Hacker Summer Camp 2022 - a podcast by Carey Parker

from 2022-08-22T11:55

:: ::

If it's August in Las Vegas, it's time for Hacker Summer Camp. There are three hacker conferences that coordinate to happen next to each other every year: BSides Las Vegas, Black Hat and DEF CON. My first trip to DEF CON was last year and I was hooked - I hope to go back every year. This was the big 30th anniversary of DEF CON and several of the news stories this week came from one of these hacker conferences. And next week I'll air my wonderful interview with DEF CON's CEO and Founder, Jeff Moss (aka The Dark Tangent).

In the news this week: Several malicious Mac apps have slipped through Apple's App Store security checks and contain malware - you should delete them ASAP; iOS VPN apps aren't properly securing connections made before activating the VPN; TikTok's in-app browser injects JavaScript code that could enable it to snoop on your session, including capturing keystrokes; Cisco's network breach has lessons for all of us; Signal's use of phone numbers as identifiers highlighted due to breach at Twilio; a new jailbreak has been found on John Deere tractors that might allow farmers to service their own equipment; Amazon is planning to release a reality TV show based on Ring doorbell footage; a digital hallway pass allows schools to intrusively monitor its students; and law enforcement is tapping into DNA databases of the blood samples taken at birth by hospitals to solve crimes.

Article Links[Tom's Guide] These Mac apps are secretly spreading malware — delete them now https://www.tomsguide.com/news/these-mac-apps-are-secretly-spreading-malware-delete-them-now[Ars Technica]iOS VPNs have leaked traffic for years, researcher claims [Updated] https://arstechnica.com/information-technology/2022/08/ios-vpns-still-leak-traffic-more-than-2-years-later-researcher-claims/[Forbes]TikTok’s In-App Browser Includes Code That Can Monitor Your Keystrokes, Researcher Says https://www.forbes.com/sites/richardnieva/2022/08/18/tiktok-in-app-browser-research/[None] Cisco Confirms Network Breach Via Hacked Employee Google Account https://threatpost.com/cisco-network-breach-google/180385/[TechCrunch]Signal says 1,900 users’ phone numbers exposed by Twilio breach https://techcrunch.com/2022/08/15/signal-phone-number-exposed-twilio/[Ars Technica] A new jailbreak for John Deere tractors rides the right-to-repair wave https://arstechnica.com/information-technology/2022/08/a-new-jailbreak-for-john-deere-tractors-rides-the-right-to-repair-wave/[VICE]'Ring Nation'Is Amazon's Reality Show for Our Surveillance Dystopia https://www.vice.com/en/article/7k8x49/ring-nation-is-amazons-reality-show-for-our-surveillance-dystopia[VICE] A Tool That Monitors How Long Kids Are in the Bathroom Is Now in 1,000 American Schools https://www.vice.com/en/article/dy73n7/ehallpass-1000-thousand-schools-monitor-bathroom[WIRED]Police Used a Baby’s DNA to Investigate Its Father for a Crime https://www.wired.com/story/police-used-a-babys-dna-to-investigate-its-father-for-a-crime/Tip of the Week: https://firewallsdontstopdragons.com/be-my-guest-no-i-insist/

Further InfoA few Amulets of Entropy are still left: https://hackerboxes.com/collections/past-hackerboxes/products/hackerbox-0080-entropySubscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

Table of ContentsUse these timestamps to jump to a particular section of the show.

0:00:17: DEFCON 30 notes0:03:00: Quick security notes0:03:46: News run down0:06:50: Delete these Apple apps immediately0:10:44: iOS VPN apps fail to secure old connections0:15:00: TikTok's in-app browser a...

Further episodes of Firewalls Don

Further podcasts by Carey Parker

Website of Carey Parker