Issue 90

Breaches and leaks

  • Comcast Xfinity: a flaw was found where one could extract the home address of customers, because of a weird login system that partially shows home addresses based on which IP you had, which could be spoofed. Worth a read to learn how -not- to make authentication easier. A secondary flaw was found where one could brute force a social security number used in a login form.
  • GoDaddy: information on 31.000 GoDaddy servers was exposed in an unsecured s3 bucket, including juicy stuff like configuration details and price negotiations between them and AWS.

Compromising HP Officejet printers through fax

Two critical vulnerabilities were found in HP printers where one could simply send a fax, and then get full control of the machine. Better patch em if you got em. The researchers also point out that it's probably not just HP that is vulnerable to this, it was just their example.

"Man-in-the-disk" attacks on Android

Essentially any app that has access to external storage (the SD card) can either crash and inject code into another app (with more privileges), or hijack an update of another app to install a malicious version.

Snapchat source code partially leaked on GitHub

Part of the iOS source code was found sitting publicly on Github, which caused a bit of a panic at Snap. We don't know how it got there though.

Hackers can manipulate police body cam footage

In a presentation at Defcon a researcher walked through various bodycam models, explaining how easy it was to access, modify or delete their footage.

How I gained commit access to Homebrew in 30 minutes

After being inspired by all the package manager problems we've seen recently, this researcher wanted to see if he could get access to Homebrew. He quickly found a Jenkins instance where a git token was visible, that gave him read-write access to Homebrew and all packages within. Nice cautionary tale for us all. Homebrew responded quickly and correctly.

Windows 10 Enterprise getting sandboxed execution feature

This seems sweet. The feature, called "InPrivate Desktop", gives you the ability to run untrusted executables in a secure sandbox so it can't make any changes to the actual system.

How to win (or at least not lose) the war on phishing?

Great article on how the author finds and looks at a phisher in action, and dives deeper in how machine learning can help detect phishing sites.

A detailed look at TLS 1.3

If you want a very deep and technical dive on the evolution to TLS 1.3 and its improvements, this Cloudflare blogpost does a fantastic job.

The 2018 Pwnie Awards

The yearly Pwnie Awards were given out at Blackhat last week, with categories such as "Best Server Side Bug", "Most Innovative Research" and also "Pwnie for Lamest Vendor Response".

xkcd on voting software

Funny because it's true :-)


Bypassing web application firewalls

WAFs are a good security measure but the security of your web applications should not solely depend on it, because they can be bypassed. Watch this demo on Paul’s Security Weekly during which a researcher from Netsparker explains and demos how modern web application firewalls can be defeated.

1Password for Teams and Business

I use 1Password to securely share passwords and notes with my colleagues. Can't recommend them enough and I'm super honoured to have them as a sponsor.