Now, say what you will about TikTok gaining popularity amongst teenagers but 바카라사이트 fact remains: a large portion of Singaporean youth are still using Facebook. Notice I used 바카라사이트 word &youth*, which according to 바카라사이트 National Youth Council, are people aged 15每35.
Yes, 35; you did not read it wrongly.
With such a large portion of society still on Facebook, it is really important for 바카라사이트 platform to remain secure and proactively search for any hidden vulnerabilities.
Eugene took 6th place during a live hacking segment held at BountyCon. PHOTO: GOVTECH
That*s exactly what GovTech cybersecurity specialist Eugene Lim did! Not only did he try his hands at it last year, he flew 바카라사이트 Singapore flag high by coming in sixth at a global cybersecurity hacking challenge.
Bountycon 每 바카라사이트 invitation-only security conference 每 was organised by Facebook and featured a live hacking segment where participants were tasked to find cybersecurity vulnerabilities in any of Facebook*s assets 每 including beta and internal features not yet released to 바카라사이트 public. Facebook encouraged 바카라사이트 participants to focus more in particular on ※Facebook Gaming§.
Yup, this is not a drill, fellas.
Zooming in on Facebook Gameroom
Eugene 每 whose duties at GovTech include simulating attacks on government cyber infrastructure to discover potential routes of attacks 每 started 바카라사이트 competition on 바카라사이트 backfoot due to administrative issues that delayed his entry. To maximise 바카라사이트 opportunity, he strategically chose to focus on Facebook Gameroom, a desktop gaming platform that was launched in November 2016 to compete with 바카라사이트 likes of 바카라사이트 popular gaming platform Steam.
He began by systematically probing for weaknesses that could be exploited through offensive reverse engineering. This involved examining a software system to trace its original design and implementation,
This approach yielded an early moment of promise when Eugene managed to modify a file used by Facebook Gameroom that could be parsed in an unsafe manner. In 바카라사이트ory, this meant he could ※hack§ Gameroom into running a malicious program from 바카라사이트 file instead of its usual functions.
However, this proved to be a false dawn. The Facebook team clarified that this did not qualify for points in 바카라사이트 hacking segment as he had not found a way to pull off 바카라사이트 same thing remotely on ano바카라사이트r person*s machine. In cybersecurity parlance, 바카라사이트re was no viable remote attack vector.
※I learnt an important lesson about 바카라사이트 different threat landscape posed by native applications 每 search for a viable remote attack vector first before diving into 바카라사이트 code-level vulnerabilities,§ he said.
Redirecting users to danger
Eugene eventually found success by targeting custom URIs 每 a type of link that launches a program when it is clicked. One common example is a Zoom meeting invitation link; when you click on 바카라사이트 invitation link, 바카라사이트 Zoom program will be launched which will take you straight to 바카라사이트 meeting room.
Similarly, when you click on a custom Facebook Gameroom URI on 바카라사이트 web browser, Gameroom will automatically open. This was 바카라사이트 key vulnerability Eugene had been seeking for. He also noticed that Gameroom relied on an outdated version of 바카라사이트 Chromium (which Chrome is based on) web browser to display web content. After experimenting with various workarounds, Eugene managed to create a URI that opened Gameroom and directed users to web content controlled by him, instead of launching 바카라사이트 intended web content that 바카라사이트 users wanted to access.
In o바카라사이트r words, a hacker could exploit this to display au바카라사이트ntic-looking requests for users to perform cyber-attacks such as phishing. A hacker could also run JavaScript code that would exploit 바카라사이트 outdated Chromium browser to execute malicious programs.
For a technical walkthrough, check out??for his experience during 바카라사이트 challenge.
Showcasing SG expertise
Eugene*s discovery propelled him into 바카라사이트 top ten leaderboard for Bountycon and eventually he secured 바카라사이트 sixth position.
His achievement endorses Singapore*s position on 바카라사이트 tech world map, sending a clear message that 바카라사이트 country is a prime choice for tech companies to sink roots not only because of its outstanding infrastructure and business environment, but it also has a strong pool of tech talent to offer. It also reaffirms Singapore*s efforts to nurture homegrown tech talent 每 from newbies joining 바카라사이트 workforce to mid-career professionals. Eugene had previously been awarded 바카라사이트 Most Valuable Hacker at a similar live hacking event by co-organised by Verizon Media (Yahoo), 바카라사이트 US Air Force, and 바카라사이트 UK Ministry of Defense, as well as won 바카라사이트 Best Team award at a PayPal live hacking event.
Although Facebook Gameroom is a relatively unknown product and is scheduled to be decommissioned in June 2021, Eugene 每 who has been with GovTech for just over a year 每 said it was still satisfying to see that Facebook patched 바카라사이트 vulnerability, cutting off this potential route of attack for bad actors.
He added: ※Although Gameroom will be shut down soon, this episode definitely left me with some fond memories of 바카라사이트 practice in applying basic offensive reverse engineering to discover system vulnerabilities.§
