Bypass Mac Filter Of any Wireless Network and Connect To It
https://ift.tt/2IN1b0V
Submitted May 25, 2018 at 08:24PM by vortex1000
via reddit https://ift.tt/2INDqWH
https://ift.tt/2IN1b0V
Submitted May 25, 2018 at 08:24PM by vortex1000
via reddit https://ift.tt/2INDqWH
Hack My Device
Spoof Mac Address:How To Bypass Mac Filter In Kali And Android
Detecting Lies through Mouse Movements
https://ift.tt/2LvnFp2
Submitted May 25, 2018 at 08:42PM by volci
via reddit https://ift.tt/2sdVl2D
https://ift.tt/2LvnFp2
Submitted May 25, 2018 at 08:42PM by volci
via reddit https://ift.tt/2sdVl2D
reddit
r/security - Detecting Lies through Mouse Movements
7 votes and 1 comment so far on Reddit
Wireless Carrier Abuse Of Location Data Makes The Facebook, Cambridge Scandal Look Like Amateur Hour
https://ift.tt/2IQAKY4
Submitted May 25, 2018 at 08:40PM by volci
via reddit https://ift.tt/2J9RNbm
https://ift.tt/2IQAKY4
Submitted May 25, 2018 at 08:40PM by volci
via reddit https://ift.tt/2J9RNbm
Techdirt.
Wireless Carrier Abuse Of Location Data Makes The Facebook, Cambridge Scandal Look Like Amateur Hour
As we've noted a few times now, however bad the recent Facebook and Cambridge Analytica scandal was, the nation's broadband...
Intel's 'Virtual Fences' Spectre Fix Won't Protect Against Variant 4
https://ift.tt/2koYRCX
Submitted May 25, 2018 at 08:40PM by volci
via reddit https://ift.tt/2KUt484
https://ift.tt/2koYRCX
Submitted May 25, 2018 at 08:40PM by volci
via reddit https://ift.tt/2KUt484
The first stop for security news | Threatpost
Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4
Spectre and Meltdown fixes for Intel chips announced in March, to be embedded into new CPUs, do not address the newly disclosed Variant 4, sources said.Intel introduced hardware-based safeguards t
How to make an online vault at my web host or cloud storage?
How can I make my sensitive files unreadable on a web host or service similar to Dropbox (if account being compromised).I’m think something like an encryption and decryption program that store files though SFTP to my web host or save to Dropbox or maybe mega, and support both macOS and iOS.Did anyone know a working secure solution?
Submitted May 25, 2018 at 08:32PM by pbni6n
via reddit https://ift.tt/2J8sjuP
How can I make my sensitive files unreadable on a web host or service similar to Dropbox (if account being compromised).I’m think something like an encryption and decryption program that store files though SFTP to my web host or save to Dropbox or maybe mega, and support both macOS and iOS.Did anyone know a working secure solution?
Submitted May 25, 2018 at 08:32PM by pbni6n
via reddit https://ift.tt/2J8sjuP
reddit
How to make an online vault at my web host or cloud... • r/security
How can I make my sensitive files unreadable on a web host or service similar to Dropbox (if account being compromised). I’m think something like...
Split single file to multiple unreadable files for security
Is there a iOS/macOS app that can split a single (maybe encrypted file like .dmg, .zip, or just plain unencrypted .txt) file into multiple files (and perhaps encrypt each files on the end)?Maybe even can automatically store those files to different cloud/physical storages. And when I need my original file, the app can automatically retrieve all those files from multiple location.
Submitted May 25, 2018 at 09:56PM by pbni6n
via reddit https://ift.tt/2LvUuC3
Is there a iOS/macOS app that can split a single (maybe encrypted file like .dmg, .zip, or just plain unencrypted .txt) file into multiple files (and perhaps encrypt each files on the end)?Maybe even can automatically store those files to different cloud/physical storages. And when I need my original file, the app can automatically retrieve all those files from multiple location.
Submitted May 25, 2018 at 09:56PM by pbni6n
via reddit https://ift.tt/2LvUuC3
reddit
Split single file to multiple unreadable files for... • r/security
Is there a iOS/macOS app that can split a single (maybe encrypted file like .dmg, .zip, or just plain unencrypted .txt) file into multiple files...
Looking for a secure way to store all my important files online for ease access.
Is there an iOS/macOS app that can separate a file to multiple incomplete encrypted files and store them to multiple cloud (Dropbox like or remote server via SFTP/WebDAV)/physical storage for safe keeping.Like Cryptomator but with more security measures.Of course, any other crazy pretty much uncrackable way to store sensitive information online are welcome too.Thanks everyone!Oh, put in a physical drive is not a good option for me, even if both file and disk are encrypted.
