"Your password is too weak". (funny)
https://twitter.com/cibercrimen/status/992796640368054272/photo/1
Submitted May 06, 2018 at 03:12PM by antdude
via reddit https://ift.tt/2rn9tpC
https://twitter.com/cibercrimen/status/992796640368054272/photo/1
Submitted May 06, 2018 at 03:12PM by antdude
via reddit https://ift.tt/2rn9tpC
Twitter
Andrés Velázquez
#Contraseñas
Any once else experienced this automatic sync warning with a Microsoft account? Denoscription in comments.
https://ift.tt/2HYC9f5
Submitted May 06, 2018 at 03:02PM by Bango-Fett
via reddit https://ift.tt/2jzXX6b
https://ift.tt/2HYC9f5
Submitted May 06, 2018 at 03:02PM by Bango-Fett
via reddit https://ift.tt/2jzXX6b
The most common vendor security control is also the most useless
https://ift.tt/2EB7545
Submitted May 06, 2018 at 05:54PM by Majortom80
via reddit https://ift.tt/2rsYLgK
https://ift.tt/2EB7545
Submitted May 06, 2018 at 05:54PM by Majortom80
via reddit https://ift.tt/2rsYLgK
Daniel Miessler
Third-party Questionnaires Are Security Theater
If you've been in InfoSec for a while you probably have significant experience with third-party security questionnaires. They're basically the new firewall. Everyone is asking everyone else if they have one. I've been troubled for years by the whole charade…
ShellPop - Generate Easy and Sophisticated Reverse or Bind Shell Commands for Penetration Tests
https://ift.tt/2wecj5d
Submitted May 06, 2018 at 07:59PM by TechLord2
via reddit https://ift.tt/2KFwhZV
https://ift.tt/2wecj5d
Submitted May 06, 2018 at 07:59PM by TechLord2
via reddit https://ift.tt/2KFwhZV
GitHub
0x00-0x00/ShellPop
ShellPop - Pop shells like a master.
Revoking read access to your passwords.
https://ift.tt/2rrenkD
Submitted May 07, 2018 at 12:01AM by jakehenri
via reddit https://ift.tt/2KIIaxU
https://ift.tt/2rrenkD
Submitted May 07, 2018 at 12:01AM by jakehenri
via reddit https://ift.tt/2KIIaxU
Medium
You don’t need read access to your passwords.
I run a small server that needs to be highly secure. I don’t have the luxury of a massive amount of free time.
Frida 11.0 is out with overhauled spawn() API and other goodies
https://ift.tt/2roCela
Submitted May 07, 2018 at 01:16AM by oleavr
via reddit https://ift.tt/2wifRDu
https://ift.tt/2roCela
Submitted May 07, 2018 at 01:16AM by oleavr
via reddit https://ift.tt/2wifRDu
Frida • A world-class dynamic instrumentation framework
Frida 11.0 Released
Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX
I made a web extension to provide another 2FA possibility for websites - I would love any thoughts, technical and otherwise
The idea is pretty simple. You install this web extension and then when you go to a website that supports it (there are none yet, I just finished coding the extension), you can enter a secret in the web extension and on the site. Without this secret, you are denied access.Basically what it means is that if you set this up, the only people who will be able to access your account on supported websites is if they are on your device, using a browser with the web extension installed and the secret for the domain saved, or if they steal your secret.The project is at https://github.com/PalFed/2-FactorialTechnically how it works:You put the secret in the extension and on the site (different secrets per site)When you request a page, your browser sends two extra headers, one with a SHA256 hash, one with a saltThe website checks the hash and only allows access if it matches the same hash generated from the website's copy of the secret with the salt.I would love any thoughts as to whether this has value, how it could be improved or made more secure, where it might fail etc. etc. I mostly created it because I have been wanting to learn how to create web extensions, then I had this thought and ran with it!
Submitted May 07, 2018 at 04:52AM by lindymad
via reddit https://ift.tt/2winauX
The idea is pretty simple. You install this web extension and then when you go to a website that supports it (there are none yet, I just finished coding the extension), you can enter a secret in the web extension and on the site. Without this secret, you are denied access.Basically what it means is that if you set this up, the only people who will be able to access your account on supported websites is if they are on your device, using a browser with the web extension installed and the secret for the domain saved, or if they steal your secret.The project is at https://github.com/PalFed/2-FactorialTechnically how it works:You put the secret in the extension and on the site (different secrets per site)When you request a page, your browser sends two extra headers, one with a SHA256 hash, one with a saltThe website checks the hash and only allows access if it matches the same hash generated from the website's copy of the secret with the salt.I would love any thoughts as to whether this has value, how it could be improved or made more secure, where it might fail etc. etc. I mostly created it because I have been wanting to learn how to create web extensions, then I had this thought and ran with it!
