recentpopularlog in

po : security   663

« earlier  
GitHub - MorteNoir1/virtualbox_e1000_0day: VirtualBox E1000 Guest-to-Host Escape
VirtualBox E1000 Guest-to-Host Escape. Contribute to MorteNoir1/virtualbox_e1000_0day development by creating an account on GitHub.
virtualbox  0day  vulnerabilities  infosec  security  exploit 
3 days ago by po
Tunnelblick | Free open source OpenVPN VPN client server software for Mac OS X and macOS
Tunnelblick | Free open source OpenVPN VPN client server software for Mac OS X and macOS
osx  openvpn  vpn  client  opensores  tools  infosec  security  gui 
6 days ago by po
Video analysis of Android banking Trojan found on Google Play - Lukas Stefanko
This Trojan lures victims into inserting their login credentials for social media, mobile banking and cryptocurrency apps.
android  security  malware  failboat 
11 days ago by po
Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys | Ars Technica
Side-channel leak in Skylake and Kaby Lake chips probably affects AMD CPUs, too.
intel  cpu  fail  amd  infosec  security 
11 days ago by po
If you're worried about online privacy, you no longer have an excuse — Quartz
The fact that email addresses are the cornerstone of this identity scheme should give everyone pause.
The industry should be moving away from email, not toward it.
And yet, here we are.
panopticon  surveillance.capitalism  privacy  secrecy  infosec  security  email  digital.identity 
4 weeks ago by po
New facial recognition scanners at Sea-Tac airport | KIRO-TV

CBP said it has secure encryption and storage. A sign at the gate said that photos of U.S. Citizens will be deleted after 14 days. 
panopticon  travel  government  surveillance  facial.recognition  security  identity.theft  yeah.right 
july 2018 by po
jwz: STARTTLS Everywhere
> So, you know, maybe some day everyone who still runs their own email server will have certificates installed, and maybe enough of those certificates will be signed by a CA that validating the cert before exchanging mail might be a practical thing to do. But it's more likely that by then, email will have been killed as a concept. All it would take would be for Google to decide, "Fuck it, we're just not going to federate with anyone any more."

> You know, like they did with GChat, single-handedly killing Jabber / XMPP.
email  security  jwz 
july 2018 by po
[1709.09970] Secure Coding Practices in Java: Challenges and Vulnerabilities
> Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior research was focused on the misuse of cryptography and SSL APIs, but did not explore the key fundamental research question: what are the biggest challenges and vulnerabilities in secure coding practices? In this paper, we conducted a comprehensive empirical study on StackOverflow posts to understand developers' concerns on Java secure coding, their programming obstacles, and potential vulnerabilities in their code. We observed that developers have shifted their effort to the usage of authentication and authorization features provided by Spring security--a third-party framework designed to secure enterprise applications. Multiple programming challenges are related to APIs or libraries, including the complicated cross-language data handling of cryptography APIs, and the complex Java-based or XML-based approaches to configure Spring security. More interestingly, we identified security vulnerabilities in the suggested code of accepted answers. The vulnerabilities included using insecure hash functions such as MD5, breaking SSL/TLS security through bypassing certificate validation, and insecurely disabling the default protection against Cross Site Request Forgery (CSRF) attacks. Our findings reveal the insufficiency of secure coding assistance and education, and the gap between security theory and coding practices.
academics  research.paper  java  security  best.practices  programming  stackoverflow  copy.paste.viruses 
july 2018 by po
« earlier      
per page:    204080120160

Copy this bookmark:





to read