News
Adobe announcing EOL for Flash
Queue the collective sigh of relief. They will stop supporting Flash at the end of 2020. Nostalgic comments on Hackernews here, end of an era indeed.
Chrome Extension CopyFish hacked and turned into adware
The team behind Copyfish, an extension to extract text from images, videos or PDF, was tricked into clicking on a clever phishing e-mail. Their developer account was hijacked, and the extension was briefly turned into adware.
Sweden leaks the personal information of millions of its own citizens
I missed this last week but it's worth still sharing. Sweden screwed up badly by leaking citizens' data several times, including the information of thousands of people with protected identities. Worth digging in to if you want a couple of angry face-palm moments.
HBO hacked, attackers leak GoT script and some episodes
About 1.5Tb of data was reportedly exfiltrated. There doesn't seem to be a monetary incentive, making it just for kicks or to hurt HBO.
Defcon attendees hacking US voting machines with ease
Fun game: the Defcon group had set up a range of voting machines (some decommissioned, some still in use) and challenged the attendees to 'go nuts'.
Hackers take over Tesla Model X; control brakes and doors
They found critical vulnerabilities in the 'holiday show' Easter egg that Tesla had pushed to the car. Tesla fixed the problem within two weeks, and welcomed other researchers to find and report such exploits.
Lipizzan: newly discovered Android malware targeting specific individuals
It tracks a phone's communication and location. It seems to have been created by a private company called Equus Technologies. Google's own announcement can be found here.
Legislation proposed to secure connected IoT devices
U.S Senators introduced a bill that would require a set of security measures from IoT manufacturers, and would allow white hats to look for vulnerabilities.
How Google shrank the android attack surface
Interesting article where Nick Kralevich, head of Android platform security at Google, explains how they changed focus from exploit mitigation to decreasing the attack surface. Mostly by redesigning the underlying architecture and removing unused functionality.
Shorting-for-profit viable business model for security community
Quite controversial, obviously, but not surprising. Justine Bone put forth that one might make a good amount of money shorting a stock before disclosing a severe vulnerability, as she did last year with the St. Jude Medical pacemaker debacle.
North Korea tries to make hacking a profit center
Where originally it started as a espionage method, they now increasingly use the state-sponsored hacking groups to get their hands on foreign currency, stealing from financial institutions. Reportedly they have 1.700 active hackers, and over 5.000 people as support staff and trainers.
Passwords evolved: authentication guide for the modern era
Fantastic article by Troy Hunt on what your login mechanism should and shouldn't do. For example: don't mandate special characters, allow pasting of passwords, embrace password managers, check against often-used passwords. To facilitate that last one he wrote a second article where he releases 306 million pwned passwords as hashes to check against. Kudos, sir.