recentpopularlog in

po : security   773

« earlier  
US finds Huawei has backdoor access to mobile networks globally, report says
The backdoors were inserted for law enforcement use into carrier equipment like base stations, antennas and switching gear, the Journal said, with US officials reportedly alleging they were designed to be accessible by Huawei.

"We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world," Robert O'Brien, national security adviser, reportedly said.
What a surprise.
buried.the.lede  huawei  corruption  law.enforcement  backdoors  infosec  security  networking  mobiles  shocked.shocked.i.am  what.could.possibly.go.wrong 
8 days ago by po
GitHub - osquery/osquery: SQL powered operating system instrumentation, monitoring, and analytics.
SQL powered operating system instrumentation, monitoring, and analytics. - osquery/osquery
osqeury  monitoring  security  sql  sysadmin  tools  opensores  ids 
20 days ago by po
Who Broke the SHA1 Algorithm (And What Does It Mean for Bitcoin)? - CoinDesk
A long-standing bitcoin bounty on finding a SHA1 collision attack was just claimed. But what are the larger implications for the community?
sha1  infosec  security  cryptography  crypto  gnupg  pgp  gpg  exploits  hash.collision  lol.buttcoin 
23 days ago by po
PGP keys, software security, and much more threatened by new SHA1 exploit | Ars Technica
Behold: the world's first known chosen-prefix collision of widely used hash function.
sha1  infosec  security  cryptography  crypto  gnupg  pgp  gpg  exploits 
23 days ago by po
GitHub - orlikoski/CDQR: The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices - orlikoski/CDQR
analysis  forensics  tools  infosec  security 
8 weeks ago by po
GitHub - jedisct1/encrypted-dns-server: An easy to install, high-performance, zero maintenance proxy to run an encrypted DNS server.
An easy to install, high-performance, zero maintenance proxy to run an encrypted DNS server. - jedisct1/encrypted-dns-server
dns  encryption  proxy  privacy  infosec  rustlang  dnscrypt  security 
10 weeks ago by po
Introducing Amazon Detective
"we designed AWS security to protect ourselves but here we can charge you to make your rubbish slightly more secure" -amazon
aws  rubbish  security  infosec 
10 weeks ago by po
US intelligence wants to use you to train facial-recognition systems — Quartz
The US government research unit serving intelligence agencies wants to compile a massive video dataset using cameras trained on thousands of pedestrians.
iarpa  facial.recognition  database.nation  corruption  safety  security  machine.learning  data.privacy  privacy  government.surveillance  government.accountability 
12 weeks ago by po
GitHub - hwdsl2/setup-ipsec-vpn: Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS - hwdsl2/setup-ipsec-vpn
diy  vpn  github  ipsec  networking  ipsc  infosec  security  diy.vpn 
november 2019 by po
Building interactive SSH applications | Drew DeVault’s Blog
After the announcement of shell access for builds.sr.ht jobs, a few people sent me some questions, wondering how this sort of thing is done. Writing interactive SSH applications is actually pretty easy, but it does require some knowledge of the pieces involved and a little bit of general Unix literacy.

Everything old is new again.
I guess the next hotness will be xinetd?

It's clever but there is a lot to dislike about this.
Implementing an alternative shell for ssh logins is risky and not recommended without very strict access controls.
I also noticed no mention of chroot or jails which I would consider mandatory for this level of access.
ssh  interactive  python  howto  shell  security  considered.harmful 
october 2019 by po
What Happened to Transparency Reports? - The Atlantic
More and more companies are failing to issue transparency reports to tell consumers how much of their information governments have demanded.
google  transparency  privacy  surveilance.capitalism  surveillance.culture  infosec  security  disclosures  governance  government 
october 2019 by po
Pritunl - Open Source Enterprise Distributed OpenVPN and IPsec Server
Free open source enterprise distributed VPN server. Virtualize your private networks across datacenters and provide simple remote access in minutes.
vpn  openvpn  tools  distributed.vpn  ipsec  networking  security  infosec 
september 2019 by po
GitHub - Matheus-Garbelini/esp32_esp8266_attacks: Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588)
Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588) - Matheus-Garbelini/esp32_esp8266_attacks
esp32  esp8266  vulnerabilities  vectors  internet.of.shit  exploits  security  infosec 
september 2019 by po
How to use Extended LTS
sudo wget http://deb.freexian.com/extended-lts/archive-key.gpg -O /etc/apt/trusted.gpg.d/freexian-archive-extended-lts.gpg
debian  debian.lts  linux  lts  security 
august 2019 by po
Using apt-cacher-ng with SSL/TLS - Packagecloud Blog
TL;DR apt-cacher-ng is a write-through proxy that caches repository metadata and package indexes for other hosts, typically on the same network. It generally works out-of-the-box, except for when the repository is served over SSL/TLS, in which case special configuration is needed. This blog post will cover apt-cacher-ng basics, then how to set it up to work with SSL/TLS repositories (such as packgecloud.io). Use Cases The common use case for apt-cacher-ng is where you have a sizable ...
apt-cacher-ng  apt  ssl  tls  security 
august 2019 by po
Russia's Secret Intelligence Agency Hacked: 'Largest Data Breach In Its History'
Hackers successfully targeted Russia's state security agency last week through a major contractor, stealing and publishing details of secret internet projects including social media scraping and Tor de-anonymization.
russia  foreign.interference  infosec  security  breaches  tor  social.media 
july 2019 by po
Response to Video-On Concern - Zoom Blog
Setting aside the rank stupidity of the implementation, this is pretty much a textbook case of how not to respond to a security disclosure by a researcher.
Pitch-perfect: bungled response ("security guy is out, we'll let him know"), adversarial response to researcher, dissembling explanations (borderline ludicrous, frankly), bungled release, releasing a regression, tone-deaf and defensive public messaging, and advertising their commitment to hiding their security issues.
All of which is evidence that they didn't really have a response plan.

