NSA encryption plan (SIMON/SPECK) for ‘internet of things’ rejected by international body
https://ift.tt/2K7SXBP
Submitted April 25, 2018 at 09:19PM by RFC-1925
via reddit https://ift.tt/2JtuUMy
https://ift.tt/2K7SXBP
Submitted April 25, 2018 at 09:19PM by RFC-1925
via reddit https://ift.tt/2JtuUMy
WikiTribune
Exclusive: NSA encryption plan for ‘internet of things’ rejected by international body
An attempt by the U.S. National Security Agency (NSA) to set two types of encryption as global standards suffered a major setback on Tuesday, after online security experts from countries
British security start-up launches lip-sync authentication technology
https://ift.tt/2qYDhYE
Submitted April 25, 2018 at 08:42PM by moooooky
via reddit https://ift.tt/2qXsY89
https://ift.tt/2qYDhYE
Submitted April 25, 2018 at 08:42PM by moooooky
via reddit https://ift.tt/2qXsY89
http://www.v3.co.uk
British security start-up launches lip-sync authentication technology | V3
AimBrain adds lip-sync capabilities to its biometrics system
Found vulnerability at work. Not sysadmin or security engineer. How should I bring this up without looking like Chicken Little?
I work in IT for a (somewhat) small company. It’s still large enough to pull in big revenue, so I consider this issue to be something that could really harm the company. Anyway, I don’t want to go too deep into detail as I’m not sure what I can publicly disclose. What I can say is that this vulnerability is easy enough to notice that somebody with little computer knowledge could easily bypass this and gain access to unauthorized systems.I went to school for a 4 year degree in infosec, so I am fairly confident this is something to be considered a big deal. However, I’m new to this company and I was not hired in an infosec role (they don’t have one and there is currently nobody who manages vulnerabilities). I really like the company I work for and I really want to help them since I have the knowledge and I am aware that what I am seeing very likely could cause issues, if it hasn’t already.What would you recommend I do?TL;DR: New guy. Hired in IT (general position, sort of do a little bit of everything). Went to school for infosec. Found vulnerability. Don’t want to be “chicken little”, but want to let company know about the vulnerability without looking like a fool. What do I do?
Submitted April 25, 2018 at 09:55PM by woolymangaming
via reddit https://ift.tt/2Htujtk
I work in IT for a (somewhat) small company. It’s still large enough to pull in big revenue, so I consider this issue to be something that could really harm the company. Anyway, I don’t want to go too deep into detail as I’m not sure what I can publicly disclose. What I can say is that this vulnerability is easy enough to notice that somebody with little computer knowledge could easily bypass this and gain access to unauthorized systems.I went to school for a 4 year degree in infosec, so I am fairly confident this is something to be considered a big deal. However, I’m new to this company and I was not hired in an infosec role (they don’t have one and there is currently nobody who manages vulnerabilities). I really like the company I work for and I really want to help them since I have the knowledge and I am aware that what I am seeing very likely could cause issues, if it hasn’t already.What would you recommend I do?TL;DR: New guy. Hired in IT (general position, sort of do a little bit of everything). Went to school for infosec. Found vulnerability. Don’t want to be “chicken little”, but want to let company know about the vulnerability without looking like a fool. What do I do?
Submitted April 25, 2018 at 09:55PM by woolymangaming
via reddit https://ift.tt/2Htujtk
reddit
r/security - Found vulnerability at work. Not sysadmin or security engineer. How should I bring this up without looking like Chicken…
0 votes and 1 so far on reddit
Hackers built a "master key" for millions of hotel door locks
https://ift.tt/2qWuGq3
Submitted April 25, 2018 at 09:49PM by DuncanIdahos8thClone
via reddit https://ift.tt/2HOg7Pk
https://ift.tt/2qWuGq3
Submitted April 25, 2018 at 09:49PM by DuncanIdahos8thClone
via reddit https://ift.tt/2HOg7Pk
ZDNet
Hackers built a 'master key' for millions of hotel rooms
New research shows how hackers can manipulate hotel room key cards to gain access to an entire building.
