The Apple CEO wants the FTC to set up a data-broker clearinghouse so people can see the data that companies have collected on them.
Tesla cars have opened up its software and devices for a high-profile hacking contest that is being organized by Pwn2Own in Vancouver. The winner will get a Tesla Model 3, and there are other prizes of more than $900,000 worth.
The biggest prize of $250,000 will be awarded to one who will hack an execute code on the car’s gateway, autopilot, or Vehicle Controller Secondary (VCSEC). Gateway inside a car is responsible for the powertrain, chassis, and other components, while the autopilot is a driver assistant feature that is to help a driver in control lane changing, parking, and other driving functions, and VCSEC is for security functions.
“Tesla essentially pioneered the concept of the connected car with their Model 3 sedan, and in partnership with Tesla, we hope to encourage even more security research into connected vehicles as the category continues to expand,” the Zero Day Initiative said in its blog on the contest.
The hacking attack would be carried on a Model S mid-range rear wheel drive vehicle, and the target areas are:
· Modem or tuner for $100,000
· Wi-Fi or Bluethooth for $60,000
· Three infotainment system targets for a total of $205,000
· Gateway, autopilot or VCSEC for $250,000
· Autopilot DoS for $50,000
· Key FOB or phone-as-key for $100,000
A security researcher at Trend Micro said that “Since 2007, Pwn2Own has become an industry-leading contest that encourages new areas of vulnerability research on today’s most critical platforms.”
“Over the years we have added new targets and categories to direct research efforts toward areas of growing concern for businesses and consumers.”
Tesla is the only car manufacturer who has openly participating in a hacking contest.
Increasingly people are being sent nude photos from strangers without their consent. It’s called cyber-flashing.
Graphic images are sent to people’s phones via features like Bluetooth, and AirDrop on iPhones.
Police in London says it’s a growing problem.
Anyone in a public space even kids could have a photo like that pop up on their phone if they have features like AirDrop switched on. People around the world have reported it happening on them on public transports like planes and trains.
When people receive these graphic images and don’t know who they’re from or what their motives are only that they’re nearby it can cause serious distress.
Some people are saying that Apple needs to remove its photo preview feature.
Apple, however, told BBC that users who are facing issues can just change their privacy settings.
Meanwhile, campaigners want a new law to tackle cyber-flashing. But for now, as according to Apple, if you face issues, you have to just change your privacy settings so that you cannot get the photos you don’t want to see.
Police have also asked people to report this form of harassment.
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting.
This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng.
Domains Subdomain Enumeration Tools Leveraged
Subdomain Enumeraton Tools:
Reporting + Wordlists:
- SecList (DNS Recon List)
- LevelUp All.txt Subdomain List
Domained Subdomain Enumeration Tool Usage
–install/–upgrade Both do the same function – install all prerequisite tools
–vpn Check if you are on VPN (update with your provider)
–quick Use ONLY Amass and SubFinder
–bruteall Bruteforce with JHaddix All.txt List instead of SecList
–fresh Delete old data from output folder
–notify Send Pushover or Gmail Notifications
–active EyeWitness Active Scan
–noeyewitness No Eyewitness
-d The domain you want to preform recon on
-b Bruteforce with subbrute/massdns and SecList wordlist
-s n Only HTTPs domains
-p Add port 8080 for HTTP and 8443 for HTTPS
Subdomain Enumeration Examples
First Steps are to install required Python modules and tools:
sudo pip install -r ./ext/requirements.txt
sudo python domained.py –install
Example 1 – Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)
python domained.py -d example.com
Example 2: – Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN
python domained.py -d example.com -b -p –vpn
Example 3: – Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)
python domained.py -d example.com -b –bruteall
Example 4: – Uses subdomain example.com and only Amass and SubFinder
python domained.py -d example.com –quick
Example 5: – Uses subdomain example.com, only Amass and SubFinder and notification
python domained.py -d example.com –quick –notify
Example 6: – Uses subdomain example.com with no EyeWitness
python domained.py -d example.com –noeyewitness
Note: –bruteall must be used with the -b flag
You can download Domained here:
Or read more here.
Here’s a fascinating history of cryptography that has plenty to teach you – and you don’t need a degree in mathematics to follow along!