PCI Compliance History, Status, And Outlook
http://ift.tt/2AJPPpC
Submitted January 09, 2018 at 06:05PM by Uminekoshi
via reddit http://ift.tt/2mhRfmT
http://ift.tt/2AJPPpC
Submitted January 09, 2018 at 06:05PM by Uminekoshi
via reddit http://ift.tt/2mhRfmT
Nehemiah Security
Guest Post: PCI Compliance history, status, and outlook - Nehemiah Security
The Payment Card Industry-Data Security Standard (PCI DSS) has been around for many years. Regardless, we think it is worthwhile to review the history of PCI and explore current and future developments to better capitalize on the value-add of PCI. PCI-DSS…a…
Security In 5: Episode 148 - Are You The Reason Your Identity Was Stolen? Don't Make The Mistakes
http://ift.tt/2Enqh3Z
Submitted January 09, 2018 at 07:43PM by BinaryBlog
via reddit http://ift.tt/2FikRZm
http://ift.tt/2Enqh3Z
Submitted January 09, 2018 at 07:43PM by BinaryBlog
via reddit http://ift.tt/2FikRZm
Libsyn
Security In Five Podcast: Episode 148 - Are You The Reason Your Identity Was Stolen? Don't Make The Mistakes
Personally Identifiable Information is the gateway to identity theft. We hear about companies losing control of PII but there are also things individuals can do to cause identity theft as well. This episode goes into the tips and pitfalls you could be doing…
WPA3 being released soon, thoughts?
http://ift.tt/2Fflu5M
Submitted January 09, 2018 at 08:29PM by KingMidas369
via reddit http://ift.tt/2CIyu2g
http://ift.tt/2Fflu5M
Submitted January 09, 2018 at 08:29PM by KingMidas369
via reddit http://ift.tt/2CIyu2g
ZDNet
With WPA3, Wi-Fi security is about to get a lot tougher
Finally, a security reprieve for open Wi-Fi hotspot users.
Microsoft disables Windows Update for systems that don't have Spectre/Meltdown compliant antivirus
http://ift.tt/2qKT8NE
Submitted January 09, 2018 at 08:45PM by unluckier
via reddit http://ift.tt/2qNonaM
http://ift.tt/2qKT8NE
Submitted January 09, 2018 at 08:45PM by unluckier
via reddit http://ift.tt/2qNonaM
DoublePulsar
Important information about Microsoft Meltdown CPU security fixes, antivirus vendors and you
Last week, Microsoft issued January’s cumulative security fixes for January 2018. Although the media focus has been around “Meltdown” and…
KeystoneJS Open Source Penetration Testing Report
http://ift.tt/2zB6kaF
Submitted January 09, 2018 at 08:37PM by sandeep1337
via reddit http://ift.tt/2maKzq1
http://ift.tt/2zB6kaF
Submitted January 09, 2018 at 08:37PM by sandeep1337
via reddit http://ift.tt/2maKzq1
SecureLayer7
KeystoneJS Open Source Penetration Testing Report
Overview Under the Gratis Pentest 2017, we have evaluated security postures of open source applications. For Gratis 2017 we have selected KeystoneJS. In this blog we are discussing about KeystoneJS Open Source Penetration Testing Report and releasing the…
WiFi Alliance gave a glimpse of WPA3 and some of its features
http://ift.tt/2qHmoEZ
Submitted January 09, 2018 at 08:28PM by jithins1610
via reddit http://ift.tt/2CUm76n
http://ift.tt/2qHmoEZ
Submitted January 09, 2018 at 08:28PM by jithins1610
via reddit http://ift.tt/2CUm76n
Root Said
WPA3 Features Explained - What is WPA3? - Root Said
WPA3 Security - WiFi alliance announced the next upgraded version of WiFi WPA security standard. What is WPA3? Why do we need WPA3? Everything you need to know about WPA3.
Ideas on how to detect Meltdown and Spectre
http://ift.tt/2ErmHWt
Submitted January 09, 2018 at 08:06PM by ynvb
via reddit http://ift.tt/2CLuttV
http://ift.tt/2ErmHWt
Submitted January 09, 2018 at 08:06PM by ynvb
via reddit http://ift.tt/2CLuttV
Check Point Research
Detection of the Meltdown and Spectre Vulnerabilities - Check Point Research
Researchers: Erez Israel, Daniel Marx, Yoav Alon, Aviv Gafni and Ben Omelchenko Last week, two publications regarding a pair of vulnerabilities named individually by their publishers as Meltdown and Spectre sent shockwaves through the cyber-security ecosystem.…
WOW! Dangerous Cyber attack in starting of 2018. Is your device secure??