Fuzzing Adobe Reader for exploitable vulns (fun != profit)
https://ift.tt/2vKHi8I
Submitted April 25, 2018 at 10:15PM by kciredor_
via reddit https://ift.tt/2JqJKTN
https://ift.tt/2vKHi8I
Submitted April 25, 2018 at 10:15PM by kciredor_
via reddit https://ift.tt/2JqJKTN
kciredor’s information security blog
Fuzzing Adobe Reader for exploitable vulns (fun != profit)
Binaries vs websites It has been half a year since my last blog post covering an IDOR in a website API. About time to write about something new and hopefully interesting! Having switched my focus from websites to binaries a new world opened up to me.
Fuzzing Adobe Reader for exploitable vulns (fun != profit)
https://ift.tt/2vKHi8I
Submitted April 25, 2018 at 10:15PM by kciredor_
via reddit https://ift.tt/2JqJKTN
https://ift.tt/2vKHi8I
Submitted April 25, 2018 at 10:15PM by kciredor_
via reddit https://ift.tt/2JqJKTN
kciredor’s information security blog
Fuzzing Adobe Reader for exploitable vulns (fun != profit)
Binaries vs websites It has been half a year since my last blog post covering an IDOR in a website API. About time to write about something new and hopefully interesting! Having switched my focus from websites to binaries a new world opened up to me.
Protecting RSA-based Protocols Against Adaptive Chosen-Ciphertext Attacks
https://ift.tt/2vGkJSL
Submitted April 25, 2018 at 09:41PM by sarciszewski
via reddit https://ift.tt/2r0dn6H
https://ift.tt/2vGkJSL
Submitted April 25, 2018 at 09:41PM by sarciszewski
via reddit https://ift.tt/2r0dn6H
Paragonie
Protecting RSA-based Protocols Against Adaptive Chosen-Ciphertext Attacks - Paragon Initiative Enterprises Blog
A deep dive into preventing chosen-ciphertext (e.g. padding oracle) attacks against RSA in custom encrypted transport protocols.
Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released
https://ift.tt/2KbPEJM
Submitted April 25, 2018 at 10:01PM by NISMO1968
via reddit https://ift.tt/2JnnxWU
https://ift.tt/2KbPEJM
Submitted April 25, 2018 at 10:01PM by NISMO1968
via reddit https://ift.tt/2JnnxWU
The Hacker News
Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released
Security researchers released exploit for Tegra X1 Nintendo Switches, Fusée Gelée and ShofEL2, which allows device owners to install Linux or run unofficial games.
Details on a Java type confusion bug recently patched by Oracle. It could allow an attacker with low execution privileges to bypass the SecurityManager and escalate privileges.
https://ift.tt/2FgNLrq
Submitted April 25, 2018 at 10:26PM by RedmondSecGnome
via reddit https://ift.tt/2HqM8NP
https://ift.tt/2FgNLrq
Submitted April 25, 2018 at 10:26PM by RedmondSecGnome
via reddit https://ift.tt/2HqM8NP
Zero Day Initiative
When Java throws you a Lemon, make Limenade: Sandbox escape by type confusion
Last week, Oracle released their quarterly Critical Patch Update (CPU) . Seven of these bugs were submitted through the Zero Day Initiative (ZDI) program, and one of these bugs was quite reminiscent of the Java submissions in late 2012 and early 2013. The…
Hotel door locks worldwide were vulnerable to hack
https://ift.tt/2vPKIXE
Submitted April 25, 2018 at 10:16PM by kitaree00
via reddit https://ift.tt/2qY1u16
https://ift.tt/2vPKIXE
Submitted April 25, 2018 at 10:16PM by kitaree00
via reddit https://ift.tt/2qY1u16
BBC News
Hotel door locks worldwide were vulnerable to hack
Cyber-security researchers found a way to unlock rooms across the world without leaving a trace.
