TLTR: in the last two weeks we rewrote NodeJsScan and published it’s security analysis of over 700 projects hosted on GitHub. Long story: Writing secure Node.JS is hard, almost no tools and little awareness. We felt the same pain while performing an increasing number of Code Reviews in Node and wanted to improve our internal process. That’s why we rewrote NodeJsScan to have better […]

From August 31 to 4 September there will be the XII edition of ESC – End Summer Camp, one of the best technical and underground camps in Italy, featuring great talks on Free Software & Open Hardware, Hacking, DiY, Ham Radio and Digital Human Rights. ISGroup joins and supports ESC as sponsor. Teammates at ISGroup were involved in ESC from it’s […]

We want to thank all the attendees of Grappa Hat, a security conference in Aosta that took place over the past week-end. The mood was relaxing and informal, the city is surrounded by mountains and beauty and we had a chance to meet long-time friends and to make new ones too! Personally I presented the speech I’m going to […]

We want to say thanks to Roberto Urbanus who found an Improper Error Handling and Source Code Disclosure in our EasyAudit Exposure service, a passive vulnerability and reputation management system. In some conditions the registration failed and the returned object was NULL. When the following code tried to access that object’s properties, it failed showing a very […]

Pasquale `sid` Fiorillo, Francesco `ascii` Ongaro from ISGroup, an Italian Security firm, and Antonio `s4tan` Parata from ush team, have just released a critical security advisory for any version of Veeam Backup & Replication prior to 8 Update 3 (released today, October 8th, 2015). The issue potentially involves 157,000 customers and 9.1 million Virtual Machines worldwide and could lead […]

TrueCrypt was a popular tool for encrypting volumes with strong cryptography before integrated solutions like BitLocker for Windows and encrypted .dmg volumes using the Disk Utility in Mac OS X. Linux had an historically good support for a number of implementations like the old loop-AES, Cryptoloop and the current dm-crypt / LUKS. Still a lot of people […]

HP Proliant SE1102 were great Special Editions HP released for datacenter customers. Based on the HP ProLiant DL160 G5 Server architecture, they have differences in terms of enabled PCI-Express slots (they are there but my understanding is that only the one who has the pci riser card is usable) and are artificially stripped down in some departments. […]

Leggo con stupore l’annuncio di Augusto Coppola in merito alla ricerca di “3/4 persone junior” per LUISS ENLABS. La pagina originale è http://blog.startupitalia.eu/lavoro-luiss-enlabs/ e ne riporto il contenuto integrale al 5 Ottobre 2015. Sto cercando 3/4 persone junior da aggiungere al team che gestisce il programma di accelerazione in LUISS ENLABS. Non sono richiesti particolari background accademici, quello […]

ISGroup SRL (isgroup.it) is an Information Security company. To achieve the projects and development milestones set, ISGroup is recruiting a new PHP developer to join the team in Verona, Italy. Skills Required: PHP 5 (experience with Object Oriented Programming) MySQL Experiences with: YII Linux / Unix Information Security Bash are a strong plus. This is […]

Thanks Seeweb (http://www.seeweb.it/) a great Xmas, a great prize (Macbook Pro), a great contest (#HackingContest)! cb2af0467d6206d742e1bd24ec976c33 RingoBingo ^ 2