security
Get flash to fully experience Pearltrees
Why passwords have never been weaker—and crackers have never been stronger
In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes—until he noticed they included specifics that weren't typical of mass-produced phishing scams. The e-mails said that his login credentials for various Gawker websites had been exposed by hackers who rooted the sites' servers, then bragged about it online; if Brooks used the same e-mail and password for other accounts, they would be compromised too.Oh great: New attack makes some password cracking faster, easier than ever
A researcher has devised a method that reduces the time and resources required to crack passwords that are protected by the SHA1 cryptographic algorithm.
The Honeynet Project is a leading international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight again malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world.
About The Honeynet Project
ZoneTransfer.me - DigiNinja
When teaching, and when talking to clients, I sometimes have to explain the security problems related to DNS zone transfer. The problem usually comes when trying to demonstrate how it works and what information can be leaked, trying to remember which domains have zone transfer enabled and then hoping that they still have it turned on can make it hard. So, to ease both of these problems I've registered zonetransfer.me, a domain which is easy to remember and which will always have zone transfer enabled. So, the domain is zonetransfer.me and the two name servers are ns12.zoneedit.com and ns16.zoneedit.com. Feel free to use this domain in your training and when talking to clients, hopefully it will help educate people as to why it should be disabled in almost all cases on public DNS servers.News July 27, 2011 12:55 PM ET Computerworld - Almost anyone can snoop the secure data traffic of unpatched iPhones and iPads using a recently-revised tool, a researcher said today as he urged owners to apply Apple's latest iOS fix. The nine-year-old bug was quashed Monday when Apple issued a patch for the iPhone 4, iPhone 3GS and third- and fourth-generation iPod Touch. If those devices aren't patched, attackers can easily intercept and decrypt secure traffic -- the kind guarded by SSL, which is used by banks, e-tailers and other sites -- at a public Wi-Fi hotspot, said Chet Wisniewski, a security researcher with U.K.-based Sophos.
Sniffer hijacks secure traffic from unpatched iPhones
In light of the recent spate of high-profile hacking campaigns, and the overall poor state of security on the internet, NextGov.com reports that parts of the US government are advocating for a separate, “secure” internet . The idea calls for segmenting “critical” networks (not yet fully defined, but presumably including infrastructure and financial systems) and applying two security mechanisms to these networks: (1) increased deep packet inspection (DPI) to detect and prevent intrusions and malicious data; and (2) strong authentication, at least for clients. The trouble is that this “.secure” internet doesn’t make much technical or economic sense: the security mechanisms are simply not powerful or cost-effective enough to warrant re-engineering an internet. Whether the idea is to apply different security policies to sites using a special domain name like “.secure” (and possibly the existing .edu and .gov domains), or to create a parallel internet infrastructure, is not yet clear.
Fragmenting the Internet Is Not a Security Solution
An Open Letter From Internet Engineers to the U.S. Congress
Today, a group of 83 prominent Internet inventors and engineers sent an open letter to members of the United States Congress, stating their opposition to the SOPA and PIPA Internet blacklist bills that are under consideration in the House and Senate respectively. We, the undersigned, have played various parts in building a network called the Internet. We wrote and debugged the software; we defined the standards and protocols that talk over that network.
Truecrypt, is a free and open-source disk encryption software.
How to secure your data with Truecrypt in 11 easy steps!
In the 1990s, cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann faced federal criminal investigation. His encryption software was so strong, it was charged, there was fear it violated arms trafficking export controls.
Phil Zimmermann's Silent Circle Builds A Secure, Seductive Fortress Around Your Smartphone
Same Origin Policy - Protecting Browser State from Web Privacy Attacks
Stanford University Computer Science Department Abstract Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes. This tracking is possible because persistent, client-side browser state is not properly partitioned on per-site basis in current browsers. We address this problem by refining the general notion of a "same-origin" policy and by designing and implementing two browser extensions that apply a same-origin policy to the browser cache and visited links.I, like many people, have been closely following a lot of the chaos happening around the recent Wikileaks dump, and was particularly fascinated by the DDoS attacks by activists on either side . One tool specifically caught my eye in the midst of the attacks, however: the JS LOIC . The tool works simply by constantly altering an image file's source location, so that the browser is forced to continuously hammer the targeted server with HTTP requests.
d0z.me: The Evil URL Shortener « Spare Clock Cycles
ssl