HPVAC. Why the Security of USB Is Fundamentally Broken. The Unpatchable Malware That Infects USBs Is Now on the Loose. It’s been just two months since researcher Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware.
Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer. In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they’ve reverse engineered the same USB firmware as Nohl’s SR Labs, reproducing some of Nohl’s BadUSB tricks.
And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable. GNU hackers discover HACIENDA government surveillance and give us a way to fight back — Free Software Foundation — working together for free software. According to Heise newspaper, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning.
Anonymous Operating System. Mission Impossible: Hardening Android for Security and Privacy. Updates: See the Changes section for a list of changes since initial posting.
The future is here, and ahead of schedule. Come join us, the weather's nice. This blog post describes the installation and configuration of a prototype of a secure, full-featured, Android telecommunications device with full Tor support, individual application firewalling, true cell network baseband isolation, and optional ZRTP encrypted voice and video support. ZRTP does run over UDP which is not yet possible to send over Tor, but we are able to send SIP account login and call setup over Tor independently. FlreFox #Prlvacy #Securlty #lnfosec. How did the NSA hack our emails? NSA Surveillance (an extra bit) - Numberphile. Internet Toolkit. Update Check An online service to help Windows users check installed programs are up to date and do not have known security vulnerabilities. more...
Antivirus Malware in email und Internet pages are now everyday occurences. DNS Security Collaborative Post - Eric Helgeson. There was a ton of responses to my blog post about my ISP’s bad behavior with DNS and I wanted to consolidate the information here.
This post is on github so you can click here to add or edit any info in this post, just a pull request away (just follow the same formatting). I’ll be adding more as I parse through all the comments. Basics of DNS What is DNS. ZoneTransfer.me. When teaching, and when talking to clients, I sometimes have to explain the security problems related to DNS zone transfer. Opt out of global data surveillance programs like PRISM, XKeyscore, and Tempora - PRISM Break. A List of Privacy-Focused Companies, Tools & Technologies. Why passwords have never been weaker—and crackers have never been stronger. Oh great: New attack makes some password cracking faster, easier than ever. A researcher has devised a method that reduces the time and resources required to crack passwords that are protected by the SHA1 cryptographic algorithm.
The optimization, presented on Tuesday at the Passwords^12 conference in Oslo, Norway, can speed up password cracking by 21 percent. The optimization works by reducing the number of steps required to calculate SHA1 hashes, which are used to cryptographically represent strings of text so passwords aren't stored as plain text. Such one-way hashes—for example 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 to represent "password" (minus the quotes) and e38ad214943daad1d64c102faec29de4afe9da3d for "password1"—can't be mathematically unscrambled, so the only way to reverse one is to run plaintext guesses through the same cryptographic function until an identical hash is generated.
About The Honeynet Project. The Honeynet Project is a leading international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security.
With Chapters around the world, our volunteers have contributed to fight against malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world. Founded in 1999, The Honeynet Project has contributed to fight against malware and malicious hacking attacks and has the leading security professional among members and alumni. Our mission reads "to learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned" with three main pillars: Research Awareness Tools. HoneyMap. TEDxMidAtlantic 2011 - Avi Rubin - All Your Devices Can Be Hacked. Fix Ubuntu. The second operating system hiding in every mobile phone. Tools for a Safer PC. An important aspect of securing any system is the concept of “defense-in-depth,” or having multiple layers of security and not depending on any one approach or technology to block all attacks.
Here are some links to tools and approaches that I have found useful in stopping malware from invading a PC. Your mileage may vary. Learn, Memorize, Practice the 3 Rules. The Scrap Value of a Hacked PC, Revisited. The Value of a Hacked Email Account. One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers.
But just as folks who don’t bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves. Data Broker Giants Hacked by ID Theft Service. An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity.
The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident. Prices range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. MIT Students Release Program To 3D-Print High Security Keys. Google Chrome to alert on malware downloads. Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats. Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats. Sniffer hijacks secure traffic from unpatched iPhones. Fragmenting the Internet Is Not a Security Solution. In light of the recent spate of high-profile hacking campaigns, and the overall poor state of security on the internet, NextGov.com reports that parts of the US government are advocating for a separate, “secure” internet.
An Open Letter From Internet Engineers to the U.S. Congress. Today, a group of 83 prominent Internet inventors and engineers sent an open letter to members of the United States Congress, stating their opposition to the SOPA and PIPA Internet blacklist bills that are under consideration in the House and Senate respectively. How to secure your data with Truecrypt in 11 easy steps! Truecrypt, is a free and open-source disk encryption software. TrueCrypt, the final release, archive DrWhax/truecrypt-archive. Open Crypto Audit Project. Is TrueCrypt Audited Yet? Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources. Phil Zimmermann's Silent Circle Builds A Secure, Seductive Fortress Around Your Smartphone. In the 1990s, cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann faced federal criminal investigation.
His encryption software was so strong, it was charged, there was fear it violated arms trafficking export controls. Now Zimmermann has launched a new startup that provides industrial strength encryption for smartphone users. LEAP Encryption Project. Tahoe-lafs.org. In surveillance era, clever trick enhances secrecy of iPhone text messages. A security researcher has developed a technique that could significantly improve the secrecy of text messages sent in near real time on iPhones.
Tails. Same Origin Policy - Protecting Browser State from Web Privacy Attacks. Stanford University Computer Science Department Abstract. d0z.me: The Evil URL Shortener « Spare Clock Cycles. Tipwire · thedod/whatmail Wiki. Request a TipWire chat. SecurityXploded.com. HitmanPro.Kickstart - SurfRight. Allegations regarding OpenBSD IPSEC. Useful Cryptography Resources. It-sec-catalog - Project Hosting on Google Code - code.google.com. iSECPartners/LibTech-Auditing-Cheatsheet. SecurityFocus. Network security articles and hacking prevention resources for the government and general public. Covering all aspects of Computer Hacking, including tutorials and exploit downloads.
A (relatively easy to understand) primer on elliptic curve cryptography. Government Standards Agency “Strongly” Suggests Dropping its Own Encryption Standard.
PGP. p2p.