Overview Duo Security provides a range of multifactor options for developers to use in their systems. It is popular in many industries, including higher education. Issue The method for performing Duo MFA in a web page is called Duo Web. This is a fairly straightforward JavaScript that is added to a page, which brings in an IFRAME […]
Monthly Archives: March 2019
Line number leak in CivicPlus
Overview CivicPlus provides a web platform for local governments. Included in this platform is the ability to send notifications to residents that opt in for those notifications. These notifications can be sent via email or SMS. They have their security FAQ, which answers several questions, except for the important one. My local municipality became a […]
Building a hacking village
NDSU IT, ND Education Technology Council, EduTech, and the ND Information Technology Department are putting on their annual ND Cyber Security conference next Thursday. I’ve spoken at this iteration of the conference twice, and was looking to put something together for this year’s conference. We had an earlier iteration, and at that one of my […]
Social Engineering Toolkit in the Hacking Village
This is the first of a series of posts describing how to perform the various types of attacks that are available to try in the Hacking Village at the ND Cyber Security Conference. These will serve as instructions during the conference, and as a resource after the conference. First up is the Social Engineering Toolkit from Dave Kennedy […]
Username only authentication in T2 Systems Parking
Overview This vulnerability was discovered in May of 2017. T2 Systems is a parking systems provider to multiple different organizations. NDSU uses it via the North Dakota University System contract. NDSU uses it to allow employees and students to buy parking permits for certain lots. According to the T2 webpage, other institutions use it to […]