On the physical security side, do real security cameras ever have blinking lights?
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the blinking lights bother me. Isn't that a dead giveaway that they're fake?
Submitted January 19, 2018 at 07:54PM by suddenly_ponies
via reddit http://ift.tt/2Ds12Sd
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the blinking lights bother me. Isn't that a dead giveaway that they're fake?
Submitted January 19, 2018 at 07:54PM by suddenly_ponies
via reddit http://ift.tt/2Ds12Sd
reddit
On the physical security side, do real security... • r/security
I've noticed a fair number of fake security cameras and they seem like they could be somewhat effective (better than nothing anyway), but the...
Security In 5: Episode 156 - Tools, Tips and Tricks - Exploit Database
http://ift.tt/2DoNV3P
Submitted January 19, 2018 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2mQjHfg
http://ift.tt/2DoNV3P
Submitted January 19, 2018 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2mQjHfg
Libsyn
Security In Five Podcast: Episode 156 - Tools, Tips and Tricks - Exploit Database
Everyday we hear about a new vulnerability, a new flaw, a series of critical patches we need to apply. How do we keep it all straight? The Exploit Database is how. This episode goes into what the Exploit Database is and why you should have it in your bookmarks…
How Slack Stays Secure During Hyper Growth
http://ift.tt/2EWjONK
Submitted January 20, 2018 at 12:11AM by MaliaPowers
via reddit http://ift.tt/2DQCtLy
http://ift.tt/2EWjONK
Submitted January 20, 2018 at 12:11AM by MaliaPowers
via reddit http://ift.tt/2DQCtLy
Heavybit
The Secure Developer %%sep%% %%noscript%% %%sep%% %%sitename%%
In the latest episode of The Secure Developer, Guy is joined by Geoff Belknap, Chief Security Officer at Slack. Geoff discusses what drew him into security and reveals why it's critical for security teams to be recognized as a full-fledged member of engineering.…
DarkComet upload vulnerability
http://ift.tt/2DxNl3n
Submitted January 20, 2018 at 01:44AM by JustThisNietzscheGuy
via reddit http://ift.tt/2EVwjcd
http://ift.tt/2DxNl3n
Submitted January 20, 2018 at 01:44AM by JustThisNietzscheGuy
via reddit http://ift.tt/2EVwjcd
pseudolaboratories.github.io
DarkComet upload vulnerability
This post will introduce a file upload vulnerability in DarkComet’s C&C server. While a flaw that allows an attacker to download files has already been known for many years there is no mention of this very similar vulnerability.
A quick disclaimer before…
A quick disclaimer before…
Security Orchestration for Endpoint Security: Use Cases
http://ift.tt/2DmxkcT
Submitted January 20, 2018 at 04:15AM by abhishekiyer
via reddit http://ift.tt/2DS6U3Y
http://ift.tt/2DmxkcT
Submitted January 20, 2018 at 04:15AM by abhishekiyer
via reddit http://ift.tt/2DS6U3Y
Demisto
Security Orchestration for Endpoint Security: Carbon Black and Demisto
Learn how to leverage Demisto’s security orchestration with Carbon Black products to coordinate endpoint security, control, and response from one console.
OnePlus got pwned, exposed up to 40,000 users to credit card fraud | A malicious noscript injected into OnePlus' payment page went undiscovered for two months.
http://ift.tt/2mTdFeI
Submitted January 20, 2018 at 11:56AM by RandomCollection
via reddit http://ift.tt/2mROqIG
http://ift.tt/2mTdFeI
Submitted January 20, 2018 at 11:56AM by RandomCollection
via reddit http://ift.tt/2mROqIG
Ars Technica
OnePlus got pwned, exposed up to 40,000 users to credit card fraud
A malicious noscript injected into OnePlus' payment page went undiscovered for two months.
British teen gained access to US intelligence operations by pretending to be CIA head
http://ift.tt/2EZyNXf
Submitted January 20, 2018 at 03:54PM by Bastet1
via reddit http://ift.tt/2Bg0RTW
http://ift.tt/2EZyNXf
Submitted January 20, 2018 at 03:54PM by Bastet1
via reddit http://ift.tt/2Bg0RTW
Express.co.uk
British teen gained access to US intelligence operations by pretending to be CIA head
A BRITISH teenager is to be sentenced at the Old Bailey after he gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA, it has been reported.
