2018-08-14 | Orange’s 4-chain exploit to RCE on Amazon, Bounty Machine, and The Next 50-years in cyber security

Tuesday, August 14

Still basking in the Vegas afterglow, especially with #h1702 and #HackTheMarines.

TOP STORY

The Def Con voting village made waves again. Rachel Tobac showed how to gain physical admin access on a machine in under 2-minutes, an 11-year old was able to manipulate a mock Florida election site to alter results displayed. Here’s a Def Con voting village day 1 recap and see more on their twitter feed.

TWEET OF THE DAY

CRYPTO MEANS CRYPTOGRAPHY - @EFF

OTHER ARTICLES WE’RE READING

Orange Tsai: How I chained 4 bugs (or features :P) into RCE on Amazon! (tweet has link to slides)
Introduced at Def Con in the Recon Village: Bounty Machine
Quantifying your unknown risks. Ryan Magoo makes a case for risk estimation in cyber security. Ryan also opines about “Making our risks as quantifiable and predictable as the weather” in his post, “The next 50 years of cyber security”.
Bumping demand only 1% for HVAC in a city could take down the grid if an attacker had a very large botnet of IoT devices according to new research to be presented at Usinex Security Conference this week according to Wired.
Nuix’s Josh Mitchell shows that at least 4 models of body cameras in use by police forces are susceptible to attacks that would allow an attacker to remotely connect, view and modify media.
@Tomnomnom’s nice little CTF challenge

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

I can connect to the cameras, log in, view media, modify media, make changes to the file structures.

Josh Mitchell on police body cameras

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.