How to secure an API endpoint with a publishable API Key?
http://ift.tt/2I87jkj

Submitted March 06, 2018 at 04:52PM by random_scribling
via reddit http://ift.tt/2FY1yoW

Facebook improves link security infrastructure by implementing HSTS Preloading
http://ift.tt/2I61KTD

Submitted March 06, 2018 at 06:32PM by CasperVPN
via reddit http://ift.tt/2H7wySL

Kali Linux Now in Windows Store, but Defender Flags Its Packages as Threats!
http://ift.tt/2oKZ2Lb

Submitted March 06, 2018 at 06:06PM by alessiodelv
via reddit http://ift.tt/2I468Cu

1.7 Tbps DDoS Attack — ​Memcached UDP Reflections Set New Record
http://ift.tt/2tjG5UH

Submitted March 06, 2018 at 06:04PM by alessiodelv
via reddit http://ift.tt/2oT0ESh

A Complete Beginner Guide to Learn Ethical Hacking
https://twitter.com/gainfromhere/status/970730975880732672

Submitted March 06, 2018 at 05:53PM by hydandsik
via reddit http://ift.tt/2I87Lzo

Phishing tops IRS' 2018 list of Dirty Dozen tax scams
http://ift.tt/2FhMwxa

Submitted March 06, 2018 at 08:04PM by volci
via reddit http://ift.tt/2HaLpfa

Security Vulnerabilities in Smart Contracts
http://ift.tt/2Fk5MWA

Submitted March 06, 2018 at 08:02PM by volci
via reddit http://ift.tt/2FunLgg

How Meltdown and Spectre bugs will impact processor designs. Future CPUs will need security front-of-mind: performance may take a back seat.
http://ift.tt/2t0KlbI

Submitted March 06, 2018 at 07:59PM by AA_2011
via reddit http://ift.tt/2I6Zco8

Are memcached attacks going to be more common?
Are memcached attacks, like the recent DDoS on GitHub, going to be more popular in the coming year?Where are their resources on memcached vulnerabilities and attacks?

Submitted March 06, 2018 at 07:56PM by whitehattracker
via reddit http://ift.tt/2FrBDYS

Security In 5: Episode 188 - What Is A SOC And Does Your Company Need One, Yet?
http://ift.tt/2oTXayY

Submitted March 06, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2I7Aswe

‘No Logging’ Policies and VPNs
When they say ‘No Logging’, do they really keep nothing?Would their upstream providers/IP transit keep logs as a way around this?How does this all work?

Submitted March 06, 2018 at 08:39PM by mscaff
via reddit http://ift.tt/2oS1VtZ

Coinminer Comes with a Process "Kill List" to Keep Competitors at Bay
http://ift.tt/2FiVjei

Submitted March 06, 2018 at 08:21PM by DJRWolf
via reddit http://ift.tt/2thm5Sy

Introducing parsedmarc: An open source Python module and CLI tool for parsing DMARC reports
http://ift.tt/2thqDs6

Submitted March 06, 2018 at 09:01PM by seanthegeek
via reddit http://ift.tt/2I6e1aH

Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing
http://ift.tt/2D4XUGK

Submitted March 06, 2018 at 08:41PM by DiscombobulatedGood
via reddit http://ift.tt/2FdP8w1

