systemd Vulnerability Leads to Denial of Service on Linux (CVE-2017-15908)
http://ift.tt/2BhxWQK
Submitted November 27, 2017 at 09:14PM by EvanConover
via reddit http://ift.tt/2hVu674
http://ift.tt/2BhxWQK
Submitted November 27, 2017 at 09:14PM by EvanConover
via reddit http://ift.tt/2hVu674
Trendmicro
systemd Vulnerability Leads to Denial of Service on Linux - TrendLabs Security Intelligence Blog
Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver could cause a denial-of-service attack on vulnerable systems. The vulnerability is exploited by having the vulnerable system send a DNS query to a…
Two-factor authentication flowsheets
I'm looking for flowsheets for implementing two-factor authentication in a web application, including registration, login, forgotten password, and lost authentication device.I can probably work these out for myself, but with all things crypto, I'm hesitant to develop my own algorithms because I risk missing something vital and leaving a security hole that an attacker can exploit.Any recommendations of blogs or books that cover this?
Submitted November 27, 2017 at 09:29PM by grkuntzmd
via reddit http://ift.tt/2iVVkLZ
I'm looking for flowsheets for implementing two-factor authentication in a web application, including registration, login, forgotten password, and lost authentication device.I can probably work these out for myself, but with all things crypto, I'm hesitant to develop my own algorithms because I risk missing something vital and leaving a security hole that an attacker can exploit.Any recommendations of blogs or books that cover this?
Submitted November 27, 2017 at 09:29PM by grkuntzmd
via reddit http://ift.tt/2iVVkLZ
reddit
Two-factor authentication flowsheets • r/security
I'm looking for flowsheets for implementing two-factor authentication in a web application, including registration, login, forgotten password, and...
Imgur confirms email addresses, passwords stolen in 2014 hack
http://ift.tt/2A6P1z0
Submitted November 27, 2017 at 11:51PM by volci
via reddit http://ift.tt/2zsBcqX
http://ift.tt/2A6P1z0
Submitted November 27, 2017 at 11:51PM by volci
via reddit http://ift.tt/2zsBcqX
ZDNet
Imgur confirms email addresses, passwords stolen in 2014 hack
The hackers stole email addresses and passwords.
The future of cyberwar: Weaponised ransomware, IoT attacks and a new arms race
http://ift.tt/2z4GI76
Submitted November 27, 2017 at 11:43PM by SecurityTrust
via reddit http://ift.tt/2zsnEvv
http://ift.tt/2z4GI76
Submitted November 27, 2017 at 11:43PM by SecurityTrust
via reddit http://ift.tt/2zsnEvv
TechRepublic
The future of cyberwar: Weaponised ransomware, IoT attacks and a new arms race
Now that cyberwarfare is out of the shadows, here's a taste of what is coming next.
Packet Total 2.0 was released this month
https://packettotal.com
Submitted November 27, 2017 at 11:33PM by WubbaLubbaDubDub123
via reddit http://ift.tt/2iWXGu1
https://packettotal.com
Submitted November 27, 2017 at 11:33PM by WubbaLubbaDubDub123
via reddit http://ift.tt/2iWXGu1
Dynamitelab
DynamiteLab – A Free Online PCAP File Viewer and Analyzer
DynamiteLab performs network traffic analysis and cyber threat detection from packet capture files, such as pcap and pcapng. DynamiteLab Community is a successor to PacketTotal, providing a free repository of over 100,000 pcap files. The platform is operated…
Early Warning: A New Mirai Variant is Spreading Quickly on Port 23 and 2323
http://ift.tt/2B6Nmq4
Submitted November 28, 2017 at 12:09AM by speckz
via reddit http://ift.tt/2Ae3Kpf
http://ift.tt/2B6Nmq4
Submitted November 28, 2017 at 12:09AM by speckz
via reddit http://ift.tt/2Ae3Kpf
reddit
Early Warning: A New Mirai Variant is Spreading... • r/security
1 points and 0 comments so far on reddit
An AI Safety Researcher's Take on Security Mindset vs Ordinary Paranoia
http://ift.tt/2A5BC9T
Submitted November 28, 2017 at 01:22AM by caverts
via reddit http://ift.tt/2n9GDcG
http://ift.tt/2A5BC9T
Submitted November 28, 2017 at 01:22AM by caverts
via reddit http://ift.tt/2n9GDcG
Machine Intelligence Research Institute
Security Mindset and Ordinary Paranoia
The following is a fictional dialogue building off of AI Alignment: Why It’s Hard, and Where to Start. (AMBER, a philanthropist interested in a more reliable Internet, and CORAL, a computer security professional, are at a conference hotel together discussing…
Why we can’t trust smartphones anymore
http://ift.tt/2n13jvP
Submitted November 28, 2017 at 04:24AM by antdude
via reddit http://ift.tt/2Ab9SAT
http://ift.tt/2n13jvP
Submitted November 28, 2017 at 04:24AM by antdude
via reddit http://ift.tt/2Ab9SAT
Computerworld
Why we can’t trust smartphones anymore
A new class of security problem is caused by smartphone makers that create vulnerabilities deliberately without telling customers.
