Parsing the .DS_Store file format
http://ift.tt/2tEffH9
Submitted March 13, 2018 at 02:55PM by gehaxelt
via reddit http://ift.tt/2InDkVU
http://ift.tt/2tEffH9
Submitted March 13, 2018 at 02:55PM by gehaxelt
via reddit http://ift.tt/2InDkVU
Sebastian Neef - 0day.work
Parsing the .DS_Store file format
About two years ago I came across a .DS_Store file and wanted to extract its information (e.g. file names). After researching the file format and its security implications, as well as writing a parser for it, I would like to share my (limited) knowledge and…
JavaScript Zero: real JavaScript, and zero side-channel attacks
http://ift.tt/2pap8qy
Submitted March 13, 2018 at 02:29PM by al-maisan
via reddit http://ift.tt/2FLkKIW
http://ift.tt/2pap8qy
Submitted March 13, 2018 at 02:29PM by al-maisan
via reddit http://ift.tt/2FLkKIW
the morning paper
JavaScript Zero: real JavaScript, and zero side-channel attacks
JavaScript Zero: Real JavaScript and zero side-channel attacks Schwarz et al., NDSS’18 We’re moving from the server-side back to the client-side today, with a very topical paper looking at defences…
Scanning the Alexa Top 1M for .DS_Store files
http://ift.tt/2p9aS1O
Submitted March 13, 2018 at 01:50PM by al-maisan
via reddit http://ift.tt/2FOEpHS
http://ift.tt/2p9aS1O
Submitted March 13, 2018 at 01:50PM by al-maisan
via reddit http://ift.tt/2FOEpHS
en.internetwache.org
Scanning the Alexa Top 1M for .DS_Store files - Internetwache - A secure internet is our concern
Some readers may remember our Analysis of .git folders in the Alexa Top 1M. WIth our tools we were able to discover and retrieve (hidden) directories and files (even without directory listing). We …
Database leak in one of the biggest Swiss hosting providers
http://ift.tt/2D4o4Jz
Submitted March 13, 2018 at 03:10PM by sokolovanton
via reddit http://ift.tt/2pcGq7l
http://ift.tt/2D4o4Jz
Submitted March 13, 2018 at 03:10PM by sokolovanton
via reddit http://ift.tt/2pcGq7l
security.infoteam.ch
How we discovered a database leak in one of the biggest Swiss hosting provider
During the development of our new security SaaS, allowing anyone to check the security level of its own servers, we ran tests on one of our own websites. Since the website is hosted by one of the biggest hosting provider in Switzerland, we didn’t expect to…
VPN Leaks Found on 3 Major VPNs out of 3 that We Tested
http://ift.tt/2pc9OcP
Submitted March 13, 2018 at 05:20PM by toolstalented
via reddit http://ift.tt/2Ip5EHc
http://ift.tt/2pc9OcP
Submitted March 13, 2018 at 05:20PM by toolstalented
via reddit http://ift.tt/2Ip5EHc
vpnMentor
VPN Leaks Found on 3 Major VPNs out of … 3 that We Tested | vpnMentor
We tested 3 popular VPNs: Hotspot Shield, PureVPN, and Zenmate with accredited researchers to find if the VPNs could leak data. While we hoped to find zero leaks, we regretfully found that all of them leak sensitive data. On the positive side, after we contacted…
How Users Can Spot Fake Android Apps and What Google is Doing About It?
http://ift.tt/2pc9Q4r
Submitted March 13, 2018 at 05:14PM by gibber879
via reddit http://ift.tt/2IlfiL6
http://ift.tt/2pc9Q4r
Submitted March 13, 2018 at 05:14PM by gibber879
via reddit http://ift.tt/2IlfiL6
NextInDigital
How Users Can Spot Fake Android Apps and What Google is Doing About It? - NextInDigital
How Users Can Spot Fake Android Apps and What Google is Doing About It?5 (100%) 1 vote Google play store is full of fake Android apps and scammers create such app listings in such a way that they look very similar to some of the popular and well-known apps…
Gwent Police investigated for hiding potential hack
http://ift.tt/2IonnyA
Submitted March 13, 2018 at 04:05PM by ZoicBrim
via reddit http://ift.tt/2FwHhtw
http://ift.tt/2IonnyA
Submitted March 13, 2018 at 04:05PM by ZoicBrim
via reddit http://ift.tt/2FwHhtw
Sky News
Gwent Police investigated for hiding potential hack
Hundreds of confidential reports from members of the public could have been exposed to criminals over a two-year period.