Meltdown and Spectre - https://youtube.com/watch?list=PL4Z_2mButeI5eFuisg8p1oKzQw7OXvAsk&v=mi1fwGRma8s
Submitted January 09, 2018 at 10:25PM by sweet2weet
via reddit http://ift.tt/2qKwAwF
Meltdown and Spectre - https://youtube.com/watch?list=PL4Z_2mButeI5eFuisg8p1oKzQw7OXvAsk&v=mi1fwGRma8s
Submitted January 09, 2018 at 10:25PM by sweet2weet
via reddit http://ift.tt/2qKwAwF
YouTube
Meltdown and Spectre - Biggest Threat on All of Your Devices
Meltdown and Spectre, two new vulnerabilities are discovered recently on all the CPU's of intel, amd and arm processors. these new bugs are opening the door ...
Beginning to become more and more targeted.
It has been a few months I have noticed I am becoming more and more targeted in login attempts on various online services.2FA is active whenever I have a chance however, some services don't offer it (traditional banks for example) as well as I Simply forget where I have accounts.Does anyone have any tips or a guideline on how I can begin to find where the heck I have accounts and begin locking things down? 2FA is on my gmail and hotmail of course.
Submitted January 09, 2018 at 10:19PM by Pm_me_your_motocycle
via reddit http://ift.tt/2mjss1F
It has been a few months I have noticed I am becoming more and more targeted in login attempts on various online services.2FA is active whenever I have a chance however, some services don't offer it (traditional banks for example) as well as I Simply forget where I have accounts.Does anyone have any tips or a guideline on how I can begin to find where the heck I have accounts and begin locking things down? 2FA is on my gmail and hotmail of course.
Submitted January 09, 2018 at 10:19PM by Pm_me_your_motocycle
via reddit http://ift.tt/2mjss1F
reddit
Beginning to become more and more targeted. • r/security
It has been a few months I have noticed I am becoming more and more targeted in login attempts on various online services. 2FA is active...
Brute force password attack prevention
What does this community think about my ideas. Obviously, I cannot possibly be the first guy to think in these ways, or ...?http://ift.tt/2CLcKmx
Submitted January 09, 2018 at 09:44PM by mr-gaiasoul
via reddit http://ift.tt/2CLd5pj
What does this community think about my ideas. Obviously, I cannot possibly be the first guy to think in these ways, or ...?http://ift.tt/2CLcKmx
Submitted January 09, 2018 at 09:44PM by mr-gaiasoul
via reddit http://ift.tt/2CLd5pj
Gaiasoul
Brute force password attack prevention
For quite some time, I have been playing around with the ideas of being able to secure Phosphorus Five from brute force password attack, and actually once you spend time on it (pun!), it is actuall…
Cryptojacking - From Theft to Destruction
http://ift.tt/2CIl46i
Submitted January 09, 2018 at 09:30PM by Mi3Security
via reddit http://ift.tt/2DcgVIU
http://ift.tt/2CIl46i
Submitted January 09, 2018 at 09:30PM by Mi3Security
via reddit http://ift.tt/2DcgVIU
Mi3 Security
Cryptojacking - From Theft to Destruction
The rush to market with bleeding edge applications means that many mobile cryptocurrency applications and wallets contain vulnerabilities or security risks. This week we will examine a different kind of cryptocurrency risk. Cryptojacking.
practicalities of a primenumber rainbow table
how much effort would go in a programm/rainbowtable that goes to all values that you can make with, say, 4096 bit, check if its a prime number, if so, store it, then mutiply with every other found prime numer and store the result with some backlink to the correponding primenumber. how much would it cost in terms of cpu cycles and storage/memory, how good is this problem parallelisable? TL;DR: can such thing practicly break RSA
Submitted January 10, 2018 at 12:19AM by simcup
via reddit http://ift.tt/2CVFOvp
how much effort would go in a programm/rainbowtable that goes to all values that you can make with, say, 4096 bit, check if its a prime number, if so, store it, then mutiply with every other found prime numer and store the result with some backlink to the correponding primenumber. how much would it cost in terms of cpu cycles and storage/memory, how good is this problem parallelisable? TL;DR: can such thing practicly break RSA
Submitted January 10, 2018 at 12:19AM by simcup
via reddit http://ift.tt/2CVFOvp
reddit
practicalities of a primenumber rainbow table • r/security
how much effort would go in a programm/rainbowtable that goes to all values that you can make with, say, 4096 bit, check if its a prime number, if...
