recentpopularlog in

security

« earlier   
Remove yourself from people search sites and erase your online presence | ZDNet
Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.
privacy  security  socialmedia  article 
3 minutes ago by cyberchucktx
TweetNaCl.js
Port of TweetNaCl / NaCl to JavaScript for modern browsers and Node.js. Public domain.

The primary goal of this project is to produce a translation of TweetNaCl to JavaScript which is as close as possible to the original C implementation, plus a thin layer of idiomatic high-level API on top of it.
NaCl  security  JavaScript  cryptography 
2 hours ago by lidel
Android and Google Play Security Rewards Programs surpass $3M in payouts • Google Online Security Blog
Jason Woloz and Mayank Jain are on the Android Security & Privacy team:
<p>In the ASR program's third year, we received over 470 qualifying vulnerability reports from researchers and the average pay per researcher jumped by 23%. To date, the ASR program has rewarded researchers with over $3M, paying out roughly $1M per year.

Here are some of the highlights from the Android Security Rewards program's third year:<br /> • There were no payouts for our highest possible reward: a complete remote exploit chain leading to TrustZone or Verified Boot compromise.<br />• 99 individuals contributed one or more fixes.<br />• The ASR program's reward averages were $2,600 per reward and $12,500 per researcher.<br />• Guang Gong received our highest reward amount to date: $105,000 for his submission of a <a href="https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html">remote exploit chain</a>.</p>


That's quite a healthy average payout; some way short of earning a living, but if you were to do this across multiple platforms (Google, Facebook, Twitter, Uber, Apple, Microsoft all have bug bounty programs, as do others) then you could.

The question is, is the value of these exploits as paid by Google greater than their market value?
google  security  bugbounty 
3 hours ago by charlesarthur
Thirty Years Later: Lessons from the Multics Security Evaluation - Paul A. Karger, Roger R. Schell
a retrospective of the paper that suggested the "Reflections on Trusting Trust" hack to Thompson
security  os  multics 
4 hours ago by daniel.c.mccarthy
FuzzySecurity | Windows Userland Persistence Fundamentals
This tutorial will cover several techniques that can be used to gain persistent access to Windows machines. Usually this doesn't enter into play during a pentest (with the exception of red team engagements) as there is no benefit to adding it to the scope of the project. That is not to say it is not an interesting subject, both from a defensive and offensive perspective.
persistence  windows  pentest  redteam  security 
5 hours ago by whip_lash
BeyondCorp - Enterprise Security  |  Google Cloud
Move security into devices and users instead of a VPN.
High-level Components of BeyondCorp: Single sign-on, access proxy, access control engine, user inventory, device inventory, security policy, trust repository
google  security 
5 hours ago by jojobong

Copy this bookmark:





to read