Browser as Botnet: The Coming War For Your Web Browser
http://ift.tt/2ELk5CO
Submitted January 16, 2018 at 12:55AM by finalbroadcast
via reddit http://ift.tt/2mB7sD1
http://ift.tt/2ELk5CO
Submitted January 16, 2018 at 12:55AM by finalbroadcast
via reddit http://ift.tt/2mB7sD1
freeCodeCamp
Browser as Botnet: The Coming War For Your Web Browser
What if websites borrowed compute resources from their visitor’s devices while they browsed as a means of distributed computing?
Penetration Tests With Nessus Chapter 1
http://ift.tt/2myzm2w
Submitted January 16, 2018 at 01:16AM by berkdusunurx
via reddit http://ift.tt/2DeAdRj
http://ift.tt/2myzm2w
Submitted January 16, 2018 at 01:16AM by berkdusunurx
via reddit http://ift.tt/2DeAdRj
www.berkdusunur.net
Penetration Tests With Nessus (Chapter 1) Nessus İle Sızma Testleri
Hello everyone. Today I will write to you about " Nessus Vulnerability Scanner " This is the first part of my wiriting about nessu...
Firewall Detection in Penetration Test
http://ift.tt/2mz3hb0
Submitted January 16, 2018 at 01:15AM by berkdusunurx
via reddit http://ift.tt/2mFPMHk
http://ift.tt/2mz3hb0
Submitted January 16, 2018 at 01:15AM by berkdusunurx
via reddit http://ift.tt/2mFPMHk
www.berkdusunur.net
Firewall Detection in Penetration Tests (Sızma Testlerinde Firewall Tespiti)
Hello everyone. Today I will write about Firewall detection in penetration testing. Please let me know your views on the articles ...
Local Network Discovery Studies
http://ift.tt/2B35mkE
Submitted January 16, 2018 at 01:14AM by berkdusunurx
via reddit http://ift.tt/2rd887i
http://ift.tt/2B35mkE
Submitted January 16, 2018 at 01:14AM by berkdusunurx
via reddit http://ift.tt/2rd887i
www.berkdusunur.net
Local Network Discovery Studies (Lokal Ağda Keşif Çalışmaları)
Hello everyone. Today I will write about Local Network Discovery Studies What Is This Ifconfig? ifconfig is a system administrati...
Uber pays hacker $100k for discovering security flaw and stolen consumer/driver data
http://ift.tt/2mxQnL2
Submitted January 16, 2018 at 12:57AM by imasmakurmomsdum
via reddit http://ift.tt/2D9sNKI
http://ift.tt/2mxQnL2
Submitted January 16, 2018 at 12:57AM by imasmakurmomsdum
via reddit http://ift.tt/2D9sNKI
Nytimes
Inside Uber’s $100,000 Payment to a Hacker, and the Fallout
How Uber grappled with a 2016 hack is under scrutiny and has cast a chill over how other companies deal with security threats.
What's the future of online authentication (Or, why the heck do I have so many passwords)?
I've opened more than 240 online accounts over the years which means I have hundreds of passwords I need to track. Obviously, I could never memorize them all so I end up using a password safe (KeePass!). Many of these (~35) are highly sensitive accounts (bank, etc.).Password safes are the only realistic option for managing credentials at this point (the alternative is to use the same password everywhere... bad idea). Despite being the best option, they leave much to be desired. For one thing, all a hacker needs is my master password to have access to literally my entire life. Scary shit!So, my question: what do you think online authentication will (or should) look like in 100 years? Will everyone just be educated enough to manage their own password database? Or will a better system be developed and adopted and if so, what will it look like?Password alternatives that I'm aware of:Many sites do some sort of profiling of your browser and look for things that don't look right (more as a backup to passwords than a replacement). As I understand, they check things like your IP and the geographic area it's supposed to be in, characteristics of your browser and what other sites you use, and any cookies. I very much dislike this as I don't like the privacy and tracking implications. Besides, no aspect of this "fingerprint" is something that can't easily be spoofed.Some sites do 2FA (usually as an addition to passwords rather than a replacement). It's good that sites are starting to do this, but you still have to keep track of different credentials for different sites.Oauth 2 and OpenID Connect: basically use your credentials from one site (typically Google and Facebook) to log into another (Right? Still learning...). This reduces the number of credentials you need to manage, but it makes me uncomfortable having Google federating access to my entire life.Government and some other sites in Estonia use a government issued smart card + pin to authenticate users. I've never personally had a chance to use a system like this, but it sounds promising?What other options am I missing?
