Web Application Security-WhiteHat HackerKast

#HackerKast #18: Verizon Tracking Cookie, NSA tracking via mobile ads, hackers for hire, AppSec Program Quick Start Guide

Hey Everybody! Can’t believe we’ve done 18 of these. Lets get right into it.

We started off this week by chatting a bit about Verizon. The headline kind of speaks for itself: “Remember That Undeletable Super Cookie Verizon Claimed Wouldn’t Be Abused? Yeah, Well, Funny Story…” Turns out Verizon will set a cookie in your browser and can track you across IP address, and all sorts of nastiness. Robert has some recommendations on how to work around this if you are worried about it. News flash, advertisers aren’t working in the user’s best interest.

Another news flash, NSA is tracking people. The newest revelation is that the NSA is using ads in mobile platforms to track users. This avenue is useful for them because the geo location is sent through a lot of these mobile apps ads so not only can they track users’ usage preferences but also physical location! Repeat after me, ads are bad.

Funny little website popped up recently called Hackers List. For those familiar with O-Desk this is the same thing but for hacking. This website is acting as a medium for people to post requests and a dollar amount for hacking services. Some of my favorite entries include, “Change my grades – $300” and “Hack Facebook account ASAP – $200”, among others. We got into a bit of discussion of the legality of all of this and some possible loopholes that they are using to keep this website up and kicking. Consensus is that this will most likely be taken down, fast.

Finally, with some shameless self promotion, we chatted about a new OWASP project started by a few of us WhiteHat folk called the Application Security Program Quick Start Guide. Our goal here was some quick rule of thumb points on starting an AppSec program from scratch. Nothing like this existed to our knowledge so we tried to fill what we saw as a void. It is completely open license and free to download so feel free to use and abuse! Check out our blog outlining it and let us know what you think!

Notable stories this week that didn’t make the cut:

How to protect yourself against Verizon’s Mobile Tracking”>

New York Post Twitter Feed Hacked – declares we are at war

Obama sides with Cameron in Encryption Fight

Against DNSSEC

Why Not DANE in Browsers

Someone in China MitM’d Outlook.com Traffic With Fake SSL Certificate

Reflected XSS in PayPal

References:

Remember That Undeletable Super Cookie Verizon Claimed Wouldn’t Be Abused?

New Snowden documents show that the NSA and its allies are laughing at the rest of the world

Hacker’s List allows you to hire a hacker anonymously and quickly

OWASP Application Security Program Quick Start Guide Project

5 Days to Setting Up an Application Security Program

  • Jon Zeolla

    Why is the podcast feed not updated automatically?

    https://www.whitehatsec.com/blog/?feed=podcast

  • michel

    Hello have you guys checked out this guy Hassan Pee P at ph.it.specialist@gmail.com dude’s a cyber guru involved with cloning phones, hacked into my ex’s gmail and facebook, what let me knowing she was infidel and also gave my nephew some really outstanding school scores which he upgraed himself, cool way to have financial freedom as well. Get your bank blank atm cards which could debit money from any a.t.m machine. Make $20,000 and more in a couple days. Bank transfers and wire transfers as well as paypal jobs, hes that good, had to make him my personal hacker. You got issues, he’s as discreet and professional too. He’s kinda picky though so make mention of the reference. Michel referred you. Your welcome

  • cyber

    If you need to hire a professional hacker with sure proof of job done within a short period of time contact cyberblackhat41@gmail.com, he’ one of the few certified hackers I can vouch for out there. Just try him out, perhaps his skills will speak more for him. I strongly recommend his services of all.

    • Hank Zulash

      I totally wanted an ethical hacker to help me spy on my husband and served as a personal investigator. Literally, I met this him on a dating site and there used to be trust but now, he locks out his WhatsApp, PC and phone. So, there are trust issues. So, I wanted help to bypass his security and test his potency on trust. I got an hacker who helped me bypass his phone and got it cloned. I get access to activities like Facebook, Email, WhatsApp, calls, Skype and others. I’m sure someone out there is looking for how to solve his relationship problems, just contact hackwizards007@gmail.com

    • Kevin Wo

      I have used mastercodes10@gmail.com quite a number of times and he has never disappointed me. He does all types of mobile hacks, get unrestricted access to your partner/spouse Facebook account, Email, WhatsApp, SMS .Getting the job done is as simple as sending an email to mastercodes10@gmail.com stating what you want to do

