Comparing the effectiveness of DNS-based porn filters: OpenDNS, Neustar, CleanBrowsing, Norton, Yandex and AdGuard
http://ift.tt/2BC8R6P
Submitted December 23, 2017 at 02:39AM by nykzhang
via reddit http://ift.tt/2l0J3WD
http://ift.tt/2BC8R6P
Submitted December 23, 2017 at 02:39AM by nykzhang
via reddit http://ift.tt/2l0J3WD
Medium
Porn Filters Compared: OpenDNS, Neustar, CleanBrowsing, Norton, Yandex and AdGuard
On a recent post, I provided some details on a disappointing test with a few free DNS resolvers that were supposed to block access to…
What are the different ways Crypto transactions can be traced back to a person?
Supposedly Crypto currency is "anonymous" on the internet, using your banking information and phone & e-mail verification for every login in and from your computer with public ledgers.This makes absolutely no sense to me that anybody can say it's "anonymous" with a straight face or not followed with "NOT!/PSYCH!"
Submitted December 23, 2017 at 04:33AM by Project_Ho2018
via reddit http://ift.tt/2Bn7Knb
Supposedly Crypto currency is "anonymous" on the internet, using your banking information and phone & e-mail verification for every login in and from your computer with public ledgers.This makes absolutely no sense to me that anybody can say it's "anonymous" with a straight face or not followed with "NOT!/PSYCH!"
Submitted December 23, 2017 at 04:33AM by Project_Ho2018
via reddit http://ift.tt/2Bn7Knb
reddit
What are the different ways Crypto transactions can... • r/security
Supposedly Crypto currency is "anonymous" on the internet, using your banking information and phone & e-mail verification for every login in and...
Phish... Or not?
In this day and age you'd think credit card companies wouldn't make their security calls sound like phishing attempts. My current company just called me with a fraud alert, and asked for identifying information to "make sure" it was me.It's bad practice for individuals to give out any identifying information on incoming phone calls. It's also bad practice for companies to call and then ask for identifying information, because it tends to train people to give out information on incoming phone calls.I'm hoping someone here works for one of the major card systems, and can ping their security department about this, because they should try to keep issuing banks from trying this sort of verification.
Submitted December 23, 2017 at 04:57AM by o0shad0o
via reddit http://ift.tt/2kGMcvD
In this day and age you'd think credit card companies wouldn't make their security calls sound like phishing attempts. My current company just called me with a fraud alert, and asked for identifying information to "make sure" it was me.It's bad practice for individuals to give out any identifying information on incoming phone calls. It's also bad practice for companies to call and then ask for identifying information, because it tends to train people to give out information on incoming phone calls.I'm hoping someone here works for one of the major card systems, and can ping their security department about this, because they should try to keep issuing banks from trying this sort of verification.
Submitted December 23, 2017 at 04:57AM by o0shad0o
via reddit http://ift.tt/2kGMcvD
reddit
Phish... Or not? • r/security
In this day and age you'd think credit card companies wouldn't make their security calls sound like phishing attempts. My current company just...
'123456' is sadly triumphant as it tops list of most-used passwords | V3
http://ift.tt/2kCTEI2
Submitted December 23, 2017 at 10:35AM by antdude
via reddit http://ift.tt/2zjw1sz
http://ift.tt/2kCTEI2
Submitted December 23, 2017 at 10:35AM by antdude
via reddit http://ift.tt/2zjw1sz
http://www.v3.co.uk
'123456' is sadly triumphant as it tops list of most-used passwords | V3
'letmein', while appropriate, isn't as hard to guess as you think
Privacy aware Todo app?
HiI really would like to use a Todo/Calendar app on my Android. But most apps sync your data to the cloud, which i'm not comfortable with.Do you know any todo/calendar app that's privacy aware?
Submitted December 23, 2017 at 02:29PM by b00h
via reddit http://ift.tt/2BsCqDq
HiI really would like to use a Todo/Calendar app on my Android. But most apps sync your data to the cloud, which i'm not comfortable with.Do you know any todo/calendar app that's privacy aware?
