Technical Insight-Vulnerabilities-WhiteHat HackerKast

#HackerKast 27: SXSW, Copy Magic Paste, Tinder AI, GTA V, Mystery SSL Fix

Hey everybody! Quick recap this week as we are gearing up for the Top 10 Web Hacks Webinar (Which you can register to watch here)

Robert and I just got back from SXSW this weekend and that was a very interesting experience. My first big trade show floor that wasn’t security related. Tons of interesting stuff floating around Austin this week!

First story we covered was about a Copy Magic Paste trick that Robert found from the SEO crowd. This idea started as a way for websites to force citation for people stealing content but Robert was talking about the possibility of utilizing this to sneak javascript in places.

Next, I touched on a fun Tinder story from SXSW where a movie about AI used a robot Tinder profile to match with people at the conference and after a short conversation the bot would point the person they tricked towards an Instagram promoting the movie. This brought up a lot of topics related to AI that were floating around the conference which Robert has a ton to say about.

A quick fun logic flaw in GTA V wound up with some real $ consequences. Jer and I love logic flaws, they feel like hacking without hacking. This was a pretty simple, make an in game car for a few thousand in game dollars and sell it for about 10x that. The writers of this article did the conversion on how much money real world this would turn into and it seemed people could make about $5 every 20 minutes. If this could be automated it would’ve been some nice passive income.

Jer talked about a new exciting story that we are all very hopeful about, Yahoo Mail end to end encryption. Alex Stamos, CISO over at Yahoo, announced a new program to use end to end encryption in their webmail client. The big question here is how usable this will be. If it is as usable as PGP, we probably won’t see a huge uptick in adoption. We’ll be watching this closely as it has huge potential.

Lastly we touched on a “mystery” SSL fix from the OpenSSL community. A mailing list announcement mentioned some new version patches coming out that fix a high severity vulnerability. We don’t have much detail here but once we do know, it will be pretty interesting. In the wake of Heartbleed, we are all a bit nervous when OpenSSL is mentioned in the context of vulnerabilities.

Thanks for listening! Check us out on iTunes if you want an audio only version to your phone. Subscribe Here

Join the conversation over on Twitter at #HackerKast

or write us directly @jeremiahg, @rsnake, @mattjay

Resources:

Copy Magic Paste Modifies Copy Event on your Website

Tinder Users at SXSW Are Falling For a Robot

Grand Theft Auto Logic Flaw Leads To Real Money

User-Focused Security: End-to-End Encryption Extension for Yahoo Mail

New Mystery SSL Fix To Be Released Thursday

Notable stories this week that didn’t make the cut:

Strange snafu hijacks UK nuke maker’s traffic, routes it through Ukraine

Microsoft Is Killing off the Internet Explorer Brand (now called Spartan)

Chromium to Block RFC1918 (Probably)