Submitted May 07, 2018 at 04:52AM by lindymad
via reddit https://ift.tt/2winauX
GitHub
PalFed/2-Factorial
2-Factorial - 2 Factorial is a web extension to provide automated 2FA
The npm Blog — Reported malicious module: getcookies
https://ift.tt/2rgRDo6
Submitted May 07, 2018 at 07:15AM by shaunRiles
via reddit https://ift.tt/2HTJBvU
https://ift.tt/2rgRDo6
Submitted May 07, 2018 at 07:15AM by shaunRiles
via reddit https://ift.tt/2HTJBvU
The npm Blog
Reported malicious module: getcookies
Early May 2nd, the npm security team received and responded to reports of a package that masqueraded as a cookie parsing library but contained a malicious backdoor. The result of the investigation...
Security vs Privacy with GDPR
https://www.youtube.com/watch?v=QC_F--fcq8M&t=6s
Submitted May 07, 2018 at 10:23AM by primeinfoserv
via reddit https://ift.tt/2jB4OMB
https://www.youtube.com/watch?v=QC_F--fcq8M&t=6s
Submitted May 07, 2018 at 10:23AM by primeinfoserv
via reddit https://ift.tt/2jB4OMB
YouTube
GDPR compliance
Are you working with your clients under European union and yet to comply with GDPR? Take action before it is too late. Our experts can guide you for the seam...
Advanced Web Shell (Full Sources)
https://ift.tt/1BWxBQe
Submitted May 07, 2018 at 11:50AM by TechLord2
via reddit https://ift.tt/2FP6smr
https://ift.tt/1BWxBQe
Submitted May 07, 2018 at 11:50AM by TechLord2
via reddit https://ift.tt/2FP6smr
GitHub
dotcppfile/DAws
DAws - Advanced Web Shell
Strange Files On USB Drive Used For Family Photos
https://ift.tt/2JZqJbr
Submitted May 07, 2018 at 12:31PM by pho_coughM8
via reddit https://ift.tt/2ImiFEm
https://ift.tt/2JZqJbr
Submitted May 07, 2018 at 12:31PM by pho_coughM8
via reddit https://ift.tt/2ImiFEm
6 expert security tips by Trend Micro support professionals everyone should follow
https://ift.tt/2HU6KhM
Submitted May 07, 2018 at 11:11AM by jasmineana
via reddit https://ift.tt/2rlhavI
https://ift.tt/2HU6KhM
Submitted May 07, 2018 at 11:11AM by jasmineana
via reddit https://ift.tt/2rlhavI
reddit
6 expert security tips by Trend Micro support... • r/security
0 points and 1 comments so far on reddit
A Remote Hack Hijacks Android Phones Via Electric Leaks in Their Memory
https://ift.tt/2riA8mH
Submitted May 07, 2018 at 01:02PM by Iot_Security
via reddit https://ift.tt/2KIlv52
https://ift.tt/2riA8mH
Submitted May 07, 2018 at 01:02PM by Iot_Security
via reddit https://ift.tt/2KIlv52
WIRED
A Remote Hack Hijacks Android Phones Via Electric Leaks in Their Memory
Dutch researchers have pushed the mind-bending Rowhammer hacking technique one more step towards a practical attack.
Terratest Open Sourced : a Swiss Army Knife for testing Terraform, Packer, Docker, AWS, and much more infrastructure code (Blog and Open Sourced Library)
https://ift.tt/2jrg2TI
Submitted May 07, 2018 at 12:17PM by TechLord2
via reddit https://ift.tt/2IgfC0F
https://ift.tt/2jrg2TI
Submitted May 07, 2018 at 12:17PM by TechLord2
via reddit https://ift.tt/2IgfC0F
GitHub
gruntwork-io/terratest
Terratest is a Go library that makes it easier to write automated tests for your infrastructure code. - gruntwork-io/terratest
lifetec
https://www.lifetec.cf/
Submitted May 07, 2018 at 04:24PM by jhonejack01
via reddit https://ift.tt/2Io8sYl
https://www.lifetec.cf/
Submitted May 07, 2018 at 04:24PM by jhonejack01
via reddit https://ift.tt/2Io8sYl
Is Biometric Recognition System a Smart Way to Control Impersonation in Examinations?