OnePlus website hacked - Credit Card Information of 40000 customers leaked
http://ift.tt/2G0kAKP
Submitted January 20, 2018 at 05:29PM by chieffrank
via reddit http://ift.tt/2DtQnq9
http://ift.tt/2G0kAKP
Submitted January 20, 2018 at 05:29PM by chieffrank
via reddit http://ift.tt/2DtQnq9
IB Computing
OnePlus website hacked - Credit Card Information of 40000 customers leaked - IB Computing
OnePlus website hacked! Mobile manufacturer company OnePlus has confirmed in a forum post that it's been a prey to a Credit Card Hack. The hackers were able to inject some malicious JavaScript code into the website's payment page to extract the credit card…
You can actually update your microcode even without a BIOS update.
Here is how you do it in Windows, and here is some Linux fun. And here is Intel's latest microcode.AMD's microcode you can obtain via this git repo.
Submitted January 20, 2018 at 08:06PM by kn1ght
via reddit http://ift.tt/2DRV7m3
Here is how you do it in Windows, and here is some Linux fun. And here is Intel's latest microcode.AMD's microcode you can obtain via this git repo.
Submitted January 20, 2018 at 08:06PM by kn1ght
via reddit http://ift.tt/2DRV7m3
Tenforums
How to update the CPU's microcode - Windows 10 Forums
Good Morning All, I came from Linux to Windows 10. After 14 years, got tired of the Linux desktop mess. The experience has been good. I've been on W10 since the beginning of the year. Under Linux, CPU
Collection of Books on Info Sec and Hacking
http://ift.tt/2mSDD0U
Submitted January 20, 2018 at 09:01PM by learnie
via reddit http://ift.tt/2DtKXLO
http://ift.tt/2mSDD0U
Submitted January 20, 2018 at 09:01PM by learnie
via reddit http://ift.tt/2DtKXLO
Dropbox
Info Sec & Hacking
Shared with Dropbox
Mobile Devices Compromised by Fake Secure Messaging Clients
http://ift.tt/2DpyiJP
Submitted January 20, 2018 at 10:30PM by 4f97749cdfb5dc076228
via reddit http://ift.tt/2Bhqx2i
http://ift.tt/2DpyiJP
Submitted January 20, 2018 at 10:30PM by 4f97749cdfb5dc076228
via reddit http://ift.tt/2Bhqx2i
Electronic Frontier Foundation
Related Issues
San Francisco – The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily…
IDOR leaks PII of Apple pre-order customers
http://ift.tt/2DSyxd6
Submitted January 21, 2018 at 02:17AM by hiilikecats
via reddit http://ift.tt/2Dmtwsn
http://ift.tt/2DSyxd6
Submitted January 21, 2018 at 02:17AM by hiilikecats
via reddit http://ift.tt/2Dmtwsn
not the same origin
Steps to Reproduce #1: Leaking PII of Apple pre-order customers
Hihi! N.B. Consent was received from Apple to disclose this bug. No data is disclosed in the article, and to respect privacy the couriers name is redacted. Today I'm writing about a very simple chain of bugs I found in the tracking site of the courier that…
Universal XSS vulnerability via Evernote Web Clipper extension
http://ift.tt/2mLDQ65
Submitted January 19, 2018 at 02:47PM by xpnsecurity
via reddit http://ift.tt/2rlnVAS
http://ift.tt/2mLDQ65
Submitted January 19, 2018 at 02:47PM by xpnsecurity
via reddit http://ift.tt/2rlnVAS
XPN InfoSec Blog
Universal XSS via Evernote WebClipper
During an evening of bug hunting, I found a cool issue in Evernote's WebClipper tool. The result was a Universal XSS vulnerability, which we will explore in this post.
