Malware over SSL
So we're looking at SSL visibility tools and we're questioning the value of them. When I do research on the threat, I see almost exclusively ZScaler written or referenced articles, which makes me think that it's just them pushing an agenda. When I think about how malware over ssl would work, the only way I can think it would work is if somehow the actual website was infected and was serving up malware with an intact cert.People have suggested that the malware could come in via advertisements or as an email attachment with a https reference, but that has me confused because most advertising I've seen is either http traffic, or has a valid SSL cert (which again means that the serving website must have been hacked). The only other way I can think of that malware via SSL would work is if the bad guys actually managed to register a cert that was widely trusted - but one would think that wouldn't last too long before someone revoked it.Can someone fill me in on what I'm missing here?Thanks.
Submitted March 14, 2018 at 05:10AM by Never_Been_Missed
via reddit http://ift.tt/2FMDWWL
So we're looking at SSL visibility tools and we're questioning the value of them. When I do research on the threat, I see almost exclusively ZScaler written or referenced articles, which makes me think that it's just them pushing an agenda. When I think about how malware over ssl would work, the only way I can think it would work is if somehow the actual website was infected and was serving up malware with an intact cert.People have suggested that the malware could come in via advertisements or as an email attachment with a https reference, but that has me confused because most advertising I've seen is either http traffic, or has a valid SSL cert (which again means that the serving website must have been hacked). The only other way I can think of that malware via SSL would work is if the bad guys actually managed to register a cert that was widely trusted - but one would think that wouldn't last too long before someone revoked it.Can someone fill me in on what I'm missing here?Thanks.
Submitted March 14, 2018 at 05:10AM by Never_Been_Missed
via reddit http://ift.tt/2FMDWWL
reddit
Malware over SSL • r/security
So we're looking at SSL visibility tools and we're questioning the value of them. When I do research on the threat, I see almost exclusively...
Firefox Gets Privacy Boost By Disabling Proximity and Ambient Light Sensor APIs
http://ift.tt/2tDXuYq
Submitted March 14, 2018 at 05:04AM by AstuteJudo
via reddit http://ift.tt/2FINazG
http://ift.tt/2tDXuYq
Submitted March 14, 2018 at 05:04AM by AstuteJudo
via reddit http://ift.tt/2FINazG
BleepingComputer
Firefox Gets Privacy Boost By Disabling Proximity and Ambient Light Sensor APIs
Stating with Firefox 60 —expected to be released in May 2018— websites won't be able to use Firefox to access data from sensors that provide proximity distances and ambient light information.
Network Segmentation Needs to Evolve
http://ift.tt/2EvrEOj
Submitted March 14, 2018 at 04:39AM by SecurityTrust
via reddit http://ift.tt/2FFKfYS
http://ift.tt/2EvrEOj
Submitted March 14, 2018 at 04:39AM by SecurityTrust
via reddit http://ift.tt/2FFKfYS
Vidder
Segmentation: Where to Begin?
A New Paper Suggests it’s Time to Think Differently about Segmentation.
Using FRIDA to bypass the Android 7+ Network Security Configuration feature
http://ift.tt/2FvcfSV
Submitted March 14, 2018 at 08:05AM by numberbuzy
via reddit http://ift.tt/2tKJ5tt
http://ift.tt/2FvcfSV
Submitted March 14, 2018 at 08:05AM by numberbuzy
via reddit http://ift.tt/2tKJ5tt
Sensepost
SensePost | Tip toeing past android 7’s network security configuration
Leaders in Information Security
5 Myths About Socks Proxies
http://ift.tt/2pczmqo
Submitted March 14, 2018 at 11:52AM by Lime_proxies
via reddit http://ift.tt/2IqY8LZ
http://ift.tt/2pczmqo
Submitted March 14, 2018 at 11:52AM by Lime_proxies
via reddit http://ift.tt/2IqY8LZ
Limeproxies
5 Myths About Socks Proxies
Most of us have heard about proxy recently because this technology is in the limelight due to the ongoing war between internet users and government, ISPs and even tech giants like Google and Apple. I say war because it literally is,
Five Important elements to keep in mind about Data Security
https://www.youtube.com/watch?v=3CPyJok77Oo&feature=youtu.be
Submitted March 14, 2018 at 11:30AM by grogerysolberg
via reddit http://ift.tt/2pczndW
https://www.youtube.com/watch?v=3CPyJok77Oo&feature=youtu.be
Submitted March 14, 2018 at 11:30AM by grogerysolberg
via reddit http://ift.tt/2pczndW
YouTube
Five Important Elements about Data Security
Data security is a major cause of concern for many retailers and their customers. Take note of this serious issue, NRF has advocated bringing in a solution t...
