It’s been an interesting few weeks which is why I haven’t posted my usual updates. I was out in Vegas for Blackhat and BsidesLV, both of which were great as always. I also had a chance to pop off to visit the Grand Canyon with my partner-in-crime Adrian Sanabria. Video coming soon, but this vine will give an idea of how far we got into the wilderness.
Blackhat was also a blast. AlienVault had a brand new booth design and the interactions were as engaging as always.
Now onto the business end of things.
Do whistleblowers ever win? Researcher who exposed VW gain little.
Remaining on the topic of cars, Auto group pushes best practices for vehicle security
Mozilla to block Flash in Firefox browser – about time.
Bypassing Win10 UAC by using disk cleanup.
A tutorial on Configuring NPS 2012 for Two-factor Authentication
New attack bypasses HTTPS protection on Macs, Windows, and Linux
TrustedSec released version 7.3 of the Social Engineer Toolkit (SET)
People care about privacy, so why won’t they pay for it?
Looking at the malicious side of bad UI. Dark Patterns are designed to trick you (and they’re all over the Web)
Microsoft REST API Guidelines – a good set of principles.
Do you like using a VPN? Well, if you plan on using it in the UAE, you could end up with jail time and a $545,000 fine.
Am I saying that EMET was written to stop Metasploit sourced shellcode? Yup. Pretty much.
Not directly security related, but I found it interesting to read how Starbucks has more money on customer cards than many banks have on deposit. Probably a lot easier to rob than banks too… just saying.
Something that reads like the bug equivalent to national novel writing month. Good writeup on high frequency security bug hunting with 120 bugs in 120 days.
Post-conference season we always get a rash of opinion posts about why conferences are broken or bad. Here’s Alex Stamos’s take Addressing security blindspots through culture
Teen hacker flies to Black Hat on his one million free airmiles