How secured is the future of Indian youth with respect ti the examinations conducted by the institutions and education bodies? The recent incidents of impersonation and cheating during exams have been a reason for huge distress to the students as well as their parents. Although, examination conducting bodies ensures that exams are being conducted under strict surveillance, the rising cases of impersonation are a matter of worry for all.Despite various measures taken by the examination conducting bodies, ten cases of impersonation were reported in SSC CHSL examination, 2017. The SSC CHSL exams were conducted across various states of the country, of which 5 proxies were caught in Patna. Two candidates were caught in Delhi and one each at Chandigarh, Gorakhpur and Allahabad.Also, nearly eight Incidents of cheating attempts were detected at various examination centres of Delhi University during entrance examinations of MA (Political Science) and LLB. Here, we are referring to the cases that have been detected. How about the incidents where proxies have successfully managed to escape the security? It is extremely frustrating to realize that despite strict security checks at examination centres, the proxies are smart enough to pass through them.Such incidents put a question mark on the integrity of examination and the examination conducting bodies.Is it possible to curb the attempts of impersonation?The first question that comes in the mind is whether it is possible to effectively stop such incident.Yes, it is absolutely possible to curb such attempts of impersonation. The latest advancements in technology have enabled us to verify the true identity of an individual with the help of high-tech devices. Biometric Recognition System, one such highly-effective device, offers a complete solution towards this issue. The device is used to verify the identity of an individual by using his or her unique characteristics like finger prints, iris impression, facial features, DNA and palm veins. The Biometric Recognition System’s effectiveness is proven by the fact that no disputes have been reported till date challenging its accuracy.Who are the best service providers of Biometric Recognition System?Innovatiview is the leading service provider in auxiliary examination services and a trusted name amongst education bodies. The solutions offered by it are the best and the quality of services is high and trustworthy.Conducting an examination is not an easy task, whether it is an institute or the bodies responsible to conduct the exams. A whole set of processes like assessing the infrastructure and facility at the examination centre, setting up a surveillance system, printing and scanning of OMR sheets, monitoring of examination assets, etc. is involved in conducting a single examination. Fortunately, Innovatiview provides a comprehensive bouquet of services addressing all such requirements.The experts at Innovatiview takes care of whole process involved in setting up a Biometric Recognition System, right from installation of device to verification. The device consists of three components that is:• A scanning device with Barcode scanner, Fingerprint scanner, Iris scanner, 8 Megapixel camera. • A software to compare and match scanned data in real time. • Aadhar Database.By availing this service, the incidents of impersonation can be eliminated effectively.
Submitted May 07, 2018 at 03:36PM by InnovativiewOfficial
via reddit https://ift.tt/2IkkVfq
How secured is the future of Indian youth with respect ti the examinations conducted by the institutions and education bodies? The recent incidents of impersonation and cheating during exams have been a reason for huge distress to the students as well as their parents. Although, examination conducting bodies ensures that exams are being conducted under strict surveillance, the rising cases of impersonation are a matter of worry for all.Despite various measures taken by the examination conducting bodies, ten cases of impersonation were reported in SSC CHSL examination, 2017. The SSC CHSL exams were conducted across various states of the country, of which 5 proxies were caught in Patna. Two candidates were caught in Delhi and one each at Chandigarh, Gorakhpur and Allahabad.Also, nearly eight Incidents of cheating attempts were detected at various examination centres of Delhi University during entrance examinations of MA (Political Science) and LLB. Here, we are referring to the cases that have been detected. How about the incidents where proxies have successfully managed to escape the security? It is extremely frustrating to realize that despite strict security checks at examination centres, the proxies are smart enough to pass through them.Such incidents put a question mark on the integrity of examination and the examination conducting bodies.Is it possible to curb the attempts of impersonation?The first question that comes in the mind is whether it is possible to effectively stop such incident.Yes, it is absolutely possible to curb such attempts of impersonation. The latest advancements in technology have enabled us to verify the true identity of an individual with the help of high-tech devices. Biometric Recognition System, one such highly-effective device, offers a complete solution towards this issue. The device is used to verify the identity of an individual by using his or her unique characteristics like finger prints, iris impression, facial features, DNA and palm veins. The Biometric Recognition System’s effectiveness is proven by the fact that no disputes have been reported till date challenging its accuracy.Who are the best service providers of Biometric Recognition System?Innovatiview is the leading service provider in auxiliary examination services and a trusted name amongst education bodies. The solutions offered by it are the best and the quality of services is high and trustworthy.Conducting an examination is not an easy task, whether it is an institute or the bodies responsible to conduct the exams. A whole set of processes like assessing the infrastructure and facility at the examination centre, setting up a surveillance system, printing and scanning of OMR sheets, monitoring of examination assets, etc. is involved in conducting a single examination. Fortunately, Innovatiview provides a comprehensive bouquet of services addressing all such requirements.The experts at Innovatiview takes care of whole process involved in setting up a Biometric Recognition System, right from installation of device to verification. The device consists of three components that is:• A scanning device with Barcode scanner, Fingerprint scanner, Iris scanner, 8 Megapixel camera. • A software to compare and match scanned data in real time. • Aadhar Database.By availing this service, the incidents of impersonation can be eliminated effectively.
