recentpopularlog in

xer0x : security   258

« earlier  
KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices | WeLiveSecurity
ESET researchers uncovered a security flaw affecting Wi-Fi chips that are commonly used in devices such as smartphones, tablets, laptops, and IoT gadgets.
wifi  vulnerability  encryption  archive  security  cve 
2 days ago by xer0x
Cryptographic Signatures, Surprising Pitfalls, and LetsEncrypt
The Let's Encrypt Accident
On August 11th, 2015, Andrew Ayer posted the following email to the IETF mailing list:

I recently reviewed draft-barnes-acme-04 and found vulnerabilities in the DNS, DVSNI, and Simple HTTP challenges that would allow an attacker to fraudulently complete these challenges.

(The author has since then written a more complete explanation of the attack.)
The draft-barnes-acm ...
crypto  certificate  cryptography  encryption  security  lets_encrypt  personal_net  signatures  ssl  via:HackerNews 
2 days ago by xer0x
Myths about /dev/urandom
The most-recommended explanation about Linux random number generation, the differences between /dev/random and /dev/urandom, and practical advice for several Linux versions
entropy  bestpractices  security  linux  programming  math  cryptography  Random  randomness  unix 
7 days ago by xer0x
#737140 Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies
This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher's collaborator client with slack domain cookies. The posted cookies in the customer request on the collaborator client contained the customer's secret session...
slack  bugbounty  http  request  security  737140  hackerone  infosec  instant-messenger  smuggling  type:article 
19 days ago by xer0x
ufrisk/pcileech: Direct Memory Access (DMA) Attack Software
Direct Memory Access (DMA) Attack Software. Contribute to ufrisk/pcileech development by creating an account on GitHub.
security  pci  wow 
5 weeks ago by xer0x
We found 6 critical PayPal vulnerabilities - and PayPal punished us for it | CyberNews
CyberNews research analysts discovered 6 serious PayPal vulnerabilities and reported them. But instead of a bounty or thanks, we got punished by PayPal.
paypal  sad  hackerone  opaque  security  exploit 
5 weeks ago by xer0x
How Saudi Arabia Infiltrated Twitter
“Proactive and reactively we will delete evil my brother.”
saudiarabia  security  spying  twitter  bad-actor  adtech  2020  badtech 
5 weeks ago by xer0x
arjun024/mkernel: A minimalist kernel
A minimalist kernel. Contribute to arjun024/mkernel development by creating an account on GitHub.
kernel  start  c  linux  os  GitHub_Repos  Linux_Kernel  Other_Bookmarks  security  systems  Unsorted_Bookmarks 
10 weeks ago by xer0x
What is Mimikatz: The Beginner's Guide | Varonis
Learn how hackers and security professionals use Mimikatz to exploit security flaws and gather credentials with this beginner tutorial.
windows  hack  mimikatz  security 
11 weeks ago by xer0x
Use GitHub actions at your own risk // Julien Renaux Blog
Malicious code can be inserted into any GitHub action, even those which are tagged.
github  actions  security 
december 2019 by xer0x
Merck cyberattack’s $1.3 billion question: Was it an act of war?
By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north of Philadelphia, there was a handwritten sign on the door: The computers are down. It was worse than it seemed.
hack  history  healthcare  security  hacks  hacking  law  pharmaceuticals 
december 2019 by xer0x
llvm-project/PointerAuthentication.rst at apple/master · apple/llvm-project
Contribute to apple/llvm-project development by creating an account on GitHub.
signed  pointers  apple  auth  clang  docs  abi  pac  pointer  reference  security 
december 2019 by xer0x
liamg/tfsec: Static analysis powered security scanner for your terraform code
:lock::earth_africa: Static analysis powered security scanner for your terraform code - liamg/tfsec
analysis  devops  security  terraform  tools  static  opensource  automation  aws  code 
november 2019 by xer0x
hackerschoice/thc-tesla-powerwall2-hack: TESLA PowerWall 2 Security Shenanigans
TESLA PowerWall 2 Security Shenanigans . Contribute to hackerschoice/thc-tesla-powerwall2-hack development by creating an account on GitHub.
tesla  powerwall  wow  security  iot 
november 2019 by xer0x
The Fantasy of Opting Out | The MIT Press Reader
Those who know about us have power over us. Obfuscation may be our best digital weapon.
&  Computers  add-ons  ads  anonymity  bigbrother  browsing  data  data_privacy  privacy  science  security  technology 
november 2019 by xer0x
Don't use VPN services.
Don't use VPN services. GitHub Gist: instantly share code, notes, and snippets.
github  privacy  security  tips  vpn  gist  IFTTT  via:popular  **  discussion 
october 2019 by xer0x
OWASP Top 10 Vulnerabilities List — You’re Probably Using It Wrong
We break down the basics of what you need to know about the OWASP Top 10 Vulnerabilities List and how to use it the right way to support your development team.
security  guide 
october 2019 by xer0x
The Making of the American Gulag | Boston Review
ship, its emphasis on individuality, and its support of business. But the dominance of the security s
usa  history  2019  gulag  ice  child  dungeon  concentration  modern  failure  national  dominance  security  essay  article 
october 2019 by xer0x
Absolute scale corrupts absolutely - apenwarr
The Internet has gotten too big.