.files, including ~/.macos — sensible hacker defaults for macOS
http://ift.tt/HGOPAC
Submitted March 14, 2018 at 01:05PM by _0x7f_
via reddit http://ift.tt/2pat5MK
http://ift.tt/HGOPAC
Submitted March 14, 2018 at 01:05PM by _0x7f_
via reddit http://ift.tt/2pat5MK
GitHub
GitHub - mathiasbynens/dotfiles: .files, including ~/.macos — sensible hacker defaults for macOS
:wrench: .files, including ~/.macos — sensible hacker defaults for macOS - GitHub - mathiasbynens/dotfiles: .files, including ~/.macos — sensible hacker defaults for macOS
Find out the top elements to keep in mind to secure your data.
http://ift.tt/2IphbGF
Submitted March 14, 2018 at 01:47PM by grogerysolberg
via reddit http://ift.tt/2pcOO5S
http://ift.tt/2IphbGF
Submitted March 14, 2018 at 01:47PM by grogerysolberg
via reddit http://ift.tt/2pcOO5S
Amara
The easiest way to caption and translate any video, with crowdsourcing, volunteers, and professional services.
Free mobile security: Norton Mobile Security vs Avast Mobile Security
http://ift.tt/2GsmdSn
Submitted March 14, 2018 at 03:52PM by tomasstatkus
via reddit http://ift.tt/2Hx3XGx
http://ift.tt/2GsmdSn
Submitted March 14, 2018 at 03:52PM by tomasstatkus
via reddit http://ift.tt/2Hx3XGx
Reviewedbypro
Free mobile security: Norton Mobile Security vs Avast Mobile Security
As malware targeting Android devices still increases, a reliable mobile security application is essential. By using antivirus and security solution users can protect their device
Tutorial - How to deal with rootkit analysis step by step: laboratory setup, Windows kernel architecture and API, Windows protection, Windows 10 64 bits
http://ift.tt/2fHX6A7
Submitted March 14, 2018 at 04:45PM by TechLord2
via reddit http://ift.tt/2pauYc7
http://ift.tt/2fHX6A7
Submitted March 14, 2018 at 04:45PM by TechLord2
via reddit http://ift.tt/2pauYc7
How to Prevent Unauthorized Crypto Mining on Your Computer by Hijackers?
http://ift.tt/2Gs9Plc
Submitted March 14, 2018 at 04:54PM by gibber879
via reddit http://ift.tt/2DrMYmv
http://ift.tt/2Gs9Plc
Submitted March 14, 2018 at 04:54PM by gibber879
via reddit http://ift.tt/2DrMYmv
NextInDigital
How to Prevent Unauthorized Crypto Mining on Your Computer by Hijackers? - NextInDigital
How to Prevent Unauthorized Crypto Mining on Your Computer by Hijackers?Rate this post Is someone hijacking your computer to carry out crypto mining? How to track if such a thing is happening? How to prevent it? These are few of the important questions we…
Microsoft Releases More Spectre/Meltdown Patches
http://ift.tt/2FExTjz
Submitted March 14, 2018 at 05:15PM by CasperVPN
via reddit http://ift.tt/2tPYB7o
http://ift.tt/2FExTjz
Submitted March 14, 2018 at 05:15PM by CasperVPN
via reddit http://ift.tt/2tPYB7o
Infosecurity Magazine
Microsoft Releases More Spectre/Meltdown Patches
Microsoft Releases More Spectre/Meltdown Patches. Patch Tuesday covers over 70 vulnerabilities this month
CredSSP Vulnerability Affects RDP Authentication Provider on all Versions of Windows; Requires Additional Group Policy Settings to Fully Secure
http://ift.tt/2FSI1IF
Submitted March 14, 2018 at 06:35PM by Derbel__McDillet
via reddit http://ift.tt/2tNdwPD
http://ift.tt/2FSI1IF
Submitted March 14, 2018 at 06:35PM by Derbel__McDillet
via reddit http://ift.tt/2tNdwPD
How to, Technology and PC Security Forum | SensorsTechForum.com
CVE-2018-0886 Critical Flaw Affects All Windows Versions
CVE-2018-0886 critical flaw affects all versions of Windows and allows malicious hackers remote access to exploit RDP and WinRM.
API standards loading up the code base with vulnerabilities.
http://ift.tt/2y3cRXb
Submitted March 14, 2018 at 06:35PM by CasperVPN
via reddit http://ift.tt/2tNQ44H
http://ift.tt/2y3cRXb
Submitted March 14, 2018 at 06:35PM by CasperVPN
via reddit http://ift.tt/2tNQ44H
www.theregister.co.uk
Gotta have standards? Security boffins not API about bloated browsers
W3C, are you listening?
