Week 15 in Information Security, 2018
https://ift.tt/2qtf10F
Submitted April 12, 2018 at 09:57PM by undercomm
via reddit https://ift.tt/2IR609h
https://ift.tt/2qtf10F
Submitted April 12, 2018 at 09:57PM by undercomm
via reddit https://ift.tt/2IR609h
Malgregator
InfoSec Week 15, 2018
The U.S. Secret Service is warning about a new scam scheme where the crooks are intercepting new debit cards in the mail and replace the...
My Brief Career as a Facebook Bug Bounty Hunter | Issues with white hat programs
https://ift.tt/2JFb1mz
Submitted April 12, 2018 at 10:36PM by nkrva
via reddit https://ift.tt/2qpM32q
https://ift.tt/2JFb1mz
Submitted April 12, 2018 at 10:36PM by nkrva
via reddit https://ift.tt/2qpM32q
The Tyee
My Brief Career as a Facebook Bug Bounty Hunter | The Tyee
You, too, can poke holes in the social media giant's platform while giving up yet even more of your personal information.
XSS via unsanitized markdown output in pastebin.com
https://ift.tt/2HvNlAb
Submitted April 12, 2018 at 11:11PM by Nhoya
via reddit https://ift.tt/2GSvIJW
https://ift.tt/2HvNlAb
Submitted April 12, 2018 at 11:11PM by Nhoya
via reddit https://ift.tt/2GSvIJW
GitHub
Nhoya/PastebinMarkdownXSS
PastebinMarkdownXSS - pastebin.com XSS via unsanitized markdown function
Cops Around the Country Can Now Unlock iPhones
https://ift.tt/2EGJVrl
Submitted April 13, 2018 at 01:11AM by StevenTheBirdSeagull
via reddit https://ift.tt/2GSaFeh
https://ift.tt/2EGJVrl
Submitted April 13, 2018 at 01:11AM by StevenTheBirdSeagull
via reddit https://ift.tt/2GSaFeh
Motherboard
Cops Around the Country Can Now Unlock iPhones, Records Show
A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.
Isolate containers in Google cloud
Have multiple Kubernetes pods (docker containers) where each should have different network access rights - some may access some resources while other can't. To my understanding, I can't place them in different VPCs/subnets (k8s limit), which another mechanism can I use to restrict specific containers/pods access to network resources? For example, what if I wish to restrict a single pod from approaching the DB IP address
Submitted April 13, 2018 at 12:54AM by yonatannn
via reddit https://ift.tt/2GWYH39
Have multiple Kubernetes pods (docker containers) where each should have different network access rights - some may access some resources while other can't. To my understanding, I can't place them in different VPCs/subnets (k8s limit), which another mechanism can I use to restrict specific containers/pods access to network resources? For example, what if I wish to restrict a single pod from approaching the DB IP address
Submitted April 13, 2018 at 12:54AM by yonatannn
via reddit https://ift.tt/2GWYH39
reddit
Isolate containers in Google cloud • r/security
Have multiple Kubernetes pods (docker containers) where each should have different network access rights - some may access some resources while...
XSS in pastebin.com via unsanitized markdown output
https://ift.tt/2HvNlAb
Submitted April 12, 2018 at 11:29PM by Nhoya
via reddit https://ift.tt/2EHtfA1
https://ift.tt/2HvNlAb
Submitted April 12, 2018 at 11:29PM by Nhoya
via reddit https://ift.tt/2EHtfA1
GitHub
Nhoya/PastebinMarkdownXSS
PastebinMarkdownXSS - pastebin.com XSS via unsanitized markdown function
Abusing Linux's firewall: the hack that allowed us to build Spectrum
https://ift.tt/2HujVT2
Submitted April 13, 2018 at 01:25AM by rmddos
via reddit https://ift.tt/2Huemnx
https://ift.tt/2HujVT2
Submitted April 13, 2018 at 01:25AM by rmddos
via reddit https://ift.tt/2Huemnx
Cloudflare Blog
Abusing Linux's firewall: the hack that allowed us to build Spectrum
Introducing Spectrum: a new Cloudflare feature that brings DDoS protection, load balancing, and content acceleration to any TCP-based protocol.Today we are releasing Spectrum.
