OpenMediaVault NAS setup, can internet facing services be hosted on same VM (in docker containers)?
https://ift.tt/2s82Gj9
Submitted May 23, 2018 at 11:45PM by proxfire44
via reddit https://ift.tt/2kiYSrL
https://ift.tt/2s82Gj9
Submitted May 23, 2018 at 11:45PM by proxfire44
via reddit https://ift.tt/2kiYSrL
reddit
OpenMediaVault NAS setup, can internet facing... • r/HomeNetworking
I recently setup an OpenMediaVault VM to use as a NAS and possibly host some services \(personal cloud, media server, music streaming, torrent...
PassProtect - Proactive Web Security
https://ift.tt/2IZVAYG
Submitted May 24, 2018 at 12:40AM by rdegges
via reddit https://ift.tt/2J4u8sK
https://ift.tt/2IZVAYG
Submitted May 24, 2018 at 12:40AM by rdegges
via reddit https://ift.tt/2J4u8sK
Okta
Announcing PassProtect - Proactive Web Security | Okta Developer
A look at our new developer library (and browser extension): PassProtect. PassProtect integrates with haveibeenpwned to check credentials you use against breached data lists, and notifies you when something bad happens.
Can a USB DVD reader/writer get infected once connected to a computer that had many malwares before ? Thanks !
I am reposting this because I did an error in the topic
Submitted May 24, 2018 at 01:39AM by aymanbt
via reddit https://ift.tt/2LpiuXJ
I am reposting this because I did an error in the topic
Submitted May 24, 2018 at 01:39AM by aymanbt
via reddit https://ift.tt/2LpiuXJ
reddit
Can a USB DVD reader/writer get infected once... • r/security
I am reposting this because I did an error in the topic
Exclusive: FBI Seizes Control of Russian Botnet
No text found
Submitted May 24, 2018 at 05:59AM by foucaultyou
via reddit https://ift.tt/2x4nr57
No text found
Submitted May 24, 2018 at 05:59AM by foucaultyou
via reddit https://ift.tt/2x4nr57
reddit
Exclusive: FBI Seizes Control of Russian Botnet • r/security
2 points and 0 comments so far on reddit
Hackers infect 500,000 consumer routers all over the world with malware
https://ift.tt/2IIWOEf
Submitted May 24, 2018 at 04:59AM by fstorino
via reddit https://ift.tt/2IMa62U
https://ift.tt/2IIWOEf
Submitted May 24, 2018 at 04:59AM by fstorino
via reddit https://ift.tt/2IMa62U
Ars Technica
Hackers infect 500,000 consumer routers all over the world with malware
VPNFilter can survive reboots and contains destructive "kill" function.
SSRF in Exchange leads to ROOT access in all instances
https://ift.tt/2KLhEn1
Submitted May 24, 2018 at 09:14AM by 1lastBr3ath
via reddit https://ift.tt/2xaJzLe
https://ift.tt/2KLhEn1
Submitted May 24, 2018 at 09:14AM by 1lastBr3ath
via reddit https://ift.tt/2xaJzLe
HackerOne
Shopify disclosed on HackerOne: SSRF in Exchange leads to ROOT...
Shopify infrastructure is isolated into subsets of infrastructure. @0xacb reported it was possible to gain root access to any container in one particular subset by exploiting a server side request...
Compromising Thousands of Websites Through a CDN
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 06:53AM by justicz
via reddit https://ift.tt/2s2O5q0
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 06:53AM by justicz
via reddit https://ift.tt/2s2O5q0
justi.cz
Compromising Thousands of Websites Through a CDN
tl;dr unpkg.com is a pretty popular CDN for serving up assets from npm packages. I found a vulnerability in a tar implementation that allowed me to write arb...
