The University of Salzburg refuses security reports

Have you read one of my last articles regarding webmasters ? The university of Salzburg didn’t or at least didn’t want to. In April I tried to contact the internal university IT staff about a possible Cross-Site Scripting security flaw on their main...

Critical MySQL Authentication Bypass Vulnerability

A critical security advisory (CVE-2012-2122) has been published, which describes a quite easy way to bypass the authentication mechanisms used in MySQL and MariaDB. The short story: When you connect to your MySQL instance a token of the password is calculated and...

Critical vulnerability on Kiel.de fixed

www.kiel.de – the website of the state capital of  “Schleswig-Holstein” in northern Germany which is very famous for the “Kieler Woche”. Some weeks ago I stumbled over a critical SQL-Injection vulnerability on their website and...