HITB2018AMS: Smashing smart contracts for fun and real profit (a tribute to Aleph One)
https://ift.tt/2GTOaBH
Submitted April 13, 2018 at 03:37AM by berndtzl
via reddit https://ift.tt/2qtKUpH
https://ift.tt/2GTOaBH
Submitted April 13, 2018 at 03:37AM by berndtzl
via reddit https://ift.tt/2qtKUpH
Polyverse Readhook Simulator: an open source buffer overflow exploit tool
https://www.youtube.com/watch?v=ok8Pe2RuM30
Submitted April 13, 2018 at 04:03AM by Polyverse_Security
via reddit https://ift.tt/2EHtkUj
https://www.youtube.com/watch?v=ok8Pe2RuM30
Submitted April 13, 2018 at 04:03AM by Polyverse_Security
via reddit https://ift.tt/2EHtkUj
YouTube
Polyverse Readhook Zero-Day Simulator
This video demonstrates the Polyverse ReadHook Zero Day Simulator tool. More details on this tool can be found here: blog.polyverse.io/an-intentional-buffer-...
Username/Password emailed for account creation
I recently received an email from a service that I needed to create an account on. It's not a publicly available service, so they had to setup the "temp" account for me and send me the credentials to log in the first time.This is nothing new, I've seen this many times before. What confused me was the fact that the username and password were sent as two separate emails back to back. The emails said that they were doing this for security.Could someone explain how this is more secure than sending this information in one email?
Submitted April 13, 2018 at 04:34AM by CreativeTechGuyGames
via reddit https://ift.tt/2JIDHef
I recently received an email from a service that I needed to create an account on. It's not a publicly available service, so they had to setup the "temp" account for me and send me the credentials to log in the first time.This is nothing new, I've seen this many times before. What confused me was the fact that the username and password were sent as two separate emails back to back. The emails said that they were doing this for security.Could someone explain how this is more secure than sending this information in one email?
Submitted April 13, 2018 at 04:34AM by CreativeTechGuyGames
via reddit https://ift.tt/2JIDHef
reddit
Username/Password emailed for account creation • r/security
I recently received an email from a service that I needed to create an account on. It's not a publicly available service, so they had to setup the...
Windows 10 Spring Creators Update adds "delete" button for all data collected by Microsoft from your device
https://ift.tt/2JzTPic
Submitted April 13, 2018 at 04:44AM by AzoWei
via reddit https://ift.tt/2EHOKAJ
https://ift.tt/2JzTPic
Submitted April 13, 2018 at 04:44AM by AzoWei
via reddit https://ift.tt/2EHOKAJ
PCWorld
Windows 10 Spring Creators Update: The best hidden features
Microsoft’s Windows 10 upgrade, code-named Redstone 4 and informally known as the Spring Creators Update and possibly Windows 10 Version Next, offers many smaller additions and changes you might miss. We've highlighted them here.
Residential camera system - help
Hey everyone, if this isnt the right place, cpuld you point me in the right direction?We are moving into "town" from the "country" and want to make the upgrade to a residential home camera system (I guess like what product like Nest might offer)Im looking for a cloud based service with continous recording and a reasonable annual/montly service charge. We would be needing about 2 inside, 2 outside with decent specs. Can anyone give me a few products to consider? My budget isnt unlimited, but I would rather spend the $300 dollar and do it right for when quality matters.
Submitted April 13, 2018 at 05:39AM by TwentyCharacterMaxim
via reddit https://ift.tt/2EGVK0w
Hey everyone, if this isnt the right place, cpuld you point me in the right direction?We are moving into "town" from the "country" and want to make the upgrade to a residential home camera system (I guess like what product like Nest might offer)Im looking for a cloud based service with continous recording and a reasonable annual/montly service charge. We would be needing about 2 inside, 2 outside with decent specs. Can anyone give me a few products to consider? My budget isnt unlimited, but I would rather spend the $300 dollar and do it right for when quality matters.
