[x-post r/Huawei] How secure is the fingerprint lock? (pentesting?)
Ive never been on this sub so i dont know if this is the right place.. but anyways.To preface, let me start by saying i am not a programmer or pentester at all but i do take an interest in learning what is behind the interface of my various electronic devices.So i own a Huawei Mate 9I noticed when I go to "phone manager > applock" you can lock certain apps with the fingerprint scanner. I use kik a lot for messaging people and used that function for this app (as well as literally every other app that would give anyone information about me if they had access). When i receive a notification and click it, my phone first directs me to unlock the app with the fingerprint. However before i unlock it, the person who sent me the message can see that i "read" their message before ever opening their message. This applies with every other messaging app i have at the moment.Again, i dont have much experience in this realm, but with the little knowledge i do have.. it seems that it allows me to access the messages BEFORE i unlock it. It appears that the only reason I cant see the message is because the fingerprint scanner pops up so I cant physically see the message, but the phone can.Assuming someone hacked or installed spyware/malware on my phone, does that mean that the fingerprint lock does not offer me another layer of security?
Submitted January 15, 2018 at 03:37AM by whatisthisrn
via reddit http://ift.tt/2Dy9UST
Ive never been on this sub so i dont know if this is the right place.. but anyways.To preface, let me start by saying i am not a programmer or pentester at all but i do take an interest in learning what is behind the interface of my various electronic devices.So i own a Huawei Mate 9I noticed when I go to "phone manager > applock" you can lock certain apps with the fingerprint scanner. I use kik a lot for messaging people and used that function for this app (as well as literally every other app that would give anyone information about me if they had access). When i receive a notification and click it, my phone first directs me to unlock the app with the fingerprint. However before i unlock it, the person who sent me the message can see that i "read" their message before ever opening their message. This applies with every other messaging app i have at the moment.Again, i dont have much experience in this realm, but with the little knowledge i do have.. it seems that it allows me to access the messages BEFORE i unlock it. It appears that the only reason I cant see the message is because the fingerprint scanner pops up so I cant physically see the message, but the phone can.Assuming someone hacked or installed spyware/malware on my phone, does that mean that the fingerprint lock does not offer me another layer of security?
Submitted January 15, 2018 at 03:37AM by whatisthisrn
via reddit http://ift.tt/2Dy9UST
reddit
[x-post r/Huawei] How secure is the fingerprint lock?... • r/security
Ive never been on this sub so i dont know if this is the right place.. but anyways. To preface, let me start by saying i am not a programmer or...
ProtonMail remains one of the most secure emails with the end to end decryption system
http://ift.tt/2Dr8aLb
Submitted January 15, 2018 at 04:03AM by giobbo
via reddit http://ift.tt/2mwqScj
http://ift.tt/2Dr8aLb
Submitted January 15, 2018 at 04:03AM by giobbo
via reddit http://ift.tt/2mwqScj
Italia Post
ProtonMail: l'email con crittografia end-to-end
ProtonMail è il servizio di posta elettronica offerto da Proton Technologies, una società fondata (2013) da un gruppo di scienziati del MIT e del CERN.
Persistence by adding data to alternate data streams and executing it
http://ift.tt/2mxUMg3
Submitted January 15, 2018 at 04:02AM by oddvarmoe
via reddit http://ift.tt/2Dfowc5
http://ift.tt/2mxUMg3
Submitted January 15, 2018 at 04:02AM by oddvarmoe
via reddit http://ift.tt/2Dfowc5
Oddvar Moe's Blog
Putting data in Alternate data streams and how to execute it
Part 2 of this research can be found here: I always had a fascination about ADS (Alternate data streams) and using it as part of a persistence. My first meeting with this as a persistence techniqu…
SMB Antimalware Suite Recommendations please
Looking for a cloud based antimalware endpoint solution (preferably with some basic MDM ability---check encryption and patching).Currently 50 employees, but likely to be 250 in a year.Has to work on Mac and Windows. It's been ages since I investigated this so advice from those in the field is greatly appreciated.
Submitted January 15, 2018 at 11:49AM by TheDroogie
via reddit http://ift.tt/2r1S1cu
Looking for a cloud based antimalware endpoint solution (preferably with some basic MDM ability---check encryption and patching).Currently 50 employees, but likely to be 250 in a year.Has to work on Mac and Windows. It's been ages since I investigated this so advice from those in the field is greatly appreciated.
Submitted January 15, 2018 at 11:49AM by TheDroogie
via reddit http://ift.tt/2r1S1cu
reddit
SMB Antimalware Suite Recommendations please • r/security
Looking for a cloud based antimalware endpoint solution (preferably with some basic MDM ability---check encryption and patching). Currently 50...
