Crippling crypto weakness opens millions of smartcards to cloning
http://ift.tt/2gBSnCg
Submitted October 24, 2017 at 04:47AM by nliausacmmv
via reddit http://ift.tt/2zz4Ieh
http://ift.tt/2gBSnCg
Submitted October 24, 2017 at 04:47AM by nliausacmmv
via reddit http://ift.tt/2zz4Ieh
Ars Technica
Crippling crypto weakness opens millions of smartcards to cloning
Gemalto IDPrime.NET almost certainly isn't the only smartcard vulnerable to ROCA.
Best practice AWS setup: multi-account / assume-tool + new cool tool release
http://ift.tt/2gt2dWS
Submitted October 24, 2017 at 03:48AM by fproulx
via reddit http://ift.tt/2gxSdIk
http://ift.tt/2gt2dWS
Submitted October 24, 2017 at 03:48AM by fproulx
via reddit http://ift.tt/2gxSdIk
The Coinbase Engineering Blog
You need more than one AWS account: AWS bastions and assume-role
You need more than one AWS account. This is to isolate production resources, manage limits (especially API rate limiting), handle costs…
MS Word Built-In Feature (DDE): Malware Execution and Attacks Demo
http://ift.tt/2iuLd38
Submitted October 24, 2017 at 09:36AM by hackerameer
via reddit http://ift.tt/2z2ZX0a
http://ift.tt/2iuLd38
Submitted October 24, 2017 at 09:36AM by hackerameer
via reddit http://ift.tt/2z2ZX0a
Ethical Hackers Club
MS Word Built-In Feature (DDE): Malware Execution and Attacks Demo
Here are some demos on using Microsoft Word built-in feature Dynamic Data Exchange (DDE) for malware execution and attacks.
Certainty: Automated CACert.pem Management for PHP Software (Open Source)
http://ift.tt/2y0grWZ
Submitted October 24, 2017 at 10:46AM by sarciszewski
via reddit http://ift.tt/2y0VBqz
http://ift.tt/2y0grWZ
Submitted October 24, 2017 at 10:46AM by sarciszewski
via reddit http://ift.tt/2y0VBqz
Paragonie
Certainty: Automated CACert.pem Management for PHP Software - Paragon Initiative Enterprises Blog
Our new open source library, which keeps your Certificate Authority certificate bundle up-to-date.
Security Issues in Sarahah uncovered By Scott Helme
http://ift.tt/2gZPCHW
Submitted October 24, 2017 at 10:43AM by srinathrajaram
via reddit http://ift.tt/2i1tH2D
http://ift.tt/2gZPCHW
Submitted October 24, 2017 at 10:43AM by srinathrajaram
via reddit http://ift.tt/2i1tH2D
reddit
Security Issues in Sarahah uncovered By Scott Helme • r/security
1 points and 0 comments so far on reddit
Let’s Enhance ! How we found @rogerkver’s $1000 wallet obfuscated private key.
http://ift.tt/2yEmjoe
Submitted October 24, 2017 at 12:15PM by shark0der
via reddit http://ift.tt/2gAqvut
http://ift.tt/2yEmjoe
Submitted October 24, 2017 at 12:15PM by shark0der
via reddit http://ift.tt/2gAqvut
Medium
Let’s Enhance ! How we found @rogerkver’s $1000 wallet obfuscated private key.
Broadcasted on French TV show “Complément d’enquête”.
Apple and Google assures to find remedies to fix Krack Wi-Fi flaw
Apple and Google assures to find remedies to fix Krack WiFi flaw to stop hackers to steal credit card numbers, passwords and private messages from internet users
Submitted October 24, 2017 at 12:41PM by CIOBulletin
via reddit http://ift.tt/2xjZ278
Apple and Google assures to find remedies to fix Krack WiFi flaw to stop hackers to steal credit card numbers, passwords and private messages from internet users
Submitted October 24, 2017 at 12:41PM by CIOBulletin
via reddit http://ift.tt/2xjZ278
reddit
Apple and Google assures to find remedies to fix... • r/security
Apple and Google assures to find remedies to fix Krack WiFi flaw to stop hackers to steal credit card numbers, passwords and private messages from...