S/Mime Email security
More context at the bottom of the page.I have to encrypt and sign an email with an attachment per some instructions, but I don't know enough about cryptology to know how to interpret the instructions.I took the instructions below to mean "encrypt only the attachment (not the full e-mail), encrypt it with AES 256, using the RSA public key as the secret, (which means generating a random IV")The problem is that the secret key in C# doesn't appear that it can be more than 32 bytes. If I use the public key byte array, it is 270 bytes and it is not allowed.My guess at this point is that I should NOT be creating the AES key from the RSA public key, but that's where it loses me. Should I be creating a random key, or using the same one, how are they able to decrypt it if they don't have this key?"Using the secure/multipurpose internet mail exchange (S/MIME) standard, the email must be encrypted using AES-256 (AES cipher with a 256-bit key length) and FMCSA’s ELD public key. The message must be signed using the manufacturer’s ELD private key that corresponds with the ELD public key submitted to FMCSA by the provider when self-certifying the ELD.(a) The ELD must attach a file to an email message to be sent using RFC 5321 Simple Mail Transfer Protocol (SMTP) (incorporated by reference, see § 395.38), to a specific email address, which will be shared with the ELD providers during the technology registration process. (b)The file must have the format described in section 4.8.2.1 of this appendix and must be encrypted using the Secure/Multipurpose Internet Mail Extensions as described in RFC 5751 (incorporated by reference, see § 395.38), and the RSA algorithm as 116 described in RFC 4056 (incorporated by reference, see § 395.38), with the FMCSA public key compliant with NIST SP 800-32 (incorporated by reference, see § 395.38) to be provided to the ELD provider at the time of registration. The content must be encrypted using AES in FIPS Publication 197 (incorporated by reference, see § 395.38), and RFC 3565 (incorporated by reference, see § 395.38). (c)The email must be formatted using the RFC 5322 Internet Message Format (incorporated by reference, see § 395.38), as follows: Element Format To : <Address Provided by FMCSA during online registration> From : <Desired return address for confirmation> Subject : ELD records from <ELD Registration ID><’:’> <ELD Identifier> Body : <Output File Comment> Attachment : MIME encoded AES-256 encrypted file with <filename>.<Date string>.<unique identifier>.aes "
Submitted January 10, 2018 at 01:13AM by educated_female
via reddit http://ift.tt/2CZt6M8
More context at the bottom of the page.I have to encrypt and sign an email with an attachment per some instructions, but I don't know enough about cryptology to know how to interpret the instructions.I took the instructions below to mean "encrypt only the attachment (not the full e-mail), encrypt it with AES 256, using the RSA public key as the secret, (which means generating a random IV")The problem is that the secret key in C# doesn't appear that it can be more than 32 bytes. If I use the public key byte array, it is 270 bytes and it is not allowed.My guess at this point is that I should NOT be creating the AES key from the RSA public key, but that's where it loses me. Should I be creating a random key, or using the same one, how are they able to decrypt it if they don't have this key?"Using the secure/multipurpose internet mail exchange (S/MIME) standard, the email must be encrypted using AES-256 (AES cipher with a 256-bit key length) and FMCSA’s ELD public key. The message must be signed using the manufacturer’s ELD private key that corresponds with the ELD public key submitted to FMCSA by the provider when self-certifying the ELD.(a) The ELD must attach a file to an email message to be sent using RFC 5321 Simple Mail Transfer Protocol (SMTP) (incorporated by reference, see § 395.38), to a specific email address, which will be shared with the ELD providers during the technology registration process. (b)The file must have the format described in section 4.8.2.1 of this appendix and must be encrypted using the Secure/Multipurpose Internet Mail Extensions as described in RFC 5751 (incorporated by reference, see § 395.38), and the RSA algorithm as 116 described in RFC 4056 (incorporated by reference, see § 395.38), with the FMCSA public key compliant with NIST SP 800-32 (incorporated by reference, see § 395.38) to be provided to the ELD provider at the time of registration. The content must be encrypted using AES in FIPS Publication 197 (incorporated by reference, see § 395.38), and RFC 3565 (incorporated by reference, see § 395.38). (c)The email must be formatted using the RFC 5322 Internet Message Format (incorporated by reference, see § 395.38), as follows: Element Format To : <Address Provided by FMCSA during online registration> From : <Desired return address for confirmation> Subject : ELD records from <ELD Registration ID><’:’> <ELD Identifier> Body : <Output File Comment> Attachment : MIME encoded AES-256 encrypted file with <filename>.<Date string>.<unique identifier>.aes "
Submitted January 10, 2018 at 01:13AM by educated_female
via reddit http://ift.tt/2CZt6M8
reddit
S/Mime Email security • r/security
More context at the bottom of the page. I have to encrypt and sign an email with an attachment per some instructions, but I don't know enough...
