The Github enterprise SQL scare, malware that lives in your browser, Dan’s mail server war story, your feedback, a righteous roundup & more!
Note: This is a shorter episode because the hosts are new and the first recording was also a double episode recording, expect them to get longer as the guys get more comfortable!
- Last show, we talked about malware, blocking it via URLs, and malware which spoofs the domain names, thereby bypassing many URL-based filters.
- This show, we have an instance of malware which completely defeats all of the above, in a very simple and clever way.
- A common way to steal credentials is hosting a webpage which looks a lot like the real thing. Google, Facebook, Paypal, etc are all targets of this. It is simple to do. Just throw up a web page, and start directing people to it.
- Lots of ways to defeat this with conventional tools
- This method bypasses all those tools
- Tom Scott tweeted about malware he received via email.
- when you click on the link, you get what appears to be a Google Login page.
- The URI is of the form: data:text/html,https…… lots of spaces <script src=date:text/html;…. etc
- However, it is hosted entirely within your browser
- Matt Hughes reportrd that Andriod actually tries to autofill his Google account credentials on that data URI
- This has been around at least a year, and was written about by linkcabin
spoofs the login page by hosting it in your browser.
- Suprisingly common and is often using to phish Google or Paypal
- This story involves responsible research and disclosure by Orange Tsai
- GitHub Enterprise is the on-premises version of GitHub.com that you can deploy a whole GitHub service in your private network for businesses
- You can get 45-days free trial and download the VM from enterprise.github.com.
- Code is downloaded, configured, and observations begin.
- GitHub uses a custom library to obfuscate their source code. If you search for ruby_concealer.so on Google, you will find a snippet in a gist.
- The first two days are getting the VM running etc.
- Day 3-5 are learning Rails by code reviewing.
- On 6, an SQL Injection is found
- BSDCan Call for Papers
- PGCON Call for Papers
- FTC Sues D-Link Over Insecure Routers, Cameras
- TV anchor says live on-air ‘Alexa, order me a dollhouse’ – guess what happens next