Events Related

Resources

  • Curl Security Audit – daniel.haxx.se
    I asked for, and we were granted a security audit of curl from the Mozilla Secure Open Source program a while ago. This was done by Mozilla getting a 3rd party company involved to do the job and footing the bill for it.
  • CVE-2016-7098 – legalhackers.com
    “GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols.

Tools

  • Awesome IOCs – github.com
    An awesome collection of indicators of compromise (and a few IOC related tools).

Techniques

  • Tracking Drivers with Bluetooth – icyapril.com
    Recently there has been a lot of noise around a plan by Transport for London to track people around on the London Underground in order to work out journey patterns. The proposed system effectively works by capturing the MAC Addresses of Wi-Fi enabled devices as they pass through Underground stations.
  • Hacking 27% of the Web via WordPress Auto-Update – www.wordfence.com
    At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. Recently we discovered a major vulnerability that could have caused a mass compromise of the majority of WordPress sites.

Vulnerabilities

  • Now Even Your Headphones Can Spy on You – www.wired.com
    One group of Israeli researchers has taken that game of spy-versus-spy paranoia a step further, with malware that converts your headphones into makeshift microphones that can slyly record your conversations.
  • A Hacker Took Over Tel Aviv’s Public Wi-Fi Network to Prove That He Could – motherboard.vice.com
    Israeli hacker Amihai Neiderman needed three days to hack into Tel Aviv’s free public Wi-Fi. He only worked during the evenings, after he came home from his full-time job as a security researcher. The 26-year-old said the difficulty level was “a solid 5” on a scale from 1 to 10.

Other News

  • DoD, HackerOne kick off Hack the Army bug bounty challenge – www.zdnet.com
    On Monday, bug bounty platform HackerOne revealed in a blog post that the DoD has outlined a new Vulnerability Disclosure Policy (VDP) which gives security researchers a legal backing for finding and responsibly reporting security flaws found in any of the department’s front-facing systems.
  • Cyber college for wannabe codebreakers planned at UK’s iconic Bletchley Park – arstechnica.com
    The new sixth-form boarding school will, we’re told, be run by a private non-profit consortium of tech firms, venture capitalists, and entrepreneurs, with rumoured input from GCHQ. It will enrol 500 teenagers (aged 16 to 19) who will be taught cybersecurity skills—which could, it’s hoped, go some way to addressing the shortfall in UK talent.