Ransomeware
After building computers for over 10 years, and seeing a huge number of fraud, and identity theft, and recent events that are not related to this subreddit it got me thinking and me asking questions about both Cyber Security, and Physical security of many "Facility" in America which contain a lot of personal information.Anyways about the Computer Security, I am rather concerned because many "Hospital" and "Doctors Offices" even "Police Departments" have been hit with Ransomware attacks, but my question is how secure are their networks really.Most Facility I have been in only have a few security guards, and all use (Dell Computers) which often have (USB Ports) on them, often they use "Intranet" for their secure network, and run at 5.0 GHZ, while letting everyone else use free public WI-FI, the concern I have is the physical access to these systems is easy enough for anyone to slip a (USB Computer), or Flash Drive into any of these computer systems because unused ports are not powered down, often no one is watching either.. So in theory how easy is it for a facility no names given to have "Ransomware" installed on their system by someone plugging in a USB Drive.. Or having private information of many stolen by someone who uses I think its called a USB Computer with malicious code.Often these computers are basic dell's without any type of real "Anti Virus" or security software installed or properly configured. Another true fact is I have seen at least (3 Routers) which are owned by different facility using (Default User Passwords) in the past was able to login to the entire network configuration page, although this is public internet and couldn't be used to steal information itself, it got me thinking about what if someone had a mini computer plugged in behind one of these computer systems and connected on the network just sending out information for months which could grant it access to the (Intranet) which is supposed to be the secure network no longer secure.Let alone the emploee who work there and could easily compromise persons information by accident, or on purpose.Am I right about this, or am I just too paranoid?https://www.youtube.com/watch?v=pL9q2lOZ1Fw&t=77s^ Like in this video...This doesn't include when people leave your personal information on a computer and anyone can just go look at it who enters the room next like at a "Dentist" for example, but it makes me feel so unsafe.This also brings up the subject on "RF ID" Cards being used for security on most facility, how many Hospital, even Police departments use these in America, as well as many other places, yet cloning a persons ID Card like shown in this video seems to be a serious secuirty issue, so why not have more secure authentication?
Submitted May 24, 2018 at 11:03AM by LilithDragonFlower
via reddit https://ift.tt/2J8FVpI
After building computers for over 10 years, and seeing a huge number of fraud, and identity theft, and recent events that are not related to this subreddit it got me thinking and me asking questions about both Cyber Security, and Physical security of many "Facility" in America which contain a lot of personal information.Anyways about the Computer Security, I am rather concerned because many "Hospital" and "Doctors Offices" even "Police Departments" have been hit with Ransomware attacks, but my question is how secure are their networks really.Most Facility I have been in only have a few security guards, and all use (Dell Computers) which often have (USB Ports) on them, often they use "Intranet" for their secure network, and run at 5.0 GHZ, while letting everyone else use free public WI-FI, the concern I have is the physical access to these systems is easy enough for anyone to slip a (USB Computer), or Flash Drive into any of these computer systems because unused ports are not powered down, often no one is watching either.. So in theory how easy is it for a facility no names given to have "Ransomware" installed on their system by someone plugging in a USB Drive.. Or having private information of many stolen by someone who uses I think its called a USB Computer with malicious code.Often these computers are basic dell's without any type of real "Anti Virus" or security software installed or properly configured. Another true fact is I have seen at least (3 Routers) which are owned by different facility using (Default User Passwords) in the past was able to login to the entire network configuration page, although this is public internet and couldn't be used to steal information itself, it got me thinking about what if someone had a mini computer plugged in behind one of these computer systems and connected on the network just sending out information for months which could grant it access to the (Intranet) which is supposed to be the secure network no longer secure.Let alone the emploee who work there and could easily compromise persons information by accident, or on purpose.Am I right about this, or am I just too paranoid?https://www.youtube.com/watch?v=pL9q2lOZ1Fw&t=77s^ Like in this video...This doesn't include when people leave your personal information on a computer and anyone can just go look at it who enters the room next like at a "Dentist" for example, but it makes me feel so unsafe.This also brings up the subject on "RF ID" Cards being used for security on most facility, how many Hospital, even Police departments use these in America, as well as many other places, yet cloning a persons ID Card like shown in this video seems to be a serious secuirty issue, so why not have more secure authentication?
