-
September 13, 2016
Security Code Review of 700 projects written in NodeJS
TLTR: in the last two weeks we rewrote NodeJsScan and published it’s security analysis of over 700 projects hosted on GitHub. Long story: Writing secure Node.JS is hard, almost no tools and little awareness. We felt the same pain while performing an increasing number of Code Reviews in Node and wanted to improve our internal process. That’s why we rewrote NodeJsScan to have better […]
-
August 29, 2016
ISGroup SRL sponsor ESC2k16 – End Summer Camp
From August 31 to 4 September there will be the XII edition of ESC – End Summer Camp, one of the best technical and underground camps in Italy, featuring great talks on Free Software & Open Hardware, Hacking, DiY, Ham Radio and Digital Human Rights. ISGroup joins and supports ESC as sponsor. Teammates at ISGroup were involved in ESC from it’s […]
-
March 7, 2016
Grappa Hat Aosta 4,5,6 March 2016
We want to thank all the attendees of Grappa Hat, a security conference in Aosta that took place over the past week-end. The mood was relaxing and informal, the city is surrounded by mountains and beauty and we had a chance to meet long-time friends and to make new ones too! Personally I presented the speech I’m going to […]
-
October 12, 2015
Security fix in EasyAudit Exposure
We want to say thanks to Roberto Urbanus who found an Improper Error Handling and Source Code Disclosure in our EasyAudit Exposure service, a passive vulnerability and reputation management system. In some conditions the registration failed and the returned object was NULL. When the following code tried to access that object’s properties, it failed showing a very […]
-
October 8, 2015
A good time to update your Veeam to Update 3 – VeeamVixProxy Vulnerability
Pasquale `sid` Fiorillo, Francesco `ascii` Ongaro from ISGroup, an Italian Security firm, and Antonio `s4tan` Parata from ush team, have just released a critical security advisory for any version of Veeam Backup & Replication prior to 8 Update 3 (released today, October 8th, 2015). The issue potentially involves 157,000 customers and 9.1 million Virtual Machines worldwide and could lead […]
-
October 8, 2015
TrueCrypt security history (from isTrueCryptAuditedYet to Oct 2015)
TrueCrypt was a popular tool for encrypting volumes with strong cryptography before integrated solutions like BitLocker for Windows and encrypted .dmg volumes using the Disk Utility in Mac OS X. Linux had an historically good support for a number of implementations like the old loop-AES, Cryptoloop and the current dm-crypt / LUKS. Still a lot of people […]
-
October 5, 2015
HP Proliant SE1102 notes
HP Proliant SE1102 were great Special Editions HP released for datacenter customers. Based on the HP ProLiant DL160 G5 Server architecture, they have differences in terms of enabled PCI-Express slots (they are there but my understanding is that only the one who has the pci riser card is usable) and are artificially stripped down in some departments. […]
-
October 5, 2015
Luiss Enlabs job posting public fail
Leggo con stupore l’annuncio di Augusto Coppola in merito alla ricerca di “3/4 persone junior” per LUISS ENLABS. La pagina originale è http://blog.startupitalia.eu/lavoro-luiss-enlabs/ e ne riporto il contenuto integrale al 5 Ottobre 2015. Sto cercando 3/4 persone junior da aggiungere al team che gestisce il programma di accelerazione in LUISS ENLABS. Non sono richiesti particolari background accademici, quello […]
-
March 26, 2015
PHP Developer
ISGroup SRL (isgroup.it) is an Information Security company. To achieve the projects and development milestones set, ISGroup is recruiting a new PHP developer to join the team in Verona, Italy. Skills Required: PHP 5 (experience with Object Oriented Programming) MySQL Experiences with: YII Linux / Unix Information Security Bash are a strong plus. This is […]
-
December 22, 2014
Seeweb Hacking Contest: Won!
Thanks Seeweb (http://www.seeweb.it/) a great Xmas, a great prize (Macbook Pro), a great contest (#HackingContest)! cb2af0467d6206d742e1bd24ec976c33 RingoBingo ^ 2