering the field of security research can feel overwhelming at first. Having worked with many aspiring hackers, I often hear people doubting their own potential. It usually goes like this: "I can...

Aztech FG7008GR(AC) Router Update

The Aztech FG7008GR(AC) Remote Command Injection vulnerability has been fixed and the new firmware (322.6s.2-009) can be downloaded at: http://www.aztech.com/support/index.php/networking-product...

Singapore Internet Users, Secure Your Routers!

We are currently conducting a study of the routers commonly used by Singapore ISPs. Surprisingly, of the three routers we have been testing so far, we were able to find critical vulnerabilities tha...

Hacking Android Activity Intents

The mobile application shown below is a password manager which helps to manage and store passwords in a secure manner. Details about the app used for this blog post can not be disclosed at this ...

Vantage Point Security Research Roundup - Cisco, Symantec and SysAid

Our team has been hard at work the past couple of months, unearthing more than a dozen of zero day vulnerabilities. As we are responsible researchers only a few of these issues have made it to the ...

The Vantage Point Responsible Disclosure Policy

When it comes to reporting zero day vulnerabilities to vendors there’s no standard that everyone agrees on. One goal when defining a responsible disclosure policy was to facilitate a timely reac...

Improve Web Application Security with Frameworks: A case study

As a penetration tester, I am exposed to every web programming language out there and every common framework that exists for these languages. Especially during security source code reviews, I can o...