Perfecting email template about moving the website to HTTPS
From time to time I email websites asking them to switch to HTTPS and mentioning all its advantages. I have a template and figured that perhaps there's something to improve/fix so it's more convincing. I want it to be top-notch. Even if not, perhaps other people can use it to further spread HTTPS adoption.So I'm pasting it below and waiting for your thoughts/suggestions in the comments. Please be aware that I send plaintext emails and remove text in [brackets] in some cases.Hello.I wanted to ask you to consider fully moving your website to HTTPS. [Or, if that's too much trouble, at least forcing HTTPS on pages with forms (e.g. login or register pages).Here are the reasons why HTTPS is important.On HTTP pages everyone can see my traffic[, including login details]. ISPs, governments and network administrators have access to these information by design, but every person can steal my data conducting Man In The Middle Attack (MITM). So for any pages with forms (like login or register pages) forcing HTTPS is a MUST HAVE. [Even if users don't complain that their login data is sent unencrypted, they shouldn't have to be aware of that and it should be up to the website's administration to protect its visitors' data.If that's not enough, malicious noscripts can be injected on non-secure pages. So someone can e.g. inject a porn ad on your page in my browser. Or worse...Switching to HTTPS can be free if you use tools like Let's Encrypt.It doesn't make the site much slower and might even make it run faster if you use HTTP/2 which is only available for encrypted sites (as opposed to HTTP/1.1 which you're using and can check here: https://tools.keycdn.com/http2-test).If security is not your main concern, you might want to know that Google and probably other search engines take HTTPS into account when displaying search results. HTTPS pages get a better rating (e.g. PageRank) and are displayed higher.Furthermore, browsers are in the process of deprecating HTTP websites. For now users are prompted with warnings when filling forms on HTTP pages and in the future all HTTP pages will be displayed as not secure which will discourage some users from visiting such pages. Google already does that for pages in incognito mode and from July it will be like that for every site. Firefox will do the same but has not yet set a deadline. Please, check out the following links for more information:https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-httphttps://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdfhttps://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.htmlBest regards,<me>

Submitted March 06, 2018 at 09:13PM by mr__jigsaw
via reddit http://ift.tt/2Fm7jeL

Malware “TSCookie” (With Github Sources to decode and extract TSCookie’s configuration info - See Comment)
http://ift.tt/2D3COIO

Submitted March 06, 2018 at 10:03PM by TechLord2
via reddit http://ift.tt/2FZRPhJ

Its Time to Think Differently About Segmentation
http://ift.tt/2FfKtcP

Submitted March 06, 2018 at 09:48PM by SecurityTrust
via reddit http://ift.tt/2FvX6zW

AppBandit (Proxy) Public Beta
http://ift.tt/2FtyIik

Submitted March 07, 2018 at 12:20AM by Hardbeattt
via reddit http://ift.tt/2D4Bcyw

IoT Security standards and guidelines
Does anyone know sources of open standards regarding IoT security?I could find good information from NIST, OWASP and GSMA.GSMA -> https://www.gsma.com/iot/future-iot-networks/iot-security-guidelines/OWASP -> https://www.owasp.org/index.php/OWASP_Internet_of_Things_ProjectNIST -> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-183.pdf

Submitted March 07, 2018 at 12:33AM by neomer22
via reddit http://ift.tt/2D2K4Vj

Clang CFI Bypass Techniques
http://ift.tt/2HaMHXp

Submitted March 06, 2018 at 11:20PM by aohgdao
via reddit http://ift.tt/2Fvk3Dq

Is it possible that scammers hack someone's website and pursue their scam under that person's domain?
Long story short, I received a scam Paypal mail that links to a website where you are asked to update your PayPal information. The website is nearly identical to paypal.com in all aspects but the domain name, and I almost fell for the scam until I saw the url. Upon further investigation, I found the owner of the domain with all his personal information. I messaged him on twitter, and he claims he was hacked, and that he has notified the host. Please note that the scam website has been running for at least a month, probably longer (I received the mail a month ago, only checked it today). But the domain itself has been registered under his name for at least 7 years, possibly much longer. Other than that, the owner of the domain does not respond to my questions. I have recorded everything and I'm willing to expose this douchebag, who is surprisingly an Israeli lecturer at some university by the way. But I'm thinking, what if he really was hacked and had no idea this was happening? I find that unlikely but maybe things like this have happened before. I'm willing to provide any information you guys might need to corroborate my story.

Submitted March 07, 2018 at 02:11AM by mrdexie
via reddit http://ift.tt/2FgwUKr