Uwazi.io Security Assessment

In 2021, Recurity Labs was contacted by Friedhelm Weinberg of the Geneva-based NGO HURIDOCS, an organization helping human rights groups to gather, organise and use information to create positive...

webOS Revisited - Even More Mistaken Identities

For an overview and introduction to webOS and this research, please see my previous post. The TL;DR On November 11, 2021, I sent an additional report to the...

Safari HSTS Circumvention

Earlier this year, I happened to play around with injecting funny data into unprotected HTTP communications of my test MacBook, when Safari turned out to exhibit a surprising behaviour in...

CVE-2020-9759 - Getting root on webOS

Update (2022-02-04): Please note that LG actually did request and receive a CVE number, after this post was published. The title of the post has been...

Source Code Audit Training Archive

Merry Christmas everyone! We are releasing the Code Audit Training Archive. This year was shaped by a lot of ups and downs for the most of us. To bring...