Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
http://ift.tt/2IyvVDf
Submitted March 19, 2018 at 10:48PM by dabshitty
via reddit http://ift.tt/2HNcaXx
http://ift.tt/2IyvVDf
Submitted March 19, 2018 at 10:48PM by dabshitty
via reddit http://ift.tt/2HNcaXx
BleepingComputer
Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature.
Ending DNS Hijacking with DNSCrypt
http://ift.tt/2ICfvtI
Submitted March 19, 2018 at 11:05PM by nykzhang
via reddit http://ift.tt/2Gb2Ijc
http://ift.tt/2ICfvtI
Submitted March 19, 2018 at 11:05PM by nykzhang
via reddit http://ift.tt/2Gb2Ijc
Medium
Ending DNS Hijacking with DNSCrypt
I was at a Marriot hotel last week with my family and I noticed that they were doing DNS hijacking and redirecting all my DNS requests to…
The Complete Beginner Guide to Learn Ethical Hacking
http://ift.tt/2HMRtuq
Submitted March 20, 2018 at 12:13AM by basikthngs
via reddit http://ift.tt/2FUX1CO
http://ift.tt/2HMRtuq
Submitted March 20, 2018 at 12:13AM by basikthngs
via reddit http://ift.tt/2FUX1CO
Medium
The Complete Beginner Guide to Learn Ethical Hacking
If you want to learn ethical hacking so that you can hack computer systems like black hat hackers and secure them like security experts…
Writing an Exploit in Golang - From A to Z
https://www.youtube.com/watch?v=U2mpUQTWRhI
Submitted March 19, 2018 at 10:58PM by secdevops
via reddit http://ift.tt/2FPihxS
https://www.youtube.com/watch?v=U2mpUQTWRhI
Submitted March 19, 2018 at 10:58PM by secdevops
via reddit http://ift.tt/2FPihxS
So I got hacked, any advice?
Hey everyone,Got a text message saying my account might have been compromised on hotmail. Turns out someone from Vietnam got in, but had attempts from Japan and others as it showed in recent activity. Also some syncing happened within the past 3 days. I'm from England btw, they tried to log in using my Skype username which I haven't used in years but it's linked to my Microsoft, and they finally got in. Uhm, changed my password, enabled 2FA. Got an email saying my epic games account was locked because of attempts, haven't used that since roughly June 2017 when I was finishing off my games design course at college, just activated 2FA on that too. I ran malwarebytes Adaware and MBAM, turned up nothing on my computer or laptop. Anything else I can do? Could it be my iPhone that's hacked? IOS 11.2.5 I believe. Seems to be all linked to my main account. I have way too many things signed up on that account, as I've had it for like 13 years. Scared that someone may access or create accounts on like twitch or Instagram and so on, they can literally ruin me so badly of course. I have accounts like eBay, Amazon, Wish, PayPal, Playstation, and so much more with my main account.Thanks everyone :)
Submitted March 20, 2018 at 01:27AM by Jianni12
via reddit http://ift.tt/2poLIN2
Hey everyone,Got a text message saying my account might have been compromised on hotmail. Turns out someone from Vietnam got in, but had attempts from Japan and others as it showed in recent activity. Also some syncing happened within the past 3 days. I'm from England btw, they tried to log in using my Skype username which I haven't used in years but it's linked to my Microsoft, and they finally got in. Uhm, changed my password, enabled 2FA. Got an email saying my epic games account was locked because of attempts, haven't used that since roughly June 2017 when I was finishing off my games design course at college, just activated 2FA on that too. I ran malwarebytes Adaware and MBAM, turned up nothing on my computer or laptop. Anything else I can do? Could it be my iPhone that's hacked? IOS 11.2.5 I believe. Seems to be all linked to my main account. I have way too many things signed up on that account, as I've had it for like 13 years. Scared that someone may access or create accounts on like twitch or Instagram and so on, they can literally ruin me so badly of course. I have accounts like eBay, Amazon, Wish, PayPal, Playstation, and so much more with my main account.Thanks everyone :)
Submitted March 20, 2018 at 01:27AM by Jianni12
via reddit http://ift.tt/2poLIN2
reddit
So I got hacked, any advice? • r/security
Hey everyone, Got a text message saying my account might have been compromised on hotmail. Turns out someone from Vietnam got in, but had...
Ending DNS Hijacking with DNSCrypt
http://ift.tt/2ICfvtI
Submitted March 20, 2018 at 02:38AM by nykzhang
via reddit http://ift.tt/2GIHyXM
http://ift.tt/2ICfvtI
Submitted March 20, 2018 at 02:38AM by nykzhang
via reddit http://ift.tt/2GIHyXM
Medium
Ending DNS Hijacking with DNSCrypt
I was at a Marriot hotel last week with my family and I noticed that they were doing DNS hijacking and redirecting all my DNS requests to…
Dynamic analysis of iOS apps without Jailbreak
http://ift.tt/2DFtRFN
Submitted March 20, 2018 at 03:12AM by ninjazeroone
via reddit http://ift.tt/2FVr3qa
http://ift.tt/2DFtRFN
Submitted March 20, 2018 at 03:12AM by ninjazeroone
via reddit http://ift.tt/2FVr3qa
Medium
Dynamic analysis of iOS apps without Jailbreak
In the article I will share my experience in solving some of the problems I faced when analyzing the security of iOS applications. All the…
S3scanner v1.0.0 - Scan, list, and dump open S3 buckets
http://ift.tt/2kJdikH
Submitted March 20, 2018 at 02:59AM by GoGoGadgetSalmon
via reddit http://ift.tt/2ptSoZB
http://ift.tt/2kJdikH
Submitted March 20, 2018 at 02:59AM by GoGoGadgetSalmon
via reddit http://ift.tt/2ptSoZB
GitHub
sa7mon/S3Scanner
Scan for open AWS S3 buckets and dump the contents - sa7mon/S3Scanner
Great email from the laziest "hacker" ever
Got the following email today. It's a "ransom" demand from the laziest hacker ever, but it really cracks me up.Subject: this really is a thing which i definitely advise you to read carefullyGood day [my real name]. Perhaps you have read something information about the RAT trojan 41467? Great job, you have at this moment evolved into a happy owner of my own, personal edition of that virus. I have succeeded to locate numerous fascinating stuff on your computer and I've also been able to link to all ur devices, such as a cell phone. But they are all are little things as opposed to the next. I managed to force this virus to capture a mike, a web cam, as well as the image on the screen, you know I've made many exciting movies. I do believe a few video clips will be intriguing for you personally :DThe most interesting part is that my software saved is the moment you pay a visit to one of the pornographic internet sites. I havespent two hours of my time to combine 2 movies, one in which is a picture on the display and another picture of the actual web cam. It had been pretty humorous!So, lets get right to the point. I advise you pay 470 Dollars to this wallet:1M4HwFag6QPaRbX7QgP1jtR1WyZnh8HJseI solely utilize bitcoin. If you will have trouble paying outjust use any internet search engine.After obtaining the funds. We're going both equally ignore this unpleasant moment and remove all the info I have gathered from ur devices.You have two days. If I do not get my money, I will send all the info to the contact information I discovered on your equipment! Possibly I'll do it with ur accounts. It will be very funny if all your loved people get a video footage of this sort.I offer a little time because my wallets often get blocked and you need to deliver just before that. Indeed, you are not only individual getting an email of this sort, I've infected a 5440 individuals and a lot more than 1292 of which were with interesting stuff.You can call up authorities, think its worthless, the worst stuff they are able to perform is block my account. Therefore you should not do silly stuff.If perhaps I will not obtain my money for any reason, which includes the failure to deliver them to a locked wallet, ur status is going to be demolished. So make it fast!I take care of my very own anonymity and use the temporary email to deliver messages, additionally I am on the internet from my working laptopand i only with pirated Wi fi from numerous organizations besides i use TOR. Therefore, getting in touch with me and responding to to this letter doesn't make any sense.
Submitted March 20, 2018 at 04:58AM by marklein
via reddit http://ift.tt/2GJM34p
Got the following email today. It's a "ransom" demand from the laziest hacker ever, but it really cracks me up.Subject: this really is a thing which i definitely advise you to read carefullyGood day [my real name]. Perhaps you have read something information about the RAT trojan 41467? Great job, you have at this moment evolved into a happy owner of my own, personal edition of that virus. I have succeeded to locate numerous fascinating stuff on your computer and I've also been able to link to all ur devices, such as a cell phone. But they are all are little things as opposed to the next. I managed to force this virus to capture a mike, a web cam, as well as the image on the screen, you know I've made many exciting movies. I do believe a few video clips will be intriguing for you personally :DThe most interesting part is that my software saved is the moment you pay a visit to one of the pornographic internet sites. I havespent two hours of my time to combine 2 movies, one in which is a picture on the display and another picture of the actual web cam. It had been pretty humorous!So, lets get right to the point. I advise you pay 470 Dollars to this wallet:1M4HwFag6QPaRbX7QgP1jtR1WyZnh8HJseI solely utilize bitcoin. If you will have trouble paying outjust use any internet search engine.After obtaining the funds. We're going both equally ignore this unpleasant moment and remove all the info I have gathered from ur devices.You have two days. If I do not get my money, I will send all the info to the contact information I discovered on your equipment! Possibly I'll do it with ur accounts. It will be very funny if all your loved people get a video footage of this sort.I offer a little time because my wallets often get blocked and you need to deliver just before that. Indeed, you are not only individual getting an email of this sort, I've infected a 5440 individuals and a lot more than 1292 of which were with interesting stuff.You can call up authorities, think its worthless, the worst stuff they are able to perform is block my account. Therefore you should not do silly stuff.If perhaps I will not obtain my money for any reason, which includes the failure to deliver them to a locked wallet, ur status is going to be demolished. So make it fast!I take care of my very own anonymity and use the temporary email to deliver messages, additionally I am on the internet from my working laptopand i only with pirated Wi fi from numerous organizations besides i use TOR. Therefore, getting in touch with me and responding to to this letter doesn't make any sense.
Submitted March 20, 2018 at 04:58AM by marklein
via reddit http://ift.tt/2GJM34p
reddit
Great email from the laziest "hacker" ever • r/security
Got the following email today. It's a "ransom" demand from the laziest hacker ever, but it really cracks me up. >Subject: this really is a thing...
Cons to using Signal
Was having a discussion with a friend about using Signal and he claimed he stoped using it because he read something somewhere that using it makes you a target.I get the logic kind of, but I can’t find anything backing up that stance. Agree or disagree?
Submitted March 20, 2018 at 08:24AM by procdaddy
via reddit http://ift.tt/2FTlAzT
Was having a discussion with a friend about using Signal and he claimed he stoped using it because he read something somewhere that using it makes you a target.I get the logic kind of, but I can’t find anything backing up that stance. Agree or disagree?
Submitted March 20, 2018 at 08:24AM by procdaddy
via reddit http://ift.tt/2FTlAzT
reddit
Cons to using Signal • r/security
Was having a discussion with a friend about using Signal and he claimed he stoped using it because he read something somewhere that using it makes...
Request for OSWE Alternative or Similar Certification
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to attend Blackhat, to attend an on-premise course to achieve it. This is quite some money you have to throw at this if you are from somewhere else than the US.
Submitted March 20, 2018 at 01:17PM by droptableuserme
via reddit http://ift.tt/2FN3WSn
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to attend Blackhat, to attend an on-premise course to achieve it. This is quite some money you have to throw at this if you are from somewhere else than the US.
Submitted March 20, 2018 at 01:17PM by droptableuserme
via reddit http://ift.tt/2FN3WSn
reddit
Request for OSWE Alternative or Similar Certification • r/security
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to...
De-obfuscating Jump Chains with Binary Ninja
http://ift.tt/2pqH9kt
Submitted March 20, 2018 at 02:45PM by _cacao
via reddit http://ift.tt/2prusWC
http://ift.tt/2pqH9kt
Submitted March 20, 2018 at 02:45PM by _cacao
via reddit http://ift.tt/2prusWC
This is Security :: by Stormshield
De-obfuscating Jump Chains with Binary Ninja - This is Security :: by Stormshield
Malware authors uses extensive obfuscation techniques such as packing, junk code insertion, opaque predicates to harden malware analysis. Binary ninja has recently released a plugin to remove opaque predicates – that is, branch paths that are never taken.…
How not to store user passwords
http://ift.tt/2G9RTy3
Submitted March 20, 2018 at 02:57PM by pavs
via reddit http://ift.tt/2FWoyUq
http://ift.tt/2G9RTy3
Submitted March 20, 2018 at 02:57PM by pavs
via reddit http://ift.tt/2FWoyUq
Slashgeek
How not to store user passwords > Slashgeek
If you are running a Web App and you are storing user passwords, it is very easy to get things horribly wrong, it’s better to use third-party sign-in services like Facebook, Twitter or Google. In my experience, I have seen a lot of Web-Apps and Services going…
Facebook's head of security Alex Stamos 'leaving over fake news'
http://ift.tt/2prlkBo
Submitted March 20, 2018 at 03:19PM by Bastet1
via reddit http://ift.tt/2FXFWIB
http://ift.tt/2prlkBo
Submitted March 20, 2018 at 03:19PM by Bastet1
via reddit http://ift.tt/2FXFWIB
Mail Online
Facebook's head of security Alex Stamos 'leaving over fake news'
The social media company has already taken away Stamos' responsibilities to counter government-sponsored disinformation, the source said.
Hackers can attack older IoT devices and Home gadgets
http://ift.tt/2DGQ06G
Submitted March 20, 2018 at 03:40PM by anonywise
via reddit http://ift.tt/2ppjz8i
http://ift.tt/2DGQ06G
Submitted March 20, 2018 at 03:40PM by anonywise
via reddit http://ift.tt/2ppjz8i
Anonywise
Hackers can attack older IoT devices and Home gadgets! - Anonywise
In short: Older IoT devices and home gadgets can be the targets for hackers, as many such devices were compromised in recent past, that may even sound like creepy as the world is moving towards the Internet of Things. Hackers can leverage numerous such devices…
Using certutil through a MSSQL injection to exfiltrate command outputs
http://ift.tt/2tZPKAg
Submitted March 20, 2018 at 04:17PM by gid0rah
via reddit http://ift.tt/2GbQ9EF
http://ift.tt/2tZPKAg
Submitted March 20, 2018 at 04:17PM by gid0rah
via reddit http://ift.tt/2GbQ9EF
Tarlogic Security - Cyber Security and Ethical hacking
Red Team Tales 0x01: From MSSQL to RCE
Introduction
In a Red Team operation, a perimeter asset vulnerable to SQL Injection was identified. Through this vulnerability it was possible to execute commands on the server, requiring an unusual tactic to achieve the exfiltration of the output of the…
In a Red Team operation, a perimeter asset vulnerable to SQL Injection was identified. Through this vulnerability it was possible to execute commands on the server, requiring an unusual tactic to achieve the exfiltration of the output of the…
Free SSL cert search and analysis platform. Interesting stuff!
http://ift.tt/2FV0jpG
Submitted March 20, 2018 at 04:04PM by xrna
via reddit http://ift.tt/2G5GGOT
http://ift.tt/2FV0jpG
Submitted March 20, 2018 at 04:04PM by xrna
via reddit http://ift.tt/2G5GGOT
Cyber Sins Security Blog
Wow! CertDB is a free SSL certificate search engine and analysis platform
How many times have you stumbled on the SSL certificate, and the only things that you cared about were Common Name (CN), DNS Names, Dates (issue and expiry)? Do you know SSL certificate can speak so much about you/ your firm? It can tell stories and motives;…
Remote heap corruption in the Linux kernel: memory corruption in ncp_read_kernel()
http://ift.tt/2DHgCEx
Submitted March 20, 2018 at 03:53PM by horstenkoetter
via reddit http://ift.tt/2ppJhJR
http://ift.tt/2DHgCEx
Submitted March 20, 2018 at 03:53PM by horstenkoetter
via reddit http://ift.tt/2ppJhJR
Free SSL cert search and analysis platform. Interesting stuff!
http://ift.tt/2FV0jpG
Submitted March 20, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2G5v9zc
http://ift.tt/2FV0jpG
Submitted March 20, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2G5v9zc
Cyber Sins Security Blog
Wow! CertDB is a free SSL certificate search engine and analysis platform
How many times have you stumbled on the SSL certificate, and the only things that you cared about were Common Name (CN), DNS Names, Dates (issue and expiry)? Do you know SSL certificate can speak so much about you/ your firm? It can tell stories and motives;…
Could Defense in Depth concpet Work for IoT Security?
http://ift.tt/2pptr24
Submitted March 20, 2018 at 04:49PM by Iot_Security
via reddit http://ift.tt/2DGxqf2
http://ift.tt/2pptr24
Submitted March 20, 2018 at 04:49PM by Iot_Security
via reddit http://ift.tt/2DGxqf2
SecuriThings
Could “Defense in Depth” Work for IoT Security?
When the masses start to use industry terminology, things have clearly gone mainstream. IoT is now mainstream, and there is no turning back. But, is security ready to move ahead at the speed of [...]
Razer keyboard software
Just got a razer keyboard and am hesitant on installing the customisation software in fear of it being comprised and turned into a keylogger. As an attack vector this would make sense.Am I being rational or is all of the above completely insane ?
Submitted March 20, 2018 at 05:10PM by Nickh898
via reddit http://ift.tt/2FQHfNu
Just got a razer keyboard and am hesitant on installing the customisation software in fear of it being comprised and turned into a keylogger. As an attack vector this would make sense.Am I being rational or is all of the above completely insane ?
Submitted March 20, 2018 at 05:10PM by Nickh898
via reddit http://ift.tt/2FQHfNu
reddit
Razer keyboard software • r/security
Just got a razer keyboard and am hesitant on installing the customisation software in fear of it being comprised and turned into a keylogger. As...