  • Dan

    For all Hacking and Private Investigation Service such as;

    -Facebook, Whatsapp, Snapchat, any Social Media or Chat; Messenger

    -Knowing if your Partner (husband, wife, boyfriend, or girlfriend) is cheating

    -Change of Grades; Examination Hack; Hacking of University Portal

    -Background Checks

    -Email Hacking

    CONTACT: blackwidowctla@gmail.com

  • Chris Chase (iamtheZipp3r)

    Do you need hackers for hire? Do you need access to keep an eye on your spouse by gaining access to their emails? Well, i’m Chris Chase popularly known as C.C / iamthezipp3r, want to know what your kids do on social networks or monitor their activities? Whatever it is, Ranging from CREDIT SCORE UPGRADE, CRIMINAL RECORDS ERASING, DUI’s, UNIVERSITY GRADE CHAGE, WEBSITE BREACH, EMAIL HACKS/WHATSAPP HACKS/WEBSITE PENETRATION AND LOTS MORE etc. I’m 100% legit with real substantial proof provided before proceeding to payments at all. Contact me: iamthezipp3r@gmail.com

  • john whitehale

    Hacking facebook, twitter , instagram, whatsapp, WeChat and others, has been made easy by these geniuses, Whatever it is, Ranging from Bank Jobs, Flipping cash, erasing Criminal records, DMV, Taxes, Name it, they can get the job done. They are professional hackers with 10 Years+ experience. Contact them at elitehackers117@gmail.com and Its done .

  • john chance

    Do you need to keep an eye on your spouse by gaining access
    to their emails? As a parent do you want to know what your kids do on a daily
    basis on social networks ( This includes facebook, twitter , instagram,
    whatsapp, WeChat and others to make sure they’re not getting into trouble?
    Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal records, DMV,
    Taxes, Name it, We can get the job done. We’re a group of professional hackers
    with 25 Years+ experience. Contact gmail(singhgurdev0011@gmail.com) Its that
    easy, try us out today

  • Katty Mccain

    have you guys checked this guy Andrej Boldiss at boldisshack@gmail.com …dude’s totally the word hack.Does from yahoo,facebook, gmail,hotmail, aol, twitter, instagram,snapchat hacks.Does bank jobs and credit card tops as well.paypal acct payments as well as your blank atm cards.He’s currently upgrading a nephew’s schoolgrade.lol.Top class hack tool he is..Top secretive and discreet jobs.dude’s kinda picky so make mention of the reference.katty referred you.you’re welcome

  • Luke Stone

    i have been looking for a legit hacker for hire for quite some time now and i have a pretty good filter FOR Bull Sh*t talking a bunch of them who didn’t even sound like they could crack a simple eggshell ,but i have hired these guys theinfiltratorteam@gmail.com so i’m keeping my fingers crossed he should deliver.

  • Douglas Ross

    Have you guys checked out this guy Aviv Nadav at whitecaphacker2@gmail.com dude’s a cyber guru, involved with cloning phones, hacked into my ex’s gmail and facbook, what let me knowing she was infidel and also gave my nephew some really outstanding school scores which he upgraded himself, cool way to have financial freedom as well. Get your bank blank atm cards which could debit money from any a.t.m machine. Make $20,000 and more in a couple days. Bank transfers and wire transfers as well as Paypal jobs, change of credit record hes that good, had to make him my personal hacker. You could mail him as well if you got issues, he’s as discreet and professional too. He’s kinda picky though so make mention of the reference. Douglas referred you. Your welcome

  • damian

    for any form of hacking exploits contact gontarbradford-at-gmail-dot-com

  • gontarbradford

    contact masterminditservices@gmail.com for any form of hacking exploits.

  • James Everard

    Yes, but only hackingwizard@firemail.de is legit. I’m not him advertising for myself as someone else, I’m legit a satisfied customer, he charged $1250 and shows a screenshot of the database after I paid $950 upfront payment. Then you pay the rest after I finishes the job.

  • hola dia

    gontarbradford is absolute scam !!! DO NOT SEND HIM MONEY !!!!!

  • Fiona Spade

    I realized that there is really no real hacker on the clear net as I have lost thousands of dollars to scammers called hackers so far. It took me more than a month to find the real services of plutomade9900@tutanota.com. I can’t be thankful enough for helping me expose my cheating husband whom I couldn’t prove a thing of what he has been doing outside our marriage. I sincerely recommend this dude and he can be reached out to via +1(646) 494-4854