Submitted May 24, 2018 at 11:03AM by LilithDragonFlower
via reddit https://ift.tt/2J8FVpI
YouTube
Watch hackers break into the US power grid
A power company in the Midwest hired a group of white hat hackers known as RedTeam Security to test its defenses. We followed them around for 3 days, as they...
CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox
https://ift.tt/2Lr8nS1
Submitted May 24, 2018 at 03:05PM by albinowax
via reddit https://ift.tt/2IJsJZ6
https://ift.tt/2Lr8nS1
Submitted May 24, 2018 at 03:05PM by albinowax
via reddit https://ift.tt/2IJsJZ6
mksben.l0.cm
CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox
In this blogpost, I'd like to write about a CSP strict-dynamic bypass vulnerability which is fixed in Firefox 60. https://www.mozilla.org/...
HTTPS Weaknesses
https://ift.tt/2kjkgNE
Submitted May 24, 2018 at 03:14PM by DhoundSecurity
via reddit https://ift.tt/2s8NLFA
https://ift.tt/2kjkgNE
Submitted May 24, 2018 at 03:14PM by DhoundSecurity
via reddit https://ift.tt/2s8NLFA
Medium
HTTPS Weaknesses
Sometimes not technical people selling IT services or products answer the question “How about the reliability of your system?” as follows…
Compromising Thousands of Websites Through a CDN
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 02:54PM by albinowax
via reddit https://ift.tt/2IM3fGB
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 02:54PM by albinowax
via reddit https://ift.tt/2IM3fGB
justi.cz
Compromising Thousands of Websites Through a CDN
tl;dr unpkg.com is a pretty popular CDN for serving up assets from npm packages. I found a vulnerability in a tar implementation that allowed me to write arb...
Video voyeurism bill advances, would expand crime's definition beyond sexual intent
https://ift.tt/2JFLx7O
Submitted May 24, 2018 at 04:34PM by Iot_Security
via reddit https://ift.tt/2IHq1DD
https://ift.tt/2JFLx7O
Submitted May 24, 2018 at 04:34PM by Iot_Security
via reddit https://ift.tt/2IHq1DD
The Advocate
Video voyeurism bill advances, would expand crime's definition beyond sexual intent
A year after a New Orleans plastic surgeon was acquitted on video voyeurism charges for filming patients while nude, lawmakers are advancing a bill to expand the state’s video voyeurism
Keeping your powder coated security screens looking good
https://ift.tt/2sdhBJ8
Submitted May 24, 2018 at 05:23PM by northcoastblinds
via reddit https://ift.tt/2IHFjbu
https://ift.tt/2sdhBJ8
Submitted May 24, 2018 at 05:23PM by northcoastblinds
via reddit https://ift.tt/2IHFjbu
North
Keeping your powdercoated security screens looking good - North
Like many products that are found outdoors, security doors and screens are powdercoated to protect them from the elements and keep them looking good. Other familiar items that have powdercoating include window joinery, entrance or garage doors, letter boxes…
Security In 5: Episode 245 - Improve Your Organization Security Behaviors
https://ift.tt/2GMdeJX
Submitted May 24, 2018 at 06:41PM by BinaryBlog
via reddit https://ift.tt/2sdxxLs
https://ift.tt/2GMdeJX
Submitted May 24, 2018 at 06:41PM by BinaryBlog
via reddit https://ift.tt/2sdxxLs
Libsyn
Security In Five Podcast: Episode 245 - Improve Your Organization Security Behaviors
Security is about people. Your program's effectiveness comes down to the ability of the people following the policies to behave in a secure way. This episode goes into a few tips on how to help an organization improve the security behaviors of the employees. …
Why is TCPcrypt not widely used?