Submitted April 13, 2018 at 05:39AM by TwentyCharacterMaxim
via reddit https://ift.tt/2EGVK0w
reddit
Residential camera system - help • r/security
reddit: the front page of the internet
Analyzing CVE-2017-0263 - reported to be used to attack with an EPS vulnerability to interfere the French election (See Comment)
https://ift.tt/2IRv0xd
Submitted April 13, 2018 at 09:11AM by TechLord2
via reddit https://ift.tt/2GV0jq7
https://ift.tt/2IRv0xd
Submitted April 13, 2018 at 09:11AM by TechLord2
via reddit https://ift.tt/2GV0jq7
reddit
Analyzing CVE-2017-0263 - reported to be used to attack... • r/netsec
1 points and 1 comments so far on reddit
12 tips for regular website owners to keep their site online (and secured).
https://ift.tt/2IOTXJq
Submitted April 13, 2018 at 02:01PM by ded1cated
via reddit https://ift.tt/2HlEy6e
https://ift.tt/2IOTXJq
Submitted April 13, 2018 at 02:01PM by ded1cated
via reddit https://ift.tt/2HlEy6e
WebARX
12 Website Security Tips From Experts For 2018 - WebARX
We have gathered 12 website security tips from experts for 2018. Security is something people can not ignore anymore and our mission is to make it as elementary as locks on home doors.
Invoke-Adversary – Simulating Adversary Operations
https://ift.tt/2GNNAFG
Submitted April 13, 2018 at 02:15PM by Moti_Ba
via reddit https://ift.tt/2qtQhpQ
https://ift.tt/2GNNAFG
Submitted April 13, 2018 at 02:15PM by Moti_Ba
via reddit https://ift.tt/2qtQhpQ
12 tips for website owners to keep the site secured
https://ift.tt/2IOTXJq
Submitted April 13, 2018 at 02:03PM by ded1cated
via reddit https://ift.tt/2qvxKZg
https://ift.tt/2IOTXJq
Submitted April 13, 2018 at 02:03PM by ded1cated
via reddit https://ift.tt/2qvxKZg
WebARX
12 Website Security Tips From Experts For 2018 - WebARX
We have gathered 12 website security tips from experts for 2018. Security is something people can not ignore anymore and our mission is to make it as elementary as locks on home doors.
DOM-based CSRF in Facebook
https://ift.tt/2pSQGB7
Submitted April 13, 2018 at 03:37PM by albinowax
via reddit https://ift.tt/2quYqcR
https://ift.tt/2pSQGB7
Submitted April 13, 2018 at 03:37PM by albinowax
via reddit https://ift.tt/2quYqcR
Hey Dave, next time your mate tells you to change your password in the University PC suite, don’t read it out loud as you type it. Oh, and capital D, ave3333 isn’t very secure.
No text found
Submitted April 13, 2018 at 04:41PM by po30555
via reddit https://ift.tt/2HyGlCy
No text found
Submitted April 13, 2018 at 04:41PM by po30555
via reddit https://ift.tt/2HyGlCy
reddit
Hey Dave, next time your mate tells you to change... • r/security
4 points and 2 comments so far on reddit
PoC Code for demonstrating CVE-2018-0886 [See Comment]
https://ift.tt/2GV4INV
Submitted April 13, 2018 at 05:10PM by TechLord2
via reddit https://ift.tt/2EIrTVM
https://ift.tt/2GV4INV
Submitted April 13, 2018 at 05:10PM by TechLord2
via reddit https://ift.tt/2EIrTVM
GitHub
preempt/credssp
credssp - A code demonstrating CVE-2018-0886
50 VPNs share data on their users with Facebook
https://ift.tt/2Hz5ltx
Submitted April 13, 2018 at 05:31PM by KingHeenrry
via reddit https://ift.tt/2JITslE
https://ift.tt/2Hz5ltx
Submitted April 13, 2018 at 05:31PM by KingHeenrry
via reddit https://ift.tt/2JITslE
vpnMentor
Report: 50 VPNs share data on their users with Facebook | vpnMentor
Is your VPN running the Facebook pixel, thus putting a dent in your privacy? We tested almost 300 — check out the results and see if it’s time you had a word with your provider.
Kubernetes Security - Best Practice Guide
https://ift.tt/2JiTKz8
Submitted April 13, 2018 at 06:08PM by speckz
via reddit https://ift.tt/2qtiEna
https://ift.tt/2JiTKz8
Submitted April 13, 2018 at 06:08PM by speckz
via reddit https://ift.tt/2qtiEna
GitHub
freach/kubernetes-security-best-practice
Kubernetes Security - Best Practice Guide. Contribute to freach/kubernetes-security-best-practice development by creating an account on GitHub.