Suspicious Activity Is Being Detected?… Right?…
https://ift.tt/2Hr4RsB
Submitted April 26, 2018 at 12:42AM by JustAPenTester
via reddit https://ift.tt/2r0GLtB
https://ift.tt/2Hr4RsB
Submitted April 26, 2018 at 12:42AM by JustAPenTester
via reddit https://ift.tt/2r0GLtB
Fidus InfoSecurity | Cyber Security, Penetration Testing, Red Teaming
Suspicious Activity Is Being Detected?... Right?...
We take a look at how the big names who are handling your data are detecting suspicious activity on your account(s) and keeping you safe, or not.
Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004
https://ift.tt/2HRgQyY
Submitted April 26, 2018 at 01:14AM by grepnork
via reddit https://ift.tt/2FflsKb
https://ift.tt/2HRgQyY
Submitted April 26, 2018 at 01:14AM by grepnork
via reddit https://ift.tt/2FflsKb
DDoS-for-Hire Service Webstresser Dismantled
https://ift.tt/2vJsozs
Submitted April 26, 2018 at 01:19AM by volci
via reddit https://ift.tt/2qWG2uy
https://ift.tt/2vJsozs
Submitted April 26, 2018 at 01:19AM by volci
via reddit https://ift.tt/2qWG2uy
reddit
r/security - DDoS-for-Hire Service Webstresser Dismantled
1 votes and 0 so far on reddit
With Drupalgeddon2 still under attack, Drupal fixes a new critical flaw
https://ift.tt/2HqZOnV
Submitted April 26, 2018 at 01:05AM by campuscodi
via reddit https://ift.tt/2HvbSEW
https://ift.tt/2HqZOnV
Submitted April 26, 2018 at 01:05AM by campuscodi
via reddit https://ift.tt/2HvbSEW
Ars Technica
Drupal warns of new remote-code bug, the second in four weeks
The risk this time is lower, but the threat is still real.
Open, Closed, and Privacy
https://ift.tt/2vNn7Hg
Submitted April 26, 2018 at 01:59AM by volci
via reddit https://ift.tt/2Hw6i9q
https://ift.tt/2vNn7Hg
Submitted April 26, 2018 at 01:59AM by volci
via reddit https://ift.tt/2Hw6i9q
Stratechery by Ben Thompson
Open, Closed, and Privacy
Just as encryption is only viable on closed systems, so it is that increased privacy regulations will only entrench walled gardens. That should affect thinking on regulation.
[x-post] Cybersecurity expert with 14 years of experience gives advice about how to break into the field.
https://ift.tt/2vMaxrN
Submitted April 26, 2018 at 03:43AM by barmalade
via reddit https://ift.tt/2HPjbL4
https://ift.tt/2vMaxrN
Submitted April 26, 2018 at 03:43AM by barmalade
via reddit https://ift.tt/2HPjbL4
reddit
I am an expert with 14 years of experience in... • r/cybersecurity
Greetings r/cybersecurity! Brief background on myself: I originally transitioned into this field from an IT role, and have extensive experience...
Fuze Multi-Card Technology Security Review
https://ift.tt/2JqW32l
Submitted April 26, 2018 at 07:03AM by Gallus
via reddit https://ift.tt/2I02F8l
https://ift.tt/2JqW32l
Submitted April 26, 2018 at 07:03AM by Gallus
via reddit https://ift.tt/2I02F8l
GUI Application for Aircrack, Airodump, Aireplay, MDK3 and Reaver Tools [Android] with Full Sources (See Comment)
https://ift.tt/2iqPSxS
Submitted April 26, 2018 at 07:17AM by TechLord2
via reddit https://ift.tt/2r5C5np
https://ift.tt/2iqPSxS
Submitted April 26, 2018 at 07:17AM by TechLord2
via reddit https://ift.tt/2r5C5np
GitHub
chrisk44/Hijacker
Hijacker - Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
How to get your first job as a hacker
https://ift.tt/2K2lJ6y
Submitted April 26, 2018 at 08:37AM by hakluke
via reddit https://ift.tt/2I0zNgj
https://ift.tt/2K2lJ6y
Submitted April 26, 2018 at 08:37AM by hakluke
via reddit https://ift.tt/2I0zNgj
Medium
How to Get Your First Job as a Hacker
As it happens, the company I work for is currently hiring cyber people on the Australian east coast. If that sounds like something you’re…
Samsung Chromebook has built in bridge addresses that I can't remove even by reloading the OS from scratch. And the screen jumps around as though I was fiddling with the touchpad when I'm not touching it. Samsung says "Not our job, talk to Google".