Submitted May 25, 2018 at 10:47PM by pbni6n
via reddit https://ift.tt/2J3MR7B
Is there an iOS/macOS app that can separate a file to multiple incomplete encrypted files and store them to multiple cloud (Dropbox like or remote server via SFTP/WebDAV)/physical storage for safe keeping.Like Cryptomator but with more security measures.Of course, any other crazy pretty much uncrackable way to store sensitive information online are welcome too.Thanks everyone!Oh, put in a physical drive is not a good option for me, even if both file and disk are encrypted.
Submitted May 25, 2018 at 10:47PM by pbni6n
via reddit https://ift.tt/2J3MR7B
reddit
Looking for a secure way to store all my important... • r/security
Is there an iOS/macOS app that can separate a file to multiple incomplete encrypted files and store them to multiple cloud (Dropbox like or remote...
FBI tells router users to reboot now to kill malware infecting 500k devices
https://ift.tt/2JaYs57
Submitted May 26, 2018 at 12:33AM by ResponsibleThomas
via reddit https://ift.tt/2LxyEhw
https://ift.tt/2JaYs57
Submitted May 26, 2018 at 12:33AM by ResponsibleThomas
via reddit https://ift.tt/2LxyEhw
Ars Technica
FBI tells router users to reboot now to kill malware infecting 500k devices
Feds take aim at potent VPNFilter malware allegedly unleashed by Russia.
I'm really glad GDPR is here, yet, this is only another step forward to really grasping what companies are doing with your private life
I'm really tired of EULA's, of the "disclosing information", of the "sharing information", of the "collecting information"... Really, fucking, tired. Now, with this regulation we are even more conscious about the crap of it all.Companies simply collect information because they WANT, not because is needed. They have been doing this for more than a decade now with the boom of social networks. Why? Why the fuck have we allowed these people to get into our lifes like this? More like "why", "how"?It's actually really simple. Back then, nobody actually informed people about what they did with all the data. And now, as I said, we are just grasping what they actually do with all of it.What do people need REALLY think is this. For example: Netflix>collects data about the programmes you watch. Why? Why the hell do they need to do that? Why? They actually don't "need" it, they do it because we allow it. Becuase it's "how it works" https://help.netflix.com/legal/privacy But this happens with any other stream service, like Amazon Prime, and so on and forth. EVERYONE does it.Again, do they need to do it? No, they simply do it because it's "their agreement with you".Goverments need to start (and fucking soon) to enforce companies to NOT collect personal data, to NOT store usage data. It's not about "telling" us what they collect, is about STOPPING them from collecting that data. The law is the only way to stop companies from doing whatever the fuck they want. And it's not about "don't like it, don't use it". This is getting to all areas of entertainment, businesses, social networks, shopping, job hunting, and so on. Are you going to unplug yourself from everything just so they don't collect information from you? Are you going to go living in the wilderness now? Is not about "I don't have secrets", (ff you think like that still, you really need to get educated elsewhere...), is about your private life and your family's.When you used to watch the analog TV, nobody would know what you were watching, what music you were listening on the radio or what cassette tape you would be playing. Now Spotify knows it, shares it with Facebook, hell, it will even tell all your friends that you love Madonna automatically. Now everything can be monitored, stored and kept under crontrol. Information control, people control... Certain videogame designer was very right about all this crap 15 years ago.Companies 20-15 years ago would ASK you to perform a survey to get to know what you like. It was VOLUNTARY. Now, everything they collect is forced to you via an EULA, a Privacy Policy, an User Agreement.This has to stop and will stop, because people is getting educated about this and people will get tired of all this BS.