So, there are essentially no security features on Google Home devices?
I just wanted to share how ridiculous the security is using Google Home mini, and this seemed like a place to voice that concern.I just purchased a Google Home Mini, and I am quite concerned with the essentially non-existant security with these devices. By simply being connected to the same wifi connection you can boot up the Google Home app and change pretty much any setting you want to either the Chromecast or the Home Mini. The aforementioned Chromecast was setup by my roommate using a different android phone and google account, and I was able to have full access and change all of the settings, or even reset the device wirelessly. I can play any content I want to either of these devices, change the settings, see what content is being played on the device ( or change the setting that "hides" the content that is casting ) or enable or disable the "Guest" mode.This seems like a blatant and horrible risk for security, as many users are likely sharing wifi networks in places like college dorms and apartment complexes, and may not know how easy it is to access settings and such from these devices.Google's official response to any concerns like this is to "make your Home Wi-Fi network password protected and only give out the password to people you trust.", which is ridiculous. This works under the assumption that families and those who share Wifi want each-other to have complete access to the casting devices or content being consumed on them. I am genuinely astonished that Google released the product only relying on a Wifi password to prevent changes.It doesn't seem like the Echo Dot has the same blatant security issues as installing the Alexa app prompted me to log into my Amazon account, and the only device visible was my own Amazon Firestick, and not the Echo Dot connected to my wifi network that I do not own.
Submitted November 28, 2017 at 04:10AM by dclems
via reddit http://ift.tt/2nanCqn
I just wanted to share how ridiculous the security is using Google Home mini, and this seemed like a place to voice that concern.I just purchased a Google Home Mini, and I am quite concerned with the essentially non-existant security with these devices. By simply being connected to the same wifi connection you can boot up the Google Home app and change pretty much any setting you want to either the Chromecast or the Home Mini. The aforementioned Chromecast was setup by my roommate using a different android phone and google account, and I was able to have full access and change all of the settings, or even reset the device wirelessly. I can play any content I want to either of these devices, change the settings, see what content is being played on the device ( or change the setting that "hides" the content that is casting ) or enable or disable the "Guest" mode.This seems like a blatant and horrible risk for security, as many users are likely sharing wifi networks in places like college dorms and apartment complexes, and may not know how easy it is to access settings and such from these devices.Google's official response to any concerns like this is to "make your Home Wi-Fi network password protected and only give out the password to people you trust.", which is ridiculous. This works under the assumption that families and those who share Wifi want each-other to have complete access to the casting devices or content being consumed on them. I am genuinely astonished that Google released the product only relying on a Wifi password to prevent changes.It doesn't seem like the Echo Dot has the same blatant security issues as installing the Alexa app prompted me to log into my Amazon account, and the only device visible was my own Amazon Firestick, and not the Echo Dot connected to my wifi network that I do not own.
Submitted November 28, 2017 at 04:10AM by dclems
via reddit http://ift.tt/2nanCqn
reddit
So, there are essentially no security features on... • r/security
I just wanted to share how ridiculous the security is using Google Home mini, and this seemed like a place to voice that concern. I just...
Hot Singles in Your Area Want to Putin 💋: Click here to like 👍 the new global cyber-war on social media
http://ift.tt/2AEypPP
Submitted November 28, 2017 at 08:08AM by Paul-B-Robinson1
via reddit http://ift.tt/2AdUELv
http://ift.tt/2AEypPP
Submitted November 28, 2017 at 08:08AM by Paul-B-Robinson1
via reddit http://ift.tt/2AdUELv
Medium
Hot Singles in Your Area Want to Putin 💋
Click here to like 👍 the all new global cyber-war on social media
"There will be no more passwords in the next 24 months" - Frank Abagnale (Catch Me If You Can) talks about Trusona
https://www.youtube.com/watch?v=vsMydMDi3rI&feature=youtu.be&t=3412
Submitted November 28, 2017 at 09:10AM by 8483
via reddit http://ift.tt/2AeJFlr
https://www.youtube.com/watch?v=vsMydMDi3rI&feature=youtu.be&t=3412
Submitted November 28, 2017 at 09:10AM by 8483
via reddit http://ift.tt/2AeJFlr
YouTube
Frank Abagnale: "Catch Me If You Can" | Talks at Google
For Google's Security and Privacy Month, we are honored to present the real Frank Abagnale, Renowned Cybersecurity And Fraud Prevention Expert, Bestselling A...
Using DNS to Break Out of Isolated Networks in a AWS Cloud Environment (xpost /r/aws)
http://ift.tt/2k6IA8D
Submitted November 28, 2017 at 08:41AM by Dejanz
via reddit http://ift.tt/2Ag18XY
http://ift.tt/2k6IA8D
Submitted November 28, 2017 at 08:41AM by Dejanz
via reddit http://ift.tt/2Ag18XY
Dejandayoff
Using DNS to Break Out of Isolated Networks in a AWS Cloud Environment
Traffic destined to the AmazonProvidedDNS is traffic bound for AWS management infrastructure and does not egress via the same network links as standard custo...
How to backup VeraCrypt drives?