Submitted December 23, 2017 at 02:29PM by b00h
via reddit http://ift.tt/2BsCqDq
reddit
Privacy aware Todo app? • r/security
Hi I really would like to use a Todo/Calendar app on my Android. But most apps sync your data to the cloud, which i'm not comfortable with. Do...
Snowden's New App Turns Your Phone Into a Home Security System
http://ift.tt/2BPrsck
Submitted December 23, 2017 at 06:20PM by the_dark_magic
via reddit http://ift.tt/2BYLKTn
http://ift.tt/2BPrsck
Submitted December 23, 2017 at 06:20PM by the_dark_magic
via reddit http://ift.tt/2BYLKTn
WIRED
Snowden's New App Turns Your Phone Into a Home Security System
The NSA leaker's latest project aims to secure your computer—and you—from not just digital but physical attacks.
CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon
http://ift.tt/2kMys2l
Submitted December 23, 2017 at 10:26PM by Mempodipper
via reddit http://ift.tt/2D4Q54h
http://ift.tt/2kMys2l
Submitted December 23, 2017 at 10:26PM by Mempodipper
via reddit http://ift.tt/2D4Q54h
Intrinsec
CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon
SummaryEditor: FortinetProduct: FortiClientTitle: Fortinet FortiClient Windows privilege escalation at logonCVE ID: CVE-2017-7344Intrinsec ID: ISEC-V2017-01Risk level: highE
A complete guide to penetrate into multiple targets using Armitage - Happy Hunting
http://ift.tt/2kN6HH8
Submitted December 23, 2017 at 11:53PM by drhydrogen1
via reddit http://ift.tt/2kMx6V8
http://ift.tt/2kN6HH8
Submitted December 23, 2017 at 11:53PM by drhydrogen1
via reddit http://ift.tt/2kMx6V8
My Hack Stuff
How to Compromise Multiple Targets using Armitage? - My Hack Stuff
Armitage is ignored by ethical hackers who avoid its GUI in favor of traditional command-line input of the Metasploit console.
Basic security for Linux
http://ift.tt/2kLtqDp
Submitted December 24, 2017 at 12:00AM by wewewawa
via reddit http://ift.tt/2BJ9wTR
http://ift.tt/2kLtqDp
Submitted December 24, 2017 at 12:00AM by wewewawa
via reddit http://ift.tt/2BJ9wTR
securityinabox.org
Basic security for Linux
PassGAN: A deep learning approach for password guessing
http://ift.tt/2yZEaSD
Submitted December 24, 2017 at 03:45AM by brannondorsey
via reddit http://ift.tt/2DD0YLF
http://ift.tt/2yZEaSD
Submitted December 24, 2017 at 03:45AM by brannondorsey
via reddit http://ift.tt/2DD0YLF
GitHub
brannondorsey/PassGAN
PassGAN - A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)
RCE in Trend Micro Smart Protection Server
http://ift.tt/2CDAl7S
Submitted December 24, 2017 at 04:15AM by maximilianov
via reddit http://ift.tt/2l3hegE
http://ift.tt/2CDAl7S
Submitted December 24, 2017 at 04:15AM by maximilianov
via reddit http://ift.tt/2l3hegE
Core Security
Trend Micro Smart Protection Server Multiple Vulnerabilities
1. Advisory InformationTitle: Trend Micro Smart Protection Server Multiple VulnerabilitiesAdvisory ID: CORE-2017-0008Advisory URL: http://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilitiesDate published: 2017-12-19Date…
Experimenting with the Audiocodes MP264 - Reverse shells, Firmware analysis and LEDE
http://ift.tt/2kNxi6O
Submitted December 24, 2017 at 02:08AM by crcthrsbatterystpl
via reddit http://ift.tt/2kOH8VQ
http://ift.tt/2kNxi6O
Submitted December 24, 2017 at 02:08AM by crcthrsbatterystpl
via reddit http://ift.tt/2kOH8VQ
www.batterystapl.es
Experimenting with the Audiocodes MP264
The Audiocodes MP264 is a gateway device which was issued to customers of some ISPs in Australia ( iPrimus , and the companies it owns...
