7MS #221: News and Links Roundup
What follows are some of my favorite training opportunities, news bits, tools/scripts and humorous stories to send you into the weekend with!
Training
- The recording from the BHIS Webinar on Web App Security Training is now up on YouTube.
General News
-
Did you know your phone's battery status can lead to online tracking from advertisers and service providers, such as Uber?
-
Apple introduces bug bounty program at BlackHat - get $200k for finding vulns in certain Apple products! Wow!
-
A group of security researchers found remote code execution and other ugly vulns on PornHub.com (not gonna link to that directly...but in case the name isn't self-explanatory, it's not a Disney site).
Tools/Scripts
-
Sandstorm.io looks to be a pretty cool way to create your own private cloud (the app collection looks decent as well).
-
Here's a ghetto XSS cheatsheet containing "...XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air."
Misc/Humor
-
When Google security reacher Tavis Ormandy sets his sights on something boy oh boy do people get passionate!
-
I'm thinking of changing Friday's episode into a newsletter distribution instead. That way I can free up a bit more time to work on tech how-tos and VulnHub walkthroughs that have both audio and video options.