An AI Safety Researcher's Take on Security Mindset vs Ordinary Paranoia
http://ift.tt/2A5BC9T
Submitted November 28, 2017 at 01:22AM by caverts
via reddit http://ift.tt/2n9GDcG
http://ift.tt/2A5BC9T
Submitted November 28, 2017 at 01:22AM by caverts
via reddit http://ift.tt/2n9GDcG
Machine Intelligence Research Institute
Security Mindset and Ordinary Paranoia
The following is a fictional dialogue building off of AI Alignment: Why It’s Hard, and Where to Start. (AMBER, a philanthropist interested in a more reliable Internet, and CORAL, a computer security professional, are at a conference hotel together discussing…
Why we can’t trust smartphones anymore
http://ift.tt/2n13jvP
Submitted November 28, 2017 at 04:24AM by antdude
via reddit http://ift.tt/2Ab9SAT
http://ift.tt/2n13jvP
Submitted November 28, 2017 at 04:24AM by antdude
via reddit http://ift.tt/2Ab9SAT
Computerworld
Why we can’t trust smartphones anymore
A new class of security problem is caused by smartphone makers that create vulnerabilities deliberately without telling customers.
So, there are essentially no security features on Google Home devices?
I just wanted to share how ridiculous the security is using Google Home mini, and this seemed like a place to voice that concern.I just purchased a Google Home Mini, and I am quite concerned with the essentially non-existant security with these devices. By simply being connected to the same wifi connection you can boot up the Google Home app and change pretty much any setting you want to either the Chromecast or the Home Mini. The aforementioned Chromecast was setup by my roommate using a different android phone and google account, and I was able to have full access and change all of the settings, or even reset the device wirelessly. I can play any content I want to either of these devices, change the settings, see what content is being played on the device ( or change the setting that "hides" the content that is casting ) or enable or disable the "Guest" mode.This seems like a blatant and horrible risk for security, as many users are likely sharing wifi networks in places like college dorms and apartment complexes, and may not know how easy it is to access settings and such from these devices.Google's official response to any concerns like this is to "make your Home Wi-Fi network password protected and only give out the password to people you trust.", which is ridiculous. This works under the assumption that families and those who share Wifi want each-other to have complete access to the casting devices or content being consumed on them. I am genuinely astonished that Google released the product only relying on a Wifi password to prevent changes.It doesn't seem like the Echo Dot has the same blatant security issues as installing the Alexa app prompted me to log into my Amazon account, and the only device visible was my own Amazon Firestick, and not the Echo Dot connected to my wifi network that I do not own.
Submitted November 28, 2017 at 04:10AM by dclems
via reddit http://ift.tt/2nanCqn
I just wanted to share how ridiculous the security is using Google Home mini, and this seemed like a place to voice that concern.I just purchased a Google Home Mini, and I am quite concerned with the essentially non-existant security with these devices. By simply being connected to the same wifi connection you can boot up the Google Home app and change pretty much any setting you want to either the Chromecast or the Home Mini. The aforementioned Chromecast was setup by my roommate using a different android phone and google account, and I was able to have full access and change all of the settings, or even reset the device wirelessly. I can play any content I want to either of these devices, change the settings, see what content is being played on the device ( or change the setting that "hides" the content that is casting ) or enable or disable the "Guest" mode.This seems like a blatant and horrible risk for security, as many users are likely sharing wifi networks in places like college dorms and apartment complexes, and may not know how easy it is to access settings and such from these devices.Google's official response to any concerns like this is to "make your Home Wi-Fi network password protected and only give out the password to people you trust.", which is ridiculous. This works under the assumption that families and those who share Wifi want each-other to have complete access to the casting devices or content being consumed on them. I am genuinely astonished that Google released the product only relying on a Wifi password to prevent changes.It doesn't seem like the Echo Dot has the same blatant security issues as installing the Alexa app prompted me to log into my Amazon account, and the only device visible was my own Amazon Firestick, and not the Echo Dot connected to my wifi network that I do not own.
Submitted November 28, 2017 at 04:10AM by dclems
via reddit http://ift.tt/2nanCqn
reddit
So, there are essentially no security features on... • r/security
I just wanted to share how ridiculous the security is using Google Home mini, and this seemed like a place to voice that concern. I just...
Hot Singles in Your Area Want to Putin 💋: Click here to like 👍 the new global cyber-war on social media
http://ift.tt/2AEypPP
Submitted November 28, 2017 at 08:08AM by Paul-B-Robinson1
via reddit http://ift.tt/2AdUELv
http://ift.tt/2AEypPP
Submitted November 28, 2017 at 08:08AM by Paul-B-Robinson1
via reddit http://ift.tt/2AdUELv
Medium
Hot Singles in Your Area Want to Putin 💋
Click here to like 👍 the all new global cyber-war on social media
"There will be no more passwords in the next 24 months" - Frank Abagnale (Catch Me If You Can) talks about Trusona
https://www.youtube.com/watch?v=vsMydMDi3rI&feature=youtu.be&t=3412
Submitted November 28, 2017 at 09:10AM by 8483
via reddit http://ift.tt/2AeJFlr
https://www.youtube.com/watch?v=vsMydMDi3rI&feature=youtu.be&t=3412
Submitted November 28, 2017 at 09:10AM by 8483
via reddit http://ift.tt/2AeJFlr
YouTube
Frank Abagnale: "Catch Me If You Can" | Talks at Google
For Google's Security and Privacy Month, we are honored to present the real Frank Abagnale, Renowned Cybersecurity And Fraud Prevention Expert, Bestselling A...
