Native Android Proxmark3 client (rootless)
https://ift.tt/2wqroyi

Submitted August 29, 2018 at 07:17PM by doylersec
via reddit https://ift.tt/2PeFxpa

WebAuthn Cryptography Flaws Round 2: IBM's ECDAA implementation
Hi /r/netsec!This is a follow-up to my previous submission about Security Concerns Surrounding WebAuthn, which dove into the cryptography protocol design of ECDAA (a FIDO Alliance design which WebAuthn explicitly adds as a reserved COSE algorithm).I looked at the ECDAA implementation published on Github under the IBM-Research organization and discovered that they're just using BigInteger.mod(), which will produced biased output (unless you're using a curve whose order is a Mersenne prime). Given that IBM employees were the co-authors of the ECDAA specification, I'm led to believe that the IBM-Research repository is somewhat official.I reported this on Github, of course: https://github.com/ibm-research/ecdaa/issues/5While I'm excited about the prospect of hardware-based 2FA (or even WebAuthn-powered single factor to eliminate passwords in corporate settings), the cryptography they're trying to standardize is too error-prone. We shouldn't trust it until these flaws are remedied.

Submitted August 29, 2018 at 08:48PM by sarciszewski
via reddit https://ift.tt/2BUGr8o

We Are Motherboard's Infosec Reporters: Let's Talk Journalism and "Cyber." Ask Us Anything!
We are Lorenzo Franceschi-Bicchierai and Joseph Cox. We cover infosec and hacking for Motherboard, VICE Media's tech and science website. Over the years, we have written about government hacking, consumer spyware, surveillance technology, cybercrime, and a loooooot of data breaches.Recently, we've been digging into SIM swapping scams, the iPhone zero-day market, the mysterious group doxing Chinese government hackers, and Facebook's impossible problem: content moderation.Today we will stand on the other side and take questions about how we pick stories, how we report articles, how we verify hacked or leaked data, and anything in between.Proof: https://i.redd.it/ojzd8pgcivi11.jpg

Submitted August 29, 2018 at 08:33PM by motherboard
via reddit https://ift.tt/2omeJrI

BYOB (Build Your Own Botnet)
https://ift.tt/2o2lJKj

Submitted August 29, 2018 at 09:28PM by PoonSafari
via reddit https://ift.tt/2wnLqcI

Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’
https://ift.tt/2NxZt5R

Submitted August 30, 2018 at 12:24AM by hackers_and_builders
via reddit https://ift.tt/2LDTavO

Why ‘She Hacks PURPLE’? – SheHacksPurple – Medium
https://ift.tt/2Nw9P6n

Submitted August 30, 2018 at 04:10AM by shehackspurple
via reddit https://ift.tt/2NvTL4E

Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489]
https://ift.tt/2PNqKTr

Submitted August 30, 2018 at 05:50AM by nightwatchcyber
via reddit https://ift.tt/2PJE3o5

Air Canada says mobile app breach may affect up to 20,000 customers
https://ift.tt/2wtXXeF

Submitted August 30, 2018 at 12:39PM by rsossl
via reddit https://ift.tt/2wxsFTs

NoDDOS: open-source OpenWRT + Linux system for network device profiling
https://www.noddos.io/

Submitted August 30, 2018 at 03:22PM by unquietwiki
via reddit https://ift.tt/2LEuXpp

How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
https://ift.tt/2o2odIo

Submitted August 30, 2018 at 01:45PM by hakluke
via reddit https://ift.tt/2NzDdsm

LAteral Movement Encryption technique (a.k.a. The "LAME" technique)
https://ift.tt/2onCJLd

Submitted August 30, 2018 at 08:22PM by ivoluti0n
via reddit https://ift.tt/2LDU23G

Firework - Leveraging Microsoft Workspaces in a Penetration Test
https://ift.tt/2PmbnR2

Submitted August 30, 2018 at 08:58PM by greenwolf247
via reddit https://ift.tt/2MCTYGW

Building the security operations center of tomorrow—harnessing the law of data gravity
https://ift.tt/2LFhDBa

Submitted August 30, 2018 at 09:46PM by myinnerbanjo
via reddit https://ift.tt/2PPfHcz

0patch beats Microsoft to patching Windows 10 task scheduler 0-day vulnerability
https://ift.tt/2PkBLum

Submitted August 30, 2018 at 09:27PM by wehavetogobackmorty
via reddit https://ift.tt/2okGBwq

Vulnhub - Lampiao walkthrough
https://ift.tt/2PiFdWE

Submitted August 30, 2018 at 10:21PM by nishaanthguna
via reddit https://ift.tt/2NagxlP

CVE-2018-8284: Bypassing Workflows Protection Mechanisms - Remote Code Execution on SharePoint
https://ift.tt/2LCBcdi

Submitted August 31, 2018 at 12:28AM by digicat
via reddit https://ift.tt/2ooGxvq

So Google starts to support The FIDO U2F 2FA, but only after offering their own branded Dongle. It is made in China Too.
https://ift.tt/2BZWW3l

Submitted August 31, 2018 at 02:38AM by LinearFluid
via reddit https://ift.tt/2MGtCn6

Differential Malware Analysis: An Example | NVISO Labs
https://ift.tt/2LIQInL

Submitted August 31, 2018 at 01:59PM by daanraman
via reddit https://ift.tt/2wAndyX

SonarSnoop: Active Acoustic Side-Channel Attacks
https://ift.tt/2Ca3LPA

Submitted August 31, 2018 at 03:09PM by Natanael_L
via reddit https://ift.tt/2NAPFs1

How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
https://ift.tt/2wuffIy

Submitted August 31, 2018 at 07:01PM by 0patch
via reddit https://ift.tt/2PnQFjB

How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
https://ift.tt/2wuffIy

Submitted August 31, 2018 at 07:01PM by 0patch
via reddit https://ift.tt/2PnQFjB