PGCon – Jupiter Broadcasting https://www.jupiterbroadcasting.com Open Source Entertainment, on Demand. Tue, 17 Jan 2017 15:39:57 +0000 en-US hourly 1 https://wordpress.org/?v=5.5.3 https://original.jupiterbroadcasting.net/wp-content/uploads/2019/04/cropped-favicon-32x32.png PGCon – Jupiter Broadcasting https://www.jupiterbroadcasting.com 32 32 Internet of Voice Triggers | TechSNAP 302 https://original.jupiterbroadcasting.net/106226/internet-of-voice-triggers-techsnap-302/ Tue, 17 Jan 2017 07:37:39 +0000 https://original.jupiterbroadcasting.net/?p=106226 RSS Feeds: HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed Become a supporter on Patreon: Show Notes: Malware hosted in your browser Last show, we talked about malware, blocking it via URLs, and malware which spoofs the domain names, thereby bypassing many […]

The post Internet of Voice Triggers | TechSNAP 302 first appeared on Jupiter Broadcasting.

]]> RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

Malware hosted in your browser

  • Last show, we talked about malware, blocking it via URLs, and malware which spoofs the domain names, thereby bypassing many URL-based filters.
  • This show, we have an instance of malware which completely defeats all of the above, in a very simple and clever way.
  • A common way to steal credentials is hosting a webpage which looks a lot like the real thing. Google, Facebook, Paypal, etc are all targets of this. It is simple to do. Just throw up a web page, and start directing people to it.
  • Lots of ways to defeat this with conventional tools
  • This method bypasses all those tools
  • Tom Scott tweeted about malware he received via email.
  • when you click on the link, you get what appears to be a Google Login page.
  • The URI is of the form: data:text/html,https…… lots of spaces <script src=date:text/html;…. etc
  • However, it is hosted entirely within your browser
  • Matt Hughes reportrd that Andriod actually tries to autofill his Google account credentials on that data URI
  • This has been around at least a year, and was written about by linkcabin
    spoofs the login page by hosting it in your browser.
  • Suprisingly common and is often using to phish Google or Paypal

Bug Bounty – GitHub Enterprise SQL Injection

  • This story involves responsible research and disclosure by Orange Tsai
  • GitHub Enterprise is the on-premises version of GitHub.com that you can deploy a whole GitHub service in your private network for businesses
  • You can get 45-days free trial and download the VM from enterprise.github.com.
  • Code is downloaded, configured, and observations begin.
  • GitHub uses a custom library to obfuscate their source code. If you search for ruby_concealer.so on Google, you will find a snippet in a gist.
  • The first two days are getting the VM running etc.
  • Day 3-5 are learning Rails by code reviewing.
  • On 6, an SQL Injection is found

Feedback:

War Story:

Round Up:

The post Internet of Voice Triggers | TechSNAP 302 first appeared on Jupiter Broadcasting.

]]>