Shielder
@shielder.com
InfoSec boutique.
Owning things since 2014.
We love to go for the extra mile, where we usually find the best 🦟🐞🪲🪳🐛🐜🕷 the others miss.
Web: https://www.shielder.com
Twitter: @ShielderSec
Fediverse: @shielder.infosec.exchange
Owning things since 2014.
We love to go for the extra mile, where we usually find the best 🦟🐞🪲🪳🐛🐜🕷 the others miss.
Web: https://www.shielder.com
Twitter: @ShielderSec
Fediverse: @shielder.infosec.exchange
July 31, 2025 at 3:10 PM
Check-out the original blog post by Element too!
element.io/blog/securit...
element.io/blog/securit...
Security release: Element Android 1.6.12
Hello, Today we have released a security update of Element Android to address a pair of vulnerabilities. Please upgrade to the new version (1.6.12) at your earliest convenience. The two vulnerabilitie...
element.io
April 18, 2024 at 9:32 AM
Check-out the original blog post by Element too!
element.io/blog/securit...
element.io/blog/securit...
TL;DR Product security folks: do not blindly trust the attack requirements shared by the researchers. Security researchers: when testing embedded devices make sure to mimic correctly all their configurations (i.e. the NVRAM content). 7/7
January 30, 2024 at 1:51 PM
TL;DR Product security folks: do not blindly trust the attack requirements shared by the researchers. Security researchers: when testing embedded devices make sure to mimic correctly all their configurations (i.e. the NVRAM content). 7/7
Apparently most of the researchers are either keeping an authentication bypass private or they do their research in emulated environments only and no one ever checked the vulnerabilities before issuing the CVE numbers and releasing the advisories. 6/7
January 30, 2024 at 1:50 PM
Apparently most of the researchers are either keeping an authentication bypass private or they do their research in emulated environments only and no one ever checked the vulnerabilities before issuing the CVE numbers and releasing the advisories. 6/7
After some intense debugging sessions they discovered that not only that one but also a lot of other ASUS routers' vulnerabilities were probably incorrectly deemed as unauthenticated. 5/7
January 30, 2024 at 1:50 PM
After some intense debugging sessions they discovered that not only that one but also a lot of other ASUS routers' vulnerabilities were probably incorrectly deemed as unauthenticated. 5/7