Submitted January 16, 2018 at 03:25AM by ben011
via reddit http://ift.tt/2mHgejJ
I've opened more than 240 online accounts over the years which means I have hundreds of passwords I need to track. Obviously, I could never memorize them all so I end up using a password safe (KeePass!). Many of these (~35) are highly sensitive accounts (bank, etc.).Password safes are the only realistic option for managing credentials at this point (the alternative is to use the same password everywhere... bad idea). Despite being the best option, they leave much to be desired. For one thing, all a hacker needs is my master password to have access to literally my entire life. Scary shit!So, my question: what do you think online authentication will (or should) look like in 100 years? Will everyone just be educated enough to manage their own password database? Or will a better system be developed and adopted and if so, what will it look like?Password alternatives that I'm aware of:Many sites do some sort of profiling of your browser and look for things that don't look right (more as a backup to passwords than a replacement). As I understand, they check things like your IP and the geographic area it's supposed to be in, characteristics of your browser and what other sites you use, and any cookies. I very much dislike this as I don't like the privacy and tracking implications. Besides, no aspect of this "fingerprint" is something that can't easily be spoofed.Some sites do 2FA (usually as an addition to passwords rather than a replacement). It's good that sites are starting to do this, but you still have to keep track of different credentials for different sites.Oauth 2 and OpenID Connect: basically use your credentials from one site (typically Google and Facebook) to log into another (Right? Still learning...). This reduces the number of credentials you need to manage, but it makes me uncomfortable having Google federating access to my entire life.Government and some other sites in Estonia use a government issued smart card + pin to authenticate users. I've never personally had a chance to use a system like this, but it sounds promising?What other options am I missing?
Submitted January 16, 2018 at 03:25AM by ben011
via reddit http://ift.tt/2mHgejJ
reddit
What's the future of online authentication (Or, why... • r/security
I've opened more than 240 online accounts over the years which means I have hundreds of passwords I need to track. Obviously, I could never...
Pentesting in Star Wars
https://player.vimeo.com/video/148946917
Submitted January 16, 2018 at 03:10AM by Karn_Silver_NetAdmin
via reddit http://ift.tt/2EJXRBm
https://player.vimeo.com/video/148946917
Submitted January 16, 2018 at 03:10AM by Karn_Silver_NetAdmin
via reddit http://ift.tt/2EJXRBm
reddit
Pentesting in Star Wars • r/netsec
2 points and 0 comments so far on reddit
Video-Reversing/Debugging 3rd Party APKs (xpost r/ringzero)
http://ift.tt/2mGJlDF
Submitted January 16, 2018 at 01:36AM by majorllama
via reddit http://ift.tt/2D7YxzY
http://ift.tt/2mGJlDF
Submitted January 16, 2018 at 01:36AM by majorllama
via reddit http://ift.tt/2D7YxzY
Ringzerolabs
Reverse Engineering and Debugging 3rd Party APKs
Today we demonstrate what tools are needed to reverse engineer 3rd party APKs and how to debug them without having source-code.
Lost bitlocker key
Since MS released the update that gave lots of computers worldwide BSOD we have a laptop that has BSOD. Since this happend between a MS update, the bitlocker key got frozen in the memory. As of MS disables bitlocker temporairly when it reboots for a update.The computer could bould without a key but is in a boot loop.We lost the key. So we tried several things: * Seaching the key in our mailboxen and every possible know place * Tried the infeneon tpm hack which failes to read the public key * Finding a way to put a command line in the boot process somewere so we could use %system32%\config\Regback, but i coulnd stop windows from loading somehow to open up cmd or so. * As for as i know it cant be done with Meltdown cause the OS needs te be live, correct me if im wrongWe do think of freezing the memory still should be a reasonable option, DMA-attack, but this would be the last option to tryDoes anyone else has Any ideas to use or combine some off the things i listed. We really need to crack this laptop open cause there are lots of family pictures on it, and yes they didnt want a backup plan, but the key was my responsibility.
