Beginner’s Guide to API(REST) security
http://ift.tt/1ie4XTD
Submitted March 13, 2018 at 10:31AM by lazykid07
via reddit http://ift.tt/2HtrfNx
http://ift.tt/1ie4XTD
Submitted March 13, 2018 at 10:31AM by lazykid07
via reddit http://ift.tt/2HtrfNx
what I'm breaking...
Beginner’s Guide to API(REST) security
API(Application Program Interface) is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers and mobile devices. Most of the websites p…
Release 2.0 of Top 2 Billion Probable Passwords, Probability Sorted - GitHub Repo
http://ift.tt/2FO7D9C
Submitted March 13, 2018 at 08:33AM by chull2058
via reddit http://ift.tt/2FxVC9d
http://ift.tt/2FO7D9C
Submitted March 13, 2018 at 08:33AM by chull2058
via reddit http://ift.tt/2FxVC9d
GitHub
berzerk0/Probable-Wordlists
Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
Attacking Merkle Trees with a Second Preimage Attack
http://ift.tt/2tG3C2f
Submitted March 13, 2018 at 01:05PM by __Joker
via reddit http://ift.tt/2DnvFTX
http://ift.tt/2tG3C2f
Submitted March 13, 2018 at 01:05PM by __Joker
via reddit http://ift.tt/2DnvFTX
flawed.net.nz
Attacking Merkle Trees with a Second Preimage Attack
This post will outline a common flaw in implementations of Merkle Trees, with demonstrations of potential attacks against the most popular python libraries. But first, a brief overview of what both…
A report shows security downsides of the IoT adoption
http://ift.tt/2p8wv1q
Submitted March 13, 2018 at 01:53PM by tomasstatkus
via reddit http://ift.tt/2Inyd8a
http://ift.tt/2p8wv1q
Submitted March 13, 2018 at 01:53PM by tomasstatkus
via reddit http://ift.tt/2Inyd8a
Reviewedbypro
A report shows security downsides of the IoT adoption
According to security researchers at Trustwave, businesses who have deployed IoT devices faced the security downsides, as IoT devices patching still lags. As a report
Basic Antivirus: Norton AntiVirus Basic VS Panda Antivirus Pro
http://ift.tt/2FzDD1Z
Submitted March 13, 2018 at 01:20PM by tomasstatkus
via reddit http://ift.tt/2tJUmKs
http://ift.tt/2FzDD1Z
Submitted March 13, 2018 at 01:20PM by tomasstatkus
via reddit http://ift.tt/2tJUmKs
Reviewedbypro
Basic Antivirus: Norton AntiVirus Basic VS Panda Antivirus Pro
As Windows operating system continues leading IT industry, Windows threats remain increasing. So those who want to use the computer and browse the Internet with
13 Vulnerabilities in Hanwha SmartCams Demonstrate Risks of Feature Complexity
http://ift.tt/2DoJNfq
Submitted March 13, 2018 at 02:35PM by CasperVPN
via reddit http://ift.tt/2p9Y5M4
http://ift.tt/2DoJNfq
Submitted March 13, 2018 at 02:35PM by CasperVPN
via reddit http://ift.tt/2p9Y5M4
Security Affairs
13 Vulnerabilities in Hanwha SmartCams Demonstrate Risks of Feature Complexity - Security Affairs
The researchers at Kaspersky Lab ICS CERT decided to check the popular Hanwha SmartCams and discovered 13 vulnerabilities.