Find put if phone is cellphone is tapped by govt
Hi Reddit. We are in the middle of a electoral fraud crisis in Honduras and the government has actively cracked down on those of us that denounced the fraud by harassing and murdering people (38 people so far). I'm becoming paranoid my cellphone could be tapped and I want to know if there's a way to tell and hopefully remove the tap or take preventive measures before me or the people I care about die misteriously or get exiled by the government. Thanks.
Submitted January 10, 2018 at 01:03AM by hollow_504
via reddit http://ift.tt/2AIG5w5
Hi Reddit. We are in the middle of a electoral fraud crisis in Honduras and the government has actively cracked down on those of us that denounced the fraud by harassing and murdering people (38 people so far). I'm becoming paranoid my cellphone could be tapped and I want to know if there's a way to tell and hopefully remove the tap or take preventive measures before me or the people I care about die misteriously or get exiled by the government. Thanks.
Submitted January 10, 2018 at 01:03AM by hollow_504
via reddit http://ift.tt/2AIG5w5
reddit
Find put if phone is cellphone is tapped by govt • r/security
Hi Reddit. We are in the middle of a electoral fraud crisis in Honduras and the government has actively cracked down on those of us that denounced...
Major Computer Chip Bugs Show the Need for Open Security Research
http://ift.tt/2D8wzF3
Submitted January 10, 2018 at 01:54AM by punkthesystem
via reddit http://ift.tt/2CM7a3j
http://ift.tt/2D8wzF3
Submitted January 10, 2018 at 01:54AM by punkthesystem
via reddit http://ift.tt/2CM7a3j
Reason.com
Major Computer Chip Bugs Show the Need for Open Security Research
Have you heard about "Meltdown" and "Spectre"? Here's what you need to know.
Website Glitch Let Me Overstock My Coinbase
http://ift.tt/2DeaZyW
Submitted January 10, 2018 at 01:37AM by volci
via reddit http://ift.tt/2qLXC6L
http://ift.tt/2DeaZyW
Submitted January 10, 2018 at 01:37AM by volci
via reddit http://ift.tt/2qLXC6L
reddit
Website Glitch Let Me Overstock My Coinbase • r/security
1 points and 0 comments so far on reddit
Meltdown Proof-of-Concept
http://ift.tt/2EpUlfa
Submitted January 10, 2018 at 01:21AM by Chris911
via reddit http://ift.tt/2CIjRfj
http://ift.tt/2EpUlfa
Submitted January 10, 2018 at 01:21AM by Chris911
via reddit http://ift.tt/2CIjRfj
GitHub
IAIK/meltdown
meltdown - This repository contains several applications, demonstrating the Meltdown bug.
Security Orchestration For Passive DNS Intelligence
http://ift.tt/2Erognc
Submitted January 10, 2018 at 02:49AM by abhishekiyer
via reddit http://ift.tt/2meFuwN
http://ift.tt/2Erognc
Submitted January 10, 2018 at 02:49AM by abhishekiyer
via reddit http://ift.tt/2meFuwN
Demisto
Security Orchestration Meets DNS Intelligence: Farsight Security DNSDB and Demisto
Learn how using Farsight DNSDB’s intelligence with Demisto’s security orchestration lends you a rich view of internet infrastructure to combat attacker agility.
CPUs: information leak using speculative execution (GPZ #1272)
http://ift.tt/2CYeo7x
Submitted January 10, 2018 at 03:15AM by InfrasonicCuneiform
via reddit http://ift.tt/2CJDuDU
http://ift.tt/2CYeo7x
Submitted January 10, 2018 at 03:15AM by InfrasonicCuneiform
via reddit http://ift.tt/2CJDuDU
reddit
CPUs: information leak using speculative execution (GPZ... • r/netsec
1 points and 0 comments so far on reddit
Meltdown Proof-of-Concept
http://ift.tt/2EpUlfa
Submitted January 10, 2018 at 03:14AM by Official_Legacy
via reddit http://ift.tt/2qOFE3z
http://ift.tt/2EpUlfa
Submitted January 10, 2018 at 03:14AM by Official_Legacy
via reddit http://ift.tt/2qOFE3z
GitHub
IAIK/meltdown
meltdown - This repository contains several applications, demonstrating the Meltdown bug.
Allegation that Telegram was Compromised by Russian Intelligence - Pg 233, Ln 20
http://ift.tt/2EqalOf
Submitted January 10, 2018 at 03:50AM by timcotten
via reddit http://ift.tt/2mc4bd8
http://ift.tt/2EqalOf
Submitted January 10, 2018 at 03:50AM by timcotten
via reddit http://ift.tt/2mc4bd8
reddit
Allegation that Telegram was Compromised by Russian... • r/netsec
9 points and 2 comments so far on reddit