Submitted May 26, 2018 at 12:57AM by JAD2017
via reddit https://ift.tt/2KX3LSX
I'm really tired of EULA's, of the "disclosing information", of the "sharing information", of the "collecting information"... Really, fucking, tired. Now, with this regulation we are even more conscious about the crap of it all.Companies simply collect information because they WANT, not because is needed. They have been doing this for more than a decade now with the boom of social networks. Why? Why the fuck have we allowed these people to get into our lifes like this? More like "why", "how"?It's actually really simple. Back then, nobody actually informed people about what they did with all the data. And now, as I said, we are just grasping what they actually do with all of it.What do people need REALLY think is this. For example: Netflix>collects data about the programmes you watch. Why? Why the hell do they need to do that? Why? They actually don't "need" it, they do it because we allow it. Becuase it's "how it works" https://help.netflix.com/legal/privacy But this happens with any other stream service, like Amazon Prime, and so on and forth. EVERYONE does it.Again, do they need to do it? No, they simply do it because it's "their agreement with you".Goverments need to start (and fucking soon) to enforce companies to NOT collect personal data, to NOT store usage data. It's not about "telling" us what they collect, is about STOPPING them from collecting that data. The law is the only way to stop companies from doing whatever the fuck they want. And it's not about "don't like it, don't use it". This is getting to all areas of entertainment, businesses, social networks, shopping, job hunting, and so on. Are you going to unplug yourself from everything just so they don't collect information from you? Are you going to go living in the wilderness now? Is not about "I don't have secrets", (ff you think like that still, you really need to get educated elsewhere...), is about your private life and your family's.When you used to watch the analog TV, nobody would know what you were watching, what music you were listening on the radio or what cassette tape you would be playing. Now Spotify knows it, shares it with Facebook, hell, it will even tell all your friends that you love Madonna automatically. Now everything can be monitored, stored and kept under crontrol. Information control, people control... Certain videogame designer was very right about all this crap 15 years ago.Companies 20-15 years ago would ASK you to perform a survey to get to know what you like. It was VOLUNTARY. Now, everything they collect is forced to you via an EULA, a Privacy Policy, an User Agreement.This has to stop and will stop, because people is getting educated about this and people will get tired of all this BS.
Submitted May 26, 2018 at 12:57AM by JAD2017
via reddit https://ift.tt/2KX3LSX
reddit
r/security - I'm really glad GDPR is here, yet, this is only another step forward to really grasping what companies are doing with…
3 votes and 0 so far on reddit
A friend has a very suspicious issue on her sprint iphone. Where should I ask about it? (if not here)
This didn't seem to break the rules, I'm sorry if it does.A friend sent a text message from her iphone which, when reaching the recipient, created a group chat. The 3rd party was an email address, at "internal.com."The email domain is actually sprint.internal.com which has nothing to do with sprint.The whois and other linked sites are extremely sketchy and they look intentionally fake--but the addresses have been registered forever. They include *very* desirable URLs actually--Anything.com, friend.com , kitchen.com, woman.com, medicine.com ..quite a few more...In general the rabbit hole dive is fascinating. There's no direct pitch to sell these domains, and there's no real site--it's *meant* to look like a real website--but it's clearly not. They're registered in St. Kitts, which clearly point so a shell corporation...Thanks or I'm sorry, whichever is appropriate! :)
Submitted May 26, 2018 at 01:53AM by CoryTV
via reddit https://ift.tt/2ILAjyp
This didn't seem to break the rules, I'm sorry if it does.A friend sent a text message from her iphone which, when reaching the recipient, created a group chat. The 3rd party was an email address, at "internal.com."The email domain is actually sprint.internal.com which has nothing to do with sprint.The whois and other linked sites are extremely sketchy and they look intentionally fake--but the addresses have been registered forever. They include *very* desirable URLs actually--Anything.com, friend.com , kitchen.com, woman.com, medicine.com ..quite a few more...In general the rabbit hole dive is fascinating. There's no direct pitch to sell these domains, and there's no real site--it's *meant* to look like a real website--but it's clearly not. They're registered in St. Kitts, which clearly point so a shell corporation...Thanks or I'm sorry, whichever is appropriate! :)
Submitted May 26, 2018 at 01:53AM by CoryTV
via reddit https://ift.tt/2ILAjyp
Outsourced Coders - What to do if they go rogue?
Hello there all,I have a client that is US based, and an outsourced coding vendor from India. One of the programming staff went rogue and locked the customer out of their code. We were able to get everything back for them, but ... is there ANYTHING that a US based legal response could do at all? We have secured everything to prevent future harm, including analyzing for backdoors (we found 1). But the client wants to pursue legally, and I just don't think it's even worth it.I'd love to hear more if anyone has ideas or thinks otherwise.Thanks!
Submitted May 26, 2018 at 01:46AM by jkeegan123
via reddit https://ift.tt/2xjVTce
Hello there all,I have a client that is US based, and an outsourced coding vendor from India. One of the programming staff went rogue and locked the customer out of their code. We were able to get everything back for them, but ... is there ANYTHING that a US based legal response could do at all? We have secured everything to prevent future harm, including analyzing for backdoors (we found 1). But the client wants to pursue legally, and I just don't think it's even worth it.I'd love to hear more if anyone has ideas or thinks otherwise.Thanks!
Submitted May 26, 2018 at 01:46AM by jkeegan123
via reddit https://ift.tt/2xjVTce
reddit
r/security - Outsourced Coders - What to do if they go rogue?
1 votes and 0 so far on reddit
RDP Brute force attacks using real name?
Hello,I'm not entirely sure this subreddit is the right one, but if you can suggest another one that's more appropriate, let me know.Here goes...sorry for the book.As some quick background, I'm in IT, web development background, infrastructure experience over the past 15 years, fairly experienced with AD security policies, basic intrusion detection (via Splunk), and I have a fairly basic home network. Anyway, I'm sure this is a bad practice, but I've had port forwarding setup for several years now so that I can RDP to my PC and my wife's. We use non-default RDP ports (I know that's not security, and I really do it so that we can have the same external IP with diff ports go to diff internal IPs on 3389). I keep strong passwords on my admin accounts, and change them pretty infrequently.In our PCs, I do have failure auditing enabled, and I occasionally review security event logs. I've seen the brute force attempts to login, and usually ignore it because it was always using default users names (Administrator, Backup, Copier, Warehouse, User1)...stuff like that.Anyway, I recently rebuilt my PC and had forgotten to enable failure auditing for a few weeks. When I did, I took a look at the event logs and was shocked when I saw my family members' real names being used to try and login. I see these attempts using all of my family members real names, from multiple foreign IP addresses. Interestingly, in one case, they even misspelled my daughter's name (instead of Jane Smith, for example, it was Jane Smlth). These real names are in no way actual accounts on my PC. Amazingly, they have all of our real names -- I'm probably the outlier in our family and I rarely if ever go on social media -- so I've no idea how they did this.So, now my question...has anyone seen anything like this before? I'm really surprised that someone would be able to track down our real names and correlate them with our public IP address from our cable internet provider (which changes infrequently admittedly, but has changed). Any ideas or have you seen this as well?In the meantime, I did setup a scheduled task that blackholes failed login attempts from the same IP, so there's that...Thanks in advance...
Submitted May 26, 2018 at 05:15AM by kevlav84
via reddit https://ift.tt/2KTnItC
Hello,I'm not entirely sure this subreddit is the right one, but if you can suggest another one that's more appropriate, let me know.Here goes...sorry for the book.As some quick background, I'm in IT, web development background, infrastructure experience over the past 15 years, fairly experienced with AD security policies, basic intrusion detection (via Splunk), and I have a fairly basic home network. Anyway, I'm sure this is a bad practice, but I've had port forwarding setup for several years now so that I can RDP to my PC and my wife's. We use non-default RDP ports (I know that's not security, and I really do it so that we can have the same external IP with diff ports go to diff internal IPs on 3389). I keep strong passwords on my admin accounts, and change them pretty infrequently.In our PCs, I do have failure auditing enabled, and I occasionally review security event logs. I've seen the brute force attempts to login, and usually ignore it because it was always using default users names (Administrator, Backup, Copier, Warehouse, User1)...stuff like that.Anyway, I recently rebuilt my PC and had forgotten to enable failure auditing for a few weeks. When I did, I took a look at the event logs and was shocked when I saw my family members' real names being used to try and login. I see these attempts using all of my family members real names, from multiple foreign IP addresses. Interestingly, in one case, they even misspelled my daughter's name (instead of Jane Smith, for example, it was Jane Smlth). These real names are in no way actual accounts on my PC. Amazingly, they have all of our real names -- I'm probably the outlier in our family and I rarely if ever go on social media -- so I've no idea how they did this.So, now my question...has anyone seen anything like this before? I'm really surprised that someone would be able to track down our real names and correlate them with our public IP address from our cable internet provider (which changes infrequently admittedly, but has changed). Any ideas or have you seen this as well?In the meantime, I did setup a scheduled task that blackholes failed login attempts from the same IP, so there's that...Thanks in advance...
Submitted May 26, 2018 at 05:15AM by kevlav84
via reddit https://ift.tt/2KTnItC
reddit
r/security - RDP Brute force attacks using real name?
1 votes and 0 so far on reddit
mquery: Blazingly fast Yara queries for malware analysts
https://ift.tt/2ILJGSD
Submitted May 26, 2018 at 12:08PM by digicat
via reddit https://ift.tt/2s72KRe
https://ift.tt/2ILJGSD
Submitted May 26, 2018 at 12:08PM by digicat
via reddit https://ift.tt/2s72KRe
GitHub
CERT-Polska/mquery
mquery - YARA malware query accelerator (web frontend)
Apple ID is being used to sign in to a new device in China. I live in Hawaii. I have 2-Factor Identification on all accounts and devices. Should I be concerned/change anything?
https://ift.tt/2KWu63q
Submitted May 26, 2018 at 03:11PM by jakes_tornado
via reddit https://ift.tt/2Lw4rzB
https://ift.tt/2KWu63q
Submitted May 26, 2018 at 03:11PM by jakes_tornado
via reddit https://ift.tt/2Lw4rzB
FBI to America: Reboot Your Routers, Right Now
https://ift.tt/2IP0F2o
Submitted May 26, 2018 at 01:48PM by absolufreak
via reddit https://ift.tt/2ksAx33
https://ift.tt/2IP0F2o
Submitted May 26, 2018 at 01:48PM by absolufreak
via reddit https://ift.tt/2ksAx33
Popular Mechanics
FBI to America: Reboot Your Routers, Right Now
There's a sneaky bit of malware going around.
