Five Minute Guide to Software Security
http://ift.tt/2ymwwF6
Submitted October 14, 2017 at 12:47AM by OneUpSecurity
via reddit http://ift.tt/2xDWtwh
http://ift.tt/2ymwwF6
Submitted October 14, 2017 at 12:47AM by OneUpSecurity
via reddit http://ift.tt/2xDWtwh
Oneupsecurity
Learn To Develop Secure Software
Education is the best way to mitigate security breaches. Security is not only a business decision, but also a moral decision. Always seek advice from an experienced security professional.
CREST CCT STUDY GROUP
http://ift.tt/2g98fZj
Submitted October 14, 2017 at 02:35AM by johnsmithe99
via reddit http://ift.tt/2gggwy6
http://ift.tt/2g98fZj
Submitted October 14, 2017 at 02:35AM by johnsmithe99
via reddit http://ift.tt/2gggwy6
SC(A)Make - cmake auto-execution is bad
http://ift.tt/2xDzMwZ
Submitted October 14, 2017 at 02:34AM by darx0r
via reddit http://ift.tt/2yndgHO
http://ift.tt/2xDzMwZ
Submitted October 14, 2017 at 02:34AM by darx0r
via reddit http://ift.tt/2yndgHO
GitHub
darx0r/SC-A-Make
SC-A-Make - CMake auto-execution is bad
Choosing your SSO strategy and toolset
http://ift.tt/2gDPspi
Submitted October 14, 2017 at 03:08AM by shoelaa
via reddit http://ift.tt/2z7tCRQ
http://ift.tt/2gDPspi
Submitted October 14, 2017 at 03:08AM by shoelaa
via reddit http://ift.tt/2z7tCRQ
mabl
How To Integrate SSO Into Your Applicaiton - mabl
If you're a modern developer and you don't already have SSO implemented for your application, you really should. If you're using it...
Equifax rival TransUnion also sends site visitors to malicious pages
http://ift.tt/2gz7TLZ
Submitted October 14, 2017 at 04:16AM by RandomCollection
via reddit http://ift.tt/2gEdBw0
http://ift.tt/2gz7TLZ
Submitted October 14, 2017 at 04:16AM by RandomCollection
via reddit http://ift.tt/2gEdBw0
Ars Technica
Equifax rival TransUnion also sends site visitors to malicious pages
People visiting TransUnion’s Central American site redirected to potpourri of badness.
Chrome Extension Uses Your Gmail to Register Domains Names & Injects Coinhive
http://ift.tt/2yIUKus
Submitted October 14, 2017 at 09:41AM by stevewatson301
via reddit http://ift.tt/2yg6eoC
http://ift.tt/2yIUKus
Submitted October 14, 2017 at 09:41AM by stevewatson301
via reddit http://ift.tt/2yg6eoC
BleepingComputer
Chrome Extension Uses Your Gmail to Register Domains Names & Injects Coinhive
A malicious Chrome extension is being used to inject the CoinHive browser miner, while registering domains for the extension developer using the victim's Gmail address.
My first Burp Suite extension
http://ift.tt/2gbdeZe
Submitted October 14, 2017 at 11:12AM by stackcrash
via reddit http://ift.tt/2yoy6qj
http://ift.tt/2gbdeZe
Submitted October 14, 2017 at 11:12AM by stackcrash
via reddit http://ift.tt/2yoy6qj
StackCrash
My first Burp Suite extension
Introduction I recently had a career change from the defensive side of security to the offensive which means a whole knew set of skills to develop. For those who are not familiar Burp Suite is a security tool for testing web applications. A great thing about…
Awesome hacking resources
Please contribute your resources to help others get betterhttp://ift.tt/2kMh14B
Submitted October 14, 2017 at 11:01AM by vitalysim
via reddit http://ift.tt/2hGefcc
Please contribute your resources to help others get betterhttp://ift.tt/2kMh14B
Submitted October 14, 2017 at 11:01AM by vitalysim
via reddit http://ift.tt/2hGefcc
GitHub
vitalysim/Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better! - vitalysim/Awesome-Hacking-Resources
Someone Created a Tor Hidden Service to Phish my Tor Hidden Service
http://ift.tt/2gCiV2V
Submitted October 14, 2017 at 01:56PM by grepnork
via reddit http://ift.tt/2ynBUHM
http://ift.tt/2gCiV2V
Submitted October 14, 2017 at 01:56PM by grepnork
via reddit http://ift.tt/2ynBUHM
reddit
Someone Created a Tor Hidden Service to Phish my Tor... • r/netsec
1 points and 0 comments so far on reddit
Flaw in Infineon TPM firmware lead to generation of weak keys
http://ift.tt/2y7h7cj
Submitted October 14, 2017 at 05:59PM by Natanael_L
via reddit http://ift.tt/2ynVW51
http://ift.tt/2y7h7cj
Submitted October 14, 2017 at 05:59PM by Natanael_L
via reddit http://ift.tt/2ynVW51
Microsoft
{{windowTitle}}
Security guidance articles
Multiple Vulnerabilities on Airtame Device (Before Version 3)
http://ift.tt/2ykXpaR
Submitted October 14, 2017 at 09:13PM by utku1337
via reddit http://ift.tt/2ibFfnO
http://ift.tt/2ykXpaR
Submitted October 14, 2017 at 09:13PM by utku1337
via reddit http://ift.tt/2ibFfnO
Utkusen
Multiple Vulnerabilities on Airtame Device (Before Version 3)
TL;DR I found following vulnerabilities on the Airtame Device (Before Version 3) Session Fixation Updating Firmware via HTTP Using Weak Cryptographic Hash
TrustedID sends new password cleartext in email
It was bad enough that Equifax's poor security compromised so much sensitive data. Then, TrustedID took nearly two weeks to fix their website so that I could complete the registration process. Now on top of all those errors, when my spouse could not create a new password in the TrustedID website, and asked support for help, they sent a new password cleartext with her username in an email message! I'm incredulous. I would think that they would be so sensitive to computer security that they would take breaches seriously.
Submitted October 14, 2017 at 11:33PM by lsitongia
via reddit http://ift.tt/2gF6W4M
It was bad enough that Equifax's poor security compromised so much sensitive data. Then, TrustedID took nearly two weeks to fix their website so that I could complete the registration process. Now on top of all those errors, when my spouse could not create a new password in the TrustedID website, and asked support for help, they sent a new password cleartext with her username in an email message! I'm incredulous. I would think that they would be so sensitive to computer security that they would take breaches seriously.
Submitted October 14, 2017 at 11:33PM by lsitongia
via reddit http://ift.tt/2gF6W4M
reddit
TrustedID sends new password cleartext in email • r/security
It was bad enough that Equifax's poor security compromised so much sensitive data. Then, TrustedID took nearly two weeks to fix their website so...
ISO dotcom era "It's safe" TV commercial
In thate late 1990's there was a TV commercial (possibly from IBM? not sure) about online security.It was in a coffee shop. A middle-aged white guy was in line, and a younger black guy in glasses was sitting down with a laptop. Both guys wearing suits. The 1st guy asks the 2nd guy what he's doing, the 2nd guy says he's buying something online. The 1st guy makes a remark like "Isn't that dangerous?" and the 2nd guy smiles and confidently says "It's safe." The 1st guy shrugs and the 2nd guy smiles and repeats "It's safe."Anybody else remember more about that commercial, or have a copy of it? It's hilarious considering how everyone was using SSL v2/v3 back then.
Submitted October 15, 2017 at 01:15AM by satyenshah
via reddit http://ift.tt/2wVTQGp
In thate late 1990's there was a TV commercial (possibly from IBM? not sure) about online security.It was in a coffee shop. A middle-aged white guy was in line, and a younger black guy in glasses was sitting down with a laptop. Both guys wearing suits. The 1st guy asks the 2nd guy what he's doing, the 2nd guy says he's buying something online. The 1st guy makes a remark like "Isn't that dangerous?" and the 2nd guy smiles and confidently says "It's safe." The 1st guy shrugs and the 2nd guy smiles and repeats "It's safe."Anybody else remember more about that commercial, or have a copy of it? It's hilarious considering how everyone was using SSL v2/v3 back then.
Submitted October 15, 2017 at 01:15AM by satyenshah
via reddit http://ift.tt/2wVTQGp
reddit
ISO dotcom era "It's safe" TV commercial • r/security
In thate late 1990's there was a TV commercial (possibly from IBM? not sure) about online security. It was in a coffee shop. A middle-aged...
OS discussion on the assumption of the highest threat model.
many who come here in sought for the "best or most" secure OS. some options involve options like kail, qubes os, subgraph, LFS, heads, tails, parrot, openbsd etc. we know that this is subjective and contains many variables.the question that follows this is usually what is your threat model, and that this depends on your opposed threat.i come here barring that same question from those before me. lets assume that the threat is as high as they come. sure they will find and get you regardless. the question to this would be, what is better? tails so that you have a machine that contains nothing and can be a throw-away, or subgraph or qubes that is limited but does keep data? maybe LPS from DOD back, which i believe has been rebranded.the goal is to have a machine that contains no data. i have NO desire to save any information on the machine. if the time ever came, it would be thrown away and no trace of the data should be contained on the machine. that means nothing in ram like a freeze etc.i would like to also have a checkin where by if i do not login within a specified time, the machine wipes.does this leave tails as the only option?
Submitted October 15, 2017 at 08:04AM by fallen1011
via reddit http://ift.tt/2xGpmYp
many who come here in sought for the "best or most" secure OS. some options involve options like kail, qubes os, subgraph, LFS, heads, tails, parrot, openbsd etc. we know that this is subjective and contains many variables.the question that follows this is usually what is your threat model, and that this depends on your opposed threat.i come here barring that same question from those before me. lets assume that the threat is as high as they come. sure they will find and get you regardless. the question to this would be, what is better? tails so that you have a machine that contains nothing and can be a throw-away, or subgraph or qubes that is limited but does keep data? maybe LPS from DOD back, which i believe has been rebranded.the goal is to have a machine that contains no data. i have NO desire to save any information on the machine. if the time ever came, it would be thrown away and no trace of the data should be contained on the machine. that means nothing in ram like a freeze etc.i would like to also have a checkin where by if i do not login within a specified time, the machine wipes.does this leave tails as the only option?
Submitted October 15, 2017 at 08:04AM by fallen1011
via reddit http://ift.tt/2xGpmYp
reddit
OS discussion on the assumption of the highest threat... • r/security
many come here in sought for the "best or most" secure OS. some involve options like kail, qubes os, subgraph, LFS, heads, tails, parrot, openbsd...
Using Elliptic Curve Cryptography with TPM2
http://ift.tt/2hH5HSu
Submitted October 15, 2017 at 03:57PM by CrankyBear
via reddit http://ift.tt/2xGASDr
http://ift.tt/2hH5HSu
Submitted October 15, 2017 at 03:57PM by CrankyBear
via reddit http://ift.tt/2xGASDr
reddit
Using Elliptic Curve Cryptography with TPM2 • r/security
0 points and 0 comments so far on reddit
Spy Tapes | TechSNAP 340 | Jupiter Broadcasting
http://ift.tt/2yndZH0
Submitted October 15, 2017 at 05:22PM by dmp1ce
via reddit http://ift.tt/2ypDDMW
http://ift.tt/2yndZH0
Submitted October 15, 2017 at 05:22PM by dmp1ce
via reddit http://ift.tt/2ypDDMW
Jupiterbroadcasting
Spy Tapes | TechSNAP 340 | Jupiter Broadcasting
The latest troubles at Kaspersky, the strategic implications of responsible disclosure at the NSA, the ethics of running a data breach search service & more!
what privacy/secure laptops do you know that soder ram to stop cold boot attacks? purism laptops dont soder ram. (Security Analysis PDF included)
http://ift.tt/2ypV8Nii understand that purism is a company that leans to be privacy and secure focused. that being said, they do not soder the ram and there is a possibility of a cold boot attack.what laptop options do you know are limited intel ME and priv and security focused that soder ram? would using epoxie on the ram maybe be an option?
Submitted October 15, 2017 at 07:55PM by fallen1011
via reddit http://ift.tt/2ypJAtc
http://ift.tt/2ypV8Nii understand that purism is a company that leans to be privacy and secure focused. that being said, they do not soder the ram and there is a possibility of a cold boot attack.what laptop options do you know are limited intel ME and priv and security focused that soder ram? would using epoxie on the ram maybe be an option?
Submitted October 15, 2017 at 07:55PM by fallen1011
via reddit http://ift.tt/2ypJAtc
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys
http://ift.tt/2ieFyhI
Submitted October 15, 2017 at 08:08PM by akendo
via reddit http://ift.tt/2yqPBGs
http://ift.tt/2ieFyhI
Submitted October 15, 2017 at 08:08PM by akendo
via reddit http://ift.tt/2yqPBGs
reddit
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys • r/netsec
12 points and 2 comments so far on reddit
Offensive Security Certified Professional (OSCP) Review - This review explains how you too can pass the OSCP!
http://ift.tt/2tAqvRd
Submitted October 16, 2017 at 12:08AM by InfoSecJim
via reddit http://ift.tt/2hIIBKX
http://ift.tt/2tAqvRd
Submitted October 16, 2017 at 12:08AM by InfoSecJim
via reddit http://ift.tt/2hIIBKX
Jim Wilbur's Blog
OSCP Review
Check out my review of the Offensive Security Certified Professional (OSCP) exam and coursework. I Tried Harder!
WDigest: Clear-Text Passwords in Memory - Is WDigest enabled on your Windows Servers? (2008-2012 is enabled by default) If you don't know, you might want to check...
http://ift.tt/2yqaOA6
Submitted October 16, 2017 at 02:21AM by InfoSecJim
via reddit http://ift.tt/2zqzhni
http://ift.tt/2yqaOA6
Submitted October 16, 2017 at 02:21AM by InfoSecJim
via reddit http://ift.tt/2zqzhni
Jim Wilbur's Blog
WDigest: Clear-Text Passwords in Memory - Jim Wilbur's Blog
WDigest is an insecure protocol and should be disabled. Credential harvesting software like Mimikatz can pull these clear-test credentials from memory.
Anti-Fraud measures coming up!
http://ift.tt/2gkOamb
Submitted October 16, 2017 at 02:57AM by securitynewsIO
via reddit http://ift.tt/2yjXGxd
http://ift.tt/2gkOamb
Submitted October 16, 2017 at 02:57AM by securitynewsIO
via reddit http://ift.tt/2yjXGxd
Security News iO
New Anti-Fraud Measures After Equifax Hack | Security News iO
Banks are working on anti-fraud measures by collecting sophisticated data on how consumers use their devices to mitigate against identity theft.