SSL certificate revocation and how it is broken in practice: CRL, OCSP, OCSP stapling, must-staple, browser support
http://ift.tt/2EYOcIa
Submitted January 05, 2018 at 03:15AM by alsam88
via reddit http://ift.tt/2ArTVTk
http://ift.tt/2EYOcIa
Submitted January 05, 2018 at 03:15AM by alsam88
via reddit http://ift.tt/2ArTVTk
Medium
SSL certificate revocation and how it is broken in practice
Explore certificate revocation solutions: CRL, OCSP, OCSP stapling, must staple. Check out server implementation issues and browser support
Starting the year off with a bang - Summary of Spectre and Meltdown Vulnerabilities
http://ift.tt/2lY9XQe
Submitted January 05, 2018 at 06:29AM by esotericape
via reddit http://ift.tt/2E7zLAe
http://ift.tt/2lY9XQe
Submitted January 05, 2018 at 06:29AM by esotericape
via reddit http://ift.tt/2E7zLAe
A2 Cybersecurity Technical News Blog
Spectre and Meltdown starting the year off with a bang » A2 Cybersecurity Technical News Blog
CVE-2017-5754, CVE-2017–5753 and CVE-2017–5715 Spectre and Meltdown are hardware vulnerabilities that affect all modern CPU designs. That includes all desktop, laptop, and ARM CPU’s and mobile devices. The two vulnerabilities can be located on the Mitre CVE…
Lots of websites ask for my account/routing number. Is that safer, less safe, equally safe to the websites that ask for my login credentials?
I've been trained to think that giving some rando website my the account and routing number of my checking account is safe.And I've been trained to think that giving some rando webiste my user id and password to my bank is not safe.More and more, I've been finding mobile apps (and some web apps) that want my user id and password to my bank account.Why can't they work with my account and routing number?And is there really a substantial difference in security between handing over my account and routing number vs handing out my user id and login?
Submitted January 05, 2018 at 12:59PM by jpflathead
via reddit http://ift.tt/2lZFH7F
I've been trained to think that giving some rando website my the account and routing number of my checking account is safe.And I've been trained to think that giving some rando webiste my user id and password to my bank is not safe.More and more, I've been finding mobile apps (and some web apps) that want my user id and password to my bank account.Why can't they work with my account and routing number?And is there really a substantial difference in security between handing over my account and routing number vs handing out my user id and login?
Submitted January 05, 2018 at 12:59PM by jpflathead
via reddit http://ift.tt/2lZFH7F
reddit
Lots of websites ask for my account/routing number.... • r/security
I've been trained to think that giving some rando website my the account and routing number of my checking account is safe. And I've been trained...
Malicious Android software imitates Uber's layout to trick you into giving up your login details
http://ift.tt/2lV7SVh
Submitted January 05, 2018 at 03:49PM by GemmaJ123
via reddit http://ift.tt/2F0Yd7q
http://ift.tt/2lV7SVh
Submitted January 05, 2018 at 03:49PM by GemmaJ123
via reddit http://ift.tt/2F0Yd7q
Business Insider
Malicious Android software imitates Uber's layout to trick you into giving up your login details
The lesson: Don't download apps outside of Google Play.
Pale Moon isn't vulnerable to Meltdown / Spectre
http://ift.tt/2CL0pmp
Submitted January 05, 2018 at 05:11PM by rediii123
via reddit http://ift.tt/2CVnjUN
http://ift.tt/2CL0pmp
Submitted January 05, 2018 at 05:11PM by rediii123
via reddit http://ift.tt/2CVnjUN
Cisco IOS SNMP remote code execution (CVE-2017-6737) exploit
http://ift.tt/2E80EEb
Submitted January 05, 2018 at 05:57PM by kavmax
via reddit http://ift.tt/2CWSkHY
http://ift.tt/2E80EEb
Submitted January 05, 2018 at 05:57PM by kavmax
via reddit http://ift.tt/2CWSkHY
GitHub
artkond/cisco-snmp-rce
Cisco IOS SNMP RCE PoC. Contribute to artkond/cisco-snmp-rce development by creating an account on GitHub.
