Skip to content

When threat hunting goes down a rabbit hole – Naked Security

Why does your Mac’s calendar app say it’s JUL 17? Well, it turns out that on July 17, 2002, Apple launched its “iCal” calendar software, which revolutionized calendar management with features like internet-based calendar sharing and the ability to manage multiple calendars. The app’s icon prominently displayed “JUL 17,” which eventually led to the establishment of World Emoji Day in 2014. However, on iPhones, the icon changes to the current date for convenience. Other service providers may have chosen different dates to differentiate themselves from the competition.

Moving on to the first story, we delve into Zimbra and its encounter with cross-site scripting (XSS). XSS is a technique that allows hackers to inject rogue JavaScript into a website without breaking into the server itself. By tricking the site into displaying content that contains untrusted JavaScript, hackers can access cookies, steal personal data, and obtain authentication tokens. Zimbra reacted swiftly to this zero-day vulnerability, offering a patch for users to apply manually. While writing a script to patch one line of code in one file may seem daunting, it is a simple fix that can easily be undone if any issues arise. The sense of accomplishment from hand-patching this vulnerability is akin to fixing a sink on a Saturday morning.

As for programmers looking to avoid cross-site scripting, the Zimbra patch serves as a great example of what to watch out for. The patch utilizes the escapeXML() function to ensure that text strings displayed in web forms do not contain XML or HTML characters that could trick the browser. Sanitizing inputs is crucial in preventing cross-site scripting attacks.

Finally, we come to an incident involving Google’s Virus Total service. Virus Total is a popular platform where users can upload files to be shared with cybersecurity companies. Unfortunately, an employee accidentally uploaded a file containing a list of customer email addresses to the Virus Total portal, instead of the intended location. This serves as a reminder that mistakes happen to everyone, even the most cautious individuals. Sending an email to the wrong person by mistake is a common occurrence, so it’s important to remember that similar errors can occur when uploading files.

In terms of tips, one unpopular piece of advice is to log out from online accounts when not in use. While this may not have helped in the Virus Total incident, it is a good practice to minimize the risk of accidental uploads to the wrong servers. Additionally, double-checking before uploading files and being mindful of the information being shared can help prevent similar mishaps. Mistakes are bound to happen, but taking precautions and learning from them is key in maintaining cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *