OS discussion on the assumption of the highest threat model.
many who come here in sought for the "best or most" secure OS. some options involve options like kail, qubes os, subgraph, LFS, heads, tails, parrot, openbsd etc. we know that this is subjective and contains many variables.the question that follows this is usually what is your threat model, and that this depends on your opposed threat.i come here barring that same question from those before me. lets assume that the threat is as high as they come. sure they will find and get you regardless. the question to this would be, what is better? tails so that you have a machine that contains nothing and can be a throw-away, or subgraph or qubes that is limited but does keep data? maybe LPS from DOD back, which i believe has been rebranded.the goal is to have a machine that contains no data. i have NO desire to save any information on the machine. if the time ever came, it would be thrown away and no trace of the data should be contained on the machine. that means nothing in ram like a freeze etc.i would like to also have a checkin where by if i do not login within a specified time, the machine wipes.does this leave tails as the only option?
Submitted October 15, 2017 at 08:04AM by fallen1011
via reddit http://ift.tt/2xGpmYp
many who come here in sought for the "best or most" secure OS. some options involve options like kail, qubes os, subgraph, LFS, heads, tails, parrot, openbsd etc. we know that this is subjective and contains many variables.the question that follows this is usually what is your threat model, and that this depends on your opposed threat.i come here barring that same question from those before me. lets assume that the threat is as high as they come. sure they will find and get you regardless. the question to this would be, what is better? tails so that you have a machine that contains nothing and can be a throw-away, or subgraph or qubes that is limited but does keep data? maybe LPS from DOD back, which i believe has been rebranded.the goal is to have a machine that contains no data. i have NO desire to save any information on the machine. if the time ever came, it would be thrown away and no trace of the data should be contained on the machine. that means nothing in ram like a freeze etc.i would like to also have a checkin where by if i do not login within a specified time, the machine wipes.does this leave tails as the only option?
Submitted October 15, 2017 at 08:04AM by fallen1011
via reddit http://ift.tt/2xGpmYp
reddit
OS discussion on the assumption of the highest threat... • r/security
many come here in sought for the "best or most" secure OS. some involve options like kail, qubes os, subgraph, LFS, heads, tails, parrot, openbsd...
Using Elliptic Curve Cryptography with TPM2
http://ift.tt/2hH5HSu
Submitted October 15, 2017 at 03:57PM by CrankyBear
via reddit http://ift.tt/2xGASDr
http://ift.tt/2hH5HSu
Submitted October 15, 2017 at 03:57PM by CrankyBear
via reddit http://ift.tt/2xGASDr
reddit
Using Elliptic Curve Cryptography with TPM2 • r/security
0 points and 0 comments so far on reddit
Spy Tapes | TechSNAP 340 | Jupiter Broadcasting
http://ift.tt/2yndZH0
Submitted October 15, 2017 at 05:22PM by dmp1ce
via reddit http://ift.tt/2ypDDMW
http://ift.tt/2yndZH0
Submitted October 15, 2017 at 05:22PM by dmp1ce
via reddit http://ift.tt/2ypDDMW
Jupiterbroadcasting
Spy Tapes | TechSNAP 340 | Jupiter Broadcasting
The latest troubles at Kaspersky, the strategic implications of responsible disclosure at the NSA, the ethics of running a data breach search service & more!
what privacy/secure laptops do you know that soder ram to stop cold boot attacks? purism laptops dont soder ram. (Security Analysis PDF included)
http://ift.tt/2ypV8Nii understand that purism is a company that leans to be privacy and secure focused. that being said, they do not soder the ram and there is a possibility of a cold boot attack.what laptop options do you know are limited intel ME and priv and security focused that soder ram? would using epoxie on the ram maybe be an option?
Submitted October 15, 2017 at 07:55PM by fallen1011
via reddit http://ift.tt/2ypJAtc
http://ift.tt/2ypV8Nii understand that purism is a company that leans to be privacy and secure focused. that being said, they do not soder the ram and there is a possibility of a cold boot attack.what laptop options do you know are limited intel ME and priv and security focused that soder ram? would using epoxie on the ram maybe be an option?
Submitted October 15, 2017 at 07:55PM by fallen1011
via reddit http://ift.tt/2ypJAtc
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys
http://ift.tt/2ieFyhI
Submitted October 15, 2017 at 08:08PM by akendo
via reddit http://ift.tt/2yqPBGs
http://ift.tt/2ieFyhI
Submitted October 15, 2017 at 08:08PM by akendo
via reddit http://ift.tt/2yqPBGs
reddit
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys • r/netsec
12 points and 2 comments so far on reddit
Offensive Security Certified Professional (OSCP) Review - This review explains how you too can pass the OSCP!
http://ift.tt/2tAqvRd
Submitted October 16, 2017 at 12:08AM by InfoSecJim
via reddit http://ift.tt/2hIIBKX
http://ift.tt/2tAqvRd
Submitted October 16, 2017 at 12:08AM by InfoSecJim
via reddit http://ift.tt/2hIIBKX
Jim Wilbur's Blog
OSCP Review
Check out my review of the Offensive Security Certified Professional (OSCP) exam and coursework. I Tried Harder!
WDigest: Clear-Text Passwords in Memory - Is WDigest enabled on your Windows Servers? (2008-2012 is enabled by default) If you don't know, you might want to check...
http://ift.tt/2yqaOA6
Submitted October 16, 2017 at 02:21AM by InfoSecJim
via reddit http://ift.tt/2zqzhni
http://ift.tt/2yqaOA6
Submitted October 16, 2017 at 02:21AM by InfoSecJim
via reddit http://ift.tt/2zqzhni
Jim Wilbur's Blog
WDigest: Clear-Text Passwords in Memory - Jim Wilbur's Blog
WDigest is an insecure protocol and should be disabled. Credential harvesting software like Mimikatz can pull these clear-test credentials from memory.
Anti-Fraud measures coming up!
http://ift.tt/2gkOamb
Submitted October 16, 2017 at 02:57AM by securitynewsIO
via reddit http://ift.tt/2yjXGxd
http://ift.tt/2gkOamb
Submitted October 16, 2017 at 02:57AM by securitynewsIO
via reddit http://ift.tt/2yjXGxd
Security News iO
New Anti-Fraud Measures After Equifax Hack | Security News iO
Banks are working on anti-fraud measures by collecting sophisticated data on how consumers use their devices to mitigate against identity theft.
What is the difference between Image based authentication and Captcha?
I have been searching for the difference between the two but couldn’t find any good info. Any insights would be appreciated :)
Submitted October 16, 2017 at 01:59AM by siddhartharao17
via reddit http://ift.tt/2yje9BA
I have been searching for the difference between the two but couldn’t find any good info. Any insights would be appreciated :)
Submitted October 16, 2017 at 01:59AM by siddhartharao17
via reddit http://ift.tt/2yje9BA
reddit
What is the difference between Image based... • r/security
I have been searching for the difference between the two but couldn’t find any good info. Any insights would be appreciated :)
This is a core protocol-level flaw in WPA2 wi-fi and it looks bad. Possible impact: wi-fi decrypt, connection hijacking, content injection.
http://ift.tt/2yqHqKq
Submitted October 16, 2017 at 04:25AM by nadroj_r
via reddit http://ift.tt/2ykdFLx
http://ift.tt/2yqHqKq
Submitted October 16, 2017 at 04:25AM by nadroj_r
via reddit http://ift.tt/2ykdFLx
Airheads Community
A disclosure looks imminent from some researchers about a serious flaw in WPA2. https://twitter.com/kennwhite/status/919522184384729089 Reserved CVEs are: CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE…
New Android Ransomware.. Do you have common sense?
http://ift.tt/2zqIThE
Submitted October 16, 2017 at 09:07AM by securitynewsIO
via reddit http://ift.tt/2ymBYG9
http://ift.tt/2zqIThE
Submitted October 16, 2017 at 09:07AM by securitynewsIO
via reddit http://ift.tt/2ymBYG9
Security News iO
New Android Ransomware Encrypts Data & Locks User Out
There is a new Android Ransomware, DoubleLocker, that encrypts user data and then changes the PIN code, effectively locking users out of their phones.
[OpenSource] iOS app blackbox assessment tool with web ui, powered by frida.re and vuejs
http://ift.tt/2gF4MlB
Submitted October 16, 2017 at 08:52AM by CodeColorist
via reddit http://ift.tt/2yqGlle
http://ift.tt/2gF4MlB
Submitted October 16, 2017 at 08:52AM by CodeColorist
via reddit http://ift.tt/2yqGlle
GitHub
chaitin/passionfruit
passionfruit - [WIP] Crappy iOS app analyzer
Pizza Hut was Hacked and Late Notification Was Sent
http://ift.tt/2zqEewk
Submitted October 16, 2017 at 09:36AM by securitynewsIO
via reddit http://ift.tt/2zcqzI7
http://ift.tt/2zqEewk
Submitted October 16, 2017 at 09:36AM by securitynewsIO
via reddit http://ift.tt/2zcqzI7
Security News iO
Pizza Hut was Hacked and Late Notification Sent | Security News iO
Clients were told on Saturday that Pizza Hut was hacked two weeks ago and their personal information may have been compromised.
Paranormal activity
Hi all. Seems that the "Computer Misuse Act" in the UK does not contain any provision for people affecting computers by mere proximity due to telekinetic activity. This is an interesting theoretical defense as it would require the courts to admit that said ability exists in order to prosecute someone for "interfering with a computer or its programs".As I verifiably have this ability and also seem to be able to scramble storage devices, its an interesting problem and very hard to defend against. It appears that devices with specific components are more vulnerable than others (eg GL827) and on one occasion was able to crash three machines just by walking past them (2*BSOD, one lockup) Haven't dared try this experiment again, was tinkering with things I shouldn't have been without better safety precautions.
Submitted October 16, 2017 at 10:04AM by Conundrum1859
via reddit http://ift.tt/2xJGu4M
Hi all. Seems that the "Computer Misuse Act" in the UK does not contain any provision for people affecting computers by mere proximity due to telekinetic activity. This is an interesting theoretical defense as it would require the courts to admit that said ability exists in order to prosecute someone for "interfering with a computer or its programs".As I verifiably have this ability and also seem to be able to scramble storage devices, its an interesting problem and very hard to defend against. It appears that devices with specific components are more vulnerable than others (eg GL827) and on one occasion was able to crash three machines just by walking past them (2*BSOD, one lockup) Haven't dared try this experiment again, was tinkering with things I shouldn't have been without better safety precautions.
Submitted October 16, 2017 at 10:04AM by Conundrum1859
via reddit http://ift.tt/2xJGu4M
reddit
Paranormal activity • r/security
Hi all. Seems that the "Computer Misuse Act" in the UK does not contain any provision for people affecting computers by mere proximity due to...
What's wrong with WPA2 security and how to fix it - WPA3 Proposal
http://ift.tt/2hIvOs5
Submitted October 16, 2017 at 10:40AM by _RME_
via reddit http://ift.tt/2yk4vP3
http://ift.tt/2hIvOs5
Submitted October 16, 2017 at 10:40AM by _RME_
via reddit http://ift.tt/2yk4vP3
GitHub
d33tah/call-for-wpa3
Contribute to call-for-wpa3 development by creating an account on GitHub.
Cyber Security Industry Trends and Growth - Cyware
http://ift.tt/2yk4QBn
Submitted October 16, 2017 at 10:49AM by cywarelabs
via reddit http://ift.tt/2geDmTg
http://ift.tt/2yk4QBn
Submitted October 16, 2017 at 10:49AM by cywarelabs
via reddit http://ift.tt/2geDmTg
Cyware
Cyber Security Industry Trends and Growth | Malware Analysis | Cyware
Cyber Security Industry Trends and Growth - Find news and articles about Latest trends and Analysis happening around cyber security industry. Also get cyber reports and case studies to improve your awareness.
The KRACK attack info will be available here after 5am PST
http://ift.tt/2kR33OH
Submitted October 16, 2017 at 11:50AM by Sephr
via reddit http://ift.tt/2ylOjNu
http://ift.tt/2kR33OH
Submitted October 16, 2017 at 11:50AM by Sephr
via reddit http://ift.tt/2ylOjNu
Krackattacks
KRACK Attacks: Breaking WPA2
This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.
Framework for collecting events (process creation, network connections, Window Event Logs, etc.) from a client machine (Windows 7) and performing CAR analytics to detect potential adversary activity.
http://ift.tt/2wY2YKD
Submitted October 16, 2017 at 01:21PM by 2xyo
via reddit http://ift.tt/2hIHdIh
http://ift.tt/2wY2YKD
Submitted October 16, 2017 at 01:21PM by 2xyo
via reddit http://ift.tt/2hIHdIh
GitHub
Unfetter Analytic
Krack attack paper live (it got leaked) (PDF)
http://ift.tt/2gIbJ5n
Submitted October 16, 2017 at 02:42PM by LivingInSyn
via reddit http://ift.tt/2zr8EhU
http://ift.tt/2gIbJ5n
Submitted October 16, 2017 at 02:42PM by LivingInSyn
via reddit http://ift.tt/2zr8EhU
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
http://ift.tt/2icGTW9
Submitted October 16, 2017 at 02:34PM by secaggr
via reddit http://ift.tt/2gHD1ZO
http://ift.tt/2icGTW9
Submitted October 16, 2017 at 02:34PM by secaggr
via reddit http://ift.tt/2gHD1ZO
GitHub
vanhoefm/papers
Contribute to papers development by creating an account on GitHub.
WPA2 security flaw
http://ift.tt/2ifOu6k
Submitted October 16, 2017 at 03:25PM by yeongsheng-tan
via reddit http://ift.tt/2yrbB3r
http://ift.tt/2ifOu6k
Submitted October 16, 2017 at 03:25PM by yeongsheng-tan
via reddit http://ift.tt/2yrbB3r
Ars Technica
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
KRACK attack allows other nasties, including connection hijacking and malicious injection.