Hacking Facebook accounts using CSRF in Oculus-Facebook integration
http://ift.tt/2Dy9tbf

Submitted January 15, 2018 at 08:55PM by josipfranjkovic
via reddit http://ift.tt/2B20c8q

Hershell, a project in Go to generate cross-platform reverse shell payloads, with TLS encryption and upgrade into Meterpreter.
http://ift.tt/2r8nAl4

Submitted January 15, 2018 at 07:45PM by phocean
via reddit http://ift.tt/2my7mfA

Mixed Content Warnings? No more! Crawling for warnings in an automated fashion
http://ift.tt/2myaWq0

Submitted January 15, 2018 at 07:42PM by CoolUsernamesAreGone
via reddit http://ift.tt/2mH1ZLK

Public Disclosure: Authentication Bypass on help.baaz.com
http://ift.tt/2FE3bHz

Submitted January 15, 2018 at 07:34PM by alexbirsan
via reddit http://ift.tt/2Dknr2E

Shibboleth authentication bypass
http://ift.tt/2ELwO8R

Submitted January 15, 2018 at 09:30PM by le-quack
via reddit http://ift.tt/2FDWOnX

Using a Yubikey for GPG and SSH
http://ift.tt/2EEATeT

Submitted January 15, 2018 at 10:35PM by speckz
via reddit http://ift.tt/2Dzvab0

Studying choices
Hi everyone, I am currently in my last years of school and I am trying to make a decision on which way to go. So first of all I am very interested in it security, I just love every aspect of it, so I am in between 2 option. The first one would be to go directly to university where they offer Info sec such as RoyalHolloway!, Warwick! or try to get into a company where they offer both studying and working at the same time, which gives me the advantage that I already real-life work experience when im finished. So, what is your opininion and what else can I do before I start studying.Thanks in advance.

Submitted January 15, 2018 at 11:15PM by maxWinkler07
via reddit http://ift.tt/2r4swr0

Nontraditional pathways to a cybersecurity career: You got into infosec HOW?!
http://ift.tt/2DzraqJ

Submitted January 15, 2018 at 11:01PM by yourbasicgeek
via reddit http://ift.tt/2EJwYgM

NIST Post-Quantum Public Key Cryptography Contest
http://ift.tt/2mydFj6

Submitted January 15, 2018 at 10:55PM by airconditioningboy
via reddit http://ift.tt/2FEe6Bn

What apps/software specifically are affected by Spectre and Meltdown? (on macintosh)
Due to issues between the latest OS update on Mac and full-disk encryption (can't quite remember the details at the moment) I want to learn more about any ways to guard against a spectre/meltdown attack without updating the OS.Are there techniques for avoiding an attack? Maybe not having more than one thing open at a time? Having any sensitive information kept on a USB instead of locally stored? When is it appropriate to have the USB plugged in (if at all)?Or is any attempt to mitigate / avoid an attack completely futile without updating OS and firmware?Thanks for helping a bro out. :DP.S. If anyone knows answers to the above, but in regards to an unupdated windows machine using Chrome, feel free to share some knowledge with that as well! :) And linux too (I use a few different computers for work)

Submitted January 15, 2018 at 11:47PM by bubbling_automobile
via reddit http://ift.tt/2FGvMMK

Intel AMT Security Loophole Allow Hackers to Seize Control of Laptops
http://ift.tt/2myOrBd

Submitted January 16, 2018 at 12:26AM by DiceIT
via reddit http://ift.tt/2FFhhZB

Browser as Botnet: The Coming War For Your Web Browser
http://ift.tt/2ELk5CO

Submitted January 16, 2018 at 12:55AM by finalbroadcast
via reddit http://ift.tt/2mB7sD1

Penetration Tests With Nessus Chapter 1
http://ift.tt/2myzm2w

Submitted January 16, 2018 at 01:16AM by berkdusunurx
via reddit http://ift.tt/2DeAdRj

