recentpopularlog in

garrettc : security   145

« earlier  
Feature policy

Feature Policy allows you to control which origins can use which features, both in the top-level page and in embedded frames. Essentially, you write a policy, which is an allowed list of origins for each feature. For every feature controlled by Feature Policy, the feature is only enabled in the current document or frame if its origin matches the allowed list of origins.
browser  worldwideweb  security  features  testing 
18 days ago by garrettc
How to Find Hidden Cameras and Spy Bugs (The Professional Way) - Sentel Tech Security
How to Find Hidden Cameras and Spy Bugs (The Professional Way) is an in depth guide on how to find and identify hidden cameras, GPS trackers, and secret audio bugs. The guide uses techniques that anyone can use, along with some low cost detectors that will find most any covert bug
guide  privacy  security  surveillance 
9 weeks ago by garrettc
STAMPing on event-stream
"The goal of a STAMP-based analysis is to determine why the events occurred… and to identify the changes that could prevent them and similar events in the future. 1 One of my big heroes is Nancy Leveson, who did a bunch of stuff like the Therac-25 investigation and debunking N-version programming. She studies what makes software unsafe and what we can do about that. More recently she’s advocated the “STAMP model” for understanding systems."
analysis  javascript  security  stamp  rootcauseanalysis 
11 weeks ago by garrettc
A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more.
"This list is a collection of various technology materials. […] It contain a lot of useful information gathered in one piece. It is intended for everyone and anyone - especially for system and network administrators, devops, pentesters or security researchers."
security  resource  list  devops  sysadmin  operatingsystem  unix  linux  windows  macos  networking  ssl  http  https  pentesting 
december 2018 by garrettc
Content Security Policy - An Introduction
"Content Security Policy is delivered via a HTTP response header, much like HSTS, and defines approved sources of content that the browser may load. It can be an effective countermeasure to Cross Site Scripting (XSS) attacks and is also widely supported and usually easily deployed."
http  webdevelopment  csp  security 
december 2018 by garrettc
The Cliff Nest
A sci-fi story with computer security challenges built in.
interactive  fiction  security  computers  programming  inspiration 
november 2018 by garrettc
Advanced web security topics – George's Techblog
"This post discusses web security issues that I come across – so far thankfully mostly by reading about them. It is a work in progress which I’ll keep updating."
IFTTT  Pocket  security  webdevelopment  worldwideweb 
november 2018 by garrettc
Homoglyph Attack Generator and Punycode Converter
Irongeek's Information Security site with tutorials, articles and other information.
security  utf  unicode  generator  homoglyph  punycode 
october 2018 by garrettc
List of development resources
Covers programming, business, theory, gaming, security, and more.
programming  business  security  theory  gaming  cms  networking  devops  sysadmin  resource  list 
october 2018 by garrettc
How to get HTTPS working on your local development environment in 5 minutes
"Almost any website you visit today is protected by HTTPS. If yours isn’t yet, it should be. Securing your server with HTTPS also means that you can’t send requests to this server from one that isn’t protected by HTTPS. This poses a problem for developers who use a local development environment because all of them run on http://localhost out-of-the-box."
webdevelopment  https  security  ssl  tls 
september 2018 by garrettc
The British Airways Breach: How Magecart Claimed 380,000 Victims
RiskIQ data shows Magecart was behind the British Airways breach by compromising javascript on the airline's website with an extremely targeted attack.
security  javascript  britishairways  attack  hack  casestudy  analysis 
september 2018 by garrettc
The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED
It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind. The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor.
IFTTT  Pocket  security 
august 2018 by garrettc
Orbitkey 2.0 Leather
Made from genuine cowhide leather, our classic leather range is created using a unique mix of hand-crafted and highly precise automated processes. It embodies true elegance; with beauty that develops over time. Comes with the premium D-ring attachment.
tobuy  keys  accessories  security 
july 2018 by garrettc
Venmo Stories of 2017
"Personal stories from the public Venmo feed showing how much personal data users share with the world."
security  privacy  socialnetworking  society  venmo 
july 2018 by garrettc
Survey Finds EV Certificates Impact User Confidence, Revenue
" conducted a survey to explore these questions and determine what, if any, impact an EV certificate has on consumer behavior and spending. The results are significant."
security  worldwideweb  ssl  tls  research  survey  trust 
july 2018 by garrettc
Decent Security
Computer security for everybody.
security  phishing  email  reference  resource  links 
june 2018 by garrettc
HTTPS Anti-Vaxxers; dispelling common arguments against securing the web
"The web is moving to HTTPS, it has been for many years. We've seen an acceleration in the progress in recent months but we still have a long way to go on our journey of securing all traffic on the internet. Despite the great progress we're making, and all the valid reasons we should continue to do so, there are people that believe having a secure web is not the right thing to do."
