British spies linked up with CIA WikiLeaks reveals
https://ift.tt/2lXO94z

Submitted May 11, 2018 at 01:41PM by dengorilla1
via reddit https://ift.tt/2I4TuH4

Huawei smartphone shipments grow in Europe, says Canalys - Video | ZDNet
https://ift.tt/2IbrCNr

Submitted May 11, 2018 at 02:22PM by wlscr
via reddit https://ift.tt/2I9yzTi

UK cell giant EE left a critical code system exposed with a default password
https://ift.tt/2Kc0D52

Submitted May 11, 2018 at 02:20PM by wlscr
via reddit https://ift.tt/2IdyYAa

Google has wild new technology that sounds like a real human on the phone
https://ift.tt/2G4bStP

Submitted May 11, 2018 at 02:15PM by wlscr
via reddit https://ift.tt/2I9yAGQ

USB Security Software at Edukrypt
https://ift.tt/2wx2Hmf

Submitted May 11, 2018 at 04:06PM by edukrypt1
via reddit https://ift.tt/2rAFzym

Question about MAC addresses
Here's something I don't fully understand. So please just tell me if I'm missing something or get something wrong. I get that a MAC address uniquely identifies your computer's hardware and it can be used to identify you. When you visit a website, they have your IP address which you can hide with a VPN. This obviously isn't foolproof since I've seen webRTC being able to get your actual IP if you have JavaScript enabled but for the average person, it'd be fine. But when you look at all of these guides for being more secure online, they always talk about IPs but never mention MAC addresses and if they do, it's only in passing and is something like "Kali Linux comes with a tool called MACchanger if that interests you". What I don't get is, people make a point of spoofing their MAC address but this only seems to be when they're going to commit a cyber crime of some sort and I really don't see many people doing it just to be more secure like when they use VPNs to mask their actual IP. So is it pointless to try and coverup your MAC address, as someone not looking to do anything illegal? Do websites not have access to it even though you're using a VPN? I mean, if you were to use a VPN but did nothing to hide your MAC address, would that be a security flaw? Who can see your MAC address? The same who can see your IP? I remember Snowden saying that the government can track us using our MAC addresses but I guess it's pointless to try and hide yourself from the NSA since you'd probably lose unless you've got a 400 IQ.

Submitted May 11, 2018 at 04:56PM by deeptoot2332
via reddit https://ift.tt/2G4pMw8

Comment Installer Tor sur Kali Linux 4.14.x How to Install Tor on Kali Linux 4.14.x
https://ift.tt/2jNSOHC

Submitted May 11, 2018 at 04:49PM by espion7
via reddit https://ift.tt/2G61UZ8

Evolution of 3GPP over-the-air security
https://ift.tt/2IdVCbE

Submitted May 11, 2018 at 05:50PM by nikolax99
via reddit https://ift.tt/2wxdDQT

Not Your Server, But Still Your Code (serverless security LA)
https://sprky.co/talks/

Submitted May 11, 2018 at 06:43PM by sprkyco
via reddit https://ift.tt/2IekRuz

Security In 5: Episode 236 - Tools, Tips and Tricks - OpenVAS
https://ift.tt/2G5fOL5

Submitted May 11, 2018 at 06:39PM by BinaryBlog
via reddit https://ift.tt/2jQBd1S

How to install Tor on Kali Linux 4.14.x (and other Linux versions)
https://ift.tt/2G7FBSK

Submitted May 11, 2018 at 07:26PM by espion7
via reddit https://ift.tt/2jNBZfX

SMB hash hijacking & user tracking in MS Outlook (CVE-2017-11927 and CVE-2017-8572)
https://ift.tt/2KbJ6tF

Submitted May 11, 2018 at 09:43PM by digicat
via reddit https://ift.tt/2rCBokP

Google may share your email address with malicious websites
https://ift.tt/2KUYtrU

Submitted May 11, 2018 at 10:47PM by albinowax
via reddit https://ift.tt/2G5WAF9

Launching a Public HackerOne Vulnerability Disclosure Program
https://ift.tt/2wy5mw3

Submitted May 11, 2018 at 11:02PM by jamieweb
via reddit https://ift.tt/2KbbFHN

Federal government claims DCNS data leak has 'no bearing' on Australia
https://ift.tt/2bC0tHN

Submitted May 12, 2018 at 12:58AM by dengorilla1
via reddit https://ift.tt/2KbwjaP

The private key of an SSL certificate that belongs to a brazilian bank has been leaked. What are the risks?
Some background first: last week, some data from a Brazilian bank named Inter was rumored to have been leaked. That included personal data, documents, transaction logs, credit card passwords, everything a bank could possibly have, including the certificate's private key. The bank denied everything.Two days ago some guy showed up on r/brasil claiming he obtained the private key from somewhere public, which he did not disclose. Someone suggested that he signed a message to prove he had it, which he successfully did and can be verified here. It's worth noting that the certificate in question had been replaced on the website in march but did not expire and was still valid.The obvious reaction to this would be for the bank to ask for the revocation to the Certificate Authority, in this case, Go Daddy. The surprising thing is: it's been more than 48 hours since this went public and the certificate has not been revoked yet. The bank is dead silent about this.Considering the keys have fallen in malicious hands which intends to do man-in-the-middle attacks, what are the possible attack vectors from which this is possible? I know DNS spoofing is a possibility. Are there other types of attacks which can originate from this? Some relatives have bank accounts there and are worried. Thanks in advance.

Submitted May 12, 2018 at 12:40AM by Capable_Professional
via reddit https://ift.tt/2rADnGT

Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
https://ift.tt/2KS01CO

Submitted May 12, 2018 at 02:16AM by powershelltutorials
via reddit https://ift.tt/2rBMR41

How does ROCA affect Windows secure boot?
I've been doing some research on the Infineon vulnerability known as ROCA over the last few days. As I understand it, the vulnerability is present when a TPM running vulnerable firmware generates an RSA key. At that point, the public key can be used to derive the private key. My question, however, is how this affects secure boot in current versions of Windows. As far as I know, the TPM does not perform any key generation for secure boot and the secure boot keys are managed by Microsoft. Therefor, as far as the end user is concerned, ROCA isn't really relevant in the context of secure boot. Is this correct?

Submitted May 12, 2018 at 02:27AM by RoaringTrash
via reddit https://ift.tt/2G9tPXV

Baltimore Police Can't Explain Why Their All-Seeing Spy Planes Were Kept Secret
https://ift.tt/2bYI33a

Submitted May 12, 2018 at 04:12AM by dengorilla1
via reddit https://ift.tt/2IhdJgK

CVE-2018-1000136 - Electron nodeIntegration Bypass (RCE)
https://ift.tt/2Icnm0h

Submitted May 12, 2018 at 07:44AM by Gallus
via reddit https://ift.tt/2Ictgyt

Google Duplex Abuse
With all great technology comes the dark side. The demo was pretty impressive but I could imagine this being used for mass scale nefarious activities. A call spammer was just slapped with a big fine for a pretty simple recorded message. Imagine the level of sophistication these attacks could now leverage using something like Duplex for their robo calls.Google mentioned they would have a notification system to ensure the receiver knows the call is being recorded and their interacting with AI but if this becomes adopted for consumer services most people will become numb to that warning.Thoughts? :)

Submitted May 12, 2018 at 06:19AM by mactalker
via reddit https://ift.tt/2IfJvLa