CERT's recommended solution to Meltdown and Spectre: "Replace CPU hardware"
http://ift.tt/2CNbWhz
Submitted January 04, 2018 at 04:22PM by wfpoulet
via reddit http://ift.tt/2E4FHdg
http://ift.tt/2CNbWhz
Submitted January 04, 2018 at 04:22PM by wfpoulet
via reddit http://ift.tt/2E4FHdg
www.kb.cert.org
Vulnerability Note VU#584653 - CPU hardware vulnerable to side-channel attacks
CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.
Forget Buying Security Solutions; Everything Comes as-a-Service Now
http://ift.tt/2AiuUd1
Submitted January 04, 2018 at 04:22PM by hoanghiep27689
via reddit http://ift.tt/2qmML2T
http://ift.tt/2AiuUd1
Submitted January 04, 2018 at 04:22PM by hoanghiep27689
via reddit http://ift.tt/2qmML2T
Hacker Noon
Forget Buying Security Solutions; Everything Comes as-a-Service Now
Make no mistake about it: Cybercrime is a growing concern for businesses of all sizes. In 2016 alone, global losses due to cybercrime…
Am I affected by Spectre or Meltdown hardware bugs?
http://ift.tt/2lUI4sf
Submitted January 04, 2018 at 04:54PM by sotekno
via reddit http://ift.tt/2CEIihJ
http://ift.tt/2lUI4sf
Submitted January 04, 2018 at 04:54PM by sotekno
via reddit http://ift.tt/2CEIihJ
Amiaffectedbyspectre
Am I affected by spectre bug?
Am I affected by spectre? Find out!
Stealing passwords via Meltdown vulnerability in real-time.
http://ift.tt/2CF4ngj
Submitted January 04, 2018 at 05:14PM by digital_desert
via reddit http://ift.tt/2lSyNRJ
http://ift.tt/2CF4ngj
Submitted January 04, 2018 at 05:14PM by digital_desert
via reddit http://ift.tt/2lSyNRJ
My workaround for Spectre/Meltdown: One physical processor per task :-)
http://ift.tt/2CqvJCz
Submitted January 04, 2018 at 05:17PM by pabr
via reddit http://ift.tt/2EWttVo
http://ift.tt/2CqvJCz
Submitted January 04, 2018 at 05:17PM by pabr
via reddit http://ift.tt/2EWttVo
CVE-2017-17867: Remote Code Execution vulnerability in Inteno's Iopsys
http://ift.tt/2qnhixx
Submitted January 04, 2018 at 05:40PM by AVERAGE_TEST_DUMMY
via reddit http://ift.tt/2Ap2RZG
http://ift.tt/2qnhixx
Submitted January 04, 2018 at 05:40PM by AVERAGE_TEST_DUMMY
via reddit http://ift.tt/2Ap2RZG
neonsea.uk
CVE-2017-17867: Remote Code Execution vulnerability in Inteno's Iopsys
I’ve discovered a remote code execution vulnerability in the latest version of Iopsys router software. This affects all Inteno routers and is caused by the d...
Trap Systems Hacker Hunt
http://ift.tt/2AoQPzl
Submitted January 04, 2018 at 06:16PM by berkdusunurx
via reddit http://ift.tt/2E6iAPj
http://ift.tt/2AoQPzl
Submitted January 04, 2018 at 06:16PM by berkdusunurx
via reddit http://ift.tt/2E6iAPj
www.berkdusunur.net
What İs Honeypot ? - Trap Systems - Hacker Hunt (Honeypot - Hacker Avı )
What İs Honeypot ? - Trap Systems - Hacker Hunt (Honeypot - Hacker Avı ) Trap computer systems that detect attacks that...
New CyberTangent Episode - Cybersecurity podcast
http://ift.tt/2EXEPIz
Submitted January 04, 2018 at 07:02PM by Uminekoshi
via reddit http://ift.tt/2COjVLf
http://ift.tt/2EXEPIz
Submitted January 04, 2018 at 07:02PM by Uminekoshi
via reddit http://ift.tt/2COjVLf
SoundCloud
Episode 3 - Cross-Departmental Communication Issues
In this CyberTangent episode, we are joined by our guest Larry Whiteside, CISO at Greenway Health. At Nehemiah Security, our podcast host is Landon Johnson.