I ran Network Analyzer (Jeri Techet) on it to look at the LAN and was surprised to discover only two addresses, neither of them my network:100.115.92.2 shows as "Samsung Chromebook Pro" and: 100.115.92.1 is just a very long number.That's all there is. About this time the machine started wiggling around with the focus changing by something that was not me.I turned off my router and ran "Powerwash", which reinstalls the system from scratch, (a feature of ChromeOS). And it didn't help, same two addresses appeared, same wiggling around.Is there any way this is not a severely compromised machine? Even as a prank... I obviously can't use it and I can't even in good conscious sell it.I've searched around for these symptoms and haven't come up with much of anything, which is weird, compromised or not I seem to be in a very exclusive club.Another oddity: I tried to register this with Samsung when I asked them for help and I couldn't get the S/N to save, their form just rejected it. They asked me to send them a picture of the number, which I did, and they apparently couldn't get it to work either, so now they want me to let their Remote Management Team dial in remotely and register it on my behalf.?!?!?!?!?!?!?Any theories, even conspiracy theories, would be appreciated. At this point I'm thinking the next step is the BBB, which is crazy.Help?
Submitted April 26, 2018 at 08:44AM by Fazookus
via reddit https://ift.tt/2JuMzU1
I ran Network Analyzer (Jeri Techet) on it to look at the LAN and was surprised to discover only two addresses, neither of them my network:100.115.92.2 shows as "Samsung Chromebook Pro" and: 100.115.92.1 is just a very long number.That's all there is. About this time the machine started wiggling around with the focus changing by something that was not me.I turned off my router and ran "Powerwash", which reinstalls the system from scratch, (a feature of ChromeOS). And it didn't help, same two addresses appeared, same wiggling around.Is there any way this is not a severely compromised machine? Even as a prank... I obviously can't use it and I can't even in good conscious sell it.I've searched around for these symptoms and haven't come up with much of anything, which is weird, compromised or not I seem to be in a very exclusive club.Another oddity: I tried to register this with Samsung when I asked them for help and I couldn't get the S/N to save, their form just rejected it. They asked me to send them a picture of the number, which I did, and they apparently couldn't get it to work either, so now they want me to let their Remote Management Team dial in remotely and register it on my behalf.?!?!?!?!?!?!?Any theories, even conspiracy theories, would be appreciated. At this point I'm thinking the next step is the BBB, which is crazy.Help?
Submitted April 26, 2018 at 08:44AM by Fazookus
via reddit https://ift.tt/2JuMzU1
reddit
r/security - Samsung Chromebook has built in bridge addresses that I can't remove even by reloading the OS from scratch. And the…
2 votes and 0 so far on reddit
A One-Minute Attack Let Hackers Spoof Hotel Master Keys
https://ift.tt/2JqCwzf
Submitted April 26, 2018 at 08:36AM by SuccessfulOperation
via reddit https://ift.tt/2KaNN85
https://ift.tt/2JqCwzf
Submitted April 26, 2018 at 08:36AM by SuccessfulOperation
via reddit https://ift.tt/2KaNN85
WIRED
A One-Minute Attack Let Hackers Spoof Hotel Master Keys
Researchers found—and helped fix—a flaw in Vingcard RFID locks that would let hackers break into any room in hotels around the world.