Security In 5: Episode 146 - Tools, Tips and Tricks - Qualsys SSL Server Test
http://ift.tt/2AwUxXG
Submitted January 05, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2CV4mBt
http://ift.tt/2AwUxXG
Submitted January 05, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2CV4mBt
Libsyn
Security In Five Podcast: Episode 146 - Tools, Tips and Tricks - Qualsys SSL Server Test
This week's TTT episode talks about a website from Qualsys' SSL Labs. SSL Server Test is a fantastic website for a preliminary scan of any website you control. This will check all the SSL information, known SSL based vulnerabilities, check the domain with…
This Survey Found the Current Password Habits of the Average American
http://ift.tt/2AcSybC
Submitted January 05, 2018 at 07:35PM by trilydog
via reddit http://ift.tt/2CuHiZm
http://ift.tt/2AcSybC
Submitted January 05, 2018 at 07:35PM by trilydog
via reddit http://ift.tt/2CuHiZm
EPC Group
“What’s the Password?”: The Surprising Results
Nowadays, it seems that to be able to function in our modern world it’s essential to have multiple passwords. From logging into social media or a bank account, your work computer or email, to buying products online, passwords are a major part of our daily…
Intel's Meltdown And Spectre Security Updates Will Hit 90% Of Its Processors By Next Week
http://ift.tt/2lZLWHI
Submitted January 05, 2018 at 07:33PM by DJRWolf
via reddit http://ift.tt/2CVWJL6
http://ift.tt/2lZLWHI
Submitted January 05, 2018 at 07:33PM by DJRWolf
via reddit http://ift.tt/2CVWJL6
HotHardware
Intel's Meltdown And Spectre Security Updates Will Hit 90% Of Its Processors By Next Week | HotHardware
The tech industry is still trying to recover from the fallout surrounding the Meltdown and Spectre vulnerabilities that were disclosed this week. Intel, AMD, Apple, Microsoft, ARM, and other key players in the hardware and software arena have been working…
Spectre-on-Kubernetes, a proof of concept
http://ift.tt/2CL8KX9
Submitted January 05, 2018 at 09:22PM by speckz
via reddit http://ift.tt/2m0ektB
http://ift.tt/2CL8KX9
Submitted January 05, 2018 at 09:22PM by speckz
via reddit http://ift.tt/2m0ektB
Hacker Noon
Spectre-on-Kubernetes, a proof of concept
TL;DR: a PoC demonstrating Spectre, the nasty CPU bug, running on Kubernetes.
Documenting system/app settings
At work I was tasked with documenting the decision made for settings for "widget" software. That way in 2-5 years when some asks "Why did we use this setting vs others?" we have something to support the decision.Ive tried hitting google and Im having difficulty finding resources that are helpful.What do you call this practice? what are phrases I could search? What resources do you have?
Submitted January 05, 2018 at 09:21PM by gnomeparadox
via reddit http://ift.tt/2CL8PcF
At work I was tasked with documenting the decision made for settings for "widget" software. That way in 2-5 years when some asks "Why did we use this setting vs others?" we have something to support the decision.Ive tried hitting google and Im having difficulty finding resources that are helpful.What do you call this practice? what are phrases I could search? What resources do you have?
Submitted January 05, 2018 at 09:21PM by gnomeparadox
via reddit http://ift.tt/2CL8PcF
reddit
Documenting system/app settings • r/security
At work I was tasked with documenting the decision made for settings for "widget" software. That way in 2-5 years when some asks "Why did we use...
“Intel Core 2 bugs will assuredly be exploitable from userland code” (2007)
http://archive.is/XO6Fz
Submitted January 05, 2018 at 07:18PM by w122
via reddit http://ift.tt/2Eamt69
http://archive.is/XO6Fz
Submitted January 05, 2018 at 07:18PM by w122
via reddit http://ift.tt/2Eamt69
archive.is
'Intel Core 2' - MARC
archived 4 Jan 2018 15:10:45 UTC
How Kaspersky’s Software Fell Under Suspicion of Spying on America
http://ift.tt/2m0mMK3
Submitted January 05, 2018 at 11:13PM by SuccessfulOperation
via reddit http://ift.tt/2CXmHOs
http://ift.tt/2m0mMK3
Submitted January 05, 2018 at 11:13PM by SuccessfulOperation
via reddit http://ift.tt/2CXmHOs
WSJ
How Kaspersky’s Software Fell Under Suspicion of Spying on America
U.S. officials haven’t offered conclusive evidence that antivirus products made by Kaspersky Lab were behind national-security breaches, but a series of incidents drove them to raise alarms about the Russian security-software company.