Today's topic is "Cross-Departmental Commu
Today's topic is "Cross-Departmental Commu
Mitigations landing for new class of timing attack (Spectre/Meltdown)
http://ift.tt/2EP6Ku6
Submitted January 04, 2018 at 06:54PM by speckz
via reddit http://ift.tt/2CqA9JP
http://ift.tt/2EP6Ku6
Submitted January 04, 2018 at 06:54PM by speckz
via reddit http://ift.tt/2CqA9JP
Mozilla Security Blog
Mitigations landing for new class of timing attack
Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that ...
Security In 5: Episode 145 - Why You Should Be Keeping A Career Journal
http://ift.tt/2E7hAdJ
Submitted January 04, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2Cncbih
http://ift.tt/2E7hAdJ
Submitted January 04, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2Cncbih
Libsyn
Security In Five Podcast: Episode 145 - Why You Should Be Keeping A Career Journal
Everyone takes notes for their job. Not everyone keeps a journal specifically around their career life. Journaling is a powerful tool, if done correctly, to help you grow as a person and shape your career by recording wins and losses. This episode goes into…
What Security Pros Need to Know About Machine Learning in the Year Ahead
http://ift.tt/2EHcRRa
Submitted January 04, 2018 at 08:50PM by CrankyBear
via reddit http://ift.tt/2CnSQ0v
http://ift.tt/2EHcRRa
Submitted January 04, 2018 at 08:50PM by CrankyBear
via reddit http://ift.tt/2CnSQ0v
Security Boulevard
What Security Pros Need to Know About Machine Learning in the Year Ahead
Expect the gamut of security products to enter 2018 with their AI hats on. But the brain beneath the hat will be yours, not the machine’s. Here’s what to do.
subDoc: Stealing NTMLv2 hashes with MS Word Documents
http://ift.tt/2lVWOaG
Submitted January 04, 2018 at 09:02PM by netsecs
via reddit http://ift.tt/2lV3RQy
http://ift.tt/2lVWOaG
Submitted January 04, 2018 at 09:02PM by netsecs
via reddit http://ift.tt/2lV3RQy
reddit
subDoc: Stealing NTMLv2 hashes with MS Word Documents • r/netsec
2 points and 0 comments so far on reddit
Same hardcoded backdoor in both WDMyCloud and D-Link ShareCenter devices
http://ift.tt/2CpL4U0
Submitted January 04, 2018 at 11:25AM by ilikestoaskquestions
via reddit http://ift.tt/2qqWfu5
http://ift.tt/2CpL4U0
Submitted January 04, 2018 at 11:25AM by ilikestoaskquestions
via reddit http://ift.tt/2qqWfu5
gulftech.org
WDMyCloud <= 2.30.165 Multiple Vulnerabilities
GulfTech Research and Development
Looking for help with Krack Attacks
Just looking for a tutorial on how to carry out krack attacks and how to patch them.Any help is appreciated.
Submitted January 05, 2018 at 12:22AM by Evlerr
via reddit http://ift.tt/2CCMJsr
Just looking for a tutorial on how to carry out krack attacks and how to patch them.Any help is appreciated.
Submitted January 05, 2018 at 12:22AM by Evlerr
via reddit http://ift.tt/2CCMJsr
reddit
Looking for help with Krack Attacks • r/security
Just looking for a tutorial on how to carry out krack attacks and how to patch them. Any help is appreciated.
Xerox Alto zero-day: cracking disk password protection on a 45 year old system
http://ift.tt/2CAWrvH
Submitted January 05, 2018 at 01:44AM by Chris911
via reddit http://ift.tt/2EXEjdC
http://ift.tt/2CAWrvH
Submitted January 05, 2018 at 01:44AM by Chris911
via reddit http://ift.tt/2EXEjdC
Righto
Xerox Alto zero-day: cracking disk password protection on a 45 year old system
We've been archiving a bunch of old Xerox Alto disk packs from the 1970s. A few of them turned out to be password-protected, so I needed ...
