Put.io, a popular torrent cloud storage service, has a very convenient API. Unfortunately, it allowed everybody to see your files and download history, and perform actions on your behalf.
A snapshot of the most common Android Bitcoin wallets' take on seeding PRNGs, and what went wrong with the Blockchain.info wallet.
DNS rebinding is powerful: how to steal WiFi passwords by just tricking a victim into visiting a website, thanks to that fancy Bang & Olufsen speaker.
A bird's-eye view on Bitcoin: likely future scenarios and a bit of game theory.
Adobe pushed a complete fix for Rosetta Flash today.
Presenting Rosetta Flash, a tool for converting any SWF file to one composed of only alphanumeric characters in order to abuse JSONP endpoints and do CSRF bypassing SOP.
Heartbleed walks into a bar...
Here I present a XSS vulnerability I discovered in Zagat, part of Google, by exploiting a XOR-based obfuscation algorithm.
Here I write about my experience with Google interviews and why, in my opinion, it is very different from Facebook