China is able to trace your Airdrops - ThreatWire
Вставка
- Опубліковано 15 чер 2024
- ⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → / threatwire
@endingwithali →
Twitch: / endingwithali
Twitter: / endingwithali
Everywhere else: links.ali.dev
If you want to help Ali with her research project email her at endingwithaliresearch@gmail.com
→ Please include (1️⃣) the size of your company (2️⃣) what your role title is and (3️⃣) a little summary of what your job entails.
[❗] ThreatWire Patreon has moved to → / threatwire
00:00 Intro
0:12 - SEC Twitter (x) Hacked!
1:52 - IT kind of does their job and gets in trouble
3:16 - China is able to trace your Airdrops
4:09 - Outro
LINKS
🔗 Story 1: SEC Twitter (x) Hacked!
www.sec.gov/secgov-x-account
www.bleepingcomputer.com/news...
/ 1744864569712144760
🔗 Story 2: IT kind of does their job and gets in trouble
bleepingcomputer.com/news/sec...
www.heise.de/news/Warum-ein-S...
🔗 Story 3: China is able to trace your Airdrops
sfj.beijing.gov.cn/sfj/sfdt/y...
time.com/6553473/china-cracke...
🔗 Bonus Story - arstechnica.com/gadgets/2024/...
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - Наука та технологія
Maybe as a pen tester, they should have a end-user license agreement that the company has to sign, one which absolves them from any repercussions the company could come up with.
It should also include a code of conduct and ethics for the pen tester, like not releasing the information until 3 weeks after they have disclosed the vulnerability to the company. Maybe even have a section that legally binds the company to release the information after finding out. So they don't have this 'well I didn't know' defense.
Contracted pentesters do have a contract with a company. This outlines what is and isn’t allowed during the test. If you’re working with a third party product, you need permission from them as well. Breaching the established rules of engagement opens up the tester to legal repercussions. Typically most companies prohibit disclosure outside of established timelines. And more often than not, when you’re working as a pentester your findings will go to a report that is delivered to relevant parties and not the public. If a larger breach occurs that involves unfixed findings that were reported, proof of that report can be used as evidence.
Sorry for the lack of comments recently, but haven't missed a show. Not surprisingly, you're still doing awesome! I am truly looking forward to seeing you and Darren on set together lolz. I'm gonna try and hear your next twitch stream, so see ya then ;)
Wow that bonus story is effing crazy. One of the things that strikes me is where he is in prison it sounds like they are doing a better job at rehabilitation than most prisons do. I don't know that I have ever believed a murder could be rehabilitated but now I think it might be possible. Anyway thanks for including that.
Thanks for everything you do!
Good to see you back. Missed you
That's one hell of a fuck up to not turn 2FA back on lollll
China slowly releasing their 0 days chest XD
I like your lives i usually follow on twitter but yea, thanks for the recaps
I’ll save myself the awkwardness and find the old school news article
It’s Time for a Live With Ali 💎 Soon
Apple wanted to capture as much data from the airdropper as possible, So they released this feature under the guise of anonymity [when sent by non-contacts, where only your device name is supposed to be revealed], while it was actually transmitting a bunch of data.
Also who gets to decide what one is allowed or disallowed to send? Who defines "bad things"? The eastern governments? The western ones? Mr. Tim Apple?
Gahdamn hope not.
True anonymity has always been one of the central pillars that upholds the Internet, and every day we see it eroded more and more.
Good vid, funny arse technica story.
When common hashing algorithms are used in place of encryption.
What do you mean sha256 isn't encryption? How do you explain this fancy Database Engineer tag on my shirt huh?@@lopiecart
@@TFKAT it is.
Poor security person getting in trouble. You're right both sides didn't act in good faith there. I hope the company who had the plaintext passwords get some kind of fine too. I get the analyst going public was a bad move and possibly worthy of the fine; I'd equally like to think businesses who don't safeguard customer data get penalized too.
Thank you to the lovely and talented Ali. I appreciate the updates!
You're doing a great job as host Ali, keep it up.
i screamed and i forgot to put a limiter on my audio
@@FranzAntonMesmer agreed, for what it's worth I didn't even notice, so don't worry about it 😂
When will the HackRF One be available? What is going on?
Good one
helpful info
What happened to the audio at 2:32?
Thought it might have been an overdub? Tried reading lips but seems to match. Either way I got a laugh out of it.
i screamed and didnt have a limiter on my audio so it peaked.
So glad to have her as host!
It's a good thing the SEC is here to protect investors
Good job guys
Twitter? Never heard of her
NEVER write your passwords in plain text... BIG RED FLAG...
❤
Nice
Guys your audio is echoing, Please fix that !
Keep it up Ali!!
It's Jina
What happened to Snubs?
She left. But she still has her own channel
I think you're a star ❤
I am curious as why the fines for that guy weren't substantially more than 4k. I assume he did minimal collateral damage, most likely paid 5-10k in legal representation.
You are doing amazing at filling the host spot, also I think the viewers are warming up to you.
What did you do with Shannon?
Old news
I am from India, I want you to turn on the audio track option in your UA-cam videos and upload videos in Hindi language also
Like the US hasn't done that...? 🤔
Apple is trash for sheeps😂😂😂
No woman has shown interest in your browsing history but hey the feds might
Oh please. If people had the slightest clue how they are being tracked and how their personal data is collected, mined, stored and sold. ALL PRIVACY ended the moment the Internet came alive. If your device is network-attached, you are being spied on. Just accept it.
This is so hard to watch.
I am from India, I want you to turn on the audio track option in your UA-cam videos and upload videos in Hindi language also