Managing Passwords and Secrets: Common Anti-Patterns
http://ift.tt/2lVOCqy
Submitted January 05, 2018 at 01:43AM by danenania
via reddit http://ift.tt/2E7WlIN
http://ift.tt/2lVOCqy
Submitted January 05, 2018 at 01:43AM by danenania
via reddit http://ift.tt/2E7WlIN
EnvKey
Managing Passwords and Secrets: Common Anti-Patterns
10 ways that development teams tend to screw this up.
More details about mitigations for the CPU Speculative Execution issue
http://ift.tt/2E8bgCN
Submitted January 05, 2018 at 03:13AM by olbrich
via reddit http://ift.tt/2m0s34r
http://ift.tt/2E8bgCN
Submitted January 05, 2018 at 03:13AM by olbrich
via reddit http://ift.tt/2m0s34r
Google Online Security Blog
More details about mitigations for the CPU Speculative Execution issue
Posted by Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Program Manager Yesterday, Google’s Project Zero team posted...
SSL certificate revocation and how it is broken in practice: CRL, OCSP, OCSP stapling, must-staple, CRLSet
http://ift.tt/2EYOcIa
Submitted January 05, 2018 at 03:03AM by alsam88
via reddit http://ift.tt/2qlP6uV
http://ift.tt/2EYOcIa
Submitted January 05, 2018 at 03:03AM by alsam88
via reddit http://ift.tt/2qlP6uV
Medium
SSL certificate revocation and how it is broken in practice
Explore certificate revocation solutions: CRL, OCSP, OCSP stapling, must staple. Check out server implementation issues and browser support
SSL certificate revocation and how it is broken in practice: CRL, OCSP, OCSP stapling, must-staple, browser support
http://ift.tt/2EYOcIa
Submitted January 05, 2018 at 03:15AM by alsam88
via reddit http://ift.tt/2ArTVTk
http://ift.tt/2EYOcIa
Submitted January 05, 2018 at 03:15AM by alsam88
via reddit http://ift.tt/2ArTVTk
Medium
SSL certificate revocation and how it is broken in practice
Explore certificate revocation solutions: CRL, OCSP, OCSP stapling, must staple. Check out server implementation issues and browser support
Starting the year off with a bang - Summary of Spectre and Meltdown Vulnerabilities
http://ift.tt/2lY9XQe
Submitted January 05, 2018 at 06:29AM by esotericape
via reddit http://ift.tt/2E7zLAe
http://ift.tt/2lY9XQe
Submitted January 05, 2018 at 06:29AM by esotericape
via reddit http://ift.tt/2E7zLAe
A2 Cybersecurity Technical News Blog
Spectre and Meltdown starting the year off with a bang » A2 Cybersecurity Technical News Blog
CVE-2017-5754, CVE-2017–5753 and CVE-2017–5715 Spectre and Meltdown are hardware vulnerabilities that affect all modern CPU designs. That includes all desktop, laptop, and ARM CPU’s and mobile devices. The two vulnerabilities can be located on the Mitre CVE…
Lots of websites ask for my account/routing number. Is that safer, less safe, equally safe to the websites that ask for my login credentials?
I've been trained to think that giving some rando website my the account and routing number of my checking account is safe.And I've been trained to think that giving some rando webiste my user id and password to my bank is not safe.More and more, I've been finding mobile apps (and some web apps) that want my user id and password to my bank account.Why can't they work with my account and routing number?And is there really a substantial difference in security between handing over my account and routing number vs handing out my user id and login?
Submitted January 05, 2018 at 12:59PM by jpflathead
via reddit http://ift.tt/2lZFH7F
I've been trained to think that giving some rando website my the account and routing number of my checking account is safe.And I've been trained to think that giving some rando webiste my user id and password to my bank is not safe.More and more, I've been finding mobile apps (and some web apps) that want my user id and password to my bank account.Why can't they work with my account and routing number?And is there really a substantial difference in security between handing over my account and routing number vs handing out my user id and login?
Submitted January 05, 2018 at 12:59PM by jpflathead
via reddit http://ift.tt/2lZFH7F
reddit
Lots of websites ask for my account/routing number.... • r/security
I've been trained to think that giving some rando website my the account and routing number of my checking account is safe. And I've been trained...