WhatsApp sharing user data with Facebook would be illegal, rules ICO | Technology
http://ift.tt/2DrtvTc
Submitted March 16, 2018 at 04:41PM by wlscr
via reddit http://ift.tt/2GzsKKW
http://ift.tt/2DrtvTc
Submitted March 16, 2018 at 04:41PM by wlscr
via reddit http://ift.tt/2GzsKKW
the Guardian
WhatsApp sharing user data with Facebook would be illegal, rules ICO
Data protection watchdog forces firm to sign an undertaking declaring it will not share user data with parent company before GDPR
[question] Changing DNS on android Mobile Data via terminal
Hey guys, i hope its ok to ask questions in this sub.so after changing the dns settings in my network i realized that i still have a dns "problem" on my phone which i try to get rid of.my phone is rooted with android o and usually uses the dns from vodafone germany (139.7.30.126)right now i try to change it to the dns server from the CCC and Digitalcourageso i did the following:
Submitted March 16, 2018 at 05:23PM by FuyuhikoDate
via reddit http://ift.tt/2pjqakE
Hey guys, i hope its ok to ask questions in this sub.so after changing the dns settings in my network i realized that i still have a dns "problem" on my phone which i try to get rid of.my phone is rooted with android o and usually uses the dns from vodafone germany (139.7.30.126)right now i try to change it to the dns server from the CCC and Digitalcourageso i did the following:
su setprop net.dns1 85.214.20.141 setprop net.dns2 213.73.91.35 setprop persist.radio.dns.sub0 213.73.91.35checked everything with
getprop | grep dnsand in theory it should work. so i went to whatsmydnsserver.com and it still says 195.50.140.133 (Vodafone) i thought i need a reboot, but that will reset my "new" dns settings.question is now, how set i do them persistent and what did i do wrong that i am still using the vodafone dns?
Submitted March 16, 2018 at 05:23PM by FuyuhikoDate
via reddit http://ift.tt/2pjqakE
reddit
[question] Changing DNS on android Mobile Data via... • r/security
Hey guys, i hope its ok to ask questions in this sub. so after changing the dns settings in my network i realized that i still have a dns...
Security In 5: Episode 196 - Tools, Tips and Tricks - OWASP Zap
http://ift.tt/2G1CaRq
Submitted March 16, 2018 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2tPptnY
http://ift.tt/2G1CaRq
Submitted March 16, 2018 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2tPptnY
Libsyn
Security In Five Podcast: Episode 196 - Tools, Tips and Tricks - OWASP Zap
This week's tools, tips and ticks talk about OWASP Zap. The security testing proxy for your web application testing needs. Whether you are a developer or host an application you have a use for OWASP Zap. OWASP Zap - https://www.owasp.org/index.php/OWASP…
Is Avast Free decent?
Hello, I have Avast free (Hardened mode, max settings) + Hitman Pro + Malwarebytes Free, I have UAC max and I use a standard user account, it is also local. Hitman Pro has expired but I still use it to see if I am infected, if so I will buy it. My real question is, is Avast a good free antivirus? Is it better than Windows Defender? Is there a better free alternative out there? Is my setup good?Thank you.
Submitted March 16, 2018 at 05:55PM by RevolutionarySerpent
via reddit http://ift.tt/2GxH06X
Hello, I have Avast free (Hardened mode, max settings) + Hitman Pro + Malwarebytes Free, I have UAC max and I use a standard user account, it is also local. Hitman Pro has expired but I still use it to see if I am infected, if so I will buy it. My real question is, is Avast a good free antivirus? Is it better than Windows Defender? Is there a better free alternative out there? Is my setup good?Thank you.
Submitted March 16, 2018 at 05:55PM by RevolutionarySerpent
via reddit http://ift.tt/2GxH06X
reddit
Is Avast Free decent? • r/security
Hello, I have Avast free (Hardened mode, max settings) + Hitman Pro + Malwarebytes Free, I have UAC max and I use a standard user account, it is...