Thoughts about SS7 vulnerabilities and 2FA over SMS?
Hey guys, so recently I was reading articles about SMS being an insecure method of transmitting 2FA codes. This makes sense reading about the SS7 breaches and inherently social engineering also increases the risk of this being a 'bad' method of authentication.In fact if I understand this correctly this means SMS basically is not 'true' 2FA, since the whole point is to require something you HAVE and proves you HAVE it, if SMS is this insecure then it fails this litmus test.My biggest conundrum on this is recoverability, obviously they still need my Google password, which is rather long and secure, however it still opens a hole however small.However, closing that hole means that should my phone be lost/destroyed, my tablet/work PC/home PC and smattering of backup envelopes be lost/inaccessible (basically a natural disaster), I would lose everything.I guess this is kind of the point, and TECHNICALLY I could reach out to Google and see if I could get access again, but they are notoriously troublesome when it comes to this.What are your thoughts, is the risk with SS7/SMS vulnerabilities 'big' enough to warrant being extra paranoid, or is it largely fools gold? I am not an important person, nor am I rich, the likelyhood of someone directly targeting me is unlikely and all the computers I use on a daily basis belong to me. I also have Google Prompt setup so even if something did happen I would be able to select that it wasn't me/see a notification.I am pretty sure I am massively overthinking this, but figure I would ask the experts. Thanks for any help or clarification you can provide!
Submitted December 24, 2017 at 05:26AM by Vorteth
via reddit http://ift.tt/2poQlJe
Hey guys, so recently I was reading articles about SMS being an insecure method of transmitting 2FA codes. This makes sense reading about the SS7 breaches and inherently social engineering also increases the risk of this being a 'bad' method of authentication.In fact if I understand this correctly this means SMS basically is not 'true' 2FA, since the whole point is to require something you HAVE and proves you HAVE it, if SMS is this insecure then it fails this litmus test.My biggest conundrum on this is recoverability, obviously they still need my Google password, which is rather long and secure, however it still opens a hole however small.However, closing that hole means that should my phone be lost/destroyed, my tablet/work PC/home PC and smattering of backup envelopes be lost/inaccessible (basically a natural disaster), I would lose everything.I guess this is kind of the point, and TECHNICALLY I could reach out to Google and see if I could get access again, but they are notoriously troublesome when it comes to this.What are your thoughts, is the risk with SS7/SMS vulnerabilities 'big' enough to warrant being extra paranoid, or is it largely fools gold? I am not an important person, nor am I rich, the likelyhood of someone directly targeting me is unlikely and all the computers I use on a daily basis belong to me. I also have Google Prompt setup so even if something did happen I would be able to select that it wasn't me/see a notification.I am pretty sure I am massively overthinking this, but figure I would ask the experts. Thanks for any help or clarification you can provide!
Submitted December 24, 2017 at 05:26AM by Vorteth
via reddit http://ift.tt/2poQlJe
reddit
Thoughts about SS7 vulnerabilities and 2FA over SMS? • r/security
Hey guys, so recently I was reading articles about SMS being an insecure method of transmitting 2FA codes. This makes sense reading about the SS7...
Never Ending Security: Adapting the POC for CVE-2017-1000112 to Other Kernels
http://ift.tt/2zn7v9L
Submitted December 24, 2017 at 04:19AM by b4n1shed
via reddit http://ift.tt/2BGSxBJ
http://ift.tt/2zn7v9L
Submitted December 24, 2017 at 04:19AM by b4n1shed
via reddit http://ift.tt/2BGSxBJ
ricklarabee.blogspot.co.uk
Adapting the POC for CVE-2017-1000112 to Other Kernels
This post will show how to adapt Andrey's @andreyknvl proof of concent, https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-10001...
