NIST 800-63-3 case studies?
Hey.I'm taking a long and hard look at NIST 800-63-3 and the changes it put forward for password management. This is a topic that was discussed a bit last year, but since then I haven't seen much in terms of actual case studies. So I'm asking here.Have you made significant changes to your password management practices following the publication of this standard? Are you considering it? If you adopted the new approach, do you have any insights regarding how it can be implemented in an organisation? Any edge cases to consider?Thx
Submitted February 15, 2018 at 03:06AM by Sultan_Of_Ping
via reddit http://ift.tt/2BwBd16
Hey.I'm taking a long and hard look at NIST 800-63-3 and the changes it put forward for password management. This is a topic that was discussed a bit last year, but since then I haven't seen much in terms of actual case studies. So I'm asking here.Have you made significant changes to your password management practices following the publication of this standard? Are you considering it? If you adopted the new approach, do you have any insights regarding how it can be implemented in an organisation? Any edge cases to consider?Thx
Submitted February 15, 2018 at 03:06AM by Sultan_Of_Ping
via reddit http://ift.tt/2BwBd16
reddit
NIST 800-63-3 case studies? • r/security
Hey. I'm taking a long and hard look at NIST 800-63-3 and the changes it put forward for password management. This is a topic that was discussed...
Alternatively ways to lock my bedroom door
I'm unable to put a lock on the door because of the material of the door so I want to find alternative things i could buy to stop someone coming in my room as my little brother trys to get in when I'm playing on my consoles
Submitted February 15, 2018 at 03:04AM by renwinter92
via reddit http://ift.tt/2EK27EN
I'm unable to put a lock on the door because of the material of the door so I want to find alternative things i could buy to stop someone coming in my room as my little brother trys to get in when I'm playing on my consoles
Submitted February 15, 2018 at 03:04AM by renwinter92
via reddit http://ift.tt/2EK27EN
reddit
Alternatively ways to lock my bedroom door • r/security
I'm unable to put a lock on the door because of the material of the door so I want to find alternative things i could buy to stop someone coming...
Call to Arms for a Goodware
As the noscript says lately I’ve been thinking about a goodware. You may have imagined that the name comes from “good” and “software”. The idea is to infect other devices with the goodware and patch them. New vulnerabilities will be added to this worm as they are released publicly in order to infect other devices and patch them as well. All this to prevent infection, spread and damage caused by malwares like those we have seen lately in The Internet. Mirai, Persirai, Wannacry, etc. Personally I wouldn’t mind being infected by a goodware if I get to read its source code. I’m no developer (learning the basics) and I’m perfectly aware that this idea is illegal, but it could be a good exercise just for development purposes. There’s not only the Dark Side or the Light Side, there’s Grey as well. Why the heck aren’t we as a species contributing to ourselves? Instead of mining with stolen computing power we should steal computing power in order to help scientist cure cancer. (I know, OT) What I mean is that sometimes playing the game as your enemy helps win a battle, and a proactive way to do it could be the creation of a goodware.Tl;dr: Utopia
Submitted February 15, 2018 at 06:52AM by xawos
via reddit http://ift.tt/2C1QZ4Q
As the noscript says lately I’ve been thinking about a goodware. You may have imagined that the name comes from “good” and “software”. The idea is to infect other devices with the goodware and patch them. New vulnerabilities will be added to this worm as they are released publicly in order to infect other devices and patch them as well. All this to prevent infection, spread and damage caused by malwares like those we have seen lately in The Internet. Mirai, Persirai, Wannacry, etc. Personally I wouldn’t mind being infected by a goodware if I get to read its source code. I’m no developer (learning the basics) and I’m perfectly aware that this idea is illegal, but it could be a good exercise just for development purposes. There’s not only the Dark Side or the Light Side, there’s Grey as well. Why the heck aren’t we as a species contributing to ourselves? Instead of mining with stolen computing power we should steal computing power in order to help scientist cure cancer. (I know, OT) What I mean is that sometimes playing the game as your enemy helps win a battle, and a proactive way to do it could be the creation of a goodware.Tl;dr: Utopia
Submitted February 15, 2018 at 06:52AM by xawos
via reddit http://ift.tt/2C1QZ4Q
reddit
Call to Arms for a Goodware • r/security
As the noscript says lately I’ve been thinking about a goodware. You may have imagined that the name comes from “good” and “software”. The idea is to...
