“In a sense, the entire bug bounty market is a breeding ground for a species that can collect extremely low impact web vulnerabilities into a life sustaining nutrient cycle, like the crabs on volcanic plumes in the depths of the Pacific. Likewise, learning everything about RMI is enough to be everywhere, or .Net serialization, or CCleaner. In cyber, where there’s a way there’s a will.” Dave Aitel (Downclimb)
“protip: if you outsource dev to someone and they have a github account, check it for publicly available creds #equifaxbreach” andre protas (Downclimb)
“In this cyber threat actor map we don’t see the any US or European actors. […] If you want to be serious about “threat intel”, please be neutral and don’t hide anything from your customers.” @x0rz on CrowdStrike (Downclimb)
“Bugs are not the main issue in most breaches, operational issues and technical debt are.” Jessica Payne (downclimb)
“The belief attackers needs to subvert security systems in order to achieve their goals is a false belief in the orderliness of human systems” @SwiftOnSecurity Downclimb
A Trust Buster for the New ‘Knowledge Monopoly’ NYTimes
“Crowdsourced steering” doesn’t sound quite as appealing as “self driving.” xkcd.com
Jose Andres, a naturalized U.S. citizen, has become the face of American disaster relief Nola.com
Taboola ads exploited to serve up tech support scams. As always, users need to be careful about what they click.
The malvertising campaign works by abusing Taboola ads on Microsoft’s MSN.com web portal. Taboola is one of the main providers of sponsored stories on news websites, typically appearing as “More stories from around the web” or “You may also like” promoted content. Graham cluly
‘Phish for the Future’ spearphishing campaign set digital civil liberty activists in its sights. Between 7 July and 8 August 2017, two digital civil liberty non-governmental organizations (NGOs) called “Fight for the Future” and “Free Press” suffered at least 70 different spearphishing attempts from the same actor. Most of the lures came in the form of fake pages designed to lift the recipient’s Google or DropBox login credentials. Graham cluly
Obesity Was Rising as Ghana Embraced Fast Food. Then Came KFC. NYTimes
Behind the Masq: Yet more DNS, and DHCP, vulnerabilities security.googleblog.com
Federal Prosecutors Embrace Their Inner Entrepreneurs NYTimes
‘Illegal’ Independence Referendum Turns Violent As Police And Pro-Separatists Clash npr
Nobel prize for medicine awarded for insights into internal biological clock the Guardian
Special Report: HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon Reuters
USA Today, the Associated Press and Vice Media were all suing the FBI to force it to reveal more details about the company under the Freedom of Information Act. The FBI turned to the anonymous firm in 2016 after Apple refused its requests to help it bypass the security on an iPhone 5C belonging to one of the perpetrators of the 2015 mass shooting in San Bernardino, California; the massacre resulted in the deaths of 14 victims and two shooters, as well as 22 injuries. Gizmodo.com
Roku rolls out Roku OS 8, refreshes TV hardware with 4K and faster processors the verge
The Man Who Exposed College Basketball wsj
Advocate/WWL-TV poll shows New Orleans mayoral hopefuls in dead heat the advocate
Gretna officials caught off guard by U.S. Border Patrol raids at designated ‘safe corner’ for day laborers the advocate
Years of Howard Stern’s interviews with Trump now gone after DMCA takedown arstechnica.com
Canadian Sikh politician wins race to lead federal New Democrats Reuters