S3E14: "HOPEless"

Posted 2018-09-10 03:59
Modified 2018-09-10 03:05
Comments 0

We basically just publish our segment from Radio Statler at HOPE, a talk on “HackOps”.

• News
• Notes
• Sysbadministration Award
• Errata
• Music

News

• Verizon is under investigation by the FCC.
  • Verizon may go unpunished.
• Ar3s, the Andromeda botnet operator, has been released with minimal penal measurements.
• A judge extended a ban on 3D-printed gun plans.
• Unlike the Equifax mess and them trying to cover up their lack of patching, there actually IS a valid Apache Struts vulnerability (CVE-2018-11776, PoC).
• The Android Fortnite app installer is susceptible to hijacking.
• Blackhat attendees’ tag information was available publicly.
• Google confirms that it tracks users, even with location disabled (like we mentioned in the news segment for S3E12).

Notes

Starts at 21m32s.

I was drinking water and açai juice. Paden was drinking Diet Dr. Pepper. Jthan was drinking Booker’s Bourbon Blue Knights Batch.

• Recordings from HOPE!
  • HackOps is taking the “hacker’s approach” towards Operations.
  • I mention the Jargon File. Specifically, the definition of hack as we use it above.
  • Core tenets of HackOps:
    • “Sometimes the/a working solution is an OK solution.”
    • “Sometimes priority precedes prettiness.”
    • Upon showing a written-out plan for the implementation, they should react with “…well, that’s stupid.”

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (1h14m27s)

Abbyy, an OCR software developer, has leaked docs through their exposed MongoDB instance.

Errata

• Paden, no, firearms are 100% still subject to NFA requirements (even if you make them yourself, or they “don’t have a serial number”).
• “MalwareReports”/“MalwareBlog” is actually MalwareTechBlog.

Music

Author r00t^2
Categories Season Three