1Password displayed my usernames BEFORE completing Face ID. This is bad, right?
http://ift.tt/2C0H7Zh
Submitted February 15, 2018 at 06:33AM by mkarolian
via reddit http://ift.tt/2szPIym
http://ift.tt/2C0H7Zh
Submitted February 15, 2018 at 06:33AM by mkarolian
via reddit http://ift.tt/2szPIym
Crosspost: The Easiest Metasploit Guide You'll Ever Read
http://ift.tt/2Bv2DEh
Submitted February 15, 2018 at 09:55AM by nexangelus
via reddit http://ift.tt/2EFeKAK
http://ift.tt/2Bv2DEh
Submitted February 15, 2018 at 09:55AM by nexangelus
via reddit http://ift.tt/2EFeKAK
a.ndronic.us
The Easiest Metasploit Guide You'll Ever Read | Scott Morris (Andronicus)
"The Easiest Metasploit Guide You'll Ever Read" is a guide for folks who are "good with computers." It targets those who would like to know how to use Metasploit, but haven't really much direction in where to start.
CNN tech video says you should look for the "s" in "https", while their own website is just unsecure "http"
Check it for yourself: http://money.cnn.com/2018/02/14/technology/huawei-intelligence-chiefs/index.htmlAbout 1:50 in the video.Here is a screenshot https://i.imgur.com/K5LAMQw.png
Submitted February 15, 2018 at 12:37PM by pascal28
via reddit http://ift.tt/2Gfcgq0
Check it for yourself: http://money.cnn.com/2018/02/14/technology/huawei-intelligence-chiefs/index.htmlAbout 1:50 in the video.Here is a screenshot https://i.imgur.com/K5LAMQw.png
Submitted February 15, 2018 at 12:37PM by pascal28
via reddit http://ift.tt/2Gfcgq0
CNNMoney
The FBI, CIA and NSA say American citizens shouldn't use Huawei phones
U.S. intelligence agencies have issued a stern warning to Americans: Do not buy smartphones made by Chinese tech companies Huawei or ZTE.
Security Services Dallas, TX | Champion National Security, Inc.
http://ift.tt/2F3tZ4a
Submitted February 15, 2018 at 01:02PM by ChampionNationalSec
via reddit http://ift.tt/2ErsQm6
http://ift.tt/2F3tZ4a
Submitted February 15, 2018 at 01:02PM by ChampionNationalSec
via reddit http://ift.tt/2ErsQm6
Champion National Security, Inc.
Security Services Dallas, TX | Champion National Security, Inc.
Champion National Security offers premier security services in Dallas, TX and focuses on the needs of the client and providing the highest level of
Increase your Website Security with SSL at $1.45 per month
SSL Stands for Secure Server Layer. Out of website development based on the different frameworks, SSL is needed nowadays as all the search engines are actively pushing the information about the website security. If there is a form which needs login, it shows that the data would not be encrypted and login can be compromised. In such scenario, SSL is mandatory. Once SSL is applied to the website all login username and password would be encrypted. Now hackers do not find a way to steal the information between the internet browsers to the server. So, website with SSL security is a need nowadays to get your website running with good security where your login information cannot be compromised. SSL comes in different flavors. You can have SSL with single domain, multiple domain, unlimited sub domains and Extended Validation Certificate. All SSL haves their different advantages and disadvantages as per property of SSL is concerned. For best trust and security you should consider Extended Validation SSL Certificate for website for proper security. Get SSL to secure your website which starts from $1.45 per month. https://kakinfotech.com/website-security/ssl-certificate/
Submitted February 15, 2018 at 01:18PM by Martinahenderson91
via reddit http://ift.tt/2CpodXW