Firewall Detection in Penetration Test
http://ift.tt/2mz3hb0

Submitted January 16, 2018 at 01:15AM by berkdusunurx
via reddit http://ift.tt/2mFPMHk

Local Network Discovery Studies
http://ift.tt/2B35mkE

Submitted January 16, 2018 at 01:14AM by berkdusunurx
via reddit http://ift.tt/2rd887i

Uber pays hacker $100k for discovering security flaw and stolen consumer/driver data
http://ift.tt/2mxQnL2

Submitted January 16, 2018 at 12:57AM by imasmakurmomsdum
via reddit http://ift.tt/2D9sNKI

What's the future of online authentication (Or, why the heck do I have so many passwords)?
I've opened more than 240 online accounts over the years which means I have hundreds of passwords I need to track. Obviously, I could never memorize them all so I end up using a password safe (KeePass!). Many of these (~35) are highly sensitive accounts (bank, etc.).Password safes are the only realistic option for managing credentials at this point (the alternative is to use the same password everywhere... bad idea). Despite being the best option, they leave much to be desired. For one thing, all a hacker needs is my master password to have access to literally my entire life. Scary shit!So, my question: what do you think online authentication will (or should) look like in 100 years? Will everyone just be educated enough to manage their own password database? Or will a better system be developed and adopted and if so, what will it look like?Password alternatives that I'm aware of:Many sites do some sort of profiling of your browser and look for things that don't look right (more as a backup to passwords than a replacement). As I understand, they check things like your IP and the geographic area it's supposed to be in, characteristics of your browser and what other sites you use, and any cookies. I very much dislike this as I don't like the privacy and tracking implications. Besides, no aspect of this "fingerprint" is something that can't easily be spoofed.Some sites do 2FA (usually as an addition to passwords rather than a replacement). It's good that sites are starting to do this, but you still have to keep track of different credentials for different sites.Oauth 2 and OpenID Connect: basically use your credentials from one site (typically Google and Facebook) to log into another (Right? Still learning...). This reduces the number of credentials you need to manage, but it makes me uncomfortable having Google federating access to my entire life.Government and some other sites in Estonia use a government issued smart card + pin to authenticate users. I've never personally had a chance to use a system like this, but it sounds promising?What other options am I missing?

Submitted January 16, 2018 at 03:25AM by ben011
via reddit http://ift.tt/2mHgejJ

Pentesting in Star Wars
https://player.vimeo.com/video/148946917

Submitted January 16, 2018 at 03:10AM by Karn_Silver_NetAdmin
via reddit http://ift.tt/2EJXRBm

Video-Reversing/Debugging 3rd Party APKs (xpost r/ringzero)
http://ift.tt/2mGJlDF

Submitted January 16, 2018 at 01:36AM by majorllama
via reddit http://ift.tt/2D7YxzY

Lost bitlocker key
Since MS released the update that gave lots of computers worldwide BSOD we have a laptop that has BSOD. Since this happend between a MS update, the bitlocker key got frozen in the memory. As of MS disables bitlocker temporairly when it reboots for a update.The computer could bould without a key but is in a boot loop.We lost the key. So we tried several things: * Seaching the key in our mailboxen and every possible know place * Tried the infeneon tpm hack which failes to read the public key * Finding a way to put a command line in the boot process somewere so we could use %system32%\config\Regback, but i coulnd stop windows from loading somehow to open up cmd or so. * As for as i know it cant be done with Meltdown cause the OS needs te be live, correct me if im wrongWe do think of freezing the memory still should be a reasonable option, DMA-attack, but this would be the last option to tryDoes anyone else has Any ideas to use or combine some off the things i listed. We really need to crack this laptop open cause there are lots of family pictures on it, and yes they didnt want a backup plan, but the key was my responsibility.

Submitted January 16, 2018 at 05:54AM by iiidefconiii
via reddit http://ift.tt/2D8Ceds

Browser as Botnet, or the Coming War on Your Web Browser
http://ift.tt/2EHePjM

Submitted January 16, 2018 at 05:13AM by chull2058
via reddit http://ift.tt/2D4J9EB