What does information security, sports management, military history, & Batman have in common? Find out on the 2nd episode of Humans of InfoSec as Caroline Wong talks with Robert Wood about his origin story.
http://ift.tt/2FBaxv3
Submitted March 13, 2018 at 05:34PM by ju1i3k
via reddit http://ift.tt/2FNv2Ik
http://ift.tt/2FBaxv3
Submitted March 13, 2018 at 05:34PM by ju1i3k
via reddit http://ift.tt/2FNv2Ik
SoundCloud
Humans Of InfoSec 2: Robert Wood
Humans Of InfoSec Episode 2, Robert Wood has a vast portfolio of work ranging from building Cigital’s Red Team to running the trust and security team at Nuna Health. Robert is well known for his adver
[Thought Experiment] Do we need online laws?
Are internet laws necessary? The laws are clearly not a primary barrier for serious criminals, but they do present a problem for less-damaging people and less-damaging behaviour.Internet laws caused Gary McKinnon a decade of serious anxiety when he was prosecuted for looking at someone else's information, but it seems that the law was irrelevant to anyone's safety - whether or not he was prosecuted the military who held the information clearly needed better security.It's also clear that those who have a greater ability to harm others through the internet (data theft, remote encryption, et c.) are also those who are the least easily targetable by internet laws (due to some combination of skill and location).Every time I see someone being targeted by some online attack, my first piece of advice is to change their behaviour, and my attempts to contact authorities on the matter have been met with understandable apathy. Internet security advice seems necessarily geared towards something like 'victim-blaming'.I'll add the personal gripe that I've started learning about security a few months ago, and it seems the early port-scan I performed for my education was illegal (nobody cares, but technically it's sometimes illegal). The first problem here is that non-obvious laws are inherently going to be a pain. The second problem is that while I have the funds to make a virtual network for practice (and I have), not everyone has the funds, and criminalizing kids who just want to learn about networking seems like it's not worth the safety such laws buy.So, I must wonder if internet laws are required at all.Disclaimer 1: I'm not suggesting theft or plotting murders should be legal when they're on the internet. I'm wondering what would happen if logging into a remote server were legal, while copying files from that server would still be illegal due to non internet-based laws.Disclaimer 2: This is not an argumentative thesis, it's a thought-experiment. I have no idea if this is feasible but would love to hear people's thoughts.
Submitted March 13, 2018 at 06:21PM by Andonome
via reddit http://ift.tt/2p98ZBw
Are internet laws necessary? The laws are clearly not a primary barrier for serious criminals, but they do present a problem for less-damaging people and less-damaging behaviour.Internet laws caused Gary McKinnon a decade of serious anxiety when he was prosecuted for looking at someone else's information, but it seems that the law was irrelevant to anyone's safety - whether or not he was prosecuted the military who held the information clearly needed better security.It's also clear that those who have a greater ability to harm others through the internet (data theft, remote encryption, et c.) are also those who are the least easily targetable by internet laws (due to some combination of skill and location).Every time I see someone being targeted by some online attack, my first piece of advice is to change their behaviour, and my attempts to contact authorities on the matter have been met with understandable apathy. Internet security advice seems necessarily geared towards something like 'victim-blaming'.I'll add the personal gripe that I've started learning about security a few months ago, and it seems the early port-scan I performed for my education was illegal (nobody cares, but technically it's sometimes illegal). The first problem here is that non-obvious laws are inherently going to be a pain. The second problem is that while I have the funds to make a virtual network for practice (and I have), not everyone has the funds, and criminalizing kids who just want to learn about networking seems like it's not worth the safety such laws buy.So, I must wonder if internet laws are required at all.Disclaimer 1: I'm not suggesting theft or plotting murders should be legal when they're on the internet. I'm wondering what would happen if logging into a remote server were legal, while copying files from that server would still be illegal due to non internet-based laws.Disclaimer 2: This is not an argumentative thesis, it's a thought-experiment. I have no idea if this is feasible but would love to hear people's thoughts.