No text found
Submitted May 24, 2018 at 05:56PM by MrEU1
via reddit https://ift.tt/2IE3nMa
No text found
Submitted May 24, 2018 at 05:56PM by MrEU1
via reddit https://ift.tt/2IE3nMa
reddit
Why is TCPcrypt not widely used? • r/security
1 points and 0 comments so far on reddit
Z-Shave - a downgrade attack against the latest Z-Wave security standard
https://ift.tt/2GGI3Qx
Submitted May 24, 2018 at 07:28PM by cybergibbons
via reddit https://ift.tt/2LqQC5t
https://ift.tt/2GGI3Qx
Submitted May 24, 2018 at 07:28PM by cybergibbons
via reddit https://ift.tt/2LqQC5t
Pentestpartners
Z-Shave. Exploiting Z-Wave downgrade attacks | Pen Test Partners
TL;DR: Stronger S2 Z-Wave pairing security process can be downgraded to weak S0, exposing smart devices to compromise. Z-Wave uses a shared network key to secure traffic. This key is exchanged between the controller and the client devices ('nodes') when the…
TR-069: IoT before it was cool! Analysis of TR-069 (TCP 7547) exposure and attacks over time
https://ift.tt/2sbTWIZ
Submitted May 24, 2018 at 09:27PM by kafbas
via reddit https://ift.tt/2knIYfG
https://ift.tt/2sbTWIZ
Submitted May 24, 2018 at 09:27PM by kafbas
via reddit https://ift.tt/2knIYfG
Sec-Consult
TR-069: IoT before it was cool! | SEC Consult
TR-069 is the most widespread IoT management protocol. Most likely, you have a few devices in your home that use it on a daily basis. SEC Consult found some interesting vulnerabilities.
Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)
https://ift.tt/2s5v9H9
Submitted May 24, 2018 at 09:23PM by nibblesec
via reddit https://ift.tt/2sbP5Yh
https://ift.tt/2s5v9H9
Submitted May 24, 2018 at 09:23PM by nibblesec
via reddit https://ift.tt/2sbP5Yh
Doyensec
Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix) · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Scammer demands bitcoin in exchange for safe return of lost Granville County dog
https://ift.tt/2IICczS
Submitted May 24, 2018 at 09:55PM by EvanConover
via reddit https://ift.tt/2KRua4e
https://ift.tt/2IICczS
Submitted May 24, 2018 at 09:55PM by EvanConover
via reddit https://ift.tt/2KRua4e
CBS 17
Scammer demands bitcoin in exchange for safe return of lost Granville County dog
Patricia Howell posted her phone number on the internet, asking for help finding her family's lost dog, but never imagined someone would use it to demand a ransom.
Need help choosing a p/w manager for windows+android
I was using DashLane. I want to like it, but it offers no biometrics functionality for windows like it's android app does.Are there any out there that do? Target functionality is: AES-256 bit, built in password generator, biometrics functionality for both windows and android (desktop has fingerprint scanner, tablet has racial recognition). Browser compatibility should include Chrome and Firefox, and it needs to have some sort of export functionality for backups.Target price point is <75/year for 4 devices
Submitted May 24, 2018 at 10:53PM by SnowDrifter_
via reddit https://ift.tt/2GKAvfn
I was using DashLane. I want to like it, but it offers no biometrics functionality for windows like it's android app does.Are there any out there that do? Target functionality is: AES-256 bit, built in password generator, biometrics functionality for both windows and android (desktop has fingerprint scanner, tablet has racial recognition). Browser compatibility should include Chrome and Firefox, and it needs to have some sort of export functionality for backups.Target price point is <75/year for 4 devices
Submitted May 24, 2018 at 10:53PM by SnowDrifter_
via reddit https://ift.tt/2GKAvfn
reddit
r/security - Need help choosing a p/w manager for windows+android
1 votes and 0 so far on reddit
Automate certificate monitoring with free API – KeyChest
https://ift.tt/2IJw5eP
Submitted May 24, 2018 at 10:55PM by TheUglyStranger
via reddit https://ift.tt/2IGnrxD
https://ift.tt/2IJw5eP
Submitted May 24, 2018 at 10:55PM by TheUglyStranger
via reddit https://ift.tt/2IGnrxD
Magic of Security
Automate certificate monitoring with free API – KeyChest
Our certificate monitoring KeyChest has an initial RESTful API for remote enrolment of new certificates and for checking certificate expiry. Its design supports automation without any initial secur…