Attack of the week: DUHK
http://ift.tt/2gwvCMc
Submitted October 24, 2017 at 02:15PM by campuscodi
via reddit http://ift.tt/2y2muW5
http://ift.tt/2gwvCMc
Submitted October 24, 2017 at 02:15PM by campuscodi
via reddit http://ift.tt/2y2muW5
A Few Thoughts on Cryptographic Engineering
Attack of the week: DUHK
Before we get started, fair warning: this is going to be a post about a fairly absurd (but non-trivial!) attack on cryptographic systems. But that’s ok, because it’s based on a fairly a…
The Cloud Native Computing Foundation adds two security projects to its open source stable
http://ift.tt/2yGpPyE
Submitted October 24, 2017 at 02:30PM by MicheeLengronne
via reddit http://ift.tt/2z2P8eD
http://ift.tt/2yGpPyE
Submitted October 24, 2017 at 02:30PM by MicheeLengronne
via reddit http://ift.tt/2z2P8eD
TechCrunch
The Cloud Native Computing Foundation adds two security projects to its open source stable
The Cloud Native Computing Foundation (CNCF) is probably best known for being the home of the Kubernetes container orchestration project, but there plenty of other projects that now fall under the…
Server Session SSL|TLS
http://ift.tt/2l9FjWa
Submitted October 24, 2017 at 02:55PM by MicheeLengronne
via reddit http://ift.tt/2yKpBFV
http://ift.tt/2l9FjWa
Submitted October 24, 2017 at 02:55PM by MicheeLengronne
via reddit http://ift.tt/2yKpBFV
Limawi
Server Session SSL|TLS
protocol about server session SSL/TLS.
SandBox-Dumper - Hacky Utility for providing iOS Application Sandbox location + Other information
http://ift.tt/2h48rd9
Submitted October 24, 2017 at 04:31PM by din3zh
via reddit http://ift.tt/2yKAVl7
http://ift.tt/2h48rd9
Submitted October 24, 2017 at 04:31PM by din3zh
via reddit http://ift.tt/2yKAVl7
GitHub
dineshshetty/iOS-SandBox-Dumper
iOS-SandBox-Dumper - SandBox-Dumper makes use of multiple private libraries to provide exact locations of the application sandbox, application bundle and some other interesting information
Solutions to the first 6 Fire-eye Flare-On challenges
http://vulnerable.space
Submitted October 24, 2017 at 02:57PM by _GradiusX_
via reddit http://ift.tt/2lcTYju
http://vulnerable.space
Submitted October 24, 2017 at 02:57PM by _GradiusX_
via reddit http://ift.tt/2lcTYju
reddit
Solutions to the first 6 Fire-eye Flare-On challenges • r/netsec
1 points and 0 comments so far on reddit
ADV170014 NTLM SSO: Exploitation Guide
http://ift.tt/2yMQZmS
Submitted October 24, 2017 at 05:15PM by galapag0
via reddit http://ift.tt/2ixMkPH
http://ift.tt/2yMQZmS
Submitted October 24, 2017 at 05:15PM by galapag0
via reddit http://ift.tt/2ixMkPH
Sysadmin Life...