Fortunately they managed to avoid: threatening/initiating a lawsuit, typically a c/d, against the investigator and condemning the infosec community in general.
zoom  bad.security  privacy  infosec  security  bad.management 
july 2019 by po
Is Firefox better than Chrome? It comes down to privacy. - The Washington Post
Our latest privacy experiment found Chrome ushered more than 11,000 tracker cookies into our browser — in a single week.
google  chrome  privacy  infosec  security  cookies  tracking  surveillance.capitalism  trackers  web  data.privacy 
july 2019 by po
Track This | A new kind of Incognito
Throw ad trackers off your trail with 100 tabs of pure madness.
advertising  blocker  browser  tracking  security  privacy  identity  incognito  firefox 
june 2019 by po
ciaranm/securemodelines: A secure alternative to Vim modelines
A secure alternative to Vim modelines. Contribute to ciaranm/securemodelines development by creating an account on GitHub.
vim  modelines  plugin  security  infosec 
june 2019 by po
ShadowHammer: A large-scale operation | Kaspersky Lab official blog
At least four companies were compromised in a similar manner, and three more are suspected to have been breached by the same attacker.
antivirus  asus  attack.vectors  supply.chain.security  infosec  security  adversaries 
may 2019 by po
How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks - The New York Times
The latest case of cyberweapons escaping American control raises questions about the United States’ expensive and dangerous digital arsenal.
malware  nsa  usa  china  infosec  datasec  vectors  tools  security  fail  breaches 
may 2019 by po
New speculative execution bug leaks data from Intel chips’ internal buffers | Ars Technica
Intel-specific vulnerability was found by researchers both inside and outside the company.
of.course.it.does  intel  hardware  failure  infosec  security 
may 2019 by po
Canada Border Services seizes lawyer's phone, laptop for not sharing passwords | CBC News
A Canadian border officer seized lawyer Nick Wright's laptop and phone when he wouldn't hand over his passwords. The case highlights the growing concern over Canadian border officers’ powers to search travellers' digital devices.
canaduh  privacy  mobiles  security  infosec 
may 2019 by po
OpenConnect VPN project / ocserv · GitLab
Openconnect server (ocserv) is an SSL VPN server for administrators who require elaborate user management and control. https://ocserv.gitlab.io/www/
openconnect  ocserv  vpn.server  vpn  ssl  tools  infosec  security  privacy 
april 2019 by po
Here's How To Find Out Who Has Your Data On Facebook
A transparency tool on Facebook inadvertently provides a window into the confusing maze of companies you’ve never heard of who appear to have your data.
facebook  advertising  surveilance.capitalism  privacy  infosec  security  surveillance.culture  social.media  scraping 
april 2019 by po
Russians hacking the GPS system to send ships bogus GNSS navigation data - Business Insider
The Russians are hacking the global navigation satellite system to confuse thousands of ships and airplanes about where they are, a C4ADS study found.
of.course.they.are  russia  gps  security  geopolitics  war  putin 
april 2019 by po
Will Security Enhance Trust Online, or Supplant It? by Helen Nissenbaum :: SSRN
Promoters of the Internet and other digital media cite many and diverse benefits of these advances to humanity, from wide-ranging access to information and comm
security  trust  surveillance.capitalism  privacy  infosec  transactions  provocative 
april 2019 by po
(9) Mark Sample (@samplereality) | Twitter
The latest Tweets from Mark Sample (@samplereality). Not a bot. Not exactly human either
twitter  interesting  research  security  satire  weird 
april 2019 by po
Kubernetes Kubectl CLI Tool Stung by 'High' Severity Security Fla
The Kubernetes community found a “high” severity security flaw in a component of the platform that could delete files on a workstation.
kubernetes  security  infosec  kubectl  attack.vectors  attack.surface  defects 
march 2019 by po
Extracting BitLocker keys from a TPM
Extracting BitLocker keys sealed with a TPM by sniffing the LPC bus
tpm  hardware  infosec  security  bitlocker  msft  encryption  physical.security  fpga 
march 2019 by po
Introducing Firefox Send, Providing Free File Transfers while Keeping your Personal Information Private - The Mozilla Blog
Firefox Send, send.firefox.com, is a free encrypted file transfer service that allows users to safely and simply share files from any browser.
tools  filesharing  file.sharing  dropbox  firefox  security  mozilla  privacy  collaboration  encryption 
march 2019 by po
Triton is the world’s most murderous malware, and it’s spreading - MIT Technology Review
The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.
archive  security  malware 
march 2019 by po
Open Source Password Management Solutions | Bitwarden
Bitwarden is a free and open source password management solution for individuals, teams, and business organizations.
password.management  opensores  security  hosted 
february 2019 by po
Vulnerable By Design ~ VulnHub
VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
infosec  training  security  adversaries  tutorials  howto  exploits  guides  interesting 
february 2019 by po
« earlier      
per page:    204080120160

Copy this bookmark:





to read