Using DNS to Break Out of Isolated Networks in a AWS Cloud Environment (xpost /r/aws)
http://ift.tt/2k6IA8D
Submitted November 28, 2017 at 08:41AM by Dejanz
via reddit http://ift.tt/2Ag18XY
http://ift.tt/2k6IA8D
Submitted November 28, 2017 at 08:41AM by Dejanz
via reddit http://ift.tt/2Ag18XY
Dejandayoff
Using DNS to Break Out of Isolated Networks in a AWS Cloud Environment
Traffic destined to the AmazonProvidedDNS is traffic bound for AWS management infrastructure and does not egress via the same network links as standard custo...
How to backup VeraCrypt drives?
Today I found out Symantec Recovery and Veeam can't recognize fully encrypted disks (VeraCrypt AES).The only way I can find as a temporary solution is to robocopy the drive to a backup external drive (also encrypted).Is anyone aware of a good backup solution that can handle fully encrypted disks? Any advice is appreciated, thanks!
Submitted November 28, 2017 at 11:17AM by mr_norr
via reddit http://ift.tt/2icaek2
Today I found out Symantec Recovery and Veeam can't recognize fully encrypted disks (VeraCrypt AES).The only way I can find as a temporary solution is to robocopy the drive to a backup external drive (also encrypted).Is anyone aware of a good backup solution that can handle fully encrypted disks? Any advice is appreciated, thanks!
Submitted November 28, 2017 at 11:17AM by mr_norr
via reddit http://ift.tt/2icaek2
reddit
How to backup VeraCrypt drives? • r/security
Today I found out Symantec Recovery and Veeam can't recognize fully encrypted disks (VeraCrypt AES). The only way I can find as a temporary...
Different Types of HIPAA Privacy and Security Policies
http://ift.tt/2Aarj4x
Submitted November 28, 2017 at 12:43PM by Jaccob2016
via reddit http://ift.tt/2hXf80o
http://ift.tt/2Aarj4x
Submitted November 28, 2017 at 12:43PM by Jaccob2016
via reddit http://ift.tt/2hXf80o
Boomeon
Boomeon | Different Types of HIPAA Privacy and Security Policies
Boomeon is the premier online community just for Baby Boomers. Read, see, do, share -- this is your generation. This is your place to be.
A Complete Penetration Testing Tool List for Security Professionals
http://ift.tt/2ADI2ht
Submitted November 28, 2017 at 12:47PM by tech-gig
via reddit http://ift.tt/2Ad5P7a
http://ift.tt/2ADI2ht
Submitted November 28, 2017 at 12:47PM by tech-gig
via reddit http://ift.tt/2Ad5P7a
Tech
Complete Penetration Testing Tool List for Security Professionals
Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure.
System Hardening Checklist
http://ift.tt/2Abbjzf
Submitted November 28, 2017 at 07:12PM by adrelanos
via reddit http://ift.tt/2iZDCXX
http://ift.tt/2Abbjzf
Submitted November 28, 2017 at 07:12PM by adrelanos
via reddit http://ift.tt/2iZDCXX
Whonix
System Hardening Checklist
Hardening instructions for Whonix and Qubes-Whonix. Improving Linux, Windows and macOS host security and networking configurations. Safe Tor, Tor Browser and other online activities.
Unofficial Guide to Mimikatz & Command Reference
http://ift.tt/1Qou989
Submitted November 28, 2017 at 07:36PM by FireFart
via reddit http://ift.tt/2BjRove
http://ift.tt/1Qou989
Submitted November 28, 2017 at 07:36PM by FireFart
via reddit http://ift.tt/2BjRove
System Hardening Checklist
http://ift.tt/2Abbjzf
Submitted November 28, 2017 at 07:45PM by adrelanos
via reddit http://ift.tt/2naCe9g
http://ift.tt/2Abbjzf
Submitted November 28, 2017 at 07:45PM by adrelanos
via reddit http://ift.tt/2naCe9g
Whonix
System Hardening Checklist
Hardening instructions for Whonix and Qubes-Whonix. Improving Linux, Windows and macOS host security and networking configurations. Safe Tor, Tor Browser and other online activities.
Security In 5: Episode 120 - OWASP Top 10 - A7 - Missing Function Level Access Control
http://ift.tt/2Bu4fM8
Submitted November 28, 2017 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2k4DDNx
http://ift.tt/2Bu4fM8
Submitted November 28, 2017 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2k4DDNx
Libsyn
Security In Five Podcast: Episode 120 - OWASP Top 10 - A7 - Missing Function Level Access Control
The OWASP Top 10 series continues and we're up to number 7. This one is called Missing Function Level Access Control and talk about protecting the inner functions of an application from being called by the approved users. Just because a user logged in doesn't…
Using MITMF and MQTT to break into victims mobile via web.xender.com
http://ift.tt/2BknCX7
Submitted November 28, 2017 at 09:05PM by sathish09
via reddit http://ift.tt/2zwTKqa
http://ift.tt/2BknCX7
Submitted November 28, 2017 at 09:05PM by sathish09
via reddit http://ift.tt/2zwTKqa
Medium
Xender to shell using python and mitmf
Here is a way to compromise a victim’s android phone using web.xender.com. I have chained multiple things to achieve this.