[eBook] Cybersecurity for Dummies
http://ift.tt/2F48boO
Submitted January 05, 2018 at 10:43PM by DiceIT
via reddit http://ift.tt/2CuD1Fw
http://ift.tt/2F48boO
Submitted January 05, 2018 at 10:43PM by DiceIT
via reddit http://ift.tt/2CuD1Fw
YourDailyTech
[eBook] Cybersecurity for Dummies | YourDailyTech
Cybersecurity For Dummies, Thycotic Special Edition, helps you understand and recognize the most common cybersecurity threats people face daily in their personal and work lives. With that understanding, you can then begin to adopt good cyber hygiene that…
A new malicious miner that works over Secure Shell (SSH)
http://ift.tt/2CWV7AM
Submitted January 05, 2018 at 11:43PM by momfat
via reddit http://ift.tt/2CwrSnw
http://ift.tt/2CWV7AM
Submitted January 05, 2018 at 11:43PM by momfat
via reddit http://ift.tt/2CwrSnw
Segurança Informática | seguranca-informatica.pt
Crypto-jacking again identified in Monero cryptocurrency - Segurança Informática | seguranca-informatica.pt
Again crypto-jacking on Monero. PyCryptoMiner is a botnet cryptocurrency-oriented, designed in Python, that uses Pastebin as the source-pool when the C&C server is unavailable. It attacks Linux machines and exploits SSH service via brute-force.
very vulnerable ARM application
http://ift.tt/2lIFo13
Submitted January 06, 2018 at 12:46AM by fireh7nter
via reddit http://ift.tt/2CUvaBT
http://ift.tt/2lIFo13
Submitted January 06, 2018 at 12:46AM by fireh7nter
via reddit http://ift.tt/2CUvaBT
GitHub
bkerler/exploit_me
exploit_me - Very vulnerable ARM application (CTF style exploitation tutorial)
Why Raspberry Pi isn't vulnerable to Spectre or Meltdown
http://ift.tt/2Cv5ACE
Submitted January 06, 2018 at 12:36AM by Chris911
via reddit http://ift.tt/2qvs3Oh
http://ift.tt/2Cv5ACE
Submitted January 06, 2018 at 12:36AM by Chris911
via reddit http://ift.tt/2qvs3Oh
Raspberry Pi
Why Raspberry Pi isn't vulnerable to Spectre or Meltdown - Raspberry Pi
Eben gives you a crash course in how modern processors work to explain why Raspberry Pi is unaffected by the Spectre and Meltdown security vulnerabilities.
Microsoft could soon be “password free”
http://ift.tt/2CsE7RV
Submitted January 06, 2018 at 01:18AM by volci
via reddit http://ift.tt/2Ctt4YH
http://ift.tt/2CsE7RV
Submitted January 06, 2018 at 01:18AM by volci
via reddit http://ift.tt/2Ctt4YH
Naked Security
Microsoft could soon be “password free”
Is it the beginning of the end for passwords?
gitMask - Develop Anonymously
http://ift.tt/2E6jtr4
Submitted January 06, 2018 at 02:16AM by pheedrus
via reddit http://ift.tt/2qvLOVX
http://ift.tt/2E6jtr4
Submitted January 06, 2018 at 02:16AM by pheedrus
via reddit http://ift.tt/2qvLOVX
reddit
gitMask - Develop Anonymously • r/netsec
1 points and 0 comments so far on reddit
Set of tricks to solving vulnerable machines
http://ift.tt/2CH1lXU
Submitted January 06, 2018 at 02:42AM by 0xc0ffeed00d
via reddit http://ift.tt/2CXyPik
http://ift.tt/2CH1lXU
Submitted January 06, 2018 at 02:42AM by 0xc0ffeed00d
via reddit http://ift.tt/2CXyPik
Explaining IDOR in (almost) real life scenario in Bug Bounty program.
http://ift.tt/2CNR2lO
Submitted January 06, 2018 at 02:40AM by Mysterii8
via reddit http://ift.tt/2CXyRqs
http://ift.tt/2CNR2lO
Submitted January 06, 2018 at 02:40AM by Mysterii8
via reddit http://ift.tt/2CXyRqs
Medium
Explaining IDOR in (almost) real life scenario in Bug Bounty program.
Important