Website Evidence Collector Logo

Website Evidence Collector

By Isabel Barbera & Martijn Korse / 14th March 2020

The European Data Protection Supervisor (EDPS) has published a tool that can be used to inspect a website and report which cookies and related technologies are being used. It’s called the Website Evidence Collector, it’s open source and published under the European Union Public License. If you own / maintain a website, it can be…

Read More
Shodan Postman Collection

Shodan Postman Collection

By Martijn Korse / 18th December 2019

The Christmas holidays are coming and to those of you who feel like doing something adventurous: there is now a new way to visit the dark caverns of the internet. We created an exciting combination of two existing services that make this trip possible: A Postman collection of all the currently available Shodan API calls.…

Read More
jquery prototype pollution

Mitigating CVE-2019-11358 in old versions of jQuery

By Martijn Korse / 2nd August 2019

A few months ago, a new vulnerability was found in jQuery, affecting all existing versions of jQuery. It was fixed only in the new version 3.4.0.The SNYK website has a lot of detailed information about this ‘Prototype Pollution’ vulnerability, so I won’t go into that here. For those interested, follow this link : https://snyk.io/vuln/SNYK-JS-JQUERY-174006 What…

Read More
dns caa record

Implementing a CAA Record

By Martijn Korse / 3rd March 2019

It has been a while since tools like Qualys’ SSLLabs and testssl.sh are reporting on the usage of CAA records. So anyone caring about the quality and security of their SSL connection will probably have noticed its existence by now. But what is it for and how do you configure it? In short: using a…

Read More

Two Factor Authentication Cross Site Request Forgery (CSRF) vulnerability (CVE-2018-20231)

By Martijn Korse / 24th January 2019

At BitnessWise we recently did a review of a few Two Factor Authentication (2FA) plugins for WordPress. First we selected some candidates based on usability and free-version features and after that performed a technical review of the plugin. This revealed a vulnerability we’d like to discuss in this post for future reference and to better…

Read More

We prevented a sign-in attempt

By Martijn Korse / 13th July 2018

Last weekend, almost exactly between April Fools’ Day and Halloween, Google played a prank and scared us! If you have used Gmail on different devices, you probably know the kind of message you get when you log in from a different device. Additionally, you might be presented with a security question if Google doesn’t trust…

Read More

Don’t trust Google Links

By Martijn Korse | December 17, 2017

Phishing campaigns are lucrative and probably will continue to be so for a while longer: they are cheap to launch and it only takes a few recipients that click on your malicious link to be successful. But awareness about the dangers of clicking on links is slowly rising. So if you’re a bad guy, how…

Read More...

User Friendly vs Secure

By Martijn Korse | November 24, 2017

Security is sometimes compared to healthy food. Quite a nice analogy: we all know we should eat healthy but we don’t always do it. The same is true for security: even though we know security measures are important, we sometimes favour a situation that is less secure. For various reasons.

Read More...
Reproducible Builds

Reproducible Builds

By Martijn Korse | October 12, 2017

Last September a lot of users got infected with malware when they downloaded the CCleaner update. Hackers had been able to hide the Floxif Trojan inside the installer of the update. CCleaner is a utility program used to clean potentially unwanted files and invalid Windows Registry entries from a computer. This is a chart from…

Read More...

Personal Data in URLs

By Martijn Korse | August 23, 2017

Parameters in the url (GET parameters) are used to pass information to the destination on the target server. Quite often I see cases where these GET parameters are used to transmit personal data. For example, a company sends out a newsletter to their clients with a link to their website where they want to personalize…

Read More...

Terms of use

Welcome to PrivacyWise. If you continue to browse and use this blog, you are agreeing to comply with the following terms of use, which together with our privacy notice govern PrivacyWise’s relationship with you in relation to this blog. If you disagree with any part of these terms, please do not use our blog.

The term ‘PrivacyWise’ or 'us' or 'we' refers to the owner of this blog, BitnessWise. The term 'you' refers to the user or viewer of our blog.

The use of this blog is subject to the following terms of use:

The information on this blog is for general information purposes only. The information is provided by PrivacyWise and whilst we endeavour to keep the information up-to-date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the blog or the information, technologies, services, or related graphics contained on the blog for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this blog.

All content and functionality on this blog, including text, graphics, logos, icons, images, design, layout, and appearance, are the exclusive property of PrivacyWise or its licensors and is protected by international copyright laws.

The name PrivacyWise shall not be used in advertising or publicity without prior written permission from BitnessWise. 

Unauthorised use of this blog may give rise to a claim for damages and/or be a criminal offence.

Your use of this blog and any dispute arising out of such use of the blog is subject to the laws of The Netherlands.

Privacy Notice

Privacy Notice v.01

This privacy notice applies to PrivacyWise. It explains how we use any personal data we collect about you when you use this website.

What data do we collect about you?
Your email address is collected when you voluntarily send us an email.
Logs are automatically generated each time you access our website with for example your browser or mobile application. These server logs may include information such as your web request, IP address and browser type.

How will we use this data about you?
Your email address: we will use it only to give answer to your request.  The server logs:  are only being used for debugging purposes in case of problems on the blog. We do not link this automatically-generated data to other personally identifiable information like your email address.

We do not share any information with third parties.

Where do we store your data?
Our servers are located in The Netherlands.

How long do we store your data?
Not longer than necessary for the purpose of the processing.

What rights do you have?
You have the right to rectify and delete the data you have provided to us. You can also object to the processing or its temporal restriction.
You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (AP). 

Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.
We only use Google Analytics cookies. These are third party cookies that are used to collect information about how visitors use our site. We use the information to help us improve the site. We have an agreement with Google which states that information is collected in an anonymous way, the last octet from the IP addresses is masked and data is not shared. We do not use any other services from Google. You can opt out from Google Analytics cookies installing the Google Analytics Opt-out Browser Add-on from this link .
Read more in Google's overview of privacy and safeguarding data

Links to other websites
We are not responsible for the practices employed by websites or services linked from our site, including the information or content contained therein. Please remember that our Privacy Notice does not apply to third-party websites or services. In our site you can find links to Twitter and LinkedIn.

Changes to our privacy notice
We keep our privacy notice under regular review and we will place any updates on this website. This privacy notice was last updated on 8 August 2018.

How to contact us
Please contact us if you have any questions about our privacy notice or data we hold about you at  .