http  https  ssl  tls  security  worldwideweb  debunk 
june 2018 by garrettc
Password Tips From a Pen Tester: Common Patterns Exposed
"Let’s take a look at how that kind of information is helpful on a penetration test, and correlate what we know to actual data collected."
security  password  technology  bestpractice 
june 2018 by garrettc
The crooked timber of humanity
Nearly two centuries ago, France was hit by the world’s first cyber-attack. Tom Standage argues that it holds lessons for us today
history  security  technology  telegraph  hacking  cool  culture 
may 2018 by garrettc
MacOS monitoring the open source way
How Dropbox monitors their fleet of macOs machines for malware.
macos  osx  monitoring  security  sysadmin  dropbox 
may 2018 by garrettc
HTTP Security Scanner
Useful tools to analyse your server security headers.
http  https  devops  webdevelopment  security 
april 2018 by garrettc
Content Security Policy Header Generator
Generate a Content Security Policy Header with our easy to use form
apache  nginx  security  devops  sysadmin  server  http  csp  generator 
april 2018 by garrettc
Secret management design decisions: theory plus an example
"In this blog post I’ll discuss the design decisions that must be made while constructing a secret management automation solution. In addition I’ll share a simple utility that can be used to deploy secrets from AWS Parameter Store to an EC2 instance. This utility is based on a related blog post by AWS, but generalised to make it more useful for pretty much any application that has secrets stored in parameter store."
devops  management  security  programming 
march 2018 by garrettc
Preparing for Malicious Uses of AI
"We've co-authored a paper that forecasts how malicious actors could misuse AI technology, and potential ways we can prevent and mitigate these threats."
future  security  artificialintelligence  machinelearning  threat 
february 2018 by garrettc
OWASP Automated Threat Handbook
OWASP Automated Threat Handbook -- provides actionable information and resources to help defend against automated threats to web applications.
security  webapp  webdevelopment  owasp  pdf 
february 2018 by garrettc
12 best practices for user account, authorization and password management
"Account management, authorization and password management can be tricky. For many developers, account management is a dark corner that doesn't get enough attention. For product managers and customers, the resulting experience often falls short of expectations."
authentication  google  password  security  2fa 
february 2018 by garrettc
Fun little set of games to explore security concepts.
games  hacking  programming  security  devops 
january 2018 by garrettc
40 Tourist Scams to Avoid During Your Travels
"Traveling is stressful. The last thing you want to worry about is getting scammed by crooks on the street. Your best tool? Knowledge. Know how they work. Know what they’ll do."
travel  security  advice 
january 2018 by garrettc
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. It’s been a frantic week of security scares — it seems like every day there’s a new…
webdevelopment  security 
january 2018 by garrettc
The 6-Step "Happy Path" to HTTPS
It's finally time: it's time the pendulum swings further towards the "secure by default" end of the scale than what it ever has before. At least insofar as securing web traffic goes because as of this week's Chrome 62's launch, any website with an input box is now
security  https  ssl  http  bestpractice  worldwideweb  devops  sysadmin 
december 2017 by garrettc
privacy not included
This holiday season, learn which gadgets come with privacy included, using Mozilla’s buyer’s guide for connected gifts.
guide  internetofthings  gadgets  security  privacy  mozilla  shopping 
december 2017 by garrettc
State of the Internet
Akamai publishes the quarterly 'State of the Internet' report. See the data gathered, including cyber attacks, connection speeds, mobile usage & more.
security  internet  connectivity  research  statistics  data  report 
november 2017 by garrettc
Motherboard Guide to Not Getting Hacked
"Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself."
hacking  privacy  security  bestpractice  data  society 
november 2017 by garrettc
Take These Steps to Secure Your Raspberry Pi Against Attackers
A Raspberry Pi can be easily hacked if your not careful. Follow these tips to safeguard your Pi from attackers trying to get at your network.
raspberrypi  linux  security  devops  sysadmin  internetofthings 
september 2017 by garrettc
Crash Override Network // C.O.A.C.H
"COACH will help walk you through locking down your online identity step-by-step, and give you direct links to tools and websites that will help you secure yourself. While this process is by no means comprehensive, it can serve as a good starting point for a basic digital security and self-defense."
privacy  security  internet  worldwideweb 
august 2017 by garrettc
Wi-Fi Cracking
"This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network's security"
security  WiFi  network  sysadmin 
august 2017 by garrettc
API Security Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
api  restful  rest  security  programming  network  internet  worldwideweb 
july 2017 by garrettc
How to use BeyondCorp to ditch your VPN, improve security and go to the cloud
"For those that aren’t familiar with it, BeyondCorp is a security approach used by Google that allows employees to work from anywhere, quickly and easily.