CVE-2017-13253: Buffer overflow in multiple Android DRM services
http://ift.tt/2IucKdK
Submitted March 16, 2018 at 06:46PM by Cokegod
via reddit http://ift.tt/2FYciWz
http://ift.tt/2IucKdK
Submitted March 16, 2018 at 06:46PM by Cokegod
via reddit http://ift.tt/2FYciWz
Zimperium Mobile Security Blog
CVE-2017-13253: Buffer overflow in multiple Android DRM services - Zimperium Mobile Security Blog
Follow @tamir_zb As part of our platform research in Zimperium zLabs, we recently disclosed a buffer overflow vulnerability affecting multiple Android DRM services to Google. Google classified it as high-severity, designated it as CVE-2017-13253 and have…
Sofacy Targets Government Agency with New Spear-Phishing Campaign
http://ift.tt/2Iu6JgZ
Submitted March 16, 2018 at 06:50PM by CasperVPN
via reddit http://ift.tt/2G22zyK
http://ift.tt/2Iu6JgZ
Submitted March 16, 2018 at 06:50PM by CasperVPN
via reddit http://ift.tt/2G22zyK
Infosecurity Magazine
Sofacy Targets Government Agency with New Spear-Phishing Campaign
Espionage group with ties to Russia targets European government organization
Stealthy Dopant-Level Hardware Trojans
http://ift.tt/2phXkAE
Submitted March 16, 2018 at 07:33PM by al-maisan
via reddit http://ift.tt/2HDnKEi
http://ift.tt/2phXkAE
Submitted March 16, 2018 at 07:33PM by al-maisan
via reddit http://ift.tt/2HDnKEi
Brute forcing short URLs and targeting organisations to find highly confidential information
http://ift.tt/2tM6Xg8
Submitted March 16, 2018 at 07:23PM by eth0izzle
via reddit http://ift.tt/2Dyl2NW
http://ift.tt/2tM6Xg8
Submitted March 16, 2018 at 07:23PM by eth0izzle
via reddit http://ift.tt/2Dyl2NW
reddit
Brute forcing short URLs and targeting organisations to... • r/netsec
4 points and 0 comments so far on reddit
‘We Got to Be Cool About This‘: An Oral History of the L0pht, Part 1
http://ift.tt/2FuV0jy
Submitted March 16, 2018 at 08:27PM by YogiBerra88888
via reddit http://ift.tt/2phmFeM
http://ift.tt/2FuV0jy
Submitted March 16, 2018 at 08:27PM by YogiBerra88888
via reddit http://ift.tt/2phmFeM
Decipher
‘We Got to Be Cool About This‘: An Oral History of the L0pht, Part 1
Born from the Boston BBS scene of the 1980s, the L0pht emerged in the 1990s as one of the more influential hacker groups ever and helped spawn the security industry as we know it today.
To install or not to install
I am having an inner debate whether to install an app (Touch protector - https://play.google.com/store/apps/details?id=biz.obake.team.touchprotector) which would let me "do things while screen is off". This means e.g. playing youtube or video (just for its audio part) with a black screen and auto-blackening my screen when I put my phone into my pocket.The app needs 'no permissions', this means that it only has run at startup, control vibration and use fingerprinting device under all permissions. To use all the features, it is also needed to enable it as an accessibility service (permissions: it can observe what you type and monitor your actions). The app is from GPlay and has good (4.4) reviews. Some people asked about permissions and personal data handling and developers (from Japan) answered that no data theft is going on (of course) and accessibility is needed to block keys like 'Recent' etc.I would like to ask for your opinion, guys.
Submitted March 16, 2018 at 08:25PM by w00ck
via reddit http://ift.tt/2GyYlMK
I am having an inner debate whether to install an app (Touch protector - https://play.google.com/store/apps/details?id=biz.obake.team.touchprotector) which would let me "do things while screen is off". This means e.g. playing youtube or video (just for its audio part) with a black screen and auto-blackening my screen when I put my phone into my pocket.The app needs 'no permissions', this means that it only has run at startup, control vibration and use fingerprinting device under all permissions. To use all the features, it is also needed to enable it as an accessibility service (permissions: it can observe what you type and monitor your actions). The app is from GPlay and has good (4.4) reviews. Some people asked about permissions and personal data handling and developers (from Japan) answered that no data theft is going on (of course) and accessibility is needed to block keys like 'Recent' etc.I would like to ask for your opinion, guys.
Submitted March 16, 2018 at 08:25PM by w00ck
via reddit http://ift.tt/2GyYlMK
Who Is Afraid of More Spams and Scams?
http://ift.tt/2pjFWMo
Submitted March 16, 2018 at 08:21PM by volci
via reddit http://ift.tt/2FZr7rS
http://ift.tt/2pjFWMo
Submitted March 16, 2018 at 08:21PM by volci
via reddit http://ift.tt/2FZr7rS
reddit
Who Is Afraid of More Spams and Scams? • r/security
3 points and 0 comments so far on reddit
The Chrome extension that knows its you by the way you type
http://ift.tt/2FZWuTu
Submitted March 16, 2018 at 08:19PM by volci
via reddit http://ift.tt/2tUw8gM
http://ift.tt/2FZWuTu
Submitted March 16, 2018 at 08:19PM by volci
via reddit http://ift.tt/2tUw8gM
Naked Security
The Chrome extension that knows its you by the way you type
Using multi-factor authentication is more secure than relying on passwords alone – but could your typing make it even better?
Demystifying HTTPS
http://ift.tt/2FKLV33
Submitted March 16, 2018 at 09:13PM by starwindsoftware
via reddit http://ift.tt/2HDARW1
http://ift.tt/2FKLV33
Submitted March 16, 2018 at 09:13PM by starwindsoftware
via reddit http://ift.tt/2HDARW1
Starwindsoftware
Demystifying HTTPS | StarWind Blog
If you’re not using HTTPS now you really need to consider moving to it. HTTPS (unlike HTTP) guarantees that the data that was received is the data that was sent
RIP Adrian Lamo ...
His brother just posted on facebook he's passed.
Submitted March 16, 2018 at 09:05PM by caffeinedrinker
via reddit http://ift.tt/2HFmDUI
His brother just posted on facebook he's passed.
Submitted March 16, 2018 at 09:05PM by caffeinedrinker
via reddit http://ift.tt/2HFmDUI
reddit
RIP Adrian Lamo ... • r/security
His brother just posted on facebook he's passed.
Hacker Adrian Lamo dies at 37
http://ift.tt/2IvPuMz
Submitted March 16, 2018 at 10:46PM by hacktvist
via reddit http://ift.tt/2pkqcIj
http://ift.tt/2IvPuMz
Submitted March 16, 2018 at 10:46PM by hacktvist
via reddit http://ift.tt/2pkqcIj
ZDNet
Hacker Adrian Lamo dies at 37
The circumstances of Lamo's death are not yet known.
How much to charge for this job
A little backstory, a family friend owns a small business and just got hit from one of their customers with a security audit. The customer will cease any business going forward until they comply with all the findings of the auditor.My job will be to respond to the auditor with all fixes. Current security policies that are non existent:Access Control Policy,
Business Continuity Plan,Asset Management Policy,HR Security Policy,Network Security Policy,Encryption Policy,Antivirus Policy,Physical security policy,Risk management Policy,Change Management Policy/Procedures,and Data classification schemes (similar to asset management).
This seems like a lot of work but mainly it will consist of finding templates for all these policies on nist.com or something similar and then personalizing it for the company.A little background on me, I've been working in IT for 10 years or so and have 2 degrees in network administration and cyber-security so this is definitely in my wheel house. I've done similar exercises in school but this would be my first time doing it for a clientWhat is the going rate for consultant work in this regard? Do i charge per hour? Per endpoint? Per policy?I would think work of this nature would be around 70-120$/ hour?Located in California.Thank you ♥edit: formatting
Submitted March 16, 2018 at 11:11PM by pres3rvation
via reddit http://ift.tt/2HEj6G3
A little backstory, a family friend owns a small business and just got hit from one of their customers with a security audit. The customer will cease any business going forward until they comply with all the findings of the auditor.My job will be to respond to the auditor with all fixes. Current security policies that are non existent:Access Control Policy,
Business Continuity Plan,Asset Management Policy,HR Security Policy,Network Security Policy,Encryption Policy,Antivirus Policy,Physical security policy,Risk management Policy,Change Management Policy/Procedures,and Data classification schemes (similar to asset management).
This seems like a lot of work but mainly it will consist of finding templates for all these policies on nist.com or something similar and then personalizing it for the company.A little background on me, I've been working in IT for 10 years or so and have 2 degrees in network administration and cyber-security so this is definitely in my wheel house. I've done similar exercises in school but this would be my first time doing it for a clientWhat is the going rate for consultant work in this regard? Do i charge per hour? Per endpoint? Per policy?I would think work of this nature would be around 70-120$/ hour?Located in California.Thank you ♥edit: formatting
Submitted March 16, 2018 at 11:11PM by pres3rvation
via reddit http://ift.tt/2HEj6G3
reddit
How much to charge for this job • r/security
A little backstory, a family friend owns a small business and just got hit from one of their customers with a security audit. The customer will...
Top 5 ways I gained access to Your Corporate Wireless Network (Lo0tBo0ty KARMA edition)
http://ift.tt/2HGp5do
Submitted March 16, 2018 at 11:25PM by wootock
via reddit http://ift.tt/2pjj0wa
http://ift.tt/2HGp5do
Submitted March 16, 2018 at 11:25PM by wootock
via reddit http://ift.tt/2pjj0wa
Medium
Top Five Ways I gained access to Your Corporate Wireless Network (Lo0tBo0ty KARMA edition)
While performing penetration and red team services , I have always enjoyed the challenge of gaining access to a well fortified wireless…
GrayKey iPhone unlocker poses serious security concerns
http://ift.tt/2HyLklO
Submitted March 16, 2018 at 11:20PM by zexterio
via reddit http://ift.tt/2IvcwDb
http://ift.tt/2HyLklO
Submitted March 16, 2018 at 11:20PM by zexterio
via reddit http://ift.tt/2IvcwDb
Malwarebytes Labs
GrayKey iPhone unlocker poses serious security concerns - Malwarebytes Labs
GrayKey, an iPhone unlocker, is secretly being marketed to law enforcement. Thanks to an anonymous source, we now know how the device works—and the danger it presents to security.
Week 11 in Information Security, 2018
http://ift.tt/2DwDmqQ
Submitted March 17, 2018 at 12:19AM by undercomm
via reddit http://ift.tt/2pj4qFT
http://ift.tt/2DwDmqQ
Submitted March 17, 2018 at 12:19AM by undercomm
via reddit http://ift.tt/2pj4qFT
Malgregator
InfoSec Week 11, 2018
A cyberattack on a Saudi Arabian petrochemical company was probably planed with the physical explosion in mind. They have attributed...
IoT security warning: Cyber-attacks on medical devices could put patients at risk
http://ift.tt/2Du1FW8
Submitted March 17, 2018 at 12:06AM by EvanConover
via reddit http://ift.tt/2GBCOTu
http://ift.tt/2Du1FW8
Submitted March 17, 2018 at 12:06AM by EvanConover
via reddit http://ift.tt/2GBCOTu
ZDNet
IoT security warning: Cyber-attacks on medical devices could put patients at risk
More collaboration is needed in order to ensure internet-connected medical devices can't cause harm to patients, says research.
This alert from DHS/FBI on Russian intrusions into U.S. power companies is a good read if you are interested in how these kind of hacks are pulled off.
http://ift.tt/2hUJUXw
Submitted March 16, 2018 at 07:23AM by IUsedToBeACave
via reddit http://ift.tt/2IxTig7
http://ift.tt/2hUJUXw
Submitted March 16, 2018 at 07:23AM by IUsedToBeACave
via reddit http://ift.tt/2IxTig7
www.us-cert.gov
Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors
Since at least May 2017, threat actors have targeted government entities and the energy, water, aviation, nuclear, and critical manufacturing sectors, and, in some cases, have leveraged their capabilities to compromise victims’ networks. Historically, cyber…