Submitted March 13, 2018 at 06:21PM by Andonome
via reddit http://ift.tt/2p98ZBw
reddit
[Thought Experiment] Do we need online laws? • r/security
Are internet laws necessary? The laws are clearly not a primary barrier for serious criminals, but they do present a problem for less-damaging...
Justifying Security Spend, a Response Pt 2
https://www.youtube.com/watch?v=pvgPlAy6JC0&index=2&list=PLWV16JTzD6eabntglRTssFpTEXes_V2Ym
Submitted March 13, 2018 at 06:08PM by Uminekoshi
via reddit http://ift.tt/2Ikw9xw
https://www.youtube.com/watch?v=pvgPlAy6JC0&index=2&list=PLWV16JTzD6eabntglRTssFpTEXes_V2Ym
Submitted March 13, 2018 at 06:08PM by Uminekoshi
via reddit http://ift.tt/2Ikw9xw
YouTube
Justifying Security Spend, a Response from Nehemiah Security: Part 2
In this video, Jerry Caponera responds to an entry in our eBook about "7 Experts on Justifying Security Spend" written by Genady Vishnevetsky. If your friend...
Third-party security vetting: Do it before you sign a contract
http://ift.tt/2p7aQa2
Submitted March 13, 2018 at 06:08PM by Chumstick
via reddit http://ift.tt/2InDr3B
http://ift.tt/2p7aQa2
Submitted March 13, 2018 at 06:08PM by Chumstick
via reddit http://ift.tt/2InDr3B
CSO Online
Third-party security vetting: Do it before you sign a contract
Security needs to ensure that all vendors and partners, even those not controlled by IT, meet the organization's security standards.
Firefox tunnel to bypass any firewall
http://ift.tt/2p61qMH
Submitted March 13, 2018 at 06:07PM by Chumstick
via reddit http://ift.tt/2pb35zZ
http://ift.tt/2p61qMH
Submitted March 13, 2018 at 06:07PM by Chumstick
via reddit http://ift.tt/2pb35zZ
Medium
Firefox tunnel to bypass any firewall
A crucial element for the Red Team’s task is having stealth to perform the attack, success in the ability to expose an aggressive mindset…
NSA Retreats From Targeted PCs If They're Already Infected by Other APT Malware
http://ift.tt/2p5lfE5
Submitted March 13, 2018 at 06:06PM by Chumstick
via reddit http://ift.tt/2ImIL7F
http://ift.tt/2p5lfE5
Submitted March 13, 2018 at 06:06PM by Chumstick
via reddit http://ift.tt/2ImIL7F
BleepingComputer
NSA Retreats From Targeted PCs If They're Already Infected by Other APT Malware
Hacking tools leaked last year and believed to belong to the US National Security Agency (NSA) contain an utility for detecting the presence of malware developed by other cyber-espionage groups.
Tim Berners-Lee: we must regulate tech firms to prevent 'weaponised' web
http://ift.tt/2FGOXbY
Submitted March 13, 2018 at 06:06PM by Chumstick
via reddit http://ift.tt/2p996wW
http://ift.tt/2FGOXbY
Submitted March 13, 2018 at 06:06PM by Chumstick
via reddit http://ift.tt/2p996wW
the Guardian
Tim Berners-Lee: we must regulate tech firms to prevent 'weaponised' web
The inventor of the world wide web warns over concentration of power among a few companies ‘controlling which ideas are shared’
MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data
http://ift.tt/2Dky3e3
Submitted March 13, 2018 at 06:05PM by Chumstick
via reddit http://ift.tt/2ImIMIL
http://ift.tt/2Dky3e3
Submitted March 13, 2018 at 06:05PM by Chumstick
via reddit http://ift.tt/2ImIMIL
The Hacker News
MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data
Researchers demonstrated how two (or more) Air-Gapped computers can covertly exchange data via ultrasonic waves.
JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks [Research Paper PDF]
http://ift.tt/2Io8Lzw
Submitted March 13, 2018 at 06:46PM by TechLord2
via reddit http://ift.tt/2pa5s5T
http://ift.tt/2Io8Lzw
Submitted March 13, 2018 at 06:46PM by TechLord2
via reddit http://ift.tt/2pa5s5T
How to analyze memory from newer builds of Windows 10 with Volatility
http://ift.tt/2oQBCU7
Submitted March 13, 2018 at 06:21PM by 13Cubed
via reddit http://ift.tt/2pb2yxZ
http://ift.tt/2oQBCU7
Submitted March 13, 2018 at 06:21PM by 13Cubed
via reddit http://ift.tt/2pb2yxZ
Cyber debt - What is the cost of doing nothing?
http://ift.tt/2p881Gu
Submitted March 13, 2018 at 06:49PM by Uminekoshi
via reddit http://ift.tt/2FxQCS3
http://ift.tt/2p881Gu
Submitted March 13, 2018 at 06:49PM by Uminekoshi
via reddit http://ift.tt/2FxQCS3
Nehemiah Security
The High Cost of Doing Nothing - Nehemiah Security
In business, the name of the game is to make hard choices with the hope that the decision made will pay off. IT is not exempt from these difficult decisions. Originally coined in 1992 to address quick and dirty coding in software development, technical debt…
FireEye's Marina Krotofil On Triton and ICS Threats (video)
http://ift.tt/2DliJ0N
Submitted March 13, 2018 at 06:44PM by volci
via reddit http://ift.tt/2FGgZkM
http://ift.tt/2DliJ0N
Submitted March 13, 2018 at 06:44PM by volci
via reddit http://ift.tt/2FGgZkM
Threatpost | The first stop for security news
FireEye's Marina Krotofil On Triton and ICS Threats
At the Security Analyst Summit this year in Cancun, FireEye's Marina Krotofil talks about the Triton malware, first disclosed in December 2017, that targets industrial control systems.
When I used the password recovery function, I received my old password.
Hello,I am worried because the trading platform I am using, provided me with my old password when I used the password recovery. I thought that the passwords were encrypted and they cannot be restored. Is the fact that they have provided me with my password a sign of weak security and lack of encryption?
Submitted March 13, 2018 at 06:29PM by slickobro
via reddit http://ift.tt/2FzLHji
Hello,I am worried because the trading platform I am using, provided me with my old password when I used the password recovery. I thought that the passwords were encrypted and they cannot be restored. Is the fact that they have provided me with my password a sign of weak security and lack of encryption?
Submitted March 13, 2018 at 06:29PM by slickobro
via reddit http://ift.tt/2FzLHji
reddit
When I used the password recovery function, I... • r/security
Hello, I am worried because the trading platform I am using, provided me with my old password when I used the password recovery. I thought that...
TSA Accused of Searching Devices During Domestic Travel
http://ift.tt/2FOLpnS
Submitted March 13, 2018 at 07:29PM by nojohntrumbull
via reddit http://ift.tt/2Hs0MQz
http://ift.tt/2FOLpnS
Submitted March 13, 2018 at 07:29PM by nojohntrumbull
via reddit http://ift.tt/2Hs0MQz
Tom's Guide
TSA Accused of Searching Your Devices
There are a growing number of reports that the Transportation Security Administration (TSA) is searching electronic devices at security checkpoints for domestic flights within the United States.