Parsing the .DS_Store file format
http://ift.tt/2tEffH9
Submitted March 13, 2018 at 02:55PM by gehaxelt
via reddit http://ift.tt/2InDkVU
http://ift.tt/2tEffH9
Submitted March 13, 2018 at 02:55PM by gehaxelt
via reddit http://ift.tt/2InDkVU
Sebastian Neef - 0day.work
Parsing the .DS_Store file format
About two years ago I came across a .DS_Store file and wanted to extract its information (e.g. file names). After researching the file format and its security implications, as well as writing a parser for it, I would like to share my (limited) knowledge and…
JavaScript Zero: real JavaScript, and zero side-channel attacks
http://ift.tt/2pap8qy
Submitted March 13, 2018 at 02:29PM by al-maisan
via reddit http://ift.tt/2FLkKIW
http://ift.tt/2pap8qy
Submitted March 13, 2018 at 02:29PM by al-maisan
via reddit http://ift.tt/2FLkKIW
the morning paper
JavaScript Zero: real JavaScript, and zero side-channel attacks
JavaScript Zero: Real JavaScript and zero side-channel attacks Schwarz et al., NDSS’18 We’re moving from the server-side back to the client-side today, with a very topical paper looking at defences…
Scanning the Alexa Top 1M for .DS_Store files
http://ift.tt/2p9aS1O
Submitted March 13, 2018 at 01:50PM by al-maisan
via reddit http://ift.tt/2FOEpHS
http://ift.tt/2p9aS1O
Submitted March 13, 2018 at 01:50PM by al-maisan
via reddit http://ift.tt/2FOEpHS
en.internetwache.org
Scanning the Alexa Top 1M for .DS_Store files - Internetwache - A secure internet is our concern
Some readers may remember our Analysis of .git folders in the Alexa Top 1M. WIth our tools we were able to discover and retrieve (hidden) directories and files (even without directory listing). We …
Database leak in one of the biggest Swiss hosting providers
http://ift.tt/2D4o4Jz
Submitted March 13, 2018 at 03:10PM by sokolovanton
via reddit http://ift.tt/2pcGq7l
http://ift.tt/2D4o4Jz
Submitted March 13, 2018 at 03:10PM by sokolovanton
via reddit http://ift.tt/2pcGq7l
security.infoteam.ch
How we discovered a database leak in one of the biggest Swiss hosting provider
During the development of our new security SaaS, allowing anyone to check the security level of its own servers, we ran tests on one of our own websites. Since the website is hosted by one of the biggest hosting provider in Switzerland, we didn’t expect to…
VPN Leaks Found on 3 Major VPNs out of 3 that We Tested
http://ift.tt/2pc9OcP
Submitted March 13, 2018 at 05:20PM by toolstalented
via reddit http://ift.tt/2Ip5EHc
http://ift.tt/2pc9OcP
Submitted March 13, 2018 at 05:20PM by toolstalented
via reddit http://ift.tt/2Ip5EHc
vpnMentor
VPN Leaks Found on 3 Major VPNs out of … 3 that We Tested | vpnMentor
We tested 3 popular VPNs: Hotspot Shield, PureVPN, and Zenmate with accredited researchers to find if the VPNs could leak data. While we hoped to find zero leaks, we regretfully found that all of them leak sensitive data. On the positive side, after we contacted…
How Users Can Spot Fake Android Apps and What Google is Doing About It?
http://ift.tt/2pc9Q4r
Submitted March 13, 2018 at 05:14PM by gibber879
via reddit http://ift.tt/2IlfiL6
http://ift.tt/2pc9Q4r
Submitted March 13, 2018 at 05:14PM by gibber879
via reddit http://ift.tt/2IlfiL6
NextInDigital
How Users Can Spot Fake Android Apps and What Google is Doing About It? - NextInDigital
How Users Can Spot Fake Android Apps and What Google is Doing About It?5 (100%) 1 vote Google play store is full of fake Android apps and scammers create such app listings in such a way that they look very similar to some of the popular and well-known apps…
Gwent Police investigated for hiding potential hack
http://ift.tt/2IonnyA
Submitted March 13, 2018 at 04:05PM by ZoicBrim
via reddit http://ift.tt/2FwHhtw
http://ift.tt/2IonnyA
Submitted March 13, 2018 at 04:05PM by ZoicBrim
via reddit http://ift.tt/2FwHhtw
Sky News
Gwent Police investigated for hiding potential hack
Hundreds of confidential reports from members of the public could have been exposed to criminals over a two-year period.
