Nontraditional pathways to a cybersecurity career: You got into infosec HOW?!
http://ift.tt/2DzraqJ

Submitted January 15, 2018 at 11:01PM by yourbasicgeek
via reddit http://ift.tt/2EJwYgM

NIST Post-Quantum Public Key Cryptography Contest
http://ift.tt/2mydFj6

Submitted January 15, 2018 at 10:55PM by airconditioningboy
via reddit http://ift.tt/2FEe6Bn

What apps/software specifically are affected by Spectre and Meltdown? (on macintosh)
Due to issues between the latest OS update on Mac and full-disk encryption (can't quite remember the details at the moment) I want to learn more about any ways to guard against a spectre/meltdown attack without updating the OS.Are there techniques for avoiding an attack? Maybe not having more than one thing open at a time? Having any sensitive information kept on a USB instead of locally stored? When is it appropriate to have the USB plugged in (if at all)?Or is any attempt to mitigate / avoid an attack completely futile without updating OS and firmware?Thanks for helping a bro out. :DP.S. If anyone knows answers to the above, but in regards to an unupdated windows machine using Chrome, feel free to share some knowledge with that as well! :) And linux too (I use a few different computers for work)

Submitted January 15, 2018 at 11:47PM by bubbling_automobile
via reddit http://ift.tt/2FGvMMK

Intel AMT Security Loophole Allow Hackers to Seize Control of Laptops
http://ift.tt/2myOrBd

Submitted January 16, 2018 at 12:26AM by DiceIT
via reddit http://ift.tt/2FFhhZB

Browser as Botnet: The Coming War For Your Web Browser
http://ift.tt/2ELk5CO

Submitted January 16, 2018 at 12:55AM by finalbroadcast
via reddit http://ift.tt/2mB7sD1

Penetration Tests With Nessus Chapter 1
http://ift.tt/2myzm2w

Submitted January 16, 2018 at 01:16AM by berkdusunurx
via reddit http://ift.tt/2DeAdRj

Firewall Detection in Penetration Test
http://ift.tt/2mz3hb0

Submitted January 16, 2018 at 01:15AM by berkdusunurx
via reddit http://ift.tt/2mFPMHk

Local Network Discovery Studies
http://ift.tt/2B35mkE

Submitted January 16, 2018 at 01:14AM by berkdusunurx
via reddit http://ift.tt/2rd887i

Uber pays hacker $100k for discovering security flaw and stolen consumer/driver data
http://ift.tt/2mxQnL2

Submitted January 16, 2018 at 12:57AM by imasmakurmomsdum
via reddit http://ift.tt/2D9sNKI

What's the future of online authentication (Or, why the heck do I have so many passwords)?
I've opened more than 240 online accounts over the years which means I have hundreds of passwords I need to track. Obviously, I could never memorize them all so I end up using a password safe (KeePass!). Many of these (~35) are highly sensitive accounts (bank, etc.).Password safes are the only realistic option for managing credentials at this point (the alternative is to use the same password everywhere... bad idea). Despite being the best option, they leave much to be desired. For one thing, all a hacker needs is my master password to have access to literally my entire life. Scary shit!So, my question: what do you think online authentication will (or should) look like in 100 years? Will everyone just be educated enough to manage their own password database? Or will a better system be developed and adopted and if so, what will it look like?Password alternatives that I'm aware of:Many sites do some sort of profiling of your browser and look for things that don't look right (more as a backup to passwords than a replacement). As I understand, they check things like your IP and the geographic area it's supposed to be in, characteristics of your browser and what other sites you use, and any cookies. I very much dislike this as I don't like the privacy and tracking implications. Besides, no aspect of this "fingerprint" is something that can't easily be spoofed.Some sites do 2FA (usually as an addition to passwords rather than a replacement). It's good that sites are starting to do this, but you still have to keep track of different credentials for different sites.Oauth 2 and OpenID Connect: basically use your credentials from one site (typically Google and Facebook) to log into another (Right? Still learning...). This reduces the number of credentials you need to manage, but it makes me uncomfortable having Google federating access to my entire life.Government and some other sites in Estonia use a government issued smart card + pin to authenticate users. I've never personally had a chance to use a system like this, but it sounds promising?What other options am I missing?

Submitted January 16, 2018 at 03:25AM by ben011
via reddit http://ift.tt/2mHgejJ

Pentesting in Star Wars
https://player.vimeo.com/video/148946917

Submitted January 16, 2018 at 03:10AM by Karn_Silver_NetAdmin
via reddit http://ift.tt/2EJXRBm

Video-Reversing/Debugging 3rd Party APKs (xpost r/ringzero)
http://ift.tt/2mGJlDF

Submitted January 16, 2018 at 01:36AM by majorllama
via reddit http://ift.tt/2D7YxzY

Lost bitlocker key
Since MS released the update that gave lots of computers worldwide BSOD we have a laptop that has BSOD. Since this happend between a MS update, the bitlocker key got frozen in the memory. As of MS disables bitlocker temporairly when it reboots for a update.The computer could bould without a key but is in a boot loop.We lost the key. So we tried several things: * Seaching the key in our mailboxen and every possible know place * Tried the infeneon tpm hack which failes to read the public key * Finding a way to put a command line in the boot process somewere so we could use %system32%\config\Regback, but i coulnd stop windows from loading somehow to open up cmd or so. * As for as i know it cant be done with Meltdown cause the OS needs te be live, correct me if im wrongWe do think of freezing the memory still should be a reasonable option, DMA-attack, but this would be the last option to tryDoes anyone else has Any ideas to use or combine some off the things i listed. We really need to crack this laptop open cause there are lots of family pictures on it, and yes they didnt want a backup plan, but the key was my responsibility.

Submitted January 16, 2018 at 05:54AM by iiidefconiii
via reddit http://ift.tt/2D8Ceds

Browser as Botnet, or the Coming War on Your Web Browser
http://ift.tt/2EHePjM

Submitted January 16, 2018 at 05:13AM by chull2058
via reddit http://ift.tt/2D4J9EB

Police Hand out Malware-Infected USBs as Prize in Cyber-Security Quiz
http://ift.tt/2B0E91U

Submitted January 16, 2018 at 05:12AM by chull2058
via reddit http://ift.tt/2D6bSJe

How the industry-breaking Spectre bug stayed secret for seven months
http://ift.tt/2qU0fTZ

Submitted January 16, 2018 at 06:06AM by thatshirtman
via reddit http://ift.tt/2mzEjbz

uncached privileged memory can be read with meltdown (a controversy)
https://twitter.com/raphael_scarv/status/952078140028964864

Submitted January 16, 2018 at 06:51AM by raphaelscarv
via reddit http://ift.tt/2D47SZB

How Can Access control system raise up the School’s Security?
http://ift.tt/2EKHR1V

Submitted January 16, 2018 at 01:15PM by Bellaava22
via reddit http://ift.tt/2FIbzps

Bypassing CSP by Abusing JSONP Endpoints
http://ift.tt/2FFSt3x

Submitted January 16, 2018 at 01:54PM by mazen160
via reddit http://ift.tt/2ravwlX

Seagate patched silently a security flaw in NAS devices
http://ift.tt/2DANzEc

Submitted January 16, 2018 at 02:20PM by rediii123
via reddit http://ift.tt/2Df3Rpj

Bitcoin and Cryptocurrencies Under Attack from Hackers – Stay Safe
http://ift.tt/2DATA3R

Submitted January 16, 2018 at 01:56PM by vaxfms
via reddit http://ift.tt/2B5fJ7x