Security In 5: Episode 160 - Only 10% Of Gmail Users Have Two-Factor Authentication Enabled, Don't Be In The 90%
http://ift.tt/2DA6SAK

Submitted January 25, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2nbuvVs

Spectre and Meltdown attack explained, simply, for non-programmers
http://ift.tt/2nc1zwt

Submitted January 25, 2018 at 07:18PM by kulious
via reddit http://ift.tt/2DD3EN1

Students asking basic pointers for a hackathon (beginner level)
Hello,My school had an open invitation to attend a hackathon. I registered and was put into a group. There are several groups of students from my school participating in the same hackathon. There are 4 of us in this group. Apart from me and one other, we have some decent knowledge of linux, and use of the software. The other two students didn't really understand what and how KALI even was.Assuming you participate, and even if you don't find any vulnerabilities, we get credits for being apart of it.That said, we would like to at least have a fighting chance. We have been given some basic instructions. I'm not sure where to start once we are connected to the network and have scanned it.Note, I have set up my Kali linux. It's dist-upgraded and ready to go.These are my basic assumptions. Scan network with nmap, to find all available devices. We have been told they are 'hidden' somehow. I think this means scan the network with nmap at like T4? But what are the best options that I should be looking at?Once we find all the devices. Nmap should help with OS detection etc. As well as open ports and versions.This is where I get confused. They told us that the computers are like Windows 7 and full of holes.How do I know what program/port to use so that I can apply metasploit exploits to it?Clearly from reading this you can probably see my gaps in knowledge.If you would kindly point out some tips and tricks, we would appreciate having a fighting chance. :)

Submitted January 25, 2018 at 08:44PM by beangay
via reddit http://ift.tt/2naWs0u

Why more sites don't use PGP/GPG for 2FA?
Reddit just enabled 2FA for all accounts using Google Authenticator. Many sites are using this method or text messaging. What if I don't want to use my phone or don't have it. If I forget my phone and head out for the day, I'm stuck.This made me curious about another form of 2FA which is not used all that often: PGP (or GPG). Given the nature of Reddit, I would think there would be a good number of us who would use it if it was offered.I assume it is because the number of people using PGP is relatively small when you consider the entire population of internet users. Other than that, is there another reason why more sites don't offer PGP as an option for 2FA?

Submitted January 25, 2018 at 09:15PM by flipjargendy
via reddit http://ift.tt/2E7pN2P

Developers + GDPR/PCI question
Does anyone know if PCI or GDPR policy restrict the app developers having access to customers data? (e.g. some basic, some sensitive such as last 4 digits of card number).Ive been told yes but I don't believe thats reasonable. Fixing certain bugs seems impossible without setting the state of the data.

Submitted January 25, 2018 at 10:27PM by craigtaub
via reddit http://ift.tt/2naAY2F

How Secure Is Your Data When It's Stored in the Cloud?
http://ift.tt/2DyfV0Z

Submitted January 26, 2018 at 12:04AM by robert_brooks
via reddit http://ift.tt/2E7RloL

High Risk Vulnerabilities within the DoD from Coldfusion, Dotnet Nuke, Oracle, and more
http://ift.tt/2DD4VUi

Submitted January 26, 2018 at 12:18AM by alyssathegryphon
via reddit http://ift.tt/2Gh43m0

Exploiting Electron RCE in Exodus wallet
http://ift.tt/2nd2FrN

Submitted January 26, 2018 at 02:09AM by JE_SHORT
via reddit http://ift.tt/2GjZwPB

10 Solid Tips to Increase and optimize IIS Performance for 2018. Covers ASP.Net, WordPress,ColdFusion And SharePoint
http://ift.tt/2DMgoQt

Submitted January 26, 2018 at 01:44AM by BitsAndScrews
via reddit http://ift.tt/2FhYItp

Microsoft releases updated VS compiler for Spectre V2. Let the builds begin. GCC backports to v7
http://ift.tt/2DKCVNU

Submitted January 26, 2018 at 02:02AM by kn1ght
via reddit http://ift.tt/2FdFjcX

3 Questions About CYBERTACOS You Know You Want To Ask
http://ift.tt/2DLDDdC

Submitted January 26, 2018 at 12:29AM by Uminekoshi
via reddit http://ift.tt/2nceOOn

Bastion Hopping With SSH And ScaleFT
http://ift.tt/2FfsUFB

Submitted January 26, 2018 at 12:15AM by alexdebrie
via reddit http://ift.tt/2BuxE7K