What does information security, sports management, military history, & Batman have in common? Find out on the 2nd episode of Humans of InfoSec as Caroline Wong talks with Robert Wood about his origin story.
http://ift.tt/2FBaxv3
Submitted March 13, 2018 at 05:34PM by ju1i3k
via reddit http://ift.tt/2FNv2Ik
http://ift.tt/2FBaxv3
Submitted March 13, 2018 at 05:34PM by ju1i3k
via reddit http://ift.tt/2FNv2Ik
SoundCloud
Humans Of InfoSec 2: Robert Wood
Humans Of InfoSec Episode 2, Robert Wood has a vast portfolio of work ranging from building Cigital’s Red Team to running the trust and security team at Nuna Health. Robert is well known for his adver
[Thought Experiment] Do we need online laws?
Are internet laws necessary? The laws are clearly not a primary barrier for serious criminals, but they do present a problem for less-damaging people and less-damaging behaviour.Internet laws caused Gary McKinnon a decade of serious anxiety when he was prosecuted for looking at someone else's information, but it seems that the law was irrelevant to anyone's safety - whether or not he was prosecuted the military who held the information clearly needed better security.It's also clear that those who have a greater ability to harm others through the internet (data theft, remote encryption, et c.) are also those who are the least easily targetable by internet laws (due to some combination of skill and location).Every time I see someone being targeted by some online attack, my first piece of advice is to change their behaviour, and my attempts to contact authorities on the matter have been met with understandable apathy. Internet security advice seems necessarily geared towards something like 'victim-blaming'.I'll add the personal gripe that I've started learning about security a few months ago, and it seems the early port-scan I performed for my education was illegal (nobody cares, but technically it's sometimes illegal). The first problem here is that non-obvious laws are inherently going to be a pain. The second problem is that while I have the funds to make a virtual network for practice (and I have), not everyone has the funds, and criminalizing kids who just want to learn about networking seems like it's not worth the safety such laws buy.So, I must wonder if internet laws are required at all.Disclaimer 1: I'm not suggesting theft or plotting murders should be legal when they're on the internet. I'm wondering what would happen if logging into a remote server were legal, while copying files from that server would still be illegal due to non internet-based laws.Disclaimer 2: This is not an argumentative thesis, it's a thought-experiment. I have no idea if this is feasible but would love to hear people's thoughts.
Submitted March 13, 2018 at 06:21PM by Andonome
via reddit http://ift.tt/2p98ZBw
Are internet laws necessary? The laws are clearly not a primary barrier for serious criminals, but they do present a problem for less-damaging people and less-damaging behaviour.Internet laws caused Gary McKinnon a decade of serious anxiety when he was prosecuted for looking at someone else's information, but it seems that the law was irrelevant to anyone's safety - whether or not he was prosecuted the military who held the information clearly needed better security.It's also clear that those who have a greater ability to harm others through the internet (data theft, remote encryption, et c.) are also those who are the least easily targetable by internet laws (due to some combination of skill and location).Every time I see someone being targeted by some online attack, my first piece of advice is to change their behaviour, and my attempts to contact authorities on the matter have been met with understandable apathy. Internet security advice seems necessarily geared towards something like 'victim-blaming'.I'll add the personal gripe that I've started learning about security a few months ago, and it seems the early port-scan I performed for my education was illegal (nobody cares, but technically it's sometimes illegal). The first problem here is that non-obvious laws are inherently going to be a pain. The second problem is that while I have the funds to make a virtual network for practice (and I have), not everyone has the funds, and criminalizing kids who just want to learn about networking seems like it's not worth the safety such laws buy.So, I must wonder if internet laws are required at all.Disclaimer 1: I'm not suggesting theft or plotting murders should be legal when they're on the internet. I'm wondering what would happen if logging into a remote server were legal, while copying files from that server would still be illegal due to non internet-based laws.Disclaimer 2: This is not an argumentative thesis, it's a thought-experiment. I have no idea if this is feasible but would love to hear people's thoughts.