Security In 5: Episode 194 - The FBI Paid Geek Squad Employees To Be Informants
http://ift.tt/2FVXKHj
Submitted March 14, 2018 at 06:33PM by BinaryBlog
via reddit http://ift.tt/2tNcweh
http://ift.tt/2FVXKHj
Submitted March 14, 2018 at 06:33PM by BinaryBlog
via reddit http://ift.tt/2tNcweh
Libsyn
Security In Five Podcast: Episode 194 - The FBI Paid Geek Squad Employees To Be Informants
When your personal devices breakdown you may take them to a local repair shop. Giving them your computer and most likely full admin access to repair it. This also opens the door that those technicians could look at, copy, manipulate your personal. Now, what…
CVE-2018-0787: ASP.NET Core Elevation Of Privilege Vulnerability
http://ift.tt/2tOm34Y
Submitted March 14, 2018 at 06:49PM by _pdp_
via reddit http://ift.tt/2IlCGYR
http://ift.tt/2tOm34Y
Submitted March 14, 2018 at 06:49PM by _pdp_
via reddit http://ift.tt/2IlCGYR
GitHub
Microsoft Security Advisory CVE-2018-0787: ASP.NET Core Elevation Of Privilege Vulnerability · Issue #2954 · aspnet/Home
Microsoft Security Advisory CVE-2018-0787: ASP.NET Core Elevation Of Privilege Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerabi...
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerabi...
WhatsApp will not share user data with Facebook until it complies with GDPR, ICO closes investigation
http://ift.tt/2Dql2iQ
Submitted March 14, 2018 at 06:44PM by NetAbel
via reddit http://ift.tt/2FUVu2I
http://ift.tt/2Dql2iQ
Submitted March 14, 2018 at 06:44PM by NetAbel
via reddit http://ift.tt/2FUVu2I
TechCrunch
WhatsApp will not share user data with Facebook until it complies with GDPR, ICO closes investigation
An interesting development in Europe over how WhatsApp and Facebook will work together, which is also a victory of sorts for data protection and privacy advocates in the region. Today, the UK’…
The InfoSec Amnesty Q&A
http://ift.tt/2tpRQc5
Submitted March 14, 2018 at 08:04PM by speckz
via reddit http://ift.tt/2IqNzZI
http://ift.tt/2tpRQc5
Submitted March 14, 2018 at 08:04PM by speckz
via reddit http://ift.tt/2IqNzZI
tisiphone.net
The InfoSec Amnesty Q&A
Foreword (Lesley) One of the hardest things to accept in information security is that we as individuals will simply never know everything there is to know about the field, or all of its many niches…
New bill in Congress would hand your data to cops
http://ift.tt/2pdp4WQ
Submitted March 14, 2018 at 08:44PM by JPTIII
via reddit http://ift.tt/2Ipwqj5
http://ift.tt/2pdp4WQ
Submitted March 14, 2018 at 08:44PM by JPTIII
via reddit http://ift.tt/2Ipwqj5
Medium
New bill in Congress would hand your data to cops.
Some lawmakers are trying to sneak the CLOUD Act through by attaching it to a must-pass government funding bill.
VESvault end-to-end encryption APIs: Your friends can help you recover your lost encrypted items
https://ves.host
Submitted March 14, 2018 at 09:57PM by commercebyte
via reddit http://ift.tt/2tN9oPM
https://ves.host
Submitted March 14, 2018 at 09:57PM by commercebyte
via reddit http://ift.tt/2tN9oPM
reddit
VESvault end-to-end encryption APIs: Your friends can... • r/netsec
0 points and 0 comments so far on reddit
Where To Get Useful Information During Outbreaks
During a widespread attack or vulnerability (something like NotPetya, Meltdown/Spectre, etc.) when management is breathing down your neck to find out if you’ve been hit or if your network is vulnerable… what are the go-to resources, peer groups, or online communities that you jump to for watchlists, hashes, or IOCs?
Submitted March 14, 2018 at 10:09PM by Forgetful_Prophet
via reddit http://ift.tt/2FSHyX7
During a widespread attack or vulnerability (something like NotPetya, Meltdown/Spectre, etc.) when management is breathing down your neck to find out if you’ve been hit or if your network is vulnerable… what are the go-to resources, peer groups, or online communities that you jump to for watchlists, hashes, or IOCs?
Submitted March 14, 2018 at 10:09PM by Forgetful_Prophet
via reddit http://ift.tt/2FSHyX7
reddit
Where To Get Useful Information During Outbreaks • r/security
During a widespread attack or vulnerability (something like NotPetya, Meltdown/Spectre, etc.) when management is breathing down your neck to find...