Debugging third-party Android Java code on OS X
http://ift.tt/2DoZ0hh
Submitted January 21, 2018 at 02:59PM by xaocuc
via reddit http://ift.tt/2DqgppO
http://ift.tt/2DoZ0hh
Submitted January 21, 2018 at 02:59PM by xaocuc
via reddit http://ift.tt/2DqgppO
Wapiti (web vulnerability scanner)
http://ift.tt/1j1r2Du
Submitted January 21, 2018 at 06:01PM by fAyf5eQR
via reddit http://ift.tt/2mZn2cw
http://ift.tt/1j1r2Du
Submitted January 21, 2018 at 06:01PM by fAyf5eQR
via reddit http://ift.tt/2mZn2cw
reddit
Wapiti (web vulnerability scanner) • r/netsec
2 points and 0 comments so far on reddit
abatchy's blog | [Kernel Exploitation] 2: Payloads
http://ift.tt/2rsy12T
Submitted January 21, 2018 at 06:44PM by sanderD
via reddit http://ift.tt/2FWQXtP
http://ift.tt/2rsy12T
Submitted January 21, 2018 at 06:44PM by sanderD
via reddit http://ift.tt/2FWQXtP
Abatchy
[Kernel Exploitation] 2: Payloads
Discusses payloads to be used in upcoming posts
CISSP Dysfunction
http://ift.tt/2mYsmvV
Submitted January 22, 2018 at 12:46AM by Deku-shrub
via reddit http://ift.tt/2DxqggZ
http://ift.tt/2mYsmvV
Submitted January 22, 2018 at 12:46AM by Deku-shrub
via reddit http://ift.tt/2DxqggZ
pirate dot london
CISSP Dysfunction
Exploring the Certified Information Systems Security Professional certification, I tried out a free version of the test to see how I’d do…
CISSP Dysfunction
http://ift.tt/2mYsmvV
Submitted January 22, 2018 at 12:44AM by Deku-shrub
via reddit http://ift.tt/2Dv7h7N
http://ift.tt/2mYsmvV
Submitted January 22, 2018 at 12:44AM by Deku-shrub
via reddit http://ift.tt/2Dv7h7N
pirate dot london
CISSP Dysfunction
Exploring the Certified Information Systems Security Professional certification, I tried out a free version of the test to see how I’d do…
Surprising CTF task solution using php://filter
http://ift.tt/2DvP1Li
Submitted January 22, 2018 at 05:23AM by ffyns
via reddit http://ift.tt/2mZ2Cj4
http://ift.tt/2DvP1Li
Submitted January 22, 2018 at 05:23AM by ffyns
via reddit http://ift.tt/2mZ2Cj4
reddit
Surprising CTF task solution using php://filter • r/netsec
9 points and 0 comments so far on reddit
Should I make a new email and reroute my current accounts to the new email?
I have been getting a email saying it’s coming from a family member but when I click the name to see the email address it’s a email that I don’t recognize. The email wants me to click on the link it provided but I know better not to click it. It worries me that I have someone trying to do this with a email that I have a lot of accounts connected to. Would it be smart to make a new email address and account and reroute all that is associated with it?
Submitted January 22, 2018 at 07:26AM by Turtle131313
via reddit http://ift.tt/2Bk9rRp
I have been getting a email saying it’s coming from a family member but when I click the name to see the email address it’s a email that I don’t recognize. The email wants me to click on the link it provided but I know better not to click it. It worries me that I have someone trying to do this with a email that I have a lot of accounts connected to. Would it be smart to make a new email address and account and reroute all that is associated with it?
Submitted January 22, 2018 at 07:26AM by Turtle131313
via reddit http://ift.tt/2Bk9rRp
reddit
Should I make a new email and reroute my current... • r/security
I have been getting a email saying it’s coming from a family member but when I click the name to see the email address it’s a email that I don’t...
Recording voice in a phonecall, is it a problem?
Out of curiosity, a friend (Let's call him Henry) filled some online form with some personal information, like name, phone number, location, email address, date-of-birth, and nothing more. Then he closed the webpage which was advertising a certain service.Later, Henry receives a phonecall apparently from the company behind that site, trying to get him to complete the sale. However, he noticed the person at the other end trying hard just to get Henry to say positive general words like "yes", "I agree", "I understand". When Henry tried using other words, the caller reformed the sentences to persuade him to say those words only.Are you aware of this behavior as a scam, or identity theft attempt, or some other security/privacy issue?
Submitted January 22, 2018 at 10:26AM by AlfredoOf98
via reddit http://ift.tt/2rwHK8A
Out of curiosity, a friend (Let's call him Henry) filled some online form with some personal information, like name, phone number, location, email address, date-of-birth, and nothing more. Then he closed the webpage which was advertising a certain service.Later, Henry receives a phonecall apparently from the company behind that site, trying to get him to complete the sale. However, he noticed the person at the other end trying hard just to get Henry to say positive general words like "yes", "I agree", "I understand". When Henry tried using other words, the caller reformed the sentences to persuade him to say those words only.Are you aware of this behavior as a scam, or identity theft attempt, or some other security/privacy issue?
Submitted January 22, 2018 at 10:26AM by AlfredoOf98
via reddit http://ift.tt/2rwHK8A
reddit
Recording voice in a phonecall, is it a problem? • r/security
Out of curiosity, a friend (Let's call him Henry) filled some online form with some personal information, like name, phone number, location, email...