Things I Hearted this Week: 5th Oct 2018

There was no update last week because I was in Dallas for the AT&T Business Summit which was a great event. Chuck Brooks wrote a detailed post on his experience, while I made a couple of videos charting my time.

But enough of that, lets see what went down in the world of security over these last few days.

Facebook breach

One of the biggest stories in these past few days must be the Facebook breach. The company issues a security update on September 28th which led with the facts,

On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

At this stage, there are probably more questions than answers and it’s likely this is one story that will play out for a long time.

Local file inclusion at

Flatpack vulnerabilities now available in this great writeup by Jonathan Bouman.

Out of office notices for OSINT

A nice reminder by Stuart Coulson on the perils of out of office notifications, and how they can divulge a lot more than you’d want to anyone.

Put ads down your Pi-Hole

Nobody really likes ads when they’re browsing online. So, they sometimes revert to using adblockers. But there are some issues with those as well.

Surely, in an industry full of clever tech people, hackers, and tinkerers, there is a better way - enter Pi-hole.

Self-described as a black hole for internet ads, it is basically a mini DNS server you run on a Raspberry Pi in your local network through which your traffic goes and then blacklists any malicious domains.

Both Scott Helme and Troy Hunt have detailed write ups on how to get it installed and running.

Bupa fined £175k

International health insurance business Bupa has been fined £175,000 after a staffer tried to sell more than half a million customers' personal information on the dark web.

The miscreant was able to access Bupa's CRM system SWAN, which holds records on 1.5 million people, generate and send bulk data reports on 547,000 Bupa Global customers to his personal email account.

The information – which included names, dates of birth, email addresses, nationalities and administrative info on the policy, but not medical details – was then found for sale on AlphaBay Market before it was shut down last year.

Hiding Bash history

Robin Wood has helped answer the question many have undoubtedly thought when running commands on a Linux box, that the bash history will be logging everything you run.

Another useful tip by the man known as DigiNinja.

The A-Z of security threats 2018

Davey Winder talks to industry experts around the whole gamut of cyber hazards that have emerged so far in 2018.

Random things that caught my interest this week


Article Link: