A Method for Web Security Policies
http://ift.tt/2xoV3tA
Submitted September 11, 2017 at 07:00PM by benichmt1
via reddit http://ift.tt/2ePSyVY
http://ift.tt/2xoV3tA
Submitted September 11, 2017 at 07:00PM by benichmt1
via reddit http://ift.tt/2ePSyVY
datatracker.ietf.org
draft-foudil-securitytxt-00 - A Method for Web Security Policies
A Method for Web Security Policies (Internet-Draft, 2017)
BSidesCHS 2016: "Shellcoding basics" - Max Harley
http://ift.tt/2eZYuQ7
Submitted September 11, 2017 at 07:33PM by iamhabibone
via reddit http://ift.tt/2wSnfoj
http://ift.tt/2eZYuQ7
Submitted September 11, 2017 at 07:33PM by iamhabibone
via reddit http://ift.tt/2wSnfoj
IAMHABIB.NET
[Video] BSidesCHS 2016: "Shellcoding basics" - Max Harley - IAMHABIB.NET
IAMHABIB.NET is the videos tube site on Hacking, Security, Reverse Engineering and Social Engineeering
How can decentralised storage models prevent massive data breaches?
http://ift.tt/2jizHrO
Submitted September 11, 2017 at 09:16PM by milly1993
via reddit http://ift.tt/2fd3TjJ
http://ift.tt/2jizHrO
Submitted September 11, 2017 at 09:16PM by milly1993
via reddit http://ift.tt/2fd3TjJ
Medium
How can decentralised storage models prevent massive data breaches?
Is India’s biometric database a massive achievement or a dystopian nightmare? Can blockchain technology transform the security industry?
Triaging Java JAR Malware
http://ift.tt/2jiRBKX
Submitted September 11, 2017 at 10:40PM by majorllama
via reddit http://ift.tt/2gY9MRX
http://ift.tt/2jiRBKX
Submitted September 11, 2017 at 10:40PM by majorllama
via reddit http://ift.tt/2gY9MRX
Ringzerolabs
Triaging Java JAR Files
Today we show how to quickly triage Java JAR files with a free and straightforward Java decompiler.
Improve Your Security Online —The Essential Data Protection Guide
http://ift.tt/2w0YE0V
Submitted September 11, 2017 at 09:56PM by Krikrikris
via reddit http://ift.tt/2wSbOgb
http://ift.tt/2w0YE0V
Submitted September 11, 2017 at 09:56PM by Krikrikris
via reddit http://ift.tt/2wSbOgb
StopAd Blog
Improve Your Security Online —The Essential Data Protection Guide
Data protection are increasingly important in tech-savvy world. Learn the latest essentials of online security with valuable data protection tools and tips.
Chrome's Plan to Distrust Symantec Certificates
http://ift.tt/2eQ2xKQ
Submitted September 12, 2017 at 04:15AM by grepnork
via reddit http://ift.tt/2gZPPtQ
http://ift.tt/2eQ2xKQ
Submitted September 12, 2017 at 04:15AM by grepnork
via reddit http://ift.tt/2gZPPtQ
Google Online Security Blog
Chrome’s Plan to Distrust Symantec Certificates
Posted by Devon O’Brien, Ryan Sleevi, Andrew Whalley, Chrome Security This post is a broader announcement of plans already finalized on t...
Windows Event Forwarding for Network Defense – Palantir – Medium
http://ift.tt/2jkKIcj
Submitted September 12, 2017 at 04:14AM by jeffmcjunkin
via reddit http://ift.tt/2w2nY6P
http://ift.tt/2jkKIcj
Submitted September 12, 2017 at 04:14AM by jeffmcjunkin
via reddit http://ift.tt/2w2nY6P
Medium
Windows Event Forwarding for Network Defense
Incident detection and response across thousands of hosts requires a deep understanding of actions and behavior across users, applications…
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device
http://ift.tt/2jjIolw
Submitted September 12, 2017 at 08:04PM by RandomFlotsam
via reddit http://ift.tt/2w51VMz
http://ift.tt/2jjIolw
Submitted September 12, 2017 at 08:04PM by RandomFlotsam
via reddit http://ift.tt/2w51VMz
armis
Blueborne • armis
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device General Overview Affected Devices Technical Overview General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android…
The CERT Guide to Coordinated Vulnerability Disclosure
http://ift.tt/2wcbKr3
Submitted September 12, 2017 at 07:15PM by ascaroth
via reddit http://ift.tt/2h2cTIC
http://ift.tt/2wcbKr3
Submitted September 12, 2017 at 07:15PM by ascaroth
via reddit http://ift.tt/2h2cTIC
insights.sei.cmu.edu
The CERT Guide to Coordinated Vulnerability Disclosure
We are happy to announce the release of the CERT® Guide to Coordinated Vulnerability Disclosure (CVD). The guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful CVD process. It also provides insights…
Reverse Engineering the OBi200 Google Voice Appliance: Part 2
http://ift.tt/2h1Vi3e
Submitted September 12, 2017 at 07:13PM by rwestergren
via reddit http://ift.tt/2xuSdU5
http://ift.tt/2h1Vi3e
Submitted September 12, 2017 at 07:13PM by rwestergren
via reddit http://ift.tt/2xuSdU5
Randy Westergren
Reverse Engineering the OBi200 Google Voice Appliance: Part 2 - Randy Westergren
In part 1 of this post, I wrote about analyzing the firmware of the OBi200 and getting a root shell leveraging an existing RCE vuln. In this post, I’ll cover the process of identifying the serial port pins and connecting them to get console access to the…
BlueBorne technical paper [PDF]
http://ift.tt/2xihmRb
Submitted September 12, 2017 at 08:57PM by imr2017
via reddit http://ift.tt/2xXA9y9
http://ift.tt/2xihmRb
Submitted September 12, 2017 at 08:57PM by imr2017
via reddit http://ift.tt/2xXA9y9
Don't Delay: Replace Symantec TLS/SSL Certs Now | HIPAA
http://ift.tt/2wUPnHs
Submitted September 12, 2017 at 10:03PM by weev1
via reddit http://ift.tt/2fghzKw
http://ift.tt/2wUPnHs
Submitted September 12, 2017 at 10:03PM by weev1
via reddit http://ift.tt/2fghzKw
Healthcareinfosecurity
Don't Delay: Replace Symantec TLS/SSL Certs Now
A major operation to cleanse websites of digital certificates created under questionable circumstances is underway. Google has issued the orders: Purge digital
WannaCry, Petya and All That Is Wrong With the Cyber Security Ecosystem
http://ift.tt/2wmLXsG
Submitted September 12, 2017 at 10:13PM by weev1
via reddit http://ift.tt/2wYOpsV
http://ift.tt/2wmLXsG
Submitted September 12, 2017 at 10:13PM by weev1
via reddit http://ift.tt/2wYOpsV
Cyberint
WannaCry, Petya and All That Is Wrong With the Cyber Security Ecosystem
WannaCry and Petya, both of these attacks could have been avoided. Find out what is wrong with the cyber security ecosystem.
Today Apple forgot to talk about iOS security from the last couple years
http://ift.tt/2y3BBjm
Submitted September 13, 2017 at 01:05AM by eeeeeekssss
via reddit http://ift.tt/2w5bn2F
http://ift.tt/2y3BBjm
Submitted September 13, 2017 at 01:05AM by eeeeeekssss
via reddit http://ift.tt/2w5bn2F
TechRepublic
iOS security alert: Your device is transmitting Exchange credentials without any encryption
Every iOS device that connects to an Exchange server is vulnerable--your credentials may have already been harvested.
Are GNU/Linux systems no longer secure?
I have been reading Top secret files in Wikileaks about agencies and corporations intended to break into security systems, crack encryption systems, and hack into computers. So far I've found information where companies offer services and software to governments, where they claimed this tools can bypass GNU/Linux systems like Debian.They promote methods to bypass Log in passwords in Debian, without the need of changing the target's password. Personally I have a strong passphrase for Debian and LVM encryption, however, I wonder if they can crack a Debian log in screen even if the target has a strong passphrase.Moreover it also concerns me if our beautiful free open software is now compromised for big agencies or is being weakened for corporations like The Hacking Team, FinFisher, GammaGroup. How safe to use does GNU/Linux still?
Submitted September 13, 2017 at 01:22AM by fifth_wheel_5
via reddit http://ift.tt/2wYEnWX
I have been reading Top secret files in Wikileaks about agencies and corporations intended to break into security systems, crack encryption systems, and hack into computers. So far I've found information where companies offer services and software to governments, where they claimed this tools can bypass GNU/Linux systems like Debian.They promote methods to bypass Log in passwords in Debian, without the need of changing the target's password. Personally I have a strong passphrase for Debian and LVM encryption, however, I wonder if they can crack a Debian log in screen even if the target has a strong passphrase.Moreover it also concerns me if our beautiful free open software is now compromised for big agencies or is being weakened for corporations like The Hacking Team, FinFisher, GammaGroup. How safe to use does GNU/Linux still?
Submitted September 13, 2017 at 01:22AM by fifth_wheel_5
via reddit http://ift.tt/2wYEnWX
reddit
Are GNU/Linux systems no longer secure? • r/security
I have been reading Top secret files in Wikileaks about agencies and corporations intended to break into security systems, crack encryption...
TIPS For Noob Linux Server User
SO i just get it now, i want some tips for dont get fucked or hacked the server. Also for dont get it inside a botnet or for spread malware.Any good tips?
Submitted September 13, 2017 at 01:58AM by -PrivacyRight-
via reddit http://ift.tt/2xw0vLr
SO i just get it now, i want some tips for dont get fucked or hacked the server. Also for dont get it inside a botnet or for spread malware.Any good tips?
Submitted September 13, 2017 at 01:58AM by -PrivacyRight-
via reddit http://ift.tt/2xw0vLr
reddit
TIPS For Noob Linux Server User • r/security
SO i just get it now, i want some tips for dont get fucked or hacked the server. Also for dont get it inside a botnet or for spread malware. Any...
Asterisk RTPbleed vulnerability
http://ift.tt/2wvYrBq
Submitted September 13, 2017 at 02:05AM by agDane
via reddit http://ift.tt/2jmVNJx
http://ift.tt/2wvYrBq
Submitted September 13, 2017 at 02:05AM by agDane
via reddit http://ift.tt/2jmVNJx
GitHub
EnableSecurity/advisories
Security advisories published by Enable Security
Equifax Breach: How To Use 143 Million Stolen Identities
http://ift.tt/2wZgSP5
Submitted September 13, 2017 at 01:57AM by heyitsmikeyv
via reddit http://ift.tt/2f43wec
http://ift.tt/2wZgSP5
Submitted September 13, 2017 at 01:57AM by heyitsmikeyv
via reddit http://ift.tt/2f43wec
Michael Veenstra
Equifax Breach: How To Use 143 Million Stolen Identities
You've heard about the Equifax breach. You probably assume your data is involved. Let's talk about what the attackers are going to do with it.
How to encrypt my hard drive?
http://ift.tt/2xvIBZc
Submitted September 13, 2017 at 02:33AM by the_dark_magic
via reddit http://ift.tt/2fgP27O
http://ift.tt/2xvIBZc
Submitted September 13, 2017 at 02:33AM by the_dark_magic
via reddit http://ift.tt/2fgP27O
Stackexchange
Hard drive encryption
I would like to encrypt the partitions on my hard drive. They're partioned and mounted as follows:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 494,4G 0 disk
├─sda1 8:1 0 ...
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 494,4G 0 disk
├─sda1 8:1 0 ...
Since Apple Face ID processes the data locally, are there other ways law enforcement/hackers can obtain facial data from an iPhone?
Apple made a point today to say that the processing for Face ID is done on the phone itself and never sent to an Apple server. This got me thinking on other ways our facial information data can get into the wrong hands.Is it possible to obtain this data through other apps? If I give an app like Facebook/Snapchat access to my camera, my face is stored on their servers so wouldn't it be easy to obtain my facial information and hack into my phone?
Submitted September 13, 2017 at 03:16AM by Sucker_for_horns
via reddit http://ift.tt/2jl27Bo
Apple made a point today to say that the processing for Face ID is done on the phone itself and never sent to an Apple server. This got me thinking on other ways our facial information data can get into the wrong hands.Is it possible to obtain this data through other apps? If I give an app like Facebook/Snapchat access to my camera, my face is stored on their servers so wouldn't it be easy to obtain my facial information and hack into my phone?
Submitted September 13, 2017 at 03:16AM by Sucker_for_horns
via reddit http://ift.tt/2jl27Bo
reddit
Since Apple Face ID processes the data locally, are... • r/security
Apple made a point today to say that the processing for Face ID is done on the phone itself and never sent to an Apple server. This got me...