Submitted March 13, 2018 at 06:21PM by Andonome
via reddit http://ift.tt/2p98ZBw
reddit
[Thought Experiment] Do we need online laws? • r/security
Are internet laws necessary? The laws are clearly not a primary barrier for serious criminals, but they do present a problem for less-damaging...
Justifying Security Spend, a Response Pt 2
https://www.youtube.com/watch?v=pvgPlAy6JC0&index=2&list=PLWV16JTzD6eabntglRTssFpTEXes_V2Ym
Submitted March 13, 2018 at 06:08PM by Uminekoshi
via reddit http://ift.tt/2Ikw9xw
https://www.youtube.com/watch?v=pvgPlAy6JC0&index=2&list=PLWV16JTzD6eabntglRTssFpTEXes_V2Ym
Submitted March 13, 2018 at 06:08PM by Uminekoshi
via reddit http://ift.tt/2Ikw9xw
YouTube
Justifying Security Spend, a Response from Nehemiah Security: Part 2
In this video, Jerry Caponera responds to an entry in our eBook about "7 Experts on Justifying Security Spend" written by Genady Vishnevetsky. If your friend...
Third-party security vetting: Do it before you sign a contract
http://ift.tt/2p7aQa2
Submitted March 13, 2018 at 06:08PM by Chumstick
via reddit http://ift.tt/2InDr3B
http://ift.tt/2p7aQa2
Submitted March 13, 2018 at 06:08PM by Chumstick
via reddit http://ift.tt/2InDr3B
CSO Online
Third-party security vetting: Do it before you sign a contract
Security needs to ensure that all vendors and partners, even those not controlled by IT, meet the organization's security standards.
Firefox tunnel to bypass any firewall
http://ift.tt/2p61qMH
Submitted March 13, 2018 at 06:07PM by Chumstick
via reddit http://ift.tt/2pb35zZ
http://ift.tt/2p61qMH
Submitted March 13, 2018 at 06:07PM by Chumstick
via reddit http://ift.tt/2pb35zZ
Medium
Firefox tunnel to bypass any firewall
A crucial element for the Red Team’s task is having stealth to perform the attack, success in the ability to expose an aggressive mindset…
NSA Retreats From Targeted PCs If They're Already Infected by Other APT Malware
http://ift.tt/2p5lfE5
Submitted March 13, 2018 at 06:06PM by Chumstick
via reddit http://ift.tt/2ImIL7F
http://ift.tt/2p5lfE5
Submitted March 13, 2018 at 06:06PM by Chumstick
via reddit http://ift.tt/2ImIL7F
BleepingComputer
NSA Retreats From Targeted PCs If They're Already Infected by Other APT Malware
Hacking tools leaked last year and believed to belong to the US National Security Agency (NSA) contain an utility for detecting the presence of malware developed by other cyber-espionage groups.
Tim Berners-Lee: we must regulate tech firms to prevent 'weaponised' web
http://ift.tt/2FGOXbY
Submitted March 13, 2018 at 06:06PM by Chumstick
via reddit http://ift.tt/2p996wW
http://ift.tt/2FGOXbY
Submitted March 13, 2018 at 06:06PM by Chumstick
via reddit http://ift.tt/2p996wW
the Guardian
Tim Berners-Lee: we must regulate tech firms to prevent 'weaponised' web
The inventor of the world wide web warns over concentration of power among a few companies ‘controlling which ideas are shared’
MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data
http://ift.tt/2Dky3e3
Submitted March 13, 2018 at 06:05PM by Chumstick
via reddit http://ift.tt/2ImIMIL
http://ift.tt/2Dky3e3
Submitted March 13, 2018 at 06:05PM by Chumstick
via reddit http://ift.tt/2ImIMIL
The Hacker News
MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data
Researchers demonstrated how two (or more) Air-Gapped computers can covertly exchange data via ultrasonic waves.