A detailed review of hundreds of the most popular US federal websites shows that, year over year, most continue to fall short of security and technical requirements set by the federal government, as well as industry standards for web design and development.
http://ift.tt/2AaYHIP
Submitted November 28, 2017 at 09:58PM by EvanConover
via reddit http://ift.tt/2AfKx94
http://ift.tt/2AaYHIP
Submitted November 28, 2017 at 09:58PM by EvanConover
via reddit http://ift.tt/2AfKx94
Infosecurity Magazine
Federal Websites Still Lack Basic Security
Only 71% of all the reviewed websites passed the SSL test.
New NSA leak exposes Red Disk, the Army's failed intelligence system
http://ift.tt/2AEhTPE
Submitted November 28, 2017 at 09:47PM by Shin_Ichi
via reddit http://ift.tt/2ic45Em
http://ift.tt/2AEhTPE
Submitted November 28, 2017 at 09:47PM by Shin_Ichi
via reddit http://ift.tt/2ic45Em
ZDNet
Exclusive: NSA hit by yet another leak
The leak marks at least the fifth exposure of NSA-related data in as many years.
Kernel Exploit Demo - Windows 10 privesc via WARBIRD
http://ift.tt/2ABfzZI
Submitted November 28, 2017 at 10:13PM by HenrySeldon
via reddit http://ift.tt/2AcJrKW
http://ift.tt/2ABfzZI
Submitted November 28, 2017 at 10:13PM by HenrySeldon
via reddit http://ift.tt/2AcJrKW
XPN InfoSec Blog
Kernel Exploit Demo - Windows 10 privesc via WARBIRD
In this post I wanted to take a look at something which I touched on previously, and that is just how a Windows kernel based exploit achieves privilege escalation. Rather than take something like HackSys Extreme Vulnerable Windows Driver, I wanted to work…
Phishing using C# and InfoPath - The Phishing Path to Info We Missed.
http://ift.tt/2ndKBRu
Submitted November 28, 2017 at 09:54PM by checky
via reddit http://ift.tt/2iay6EJ
http://ift.tt/2ndKBRu
Submitted November 28, 2017 at 09:54PM by checky
via reddit http://ift.tt/2iay6EJ
Obscurity Labs
THE {PHISHING} {PATH} TO {INFO} WE MISSED
TL;DR: InfoPath is a fantastic way to run custom C# code, and we missed it as an attack vector sadly. At the moment it has been deprecated, but don't fret it's still everywhere! So what is InfoPath; merely put InfoPath is a forms-creation and data-gathering…
Terror exploit kit goes HTTPS all the way
http://ift.tt/2zxQ872
Submitted November 28, 2017 at 09:49PM by EvanConover
via reddit http://ift.tt/2zzrGCF
http://ift.tt/2zxQ872
Submitted November 28, 2017 at 09:49PM by EvanConover
via reddit http://ift.tt/2zzrGCF
Malwarebytes Labs
Terror exploit kit goes HTTPS all the way - Malwarebytes Labs
A look at some techniques used by the Terror exploit kit to evade traffic-based detection.
Help build an open-source, minimalistic, logless, anonymous room-based chat application in Node.JS - INDSTIL
http://ift.tt/2ncPpH0
Submitted November 28, 2017 at 11:03PM by Dellitsni
via reddit http://ift.tt/2zMB9KT
http://ift.tt/2ncPpH0
Submitted November 28, 2017 at 11:03PM by Dellitsni
via reddit http://ift.tt/2zMB9KT
GitHub
dellitsni/indstil
indstil - A stripped-down, simple and easy-to-use open source chat application, based on rooms and without registration.
Requesting tips on getting Security+ certification
I am looking to get a Security+ certification.I'm not very familiar with who issues this certification.I found CompTIA which offers a bundle with some kind of course (that has bad reviews) and a test, and retest coupon for about $500 USD right now.Is this the best use of my money? Are there better companies to go with?Thank you for your time.
Submitted November 28, 2017 at 10:51PM by Aro2220
via reddit http://ift.tt/2nhyrr5
I am looking to get a Security+ certification.I'm not very familiar with who issues this certification.I found CompTIA which offers a bundle with some kind of course (that has bad reviews) and a test, and retest coupon for about $500 USD right now.Is this the best use of my money? Are there better companies to go with?Thank you for your time.
Submitted November 28, 2017 at 10:51PM by Aro2220
via reddit http://ift.tt/2nhyrr5
reddit
Requesting tips on getting Security+ certification • r/security
I am looking to get a Security+ certification. I'm not very familiar with who issues this certification. I found CompTIA which offers a bundle...