Well it turns out the folks wearing tin foil hats were right about this! Now if only Facebook would admit it’s tapping my cell phone mic to generate advertisements on my Wall… 😉
While I was trolling around on Twitter this morning PortSwigger tweeted about their latest release of Burp Suite which now supports intercepting WebSockets. Check out their release note regarding v2.1.01. This feature also appears to be in the Community version as well as their Professional version:
To all the female engineers in information security, here’s are some articles regarding women working in technology. Most of the articles are inspiring while others show how far women have come in technology but also there’s still a lot that needs to be addressed before women get the recognition that they deserve in this field.
If you haven’t changed your IoT devices credentials from their defaults, you should! This botnet is using default credentials to take over the IoT device and corrupts the embedded Linux operating system by overwriting it’s storage, dropping the firewall, etc. To get it back up and running you will need to re-flash the firmware in most of the cases.
The US has opted to make the first strike be cyber and not kinetic against Iran for shooting down an unmanned drone. This just goes to show you that cyber-warfare is here to stay.
OWASP has just release their latest version of the Zed Attack Proxy (ZAP or ZAProxy for short) intercepting proxy. This is an open source and free competitor to PortSwigger’s BurpSuite. I have taken the liberty of cloning the repo and you can find it here:
You can also download their pre-compiled installers for Windows, macOS and Linux here:
Reading the write up on this vulnerability and current PoC exploits it looks like this is at most an annoying DoS that won’t lead to remote code execution at least:
Microsoft just released a beta version of Windows Subsystem for Linux (WSL) v2 which accelerates the Linux performance in Windows by using parts of Hyper-V underneath the hood.
I was just made me aware of some awesome open source efforts for doing car hacking with a CAN bus virtually. Check out the article here:
I have already taken the liberty of forking the underlying CAN bus GitHub repo:
Thank you IAmSecurity for making me aware of this!