Growing up, I, like many computery people of my generation, was an idealist.
I believed that better, faste...
ifttt  internet  privacy  security  tech  Unread  Pocket  google  aws  amazon  corruption  monopoly  a:Avery-Pennarun★★  artificial-intelligence 
october 2019 by xer0x
D-Link Home Routers Open to Remote Takeover Will Remain Unpatched | Threatpost
CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device.
dlink  router  hack  code  cve-2019-16920  d-link  end  execution  hacks  home  life  malware  mobile  of  privacy  remote  routers  security  unpatched  vulnerabilities  web 
october 2019 by xer0x
New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
Cybersecurity researchers today revealed the existence of Simjacker, a SIM Card vulnerability that could allow remote hackers to spy on devices just by sending SMS
wtf  sim  phone  hack  message  security  breach  attacks  target  vulnerability 
september 2019 by xer0x
HTTP Security Headers - A Complete Guide
A description of each security header, why it is important, and how to configure your website in a secure way.
cors  devops  http  security  headers  reference  CSP  infosec  programming  web 
july 2019 by xer0x
Aporeto - Application Segmentation for Cloud | Microservices & Container Security
Application segmentation solutions enabling container and microservices security for private, public or hybrid cloud. A distributed homogenous security policy is enforced per workload independent of network or infrastructure configuration, enabling uniform security orchestration across multi-cloud environments.
network  security  k8s  istio  aporeto  nick 
june 2019 by xer0x
Web Single Sign-On, the SAML 2.0 perspective - Theodo
How does SAML work in practice ? What do I need to implement it ?
authentication  saml2  saml  security  sso  identity-management  json  oauth  openid  webdev  xml 
june 2019 by xer0x
WireGuard for Kubernetes: Introducing Gravitational Wormhole
We are excited to announce the new open source project: Gravitational Wormhole, a Kubernetes network plugin that combines the simplicity of flannel with encrypted networking from WireGuard.
kubernetes  security  vpn  wireguard 
april 2019 by xer0x
The Problem with SSH Agent Forwarding · Bogdan Popa
After hacking the matrix.org website today, the hacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding]“.
Here’s what man ssh_config has to say about ForwardAgent:
Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket...
ssh  security  proxy 
april 2019 by xer0x
American Businesses Stayed Quiet On Chinese Hackers, Amid Concerns For Profits : NPR
The U.S. has largely failed to stop Chinese cybertheft of U.S. companies, but the companies themselves led the charge in keeping it under wraps.
china  usa  relations  hacker  security  trade  theft  legal  politics  business  administrator  government  wto 
april 2019 by xer0x
VPN - a Very Precarious Narrative - Dennis Schubert
Random thoughts, articles, projects, and even stickers created or collected by Dennis Schubert.
ifttt  privacy  security  vpn  Hacker_News  technology  toread 
april 2019 by xer0x
Researchers Find Google Play Store Apps Were Actually Government Malware - Motherboard
Famed hacker Kevin Mitnick sets up a social engineering attack against Motorola to steal the source code for the MicroTAC Ultralite cellphone.
security 
april 2019 by xer0x
Ledger-Donjon/lascar: Ledger's Advanced Side-Channel Analysis Repository
Ledger's Advanced Side-Channel Analysis Repository - Ledger-Donjon/lascar
attack  devops  hacker  security  sidechannel  sysadmin 
february 2019 by xer0x
« earlier      
per page:    204080120160

Copy this bookmark:





to read