Moar ASUS router vulns
http://ift.tt/2DFljDR

Submitted January 26, 2018 at 02:18AM by aetsu
via reddit http://ift.tt/2nb42Hq

NetBSD kernel wscons IOCTL vulnerable bug class
http://ift.tt/2DMVD7D

Submitted January 26, 2018 at 02:16AM by ffyns
via reddit http://ift.tt/2DFvIzu

I've searched the news and haven't found any mention of this, so I came to Reddit
My role: Like most of you I don't have any official spokesperson role for my company so I'm going to keep their name out of this. I have a small role in security validation. I write software tools that decompile and deconstruct thousands of other tools and libraries in order to manually ensure compliance (proper compiler flags, which libraries are included, that certain libraries never get included, etc...)Recently (since the start of the new year) I am aware of multiple governments getting detailed tours of our validation process. This has resulted in us getting a great deal more enforcement power to push developers and product managers to actually act on our alerts and warnings.Any given tool usually has between 10 and 15 minor to moderate CVEs associated with any given release, but getting anyone responsible to take these vulnerabilities seriously (act on anything) has always been a bit challenging. This seems to be getting pressure from the top (outside pressure) to change.My question is: are any of you aware of what is driving this?Sure, I can speculate as well as anyone else, but hard facts are a bit harder to come by. This seems to be pretty big, but I haven't seen any coverage on it.Rumors include pseudo-official word of large incentives, world funding shifts, additional contracts (or contracts being threatened by) proper enforcement, etc...

Submitted January 26, 2018 at 02:45AM by skyleach
via reddit http://ift.tt/2DKXD06

Exploiting Custom Template Engines
http://ift.tt/2DKjgxz

Submitted January 26, 2018 at 02:48AM by fang0654
via reddit http://ift.tt/2naJ8sW

Stack Based Buffer Overflows on x64 (Windows)
http://ift.tt/2DDnCHf

Submitted January 26, 2018 at 01:15AM by Vasile4444
via reddit http://ift.tt/2DAUvAz

Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
https://www.youtube.com/watch?v=HfSQlC76_s4

Submitted January 24, 2018 at 06:11PM by fireh7nter
via reddit http://ift.tt/2E9jMmp

Free course of ethical hacking, basic to advanced 2018!
http://ift.tt/2rIjvEe

Submitted January 26, 2018 at 06:01AM by gburu
via reddit http://ift.tt/2GgU8wF

Unknown log in attempts on Tillys.com — should I be concerned?
Today, I got this email from customerservice@tillys.com.Hi [my name], Your account has been temporarily locked because the maximum number of invalid logins has been exceeded.Please try logging in again later.If you feel you have received this email in error, please contact customer service.This is an automatically generated email, please do not reply.I was quite scared by this, because I've never had such emails sent to me before. So I wanted to see if anyone else had this issue; if Tilly's were recently compromised or something.So I looked up the email content with quotation mark on Google, and I got a very fishy result. Only website I could find with this exact text is from the website of a New Zealand clothing brand, icebreaker. This seemed strange, but I assumed that maybe they used a same template or something for their security system so it's plausible they have the same message. (I have no idea how programming works. Is this a plausible idea?)Then, I sent a email to tillys support that I have been alarmed about unknown log in attempts to my account, so I would like to know location of where the log in attempts came from and what the attempts were. After the support mail was sent, I went to log in to my account, which I honestly don't even remember making, to be honest. I searched Tillys.com on my gmail search engine, but there weren't any of those "Thanks for joining Tillys.com!" type of mail in the past.So in case that my computer is exposed to a keylogger, I pressed forgot password to reset the password, without making any real attempts to log in, and changed my Tillys.com password to something completely unusual; a combination of words and numbers that I never used as a password before. When I logged in, I found more weird things.I was signed up for email updates, despite the fact that as I mentioned, I have not received any emails from Tilly's before. I looked for it on every inbox. Nothing is there.It is signed up with my real name and my birthdate, but the gender is wrong and the shipping address is a non-exsistent address. (Random numbers and null city, etc.)I ran a Windows Defender test and found a Trojan virus, and deleted it immediately. I pirate through torrent time to time, but very rarely and my last download has been quite a while ago.This is some weird fishy shit. I'm scared that this is all a set-up by a hacker to access my account. I will wait for their techsupport team to reply, but I would like to know if any of this is significant; something to worry about. Thank you guys in advance.

Submitted January 26, 2018 at 08:29AM by myheartsaysyesindeed
via reddit http://ift.tt/2BsvSUS

IDS x series alarm system
Error: Version No. 2.02 busy. Will not arm the alarm because of this error.

Submitted January 26, 2018 at 02:22PM by Gtex555
via reddit http://ift.tt/2DEhFWs