Learn about securing communication with secure shell while penetration testing in Kali Linux
http://ift.tt/2BLlZqg
Submitted December 24, 2017 at 10:06PM by drhydrogen1
via reddit http://ift.tt/2zp97jt
http://ift.tt/2BLlZqg
Submitted December 24, 2017 at 10:06PM by drhydrogen1
via reddit http://ift.tt/2zp97jt
My Hack Stuff
How to Secure Communication while Penetration Testing? - My Hack Stuff
In this post I’ll discuss about minimizing detection by a target network or how to secure communication while penetration testing.
How I Got Paid $0 From the Uber Security Bug Bounty
http://ift.tt/2BuvTZa
Submitted December 25, 2017 at 02:14AM by jailbird
via reddit http://ift.tt/2DGwQPD
http://ift.tt/2BuvTZa
Submitted December 25, 2017 at 02:14AM by jailbird
via reddit http://ift.tt/2DGwQPD
Compromise Remote Access Protocols using Metasploit - Happy Hunting
http://ift.tt/2DJQ5aY
Submitted December 25, 2017 at 06:02AM by drhydrogen1
via reddit http://ift.tt/2l61x8e
http://ift.tt/2DJQ5aY
Submitted December 25, 2017 at 06:02AM by drhydrogen1
via reddit http://ift.tt/2l61x8e
My Hack Stuff
Compromise Remote Access Protocols - My Hack Stuff
Let us discuss about how we can compromise remote access protocols. There was a time when applications that bypass system protocols to provide
Think Twice Before Sharing On Social Media
http://ift.tt/2pqXMQ9
Submitted December 25, 2017 at 07:23AM by abr646
via reddit http://ift.tt/2DJipKE
http://ift.tt/2pqXMQ9
Submitted December 25, 2017 at 07:23AM by abr646
via reddit http://ift.tt/2DJipKE
DEMARCKO - Protect Yourself
Think Twice Before Sharing On Social Media
CHRISTMAS IS THE HOLIDAY OF SHARING
BUT YOU MIGHT WANT TO THINK TWICE ABOUT SHARING YOUR SPECIAL MOMENT ON SOCIAL MEDIA
THIS IS WHY YOU…
PassGAN: A deep learning approach to password guessing
http://ift.tt/2yZEaSD
Submitted December 25, 2017 at 06:38AM by brannondorsey
via reddit http://ift.tt/2l5Wu81
http://ift.tt/2yZEaSD
Submitted December 25, 2017 at 06:38AM by brannondorsey
via reddit http://ift.tt/2l5Wu81
GitHub
brannondorsey/PassGAN
PassGAN - A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)
If an ISP deletes your Ip address does that mean any site holding your Ip adress cant do anything ?
I live in Canada and just curios and wanted to, I hear all the time is if someone has your Ip address can trace you. But as I stated if your internet service provider deletes your Ip address which my Isp rogers says it does after a year you stop using their service, are your off the raydar ?edit: this not because i did anything illegal lol
Submitted December 25, 2017 at 10:00AM by jeff101001
via reddit http://ift.tt/2l6Th8a
I live in Canada and just curios and wanted to, I hear all the time is if someone has your Ip address can trace you. But as I stated if your internet service provider deletes your Ip address which my Isp rogers says it does after a year you stop using their service, are your off the raydar ?edit: this not because i did anything illegal lol
Submitted December 25, 2017 at 10:00AM by jeff101001
via reddit http://ift.tt/2l6Th8a
reddit
If an ISP deletes your Ip address does that mean any... • r/security
I live in Canada and just curios and wanted to, I hear all the time is if someone has your Ip address can trace you. But as I stated if your...
Yahoo! Remote Code Execution via Spring Engine Server Side Template Injection
http://ift.tt/2zffiGE
Submitted December 25, 2017 at 01:20PM by chocoluvin
via reddit http://ift.tt/2Dbpan8
http://ift.tt/2zffiGE
Submitted December 25, 2017 at 01:20PM by chocoluvin
via reddit http://ift.tt/2Dbpan8
∞ Growing Web Security Blog
Yahoo! RCE via Spring Engine SSTI
This is write up in which I’ll explain a vulnerability I recently found, and reported through Yahoo’s bug bounty program. In web application security testing, doing reconnaissance is an…