Week 11 In Review – 2017

Events Related

 Tools

Techniques

  • PlaidCTF 2012 – Traitor (200 pts) – int3pids.blogspot.com
    The challenge is supposed to be very straightforward, because we only have a recorded audio file of someone typing in a keyboard. Assuming that each key emits a different sound when pressed, if we have enough keystrokes, theoretically we should be able to infer the text being typed, making some assumptions (like the expected language and so on).
  • Root your box with W3TC and Nginx – blog.tarq.io
    Several guides for integrating everybody’s favorite caching plugin for WordPress with Nginx tell you to include something like this in your nginx configuration.
  • DIY Smart Home Security? Meh.. – blog.seekintoo.com
    Fueled by the rise of the Internet of Things, do it yourself alarm systems have become a multi-billion dollar industry that is increasingly disrupting traditional alarm companies share of the home security market. One area of concern with IoT is the security of these ubiquitous devices. So I thought it would be a fun project to examine the security of these systems.

Vulnerabilities

  • Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities – buer.haus
    We recently started participating in Airbnb’s bounty program on HackerOne. We heard a lot about this company in the past but had never used their service before. Overall they have a pretty solid website, but we were still able to discover a handful of issues. There is one vulnerability that we wanted to write about because of the level of protection in front of it. The goal of this write-up is to show others that sometimes it takes a little bit of creativity to discover potential flaws and fully exploit them.
  • Nearly 200,000 WiFi Cameras Open to Hacking Right Now – www.bleepingcomputer.com
    What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. The flaws affect a generically named product called Wireless IP Camera (P2P) WIFICAM, manufactured by a (currently unnamed) Chinese company, who sells it as a white-label product to several other camera vendors. 

Other News

  • Consumer Reports to consider cyber security in product reviews – www.reuters.com
    Consumer Reports, an influential U.S. non-profit group that conducts extensive reviews of cars, kitchen appliances and other goods, is gearing up to start considering cyber security and privacy safeguards when scoring products.

 

 

Leave A Comment