Bash noscript that enumerates affected systems by each vulnerability per year using Shodan
http://ift.tt/2mv9jJJ
Submitted January 15, 2018 at 01:21PM by tobortidder
via reddit http://ift.tt/2DdY0Ra
http://ift.tt/2mv9jJJ
Submitted January 15, 2018 at 01:21PM by tobortidder
via reddit http://ift.tt/2DdY0Ra
GitHub
Mavrepis/ShodanVulncheck
ShodanVulncheck - bash noscript to enumerate vulnerabilities on specific year through Shodan API
2018 B-day Reverse Engineering Challenge
http://ift.tt/2B1Bxkn
Submitted January 15, 2018 at 03:17PM by Rikaard
via reddit http://ift.tt/2mIStIj
http://ift.tt/2B1Bxkn
Submitted January 15, 2018 at 03:17PM by Rikaard
via reddit http://ift.tt/2mIStIj
Cyber Security Training and Education
https://www.youtube.com/attribution_link?a=QmMdTAgWZa8&u=%2Fwatch%3Fv%3D_S2zNf0C48A%26feature%3Dshare
Submitted January 15, 2018 at 03:29PM by steppa_cyber
via reddit http://ift.tt/2mES1dT
https://www.youtube.com/attribution_link?a=QmMdTAgWZa8&u=%2Fwatch%3Fv%3D_S2zNf0C48A%26feature%3Dshare
Submitted January 15, 2018 at 03:29PM by steppa_cyber
via reddit http://ift.tt/2mES1dT
YouTube
Cyber Security Training and Education
Join the thousands of people who benefited from our cyber security training and education program. For academia, industry, business, law enforcement and gove...
How Secure Is Your Hotel Mobile Room Key?
http://ift.tt/2AE5s22
Submitted January 15, 2018 at 04:08PM by GemmaJ123
via reddit http://ift.tt/2D3JXtw
http://ift.tt/2AE5s22
Submitted January 15, 2018 at 04:08PM by GemmaJ123
via reddit http://ift.tt/2D3JXtw
NerdWallet
How Secure Is Your Hotel's Mobile Room Key?
Sure, being able to walk right into your hotel room without checking in sounds great, but hotel mobile keys may have some vulnerabilities.
OSINT AS A MINDSET
http://ift.tt/2DiSSdN
Submitted January 15, 2018 at 04:20PM by xaocuc
via reddit http://ift.tt/2FGaFd5
http://ift.tt/2DiSSdN
Submitted January 15, 2018 at 04:20PM by xaocuc
via reddit http://ift.tt/2FGaFd5
Medium
OSINT AS A MINDSET
For my first blog i will start of by doing a little rant on the OSINT landscape.
Automating Application Security
http://ift.tt/2r9ZQga
Submitted January 15, 2018 at 04:17PM by TheRealest_Me
via reddit http://ift.tt/2mFdnaT
http://ift.tt/2r9ZQga
Submitted January 15, 2018 at 04:17PM by TheRealest_Me
via reddit http://ift.tt/2mFdnaT
Continuous Cyber Security | UK | Digital Interruption
Working towards automated App Security | Continuous Cyber Security | UK | Digital Interruption
There has been a growing shift in the way software is developed and one the security industry has unfortunately been slow to adapt to and adopt. I'm talking, of
Toymaker VTech Settles Charges of Violating Child Privacy Law
http://ift.tt/2CTt9Za
Submitted January 15, 2018 at 04:09PM by GemmaJ123
via reddit http://ift.tt/2r7bZCL
http://ift.tt/2CTt9Za
Submitted January 15, 2018 at 04:09PM by GemmaJ123
via reddit http://ift.tt/2r7bZCL
Nytimes
Toymaker VTech Settles Charges of Violating Child Privacy Law
The company was accused of collecting data on children without parents’ permission and failing to keep it secure from hackers. It agreed to pay $650,000.
Purple Rain Attack: Password Cracking With Random Generation
http://ift.tt/2D5EEJT
Submitted January 15, 2018 at 05:06PM by netmux
via reddit http://ift.tt/2DzMOeJ
http://ift.tt/2D5EEJT
Submitted January 15, 2018 at 05:06PM by netmux
via reddit http://ift.tt/2DzMOeJ
Purple Rain Attack
When All Else Fails There comes a time in every pentest that you just simply run out of password cracking attacks to try, and you find yourself completely stumped. You've consulted your notes, performed analysis of the password policy and current cracked…
Subdomain enumeration using Censys certificate transparency logs
http://ift.tt/2B3pdA4
Submitted January 15, 2018 at 05:48PM by thorn42
via reddit http://ift.tt/2EIkg20
http://ift.tt/2B3pdA4
Submitted January 15, 2018 at 05:48PM by thorn42
via reddit http://ift.tt/2EIkg20
GitHub
christophetd/censys-subdomain-finder
censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
Security In 5: Episode 152 - How To Help Your Security Program Be Accepted
http://ift.tt/2EGETLZ
Submitted January 15, 2018 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2DfhmVn
http://ift.tt/2EGETLZ
Submitted January 15, 2018 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2DfhmVn
Libsyn
Security In Five Podcast: Episode 152 - How To Help Your Security Program Be Accepted
Creating a security program is the easy part, getting it integrated and accepted by the business and employees is the hard part. Security is more than the technology supporting it, security needs to be accepted by people to be effective. People have to choose…
RFID tag in key fob?
