Vulnerabilities-Web Application Security-WhiteHat HackerKast

#Hackerkast 35: Airplane hacking, United bug bounty, and SEA hacks Washington Post

Hey Everyone! It was just Jeremiah Grossman and me today, as Matt Johansen is overseas this week attending various security conferences. So we braved on and did a short one with just three major articles.

First we covered Airplane hacking and a bit of drama that has been unfolding in the mainstream press related to hacking an airplane while on one. Jeremiah made the point that it’s not just illegal it’s also dangerous from a personal safety perspective. Rule number 1 of hacking – don’t hack the airplane while you’re still on it.

Then we discussed a bit about the United bug bounty program that was just announced. Although it’s interesting, it still doesn’t cover the major thing the public is worried about. Learning who is flying is bad, but doing something bad to an airplane is much much worse. And it does beg the question, why does the bounty program not cover the airplane if there are no flaws in airplanes?

Lastly we covered the latest SEA hack of Washington Post by way of their CDN provider, InstartLogic. Jer made the point that hacking InstartLogic is just the canary in the coal mine: it’s the other hacks that you don’t see until a year or two down the road that are really troubling. In some ways, the SEA is doing us a huge favor by letting us know about the issues without causing any real harm in the process.


Airplane Hacking?!?!

United Rewards Bug Bounties with United Miles

SEA hacked Washington Post’s CDN InstartLogic

Notable stories this week that didn’t make the cut:

Firefox is going to Depreciate HTTP

Anti-gay demonstrators advertise gay porn site after their domain expires

Adblockers are immoral vs

Priority of Cnstituencies

Why a Law Firm is Baiting Cops With A Tor Server

VENOM Exploit Against QEMU and Xen Floppy Discs

Safari address-spoofing bug could be used in phishing, malware attacks