Today I found out Symantec Recovery and Veeam can't recognize fully encrypted disks (VeraCrypt AES).The only way I can find as a temporary solution is to robocopy the drive to a backup external drive (also encrypted).Is anyone aware of a good backup solution that can handle fully encrypted disks? Any advice is appreciated, thanks!
Submitted November 28, 2017 at 11:17AM by mr_norr
via reddit http://ift.tt/2icaek2
Today I found out Symantec Recovery and Veeam can't recognize fully encrypted disks (VeraCrypt AES).The only way I can find as a temporary solution is to robocopy the drive to a backup external drive (also encrypted).Is anyone aware of a good backup solution that can handle fully encrypted disks? Any advice is appreciated, thanks!
Submitted November 28, 2017 at 11:17AM by mr_norr
via reddit http://ift.tt/2icaek2
reddit
How to backup VeraCrypt drives? • r/security
Today I found out Symantec Recovery and Veeam can't recognize fully encrypted disks (VeraCrypt AES). The only way I can find as a temporary...
Different Types of HIPAA Privacy and Security Policies
http://ift.tt/2Aarj4x
Submitted November 28, 2017 at 12:43PM by Jaccob2016
via reddit http://ift.tt/2hXf80o
http://ift.tt/2Aarj4x
Submitted November 28, 2017 at 12:43PM by Jaccob2016
via reddit http://ift.tt/2hXf80o
Boomeon
Boomeon | Different Types of HIPAA Privacy and Security Policies
Boomeon is the premier online community just for Baby Boomers. Read, see, do, share -- this is your generation. This is your place to be.
A Complete Penetration Testing Tool List for Security Professionals
http://ift.tt/2ADI2ht
Submitted November 28, 2017 at 12:47PM by tech-gig
via reddit http://ift.tt/2Ad5P7a
http://ift.tt/2ADI2ht
Submitted November 28, 2017 at 12:47PM by tech-gig
via reddit http://ift.tt/2Ad5P7a
Tech
Complete Penetration Testing Tool List for Security Professionals
Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure.
System Hardening Checklist
http://ift.tt/2Abbjzf
Submitted November 28, 2017 at 07:12PM by adrelanos
via reddit http://ift.tt/2iZDCXX
http://ift.tt/2Abbjzf
Submitted November 28, 2017 at 07:12PM by adrelanos
via reddit http://ift.tt/2iZDCXX
Whonix
System Hardening Checklist
Hardening instructions for Whonix and Qubes-Whonix. Improving Linux, Windows and macOS host security and networking configurations. Safe Tor, Tor Browser and other online activities.
Unofficial Guide to Mimikatz & Command Reference
http://ift.tt/1Qou989
Submitted November 28, 2017 at 07:36PM by FireFart
via reddit http://ift.tt/2BjRove
http://ift.tt/1Qou989
Submitted November 28, 2017 at 07:36PM by FireFart
via reddit http://ift.tt/2BjRove
System Hardening Checklist
http://ift.tt/2Abbjzf
Submitted November 28, 2017 at 07:45PM by adrelanos
via reddit http://ift.tt/2naCe9g
http://ift.tt/2Abbjzf
Submitted November 28, 2017 at 07:45PM by adrelanos
via reddit http://ift.tt/2naCe9g
Whonix
System Hardening Checklist
Hardening instructions for Whonix and Qubes-Whonix. Improving Linux, Windows and macOS host security and networking configurations. Safe Tor, Tor Browser and other online activities.
Security In 5: Episode 120 - OWASP Top 10 - A7 - Missing Function Level Access Control
http://ift.tt/2Bu4fM8
Submitted November 28, 2017 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2k4DDNx
http://ift.tt/2Bu4fM8
Submitted November 28, 2017 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2k4DDNx
Libsyn
Security In Five Podcast: Episode 120 - OWASP Top 10 - A7 - Missing Function Level Access Control
The OWASP Top 10 series continues and we're up to number 7. This one is called Missing Function Level Access Control and talk about protecting the inner functions of an application from being called by the approved users. Just because a user logged in doesn't…
Using MITMF and MQTT to break into victims mobile via web.xender.com
http://ift.tt/2BknCX7
Submitted November 28, 2017 at 09:05PM by sathish09
via reddit http://ift.tt/2zwTKqa
http://ift.tt/2BknCX7
Submitted November 28, 2017 at 09:05PM by sathish09
via reddit http://ift.tt/2zwTKqa
Medium
Xender to shell using python and mitmf
Here is a way to compromise a victim’s android phone using web.xender.com. I have chained multiple things to achieve this.
A detailed review of hundreds of the most popular US federal websites shows that, year over year, most continue to fall short of security and technical requirements set by the federal government, as well as industry standards for web design and development.
http://ift.tt/2AaYHIP
Submitted November 28, 2017 at 09:58PM by EvanConover
via reddit http://ift.tt/2AfKx94
http://ift.tt/2AaYHIP
Submitted November 28, 2017 at 09:58PM by EvanConover
via reddit http://ift.tt/2AfKx94
Infosecurity Magazine
Federal Websites Still Lack Basic Security
Only 71% of all the reviewed websites passed the SSL test.