ADV170014 NTLM SSO: Exploitation Guide
October 2017, Microsoft patch Tuesday included an optional security advisory, ADV170014, this advisory makes reference to a bug on the NTLM authentication scheme, that allows a malicious attacker t…
You need more than one AWS account: AWS bastions and assume-role
http://ift.tt/2gt2dWS
Submitted October 24, 2017 at 05:44PM by speckz
via reddit http://ift.tt/2gxZaZY
http://ift.tt/2gt2dWS
Submitted October 24, 2017 at 05:44PM by speckz
via reddit http://ift.tt/2gxZaZY
The Coinbase Engineering Blog
You need more than one AWS account: AWS bastions and assume-role
You need more than one AWS account. This is to isolate production resources, manage limits (especially API rate limiting), handle costs…
Reverse Engineering an Integrated Circuit for Pwn2Win 2017 CTF
http://ift.tt/2h19SsE
Submitted October 24, 2017 at 05:43PM by Involder
via reddit http://ift.tt/2yLcdQg
http://ift.tt/2h19SsE
Submitted October 24, 2017 at 05:43PM by Involder
via reddit http://ift.tt/2yLcdQg
blog.dragonsector.pl
Pwn2Win 2017 - Shift Register
Disclaimer : I am not an electronics engineer. I just play one on Twitter. A lot of the following might be heresy to someone who ever ...
Automating The GRC Checkbox Game
http://ift.tt/2h3S6Vx
Submitted October 24, 2017 at 06:10PM by Uminekoshi
via reddit http://ift.tt/2xk0SFg
http://ift.tt/2h3S6Vx
Submitted October 24, 2017 at 06:10PM by Uminekoshi
via reddit http://ift.tt/2xk0SFg
Nehemiah Security
Automating the GRC Checkbox Game - Nehemiah Security
It is time to sunset the practice of producing reports for reporting’s sake to satisfy regulators. Organizations need to go beyond just producing reports to continuous monitoring of their compliance position. Automation becomes key here. In my post I discuss…
Security In 5: Episode 96 - OWASP A2 - Broken Authentication And Session Management
http://ift.tt/2iwjsHA
Submitted October 24, 2017 at 06:36PM by BinaryBlog
via reddit http://ift.tt/2z2l032
http://ift.tt/2iwjsHA
Submitted October 24, 2017 at 06:36PM by BinaryBlog
via reddit http://ift.tt/2z2l032
Libsyn
Security In Five Podcast: Episode 96 - OWASP A2 - Broken Authentication And Session Management
Continuing with the OWASP Top 10 series we are on number 2, Broken Authentication and Session Management. What is it? How can be exploited? This episode breaks down what this covers and why it's number two in the Top 10. OWAPS A2 - Broken Authentication…
Introducing New Packing Method: First Reflective PE Packer Amber
http://ift.tt/2zySi6g
Submitted October 24, 2017 at 06:43PM by wtfse
via reddit http://ift.tt/2yJrLUF
http://ift.tt/2zySi6g
Submitted October 24, 2017 at 06:43PM by wtfse
via reddit http://ift.tt/2yJrLUF
"Three Commandments to Building a Mature Awareness Program"
http://ift.tt/2yFt0GD
Submitted October 24, 2017 at 07:20PM by volci
via reddit http://ift.tt/2gA7Dfh
http://ift.tt/2yFt0GD
Submitted October 24, 2017 at 07:20PM by volci
via reddit http://ift.tt/2gA7Dfh
securingthehuman.sans.org
Security Awareness Blog | Three Commandments to Building a Mature Awareness Program
Security Awareness Blog blog pertaining to Three Commandments to Building a Mature Awareness Program
Unpatched 17 Year Old Windows Kernel Bug Could Help Malware Hinder Detection - Part 2
http://ift.tt/2eZAQ6r
Submitted October 24, 2017 at 11:55AM by tal_liberman
via reddit http://ift.tt/2leNpgo
http://ift.tt/2eZAQ6r
Submitted October 24, 2017 at 11:55AM by tal_liberman
via reddit http://ift.tt/2leNpgo
A short story about CCTV cameras in hotels and how to hack them.
http://ift.tt/2leRu4i
Submitted October 24, 2017 at 08:47PM by MD3XTER
via reddit http://ift.tt/2z4t7wc
http://ift.tt/2leRu4i
Submitted October 24, 2017 at 08:47PM by MD3XTER
via reddit http://ift.tt/2z4t7wc
AZ - Blog
Such CCTV Cameras - Much Security
A short story about CCTV cameras in hotels and how to hack them.