What follows are some of my favorite training opportunities, news bits, tools/scripts and humorous stories to send you into the weekend with!

Training

• Tim Tomes PWAPT (Practical Web Application Penetration Testing) is coming to Boston on July 18-19. In Tim's invite he says:

I've added some new content to this edition of PWAPT. The new content includes advanced vulnerabilities such as Blind SQL Injection, DOM XSS, and Server-Side Template Injection to name a few. See my training page for more details and get signed up today!

• Interested in learning Linux? LinuxJourney looks to be a great site with several levels of learning - from "Grasshopper" to "Networking Nomad."

General News

• Big breach o' the week is ~100 million VK.com accounts (VK is kind of like a Russian version of Facebook). Compromised data includes names, phone numbers, email addresses and plain text passwords.

• Zuck got some of his social media accounts pwned. Lesson learned: dadada isn't a strong password!

• Hacker posts 39 million account creds in security "protest" "including names, email addresses, dates of birth, genders, and even social information." Why? Referencing the hacker's Pastebin post:

I am leaking more than 36 million accounts/records of internal data from these types of networks to raise awareness about what happens when you decide not to even add a username/password as root or check for open ports, let alone encrypt the data.

• TeamViewer accounts are still being taken over - allegedly due to credential reuse. Regardless, people are freaking out. Also, TeamViewer is sorry about blaming users for the hack. Says PR head Axel Schmidt:

"What we intended to make clear is when you use a tool like TeamViewer you need to take extra care..."

Last week we mentioned that in an earlier statement, TeamViewer had said:

"TeamViewer is appalled by any criminal activity; however, the source of the problem, according to our research, is careless use, not a potential security breach on TeamViewer’s side."

• Last week we talked about Microsoft using a "known bad passwords" list and it looks like Netflix is doing the same.

• Tor Project member Jacob Applebaum stepped down from the project amid allegations of sexual misconduct. Risky Business has more coverage on it in this week's episode.

• Was Twitter pwned? Maybe but it's probably a good idea to change your Twitter passwords and turn on 2FA if not already enabled.

• Acunetix Web site got defaced due to an outdated Wordpress install and/or plugins...or so it was reported. But Acunetix called BS on that in a statement quoted by this article:

"For some time between Saturday and Sunday early afternoon (CET), our website went offline. This was caused by an unexpected shutdown of the server hosting our site."

"Someone seems to have picked up on this event and decided to make a fraudulent claim that our site has been defaced."

Tools/Scripts

• I'm curious to try Brave, a browser that blocks ads and trackers, yet offers (what they claim to be) a micropayment system that could make both advertisers and end users some $. According to this Urbanophile.com article:

The revenue from these ads would go 55% to the publisher, 15% to the ad network, 15% to Brave to give it a revenue stream, and another 15% to the user in the form of Bitcoins.

Misc/Humor

• Shopping for a new apartment or condo? Be sure not to sign anything that binds you to giving the property positive reviews or "likes" on social media like this awful facility in Salt Lake City did.

• Listener Xoke tipped me off to a hacking game for Steam called Hacknet. It's described as:

.."a modern, super immersive terminal-driven hacking game with a fully internally-consistent network simulation and an interface so real you shouldn't play it in an airport. It follows the story of recently deceased hacker "Bit", whose death may not be the 'accident' the media reports."

Check out the trailer:

It's $5 for a short time on the Steam store.