Gelvora data breach and your personal data

Working as a part of Digital Security Alliance, we came across vulnerability affecting Gelvora SIA owned system infodebt.lv. This system potentially contains financial data about most of the citizens of Latvia. Based on the domain registration information provided in WHOIS records, system has been active since year 2013. The vulnerability allowed unauthorized access to the database, with which, all of the database records can be retrieved. From the information available on Gelvora.lv about infodebt.lv: “The advantages of the database: it is one of the largest debt history databases in Latvia;”. Based on this it’s safe to assume that the database contains information for

Continue Reading

Vagrant + VirtualBox + Laravel Homestead for every PHP developer

Through the years, I’ve tested several different environments for the most efficient development process. I’m happy to announce that I’ve found the perfect one for me and let me share it with you. First of all, lets start with the setup process. It takes no more than 5 minutes to finish configuration on any *n?x based machinery. What you need is downloading Oracle VM VirtualBox and Vagrant itself. After you’ve finished the setup for both, open up your terminal (Alt + T for Debian based OS, CMD + Space and write Terminal for Mac OS X). Create a new virtual box of

Continue Reading

What’s your perfect computer and software setup?

Independently from whether you’re working in the IT industry, or are a regular computer user – switching to new hardware is always a hard decision. The only difference for those working in IT industry on daily basis, is the software. For most regular users Windows will be the one and only reasonable decision. Around ten years ago, it was the only reasonable choice also for me. Getting deeper into the industry, the requirements increase and you understand the individual value of each different operating system. I’ve gone through many different operating systems and here I’ll provide you with some Pros

Continue Reading

“Freelancer Office” by gitbench privilege escalation vulnerability

Working together with Digital Security Alliance, filling a request to do penetration testing through clients infrastructure, we found privilege escalation vulnerability in “Freelancer Office” by gitbench. The exploit affects all versions above 1.7 (including current release) and can be done in less than 2 minutes, with browser as the only required tool. Simple Google Dork due to scripts copyright allowed us to find hundreds of vulnerable targets within seconds. All of the targets confirmed that the issue indeed isn’t a false positive. Informing both the author gitbench (via wm@gitbench.com – William Mandai) and distributor Envato, CodeCanyon (via their support channel) is without

Continue Reading

“Hacking” into MacBook Pro to Recover files

It’s quite often to receive requests for fixing and reinstalling computers from private clients which I’ll decline almost every time. This case was different, as the task was actually interesting. Clients problem was having blue screen right after the booting of the Mac: Meaning it’s impossible to access any files on the computer, without removing hard drive (and thus, voiding warranty). I had done several tests before with Windows to access filesystem without any kind of authentication requirements, had never tried that on OS X… yet. So, lets begin with the setup: 16 GB Kingston Flash An Image (ISO) of

Continue Reading

Things you should stop doing, being an IT professional

Talking the alien language that only geeks understand. Many of the greatest ideas are born when people from different fields come together and decide to discuss their ideas at a basic level. If one can’t put his idea in a level that five year old understands, he doesn’t understand it well enough. Thinking the user will (spend time to) know the product. One of the highest qualities is predicting everything that could go wrong, and making sure it doesn’t. If you’ve created a network for selfies, but get cats in pajamas ─ well apparently the impression you’ve made is complete

Continue Reading