Submitted January 16, 2018 at 05:54AM by iiidefconiii
via reddit http://ift.tt/2D8Ceds
Since MS released the update that gave lots of computers worldwide BSOD we have a laptop that has BSOD. Since this happend between a MS update, the bitlocker key got frozen in the memory. As of MS disables bitlocker temporairly when it reboots for a update.The computer could bould without a key but is in a boot loop.We lost the key. So we tried several things: * Seaching the key in our mailboxen and every possible know place * Tried the infeneon tpm hack which failes to read the public key * Finding a way to put a command line in the boot process somewere so we could use %system32%\config\Regback, but i coulnd stop windows from loading somehow to open up cmd or so. * As for as i know it cant be done with Meltdown cause the OS needs te be live, correct me if im wrongWe do think of freezing the memory still should be a reasonable option, DMA-attack, but this would be the last option to tryDoes anyone else has Any ideas to use or combine some off the things i listed. We really need to crack this laptop open cause there are lots of family pictures on it, and yes they didnt want a backup plan, but the key was my responsibility.
Submitted January 16, 2018 at 05:54AM by iiidefconiii
via reddit http://ift.tt/2D8Ceds
reddit
Lost bitlocker key • r/security
Since MS released the update that gave lots of computers worldwide BSOD we have a laptop that has BSOD. Since this happend between a MS update,...
Browser as Botnet, or the Coming War on Your Web Browser
http://ift.tt/2EHePjM
Submitted January 16, 2018 at 05:13AM by chull2058
via reddit http://ift.tt/2D4J9EB
http://ift.tt/2EHePjM
Submitted January 16, 2018 at 05:13AM by chull2058
via reddit http://ift.tt/2D4J9EB
Medium
Browser as Botnet, or the Coming War on Your Web Browser
What if websites borrowed compute resources from their visitor’s devices while they browsed as a means of distributed computing?
Police Hand out Malware-Infected USBs as Prize in Cyber-Security Quiz
http://ift.tt/2B0E91U
Submitted January 16, 2018 at 05:12AM by chull2058
via reddit http://ift.tt/2D6bSJe
http://ift.tt/2B0E91U
Submitted January 16, 2018 at 05:12AM by chull2058
via reddit http://ift.tt/2D6bSJe
BleepingComputer
Police Hand out Malware-Infected USBs as Prize in Cyber-Security Quiz
Taiwanese police have handed out malware-infected USB thumb drives to the winners of a cyber-security quiz at a data security expo hosted in December last year by the country's Presidential Office.
How the industry-breaking Spectre bug stayed secret for seven months
http://ift.tt/2qU0fTZ
Submitted January 16, 2018 at 06:06AM by thatshirtman
via reddit http://ift.tt/2mzEjbz
http://ift.tt/2qU0fTZ
Submitted January 16, 2018 at 06:06AM by thatshirtman
via reddit http://ift.tt/2mzEjbz
The Verge
Keeping Spectre secret
And then leaked out.
uncached privileged memory can be read with meltdown (a controversy)
https://twitter.com/raphael_scarv/status/952078140028964864
Submitted January 16, 2018 at 06:51AM by raphaelscarv
via reddit http://ift.tt/2D47SZB
https://twitter.com/raphael_scarv/status/952078140028964864
Submitted January 16, 2018 at 06:51AM by raphaelscarv
via reddit http://ift.tt/2D47SZB
Twitter
Raphael Carvalho
F*ck, I can barely believe that I was able to read non-cached data from other process efficiently. Removed iteration and issued flush on secret. Thanks @misc0110, @aionescu for all the tips. Not releasing it or somebody could definitely set the world on fire…
How Can Access control system raise up the School’s Security?
http://ift.tt/2EKHR1V
Submitted January 16, 2018 at 01:15PM by Bellaava22
via reddit http://ift.tt/2FIbzps
http://ift.tt/2EKHR1V
Submitted January 16, 2018 at 01:15PM by Bellaava22
via reddit http://ift.tt/2FIbzps
Articlesengine
How Can Access control system raise up the School’s Security?
