10Fold – Security Never Sleeps – 68

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  The entire Turkish citizen database has been leaked online, and the hack appears to be politically motivated. Microsoft released a 64-bit version of Windows 10 IoT Pro that is specifically designed for small internet-connected devices. Today Toyota announced a partnership with Microsoft to further develop a connected car and their systems to personalize to every driver. Lastly, in an interesting blog post, a security researcher explained how he hacked the Domino’s pizza app to bypass the payment page and get free pizza which highlighted the vulnerabilities located in company apps.

 

The entire Turkish citizenship database has allegedly been leaked online – Publication: Business Insider – Reporter name: Lianna Brinded

The entire Turkish citizenship database has allegedly been hacked and leaked online. A website with purportedly leaked details of 49,611,709 Turkish citizens is online and allegedly gives the following details of each citizen — including the Turkish President Tayyip Erdogan: National Identifier (TC Kimlik No), First Name, Last Name, Mother’s First Name, Father’s First Name, Gender, City of Birth, Date of Birth, ID Registration City and District, Full Address. The apparent hack seems to be politically motivated. The website reads: “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?”


Microsoft releases a 64-bit version of Windows 10 IoT Core Pro – Publication: VentureBeat – Reporter name: Jordan Novet

Microsoft today announced that it’s releasing a 64-bit (x64) version of Windows 10 IoT Core Pro. This is a special flavor of the edition of Windows 10 designed for small Internet-connected devices that’s exclusively available to original equipment manufacturers (OEM). “This will enable OEM/ODMs (original design manufacturers) to move between Windows 10 IoT Core and Windows 10 IoT Enterprise without the need to maintain a separate firmware image for their devices,” Brett Bentsen, partner group program manager for Windows IoT at Microsoft, wrote in a blog post. “Additionally, we’re making the Board Support Package for the Raspberry Pi open source (except for the UEFI parts) to help OEM/ODMs provide a customized board experience.”


Toyota teams with Microsoft on connected cars – Publication: USA Today – Reporter name: Nathan Bomey & Chris Woodyard

Toyota announced an enhanced relationship with Microsoft on Monday aimed at delivering “connected car” services to drivers in ways they probably never could have imagined. Already, drivers ask the infotainment system in their cars for restaurant recommendations, but many locations often would require that a driver turn around. But with Toyota Connected, the system might be modified to only recommend restaurants on the highway ahead — and then only the kinds of food that the driver usually prefers.


This Hacker Found a Way to Get Free Domino’s Pizza for Life – Publication: Fortune – Reporter name: Robert Hackett

Paul Price, a computer security researcher based in the United Kingdom, three years ago hit the pizza jackpot. He found a computer bug affecting a Domino’s mobile app on Google Android that allowed him to place orders free of charge. All Price had to do to hack the system was to input some obviously fake debit card information (Visa number: 4111111111111111), intercept the traffic between his phone and Domino’s computer servers, and tweak the data that typically turns up an error message, he says. Literally, he rewrote some code to read “accepted” instead of “declined,” which green-lit the order.