Hardcoded credentials, pointless encryption, and generous APIs exposed details of every employee and made it possible to break into internal websites.| eaton-works.com
(ASPEN) APIs are crucial for web apps but pose security risks. I uncovered a critical flaw in Honeywell’s BEDQ system, highlighting the need for strong API security.| Eaton Works Feed
(ASPEN) Understanding the Risks of Client-Side Authentication: Why relying on client-side security isn’t enough.| Eaton Works Feed
(ASPEN) Mobile device management (MDM) systems are essential for large enterprises to track devices accessing the corporate network and ensure security. Read how a vulnerability on Johnson & Johnson’s Mobility Service Portal made it possible to access employee corporate devices.| Eaton Works Feed
(ASPEN) A critical SSO vulnerability in a Fortune 500 app risked millions of records. Learn about SSO security risks, fixes, and protecting APIs from similar attacks.| eaton-works.com
A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.| eaton-works.com
Two vulnerable Jacuzzi SmartTub administration panels exposed worldwide customer data for multiple brands.| eaton-works.com
The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.| Eaton Works Feed
API flaw enabled livestreaming of a telecommunications company’s office cameras.| Eaton Works Feed
A vulnerable password reset API made it possible to take over any account and gain admin-level access to the platform. In addition, broken/missing access controls made it possible to access all data on the platform.| eaton-works.com
Breaking into a Toyota CRM and exploiting it to view customer information.| eaton-works.com
Inside an exploit that allowed logging in to Toyota’s GSPIMS application as any user, including system admins.| eaton-works.com
An Atom feed is now available for the site.| Eaton Works Feed
Reverse engineering the kernel-mode authenticity check, and how Microsoft knows about your hacked/custom hard-drive.| Eaton Works Feed
The October 2012 Xbox 360 dashboard update moved the dashboard from the nand flash to the hard-drive. Does it make a difference?| Eaton Works Feed
A misconfigured staging site exposed several years worth of private Xbox game developer forum content.| Eaton Works Feed
The tech stack and decisions behind my new website.| Eaton Works Feed
Reporting sensitive content exposure on an MBUSA website to Daimler.| Eaton Works Feed
Find it on GitHub!| Eaton Works Feed
A deep dive into Pokémon GO’s certificate pinning.| Eaton Works Feed
Also: HSTS!🔒| Eaton Works Feed
An old, private Xbox 360 development application has been released.| Eaton Works Feed
An update to the FATXplorer application has been released. The purpose of this update is to bring further stability to the previous version and to address various issues reported by customers.| Eaton Works Feed
Disqus now powers comments on this site.| Eaton Works Feed
A major update is now available for FATXplorer. Check it out!| Eaton Works Feed
A small and simple Xbox 360 patch viewer/editor.| Eaton Works Feed
A vulnerable API on Toyota Tsusho Insurance Broker India’s premium calculator website exposed Microsoft corporate cloud credentials.| eaton-works.com