Security is not limited to residential and commercial buildings many places need high-level safety measurements so apart from private sectors.
Bypassing CSP by Abusing JSONP Endpoints
http://ift.tt/2FFSt3x
Submitted January 16, 2018 at 01:54PM by mazen160
via reddit http://ift.tt/2ravwlX
http://ift.tt/2FFSt3x
Submitted January 16, 2018 at 01:54PM by mazen160
via reddit http://ift.tt/2ravwlX
Medium
Bypassing CSP by Abusing JSONP Endpoints
This blog post discusses a technique that can be used to bypass CSP (Content Security Policy).
Seagate patched silently a security flaw in NAS devices
http://ift.tt/2DANzEc
Submitted January 16, 2018 at 02:20PM by rediii123
via reddit http://ift.tt/2Df3Rpj
http://ift.tt/2DANzEc
Submitted January 16, 2018 at 02:20PM by rediii123
via reddit http://ift.tt/2Df3Rpj
Bitcoin and Cryptocurrencies Under Attack from Hackers – Stay Safe
http://ift.tt/2DATA3R
Submitted January 16, 2018 at 01:56PM by vaxfms
via reddit http://ift.tt/2B5fJ7x
http://ift.tt/2DATA3R
Submitted January 16, 2018 at 01:56PM by vaxfms
via reddit http://ift.tt/2B5fJ7x
OS Radar
Bitcoin & Cryptocurrencies under Attack from Hackers - OS Radar
Bitcoin – we all are familiar with this name. Bitcoin is so popular that it has become a synonym of cryptocurrency. Bitcoin was the first and now, the biggest in the market. Because of its growing price, hackers are targetting Bitcoin users more. Learn how…
Seagate patched silently a security flaw in NAS devices
http://ift.tt/2DANzEc
Submitted January 16, 2018 at 02:20PM by rediii123
via reddit http://ift.tt/2mCB5E6
http://ift.tt/2DANzEc
Submitted January 16, 2018 at 02:20PM by rediii123
via reddit http://ift.tt/2mCB5E6
reddit
Seagate patched silently a security flaw in NAS devices • r/netsec
1 points and 0 comments so far on reddit
VNL launches battery powered ResQMobil trailer at ARTECH 2018
http://ift.tt/2DDVEbh
Submitted January 16, 2018 at 03:10PM by VNLIndiaNetwork
via reddit http://ift.tt/2DhLLDr
http://ift.tt/2DDVEbh
Submitted January 16, 2018 at 03:10PM by VNLIndiaNetwork
via reddit http://ift.tt/2DhLLDr
reddit
VNL launches battery powered ResQMobil trailer at... • r/security
1 points and 0 comments so far on reddit
GSM & Broadband Services for Homeland Security by VNL
http://ift.tt/2Dh7L0j
Submitted January 16, 2018 at 02:35PM by VNLIndiaNetwork
via reddit http://ift.tt/2Dbu6c4
http://ift.tt/2Dh7L0j
Submitted January 16, 2018 at 02:35PM by VNLIndiaNetwork
via reddit http://ift.tt/2Dbu6c4
www.vnl.in
GSM & Broadband Services for Homeland Security by VNL
VNL’s secure GSM & broadband communications solution for Homeland Security can integrated on a fixed or transportable platform, provide voice and data services.
Analysis of cryptocurrency miner in compromised websites
http://ift.tt/2B6h4uJ
Submitted January 16, 2018 at 03:11PM by TheRealest_Me
via reddit http://ift.tt/2D7A9i8
http://ift.tt/2B6h4uJ
Submitted January 16, 2018 at 03:11PM by TheRealest_Me
via reddit http://ift.tt/2D7A9i8