SSL Stands for Secure Server Layer. Out of website development based on the different frameworks, SSL is needed nowadays as all the search engines are actively pushing the information about the website security. If there is a form which needs login, it shows that the data would not be encrypted and login can be compromised. In such scenario, SSL is mandatory. Once SSL is applied to the website all login username and password would be encrypted. Now hackers do not find a way to steal the information between the internet browsers to the server. So, website with SSL security is a need nowadays to get your website running with good security where your login information cannot be compromised. SSL comes in different flavors. You can have SSL with single domain, multiple domain, unlimited sub domains and Extended Validation Certificate. All SSL haves their different advantages and disadvantages as per property of SSL is concerned. For best trust and security you should consider Extended Validation SSL Certificate for website for proper security. Get SSL to secure your website which starts from $1.45 per month. https://kakinfotech.com/website-security/ssl-certificate/
Submitted February 15, 2018 at 01:18PM by Martinahenderson91
via reddit http://ift.tt/2CpodXW
KakInfotech.com
SSL Certificate with Website Security and Encryption - KakInfotech.com
KakInfotech offers SSL Certificate with 2048 encryption covered with Green Padlock,Green bar and extended validation stating from $19.99
Extracting Users from LinkedIn via Burp
http://ift.tt/2o77FPh
Submitted February 15, 2018 at 03:49PM by Iot_Security
via reddit http://ift.tt/2EKxM8K
http://ift.tt/2o77FPh
Submitted February 15, 2018 at 03:49PM by Iot_Security
via reddit http://ift.tt/2EKxM8K
Redsiege
Extracting Users from LinkedIn via Burp
We do a lot of pen tests and red teaming at Red Siege . Part of reconnaissance includes gathering a list of employees from a target organiza...
HTTPS or bust: Chrome's plan to label sites as "Not Secure"
http://ift.tt/2nZEL4g
Submitted February 15, 2018 at 04:44PM by jgc_cloudflare
via reddit http://ift.tt/2EGmuCv
http://ift.tt/2nZEL4g
Submitted February 15, 2018 at 04:44PM by jgc_cloudflare
via reddit http://ift.tt/2EGmuCv
Cloudflare Blog
HTTPS or bust: Chrome’s plan to label sites as "Not Secure"
Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”. More than half of web visitors will soon see this warning when visiting unencrypted HTTP sites.
Tackling Cryptojacking with Real-time Webpage Monitoring | ICO Case Study
http://ift.tt/2nZANIJ
Submitted February 15, 2018 at 06:01PM by joshkale_
via reddit http://ift.tt/2F4NN7q
http://ift.tt/2nZANIJ
Submitted February 15, 2018 at 06:01PM by joshkale_
via reddit http://ift.tt/2F4NN7q
Jscrambler
ICO Case Study | Tackling Cryptojacking with Real-time Webpage Monitoring | Jscrambler Blog
UK’s Information Commissioner’s Office (ICO) website was caught serving the CoinHive crypto miner to its users and it wasn't the only website affected. What could have been done?
How would you break this?
http://ift.tt/2urqspS
Submitted February 15, 2018 at 05:56PM by Alex09464367
via reddit http://ift.tt/2F4wK5t
http://ift.tt/2urqspS
Submitted February 15, 2018 at 05:56PM by Alex09464367
via reddit http://ift.tt/2F4wK5t
reddit
How would you break this? • r/security
1 points and 0 comments so far on reddit
Characteristics of an Intelligence-Driven Security
http://ift.tt/2EsVNOl
Submitted February 15, 2018 at 05:56PM by ltssecure
via reddit http://ift.tt/2F3KIo0
http://ift.tt/2EsVNOl
Submitted February 15, 2018 at 05:56PM by ltssecure
via reddit http://ift.tt/2F3KIo0
reddit
Characteristics of an Intelligence-Driven Security • r/security
2 points and 0 comments so far on reddit
Joke dating site matches people based on their passwords
http://ift.tt/2o2voRg
Submitted February 15, 2018 at 07:42PM by volci
via reddit http://ift.tt/2BwFnpJ
http://ift.tt/2o2voRg
Submitted February 15, 2018 at 07:42PM by volci
via reddit http://ift.tt/2BwFnpJ
Naked Security
Joke dating site matches people based on their passwords
Hey baby, nice little “abc123” ya got there.