Submitted May 07, 2018 at 03:36PM by InnovativiewOfficial
via reddit https://ift.tt/2IkkVfq
reddit
Is Biometric Recognition System a Smart Way to... • r/security
How secured is the future of Indian youth with respect ti the examinations conducted by the institutions and education bodies? The recent...
Can people connected to the same VPN Server than me see what I am doing or log into a session I am in or something ? Thanks :)
No text found
Submitted May 07, 2018 at 03:29PM by aymanbt
via reddit https://ift.tt/2roGdy0
No text found
Submitted May 07, 2018 at 03:29PM by aymanbt
via reddit https://ift.tt/2roGdy0
reddit
Can people connected to the same VPN Server than me... • r/security
1 points and 0 comments so far on reddit
Spectre-NG patches postponed
https://ift.tt/2KGzxUQ
Submitted May 07, 2018 at 06:30PM by Neo-Bubba
via reddit https://ift.tt/2wgWkDv
https://ift.tt/2KGzxUQ
Submitted May 07, 2018 at 06:30PM by Neo-Bubba
via reddit https://ift.tt/2wgWkDv
Security
Spectre-NG: Intel verschiebt die ersten Patches – koordinierte Veröffentlichung aufgeschoben
Eigentlich war für Montag die Veröffentlichung der ersten Spectre-NG-Patches geplant. Doch Intel hat um Aufschub gebeten und diesen auch erhalten. Neue, exklusive Informationen zeigen, wie es mit Spectre-NG jetzt weiter gehen soll.
Lenovo Patches Arbitrary Code Execution Flaw | Threatpost
https://ift.tt/2Iloa6o
Submitted May 07, 2018 at 08:28PM by LindseyOD123
via reddit https://ift.tt/2FSl0BL
https://ift.tt/2Iloa6o
Submitted May 07, 2018 at 08:28PM by LindseyOD123
via reddit https://ift.tt/2FSl0BL
Threatpost | The first stop for security news
Lenovo Patches Arbitrary Code Execution Flaw
Lenovo issued a pair of security advisories on Friday for its popular ThinkPad line and System x servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulne
Gilbert Verdian, MasterCard Cyber-security Executive, Leaves Role for Blockchain Start-up Quant Network - Press Release - Digital Journal
https://ift.tt/2I1ypJF
Submitted May 07, 2018 at 08:58PM by fluidchains
via reddit https://ift.tt/2rpy4Kj
https://ift.tt/2I1ypJF
Submitted May 07, 2018 at 08:58PM by fluidchains
via reddit https://ift.tt/2rpy4Kj
Digitaljournal
Gilbert Verdian, MasterCard Cyber-security Executive, Leaves Role for Blockchain Start-up Quant Network
The 2017 CISO of Year will Focus Full Time on Quant Network's cutting-edge blockchain operating system, Overledger
Security In 5: Episode 232 - Change Your Twitter Password Now, Listen To Hear Why
https://ift.tt/2HZVgoN
Submitted May 07, 2018 at 08:52PM by BinaryBlog
via reddit https://ift.tt/2rsydgf
https://ift.tt/2HZVgoN
Submitted May 07, 2018 at 08:52PM by BinaryBlog
via reddit https://ift.tt/2rsydgf
Libsyn
Security In Five Podcast: Episode 232 - Change Your Twitter Password Now, Listen To Hear Why
If you have a Twitter account and you haven't already, change your password. There was a goof from in the inner workings of Twitter recently and to protect your account you should change your password. This episode goes into the details and talks about other…