When your smart keyfob looses power you can often start the engine by pushing the start button with the key fob. Suspecting a passive RFID tag, I tried to pick up a 125khz tag with an Innovations reader and tried to read an NFC tag with a PN532 reader to no avail. Anyone know what's in there?
Submitted January 15, 2018 at 07:23PM by hydronics2
via reddit http://ift.tt/2mzTWiT
When your smart keyfob looses power you can often start the engine by pushing the start button with the key fob. Suspecting a passive RFID tag, I tried to pick up a 125khz tag with an Innovations reader and tried to read an NFC tag with a PN532 reader to no avail. Anyone know what's in there?
Submitted January 15, 2018 at 07:23PM by hydronics2
via reddit http://ift.tt/2mzTWiT
reddit
RFID tag in key fob? • r/security
When your smart keyfob looses power you can often start the engine by pushing the start button with the key fob. Suspecting a passive RFID tag, I...
Check https grades via console
http://ift.tt/2EIeHR8
Submitted January 15, 2018 at 07:14PM by CoolUsernamesAreGone
via reddit http://ift.tt/2B2861q
http://ift.tt/2EIeHR8
Submitted January 15, 2018 at 07:14PM by CoolUsernamesAreGone
via reddit http://ift.tt/2B2861q
GitHub
ozzi-/consoleSSLlabs
consoleSSLlabs - Automate scans using Qualys SSL Labs
Hacking Facebook accounts using CSRF in Oculus-Facebook integration
http://ift.tt/2Dy9tbf
Submitted January 15, 2018 at 08:55PM by josipfranjkovic
via reddit http://ift.tt/2B20c8q
http://ift.tt/2Dy9tbf
Submitted January 15, 2018 at 08:55PM by josipfranjkovic
via reddit http://ift.tt/2B20c8q
JosipFranjkovic
Hacking Facebook accounts using CSRF in Oculus-Facebook integration
I enjoy breaking websites.
Hershell, a project in Go to generate cross-platform reverse shell payloads, with TLS encryption and upgrade into Meterpreter.
http://ift.tt/2r8nAl4
Submitted January 15, 2018 at 07:45PM by phocean
via reddit http://ift.tt/2my7mfA
http://ift.tt/2r8nAl4
Submitted January 15, 2018 at 07:45PM by phocean
via reddit http://ift.tt/2my7mfA
Sysdream
Sysdream, [EN] Golang for pentests : Hershell
Sysdream, audits et formations en sécurité informatique Ethical Hacking PCI DSS Test d'intrusion
Mixed Content Warnings? No more! Crawling for warnings in an automated fashion
http://ift.tt/2myaWq0
Submitted January 15, 2018 at 07:42PM by CoolUsernamesAreGone
via reddit http://ift.tt/2mH1ZLK
http://ift.tt/2myaWq0
Submitted January 15, 2018 at 07:42PM by CoolUsernamesAreGone
via reddit http://ift.tt/2mH1ZLK
GitHub
ozzi-/mixed-content-checker
mixed-content-checker - java cli tool for crawling whole websites for mixed-content issues
Public Disclosure: Authentication Bypass on help.baaz.com
http://ift.tt/2FE3bHz
Submitted January 15, 2018 at 07:34PM by alexbirsan
via reddit http://ift.tt/2Dknr2E
http://ift.tt/2FE3bHz
Submitted January 15, 2018 at 07:34PM by alexbirsan
via reddit http://ift.tt/2Dknr2E
Medium
Public Disclosure: Authentication Bypass on help.baaz.com
I’m gonna keep this short and sweet. The Baaz security team is refusing to fix this, or cooperate in any way, so I’m releasing everything I…
Shibboleth authentication bypass
http://ift.tt/2ELwO8R
Submitted January 15, 2018 at 09:30PM by le-quack
via reddit http://ift.tt/2FDWOnX
http://ift.tt/2ELwO8R
Submitted January 15, 2018 at 09:30PM by le-quack
via reddit http://ift.tt/2FDWOnX
www.redteam-pentesting.de
Truncation of SAML Attributes in Shibboleth 2
RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may...