This is easier said than done. In 2010, we undertook a massive project to rethink how to provide employees with secure remote access to applications: We moved away from our corporate VPN, and introduced BeyondCorp, a zero-trust network security model.

With BeyondCorp, we no longer have a binary access model, where you are either inside the whole corporate network, with all the access that allows, or outside and completely locked out of applications. Our new approach provides a better, more convenient, and less risky way: access to individual services as you need them, based on who you are and what machine you're using."
security  google  vpn  network  business  infrastructure 
june 2017 by garrettc
HTTPS on Stack Overflow: The End of a Long Road
A very long, but super interesting, article about how Stack Overflow moved to https. Lots of really interesting takeaways
deployment  security  ssl  stackoverflow  https  devops  architecture  sysadmin 
may 2017 by garrettc
CS4G Network Simulator
"Netsim is a simulator game intended to teach you the basics of how computer networks function, with an emphasis on security. You will learn how to perform attacks that real hackers use, and see how they work in our simulator!"
education  networking  security 
may 2017 by garrettc
Nettitude Security Testing
"Nettitude is a global leader in the delivery of Cyber Security Testing, Penetration Testing, Risk Management, Compliance and Digital Forensic services."
security  performance  webdevelopment  business  testing  company 
may 2017 by garrettc
Let them paste passwords
Allow your website to accept pasted passwords - it makes your site more secure, not less.
security  password  forms  webdevelopment  bestpractice 
may 2017 by garrettc
Here’s How to Protect Your Privacy From Your Internet Service Provider
We pay our monthly Internet bill to be able to access the Internet. We don’t pay it to give our Internet service provider (ISP) a chance to collect and sell our private data to make more money. This was apparently lost on congressional Republicans as they voted to strip their constituents of their privacy.
security  internet  privacy  VPN 
april 2017 by garrettc
Security 101 for SaaS startups
"So you are working at a startup, and you have been wondering at what point should you start looking into security considerations and compliance? Which technical debt should be postponed for a later stage, and which systems should be hardened this instant? What are the main considerations?"
security  saas  devops  sysadmin  bestpractice  startups 
march 2017 by garrettc
Network principles
"Government networks form a platform that enables the delivery of digital services. Good network design should create a user experience that the network is transparent, resilient and ubiquitous, with the right balance of quality, speed, security, control and cost.

These principles help designers deliver this experience for their users when designing networks across government. Note that these are principles, not a set of rules that must be arbitrarily followed. Designers can deviate from them where there is good justification."
gds  govuk  network  security 
january 2017 by garrettc
A simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression.
data  security  tools  webdevelopment  encryption 
january 2017 by garrettc
Decent Security
Computer security for everybody.
security  network  wifi  windows 
january 2017 by garrettc
Learning From A Year of Security Breaches
"This year (2016) I accepted as much incident response work as I could. I spent about 300 hours responding to security incidents and data breaches this year as a consultant or volunteer.

This included hands on work with an in-progress breach, or coordinating a response with victim engineering teams and incident responders.

These lessons come from my consolidated notes of those incidents."
security  report  business 
december 2016 by garrettc
Bruce Schneier: 'The internet era of fun and games is over'
Speaking before members of Congress, the internet pioneer made clear the dangers of the internet of things.
internet  security  internetofthings  technology 
november 2016 by garrettc
Cyber Security Base with F‑Secure provides free and high quality programming course for everyone. We have something for everyone, from a novice to a master.
courses  learning  security  mooc  edutech  education 
october 2016 by garrettc
NIST’s new password rules – what you need to know
A lot of password rules are there simply "because we've always done it that way." NIST aims to fix that, and here's how.
security  password  bestpractice 
august 2016 by garrettc
HTTPolice is a lint for HTTP requests and responses. It checks them for conformance to standards and best practices.
http  https  security  worldwideweb  testing  standards 
july 2016 by garrettc
Malspider is a web spidering framework that detects characteristics of web compromises.
security  sysadmin  devops 
july 2016 by garrettc
Battle of the Secure Messaging Apps: How Signal Beats WhatsApp
Both Signal and WhatsApp are encrypted, but Signal takes extra steps to keep your chats private.
security  chat  encryption  messaging 
june 2016 by garrettc
PCI Compliance & Drupal Commerce: Which Payment Gateway Should I Choose?
Several contributed modules with stable releases exist to leverage new eCommerce technologies in Drupal.
drupal  drupal7  ecommerce  pcidss  regulation  security 
june 2016 by garrettc
How blockchains could change the world
In this interview, Don Tapscott explains why blockchains, the technology underpinning the cryptocurrency, have the potential to revolutionize the world economy.
finance  blockchain  society  technology  security  trust 
june 2016 by garrettc
Automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates.
security  worldwideweb  https  tls  ssl 
may 2016 by garrettc
OS-X-Security-and-Privacy-Guide - A practical guide to securing OS X
osx  security  privacy  sysadmin  apple 
may 2016 by garrettc
« earlier      
per page:    204080120160

Copy this bookmark:

to read