Jamming Anybody's Wifi by DDOS Attacj
https://ift.tt/2sf15YS
Submitted May 26, 2018 at 12:41PM by vortex1000
via reddit https://ift.tt/2KVzzaN
https://ift.tt/2sf15YS
Submitted May 26, 2018 at 12:41PM by vortex1000
via reddit https://ift.tt/2KVzzaN
Hack My Device
Jamming Wifi Service: How To Perform DDOS Attack Or Jam A Wireless Network
Activists use Social Engineering to bust a child porn group on Telegram
https://ift.tt/2GyNPU1
Submitted May 26, 2018 at 04:15PM by TelegramParanoidMode
via reddit https://ift.tt/2JaD7sc
https://ift.tt/2GyNPU1
Submitted May 26, 2018 at 04:15PM by TelegramParanoidMode
via reddit https://ift.tt/2JaD7sc
FactorDaily
How the fight against child porn took two ordinary men to the internet's darkest corners | FactorDaily
Neither are programmers or hackers, but through a deep understanding of Telegram’s strengths and weaknesses and a heavy dollop of social engineering, they laid the perfect trap.
Do you think GDPR help improve data privacy and security all around the world?
http://www.eweek.com/security/gdpr-day-1-litigating-the-right-to-data-privacy
Submitted May 26, 2018 at 05:50PM by aracelijerome
via reddit https://ift.tt/2ISasF7
http://www.eweek.com/security/gdpr-day-1-litigating-the-right-to-data-privacy
Submitted May 26, 2018 at 05:50PM by aracelijerome
via reddit https://ift.tt/2ISasF7
eWEEK
GDPR Day 1: Litigating the Right to Data Privacy
The General Data Protection Regulation is the most contested law in the E.U.’s history, and we've only touched the surface of its influence.
Security concern about email services and providers
Is there any free email service that does not delete user account, ever?I'm certain that one of the highest security risk of email accounts is the removing of account after an inactivity period, because of the other services registered with that email address. Usually you won't be able to change anything on you other services, because you can not confirm changes by email ever again. And you can not recover those other accounts (in case of lost password, etc.). And on top of that if someone registers your old address, then he can get your password or reset your password to those services.I know, there are several services with 180 days inactivity periods (gmail perhaps 18 months), and paid services/accounts never will be cancelled, but what if the account owner gets a stroke and hospitalized for a long time (can not pay or login)?
Submitted May 26, 2018 at 07:43PM by Erdoe
via reddit https://ift.tt/2LyRNQq
Is there any free email service that does not delete user account, ever?I'm certain that one of the highest security risk of email accounts is the removing of account after an inactivity period, because of the other services registered with that email address. Usually you won't be able to change anything on you other services, because you can not confirm changes by email ever again. And you can not recover those other accounts (in case of lost password, etc.). And on top of that if someone registers your old address, then he can get your password or reset your password to those services.I know, there are several services with 180 days inactivity periods (gmail perhaps 18 months), and paid services/accounts never will be cancelled, but what if the account owner gets a stroke and hospitalized for a long time (can not pay or login)?
Submitted May 26, 2018 at 07:43PM by Erdoe
via reddit https://ift.tt/2LyRNQq
reddit
r/security - Security concern about email services and providers
1 votes and 2 so far on reddit
An NSA-derived ransomware worm is shutting down computers worldwide
https://ift.tt/2qamUcy
Submitted May 27, 2018 at 12:13AM by dengorilla1
via reddit https://ift.tt/2INXnMN
https://ift.tt/2qamUcy
Submitted May 27, 2018 at 12:13AM by dengorilla1
via reddit https://ift.tt/2INXnMN
Ars Technica
An NSA-derived ransomware worm is shutting down computers worldwide
Wcry uses weapons-grade exploit published by the NSA-leaking Shadow Brokers.
Hey everyone,
I've removed posts from /r/security as it wasn't sharing useful information and /r/netsec covers pretty much everything.
I've removed posts from /r/security as it wasn't sharing useful information and /r/netsec covers pretty much everything.