Day: June 30, 2023
War crimes surge in Burkina Faso, the world’s ‘most neglected crisis’
Villagers increasingly caught up in army crackdown on Islamist militants, with both sides accused of mass killings of civiliansCivilians in Burkina Faso are being punished by the “total war” the government is waging against Islamist militant groups, wi…
Japan’s Spy Buildup Faces Obstacles
Japan’s efforts to re-arm in response to escalating threats from China and North Korea are well-known.
India’s Success Is Based on the Strength of Its Private Sector and Massive Workforce
What connects vaccine diplomacy to the Russian crude oil issue? Private Indian firms.
Just outside Seattle, residents endure a dangerous yet ordinary intersection
Trucks roll onto sidewalks, drivers cut through gas stations, and the crashes, injuries and fatalities continue. Roads like these get the name “boulevards of death.”
Israel’s Mossad Uncovers Pak ISI’s Involvement In Killing Rich Jews
Israel’s spy agency, Mossad, has announced that it has thwarted an Iranian plot to attack Israeli business people in Cyprus with a detailed probe hinting at Pakistan’s involvement in the assassination bid.
New Accusations against the Greek Coast Guard: “We Thought They Knew What They Were Doing”
Hundreds of refugees died when their ship sank off the coast of Greece. Sixteen survivors accuse the Greek Coast Guard of having caused the disaster – and inconsistencies in the investigation file raise even more questions: Are the Greeks trying to cov…
Vulnerabilities are everywhere (pt. 2)
Hello Everyone,
a week ago I posted about how important is to develop a hacker mindset, how hacking is a creative process, and how that concept led me to publish a book on the topic.
In that post, I mentioned I went from “vulnerabilities are nowhere to vulnerabilities are everywhere”, and while it may sound like a bold statement, it’s the truth. So, I thought to share another funny episode that happened right after that post, that may provide some more substance to that phrase.
I was uploading my book on another platform (I can’t mention the name, sorry) to be printed and distributed in a network of physical stores. While creating my “author profile”, I noticed that my home address was loaded asynchronously, and that rang a bell. I investigated a bit that HTTP call, and found a BAC (Broken Access Control) that allowed unauthenticated access to several thousands of authors’ Personal Identifiable Information (PII).
But there is moar! The platform wasn’t using custom software, but a commercial program in use on many other print-on-demand websites, all currently vulnerable with the same broken access control issue, and all exposing users’ data with a global impact on potentially hundred thousand people.
Now, stop your brain for a second. I know what you are thinking: “You have previous technical knowledge of the scenario and there is no creativity in the finding” – that is true but try to change your thinking path.
If you have in your mind a pre-defined set of “stuff to look for” (like that), as a hacker, you are gonna develop a strong tunnel vision and miss out on many other vulnerabilities you don’t know (yet) about, or miss out on the possibility to chain them together in a new and unexpected way.
Knowledge is a very good friend, but the mind has to stay open. I found that vulnerability while I wasn’t looking for it, my mind was open, relaxed and my mindset doesn’t change when I run a pentest or when I research a defense solution for a company.
In my opinion, that’s the hacker’s golden skill and I hope this makes the concept clearer.
As I said, vulnerabilities are everywhere 🙂
Cheers, Francesco
PS. Another good discussion would be how to report a vulnerability like that to a company with no VDP (Vulnerability Disclosure Program), but that’s probably a topic for another post 🙂
submitted by /u/fcarlucci
[link] [comments]
Impoverished Turkmenistan Opens Arkadag, A Multibillion-Dollar City Named After Its Former President – Radio Free Europe / Radio Liberty
Impoverished Turkmenistan Opens Arkadag, A Multibillion-Dollar City Named After Its Former President Radio Free Europe / Radio LibertyTurkmenistan opens elaborate ‘smart city’ development Taiwan NewsTurkmenistan opens futuristic c…