Targeting of Olympic Games IT Infrastructure Remains Unattributed
http://ift.tt/2Eum0Ak
Submitted February 15, 2018 at 07:41PM by volci
via reddit http://ift.tt/2BY1V3L
http://ift.tt/2Eum0Ak
Submitted February 15, 2018 at 07:41PM by volci
via reddit http://ift.tt/2BY1V3L
Recorded Future
Targeting of Olympic Games IT Infrastructure Remains Unattributed
The operation to disrupt the PyeongChang Winter Olympic Games was more extensive than originally reported. The Olympic Destroyer malware should be treated with a high level of concern.
Researchers discover new ways to abuse Meltdown and Spectre flaws
http://ift.tt/2ByNLom
Submitted February 15, 2018 at 07:41PM by DJRWolf
via reddit http://ift.tt/2sxX7On
http://ift.tt/2ByNLom
Submitted February 15, 2018 at 07:41PM by DJRWolf
via reddit http://ift.tt/2sxX7On
Engadget
Researchers discover new ways to abuse Meltdown and Spectre flaws
A team of researchers from NVIDIA and Princeton University found new ways to exploit the Spectre and Meltdown CPU vulnerabilities.
Security In 5: Episode 175 - Business Email Compromise Scams Affect Everyone, But You Can Avoid It Easily
http://ift.tt/2o2ZpQT
Submitted February 15, 2018 at 07:40PM by BinaryBlog
via reddit http://ift.tt/2ssUddM
http://ift.tt/2o2ZpQT
Submitted February 15, 2018 at 07:40PM by BinaryBlog
via reddit http://ift.tt/2ssUddM
Libsyn
Security In Five Podcast: Episode 175 - Business Email Compromise Scams Affect Everyone, But You Can Avoid It Easily
Business email compromise emails or also known as the CEO email scams impact basically every organization. You are at risk of getting one and there is nothing you can do to prevent one from being delivered. This episode goes into what this scam is, why people…
CVE 2018-0101: Cisco ASA DoS and RCE(?)
http://ift.tt/2CnMg9o
Submitted February 15, 2018 at 07:42PM by utahrd37
via reddit http://ift.tt/2ErDYzd
http://ift.tt/2CnMg9o
Submitted February 15, 2018 at 07:42PM by utahrd37
via reddit http://ift.tt/2ErDYzd
cve.mitre.org
CVE -
CVE-2018-0101
CVE-2018-0101
Common Vulnerabilities and Exposures (CVE®) is a list of entries — each containing an identification number, a denoscription, and at least one public reference — for publicly known cybersecurity vulnerabilities. Assigned by CVE Numbering Authorities (CNAs)…
Intelligence Agencies Warn Americans Against Using Huawei Phones
http://ift.tt/2EFFCAt
Submitted February 15, 2018 at 07:42PM by thatshirtman
via reddit http://ift.tt/2EqybtL
http://ift.tt/2EFFCAt
Submitted February 15, 2018 at 07:42PM by thatshirtman
via reddit http://ift.tt/2EqybtL
Fortune
Don't Use Huawei Phones, Warn Six Top U.S. Intelligence Chiefs
They could "conduct undetected espionage."
Recommended sites for gathering IP reputation
http://ift.tt/2EukzO2
Submitted February 15, 2018 at 08:32PM by dssntnt
via reddit http://ift.tt/2GcFx4D
http://ift.tt/2EukzO2
Submitted February 15, 2018 at 08:32PM by dssntnt
via reddit http://ift.tt/2GcFx4D
reddit
Recommended sites for gathering IP reputation • r/AskNetsec
What sites have you found work well to check the reputation of an IP address? Any big difference between free and paid sites?
IT Pros: IoT Devices Most Vulnerable to Wi-Fi Attacks
http://ift.tt/2Er76dZ
Submitted February 15, 2018 at 08:44PM by CasperVPN
via reddit http://ift.tt/2ConQga
http://ift.tt/2Er76dZ
Submitted February 15, 2018 at 08:44PM by CasperVPN
via reddit http://ift.tt/2ConQga
Infosecurity Magazine
IT Pros: IoT Devices Most Vulnerable to Wi-Fi Attacks
92% of IT pros concerned about risks of using public Wi-Fi on company-owned devices