security
Get flash to fully experience Pearltrees
Over 100,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats. Google says that the latest beta version of its popular Chrome browser incorporates a new security feature to warn users that they are trying to download malicious software from a website. That's not a revolutionary new feature, of course, and various other browsers already protect consumers in this way.
Google Chrome to alert on malware downloads | Naked Security
ZoneTransfer.me - DigiNinja
When teaching, and when talking to clients, I sometimes have to explain the security problems related to DNS zone transfer. The problem usually comes when trying to demonstrate how it works and what information can be leaked, trying to remember which domains have zone transfer enabled and then hoping that they still have it turned on can make it hard. So, to ease both of these problems I've registered zonetransfer.me, a domain which is easy to remember and which will always have zone transfer enabled. So, the domain is zonetransfer.me and the two name servers are ns12.zoneedit.com and ns16.zoneedit.com. Feel free to use this domain in your training and when talking to clients, hopefully it will help educate people as to why it should be disabled in almost all cases on public DNS servers.Computerworld - Almost anyone can snoop the secure data traffic of unpatched iPhones and iPads using a recently-revised tool, a researcher said today as he urged owners to apply Apple's latest iOS fix. The nine-year-old bug was quashed Monday when Apple issued a patch for the iPhone 4, iPhone 3GS and third- and fourth-generation iPod Touch. If those devices aren't patched, attackers can easily intercept and decrypt secure traffic -- the kind guarded by SSL, which is used by banks, e-tailers and other sites -- at a public Wi-Fi hotspot, said Chet Wisniewski, a security researcher with U.K.-based Sophos. "This is a nine-year-old bug that Moxie Marlinspike disclosed in 2002," said Wisniewski in an interview today. On Monday, Marlinspike released a revision of his long-available "sslsniff" traffic sniffing tool that allows a user to intercept SSL traffic from vulnerable iOS devices.
Sniffer hijacks secure traffic from unpatched iPhones - Computerworld
In light of the recent spate of high-profile hacking campaigns, and the overall poor state of security on the internet, NextGov.com reports that parts of the US government are advocating for a separate, “secure” internet . The idea calls for segmenting “critical” networks (not yet fully defined, but presumably including infrastructure and financial systems) and applying two security mechanisms to these networks: (1) increased deep packet inspection (DPI) to detect and prevent intrusions and malicious data; and (2) strong authentication, at least for clients. The trouble is that this “.secure” internet doesn’t make much technical or economic sense: the security mechanisms are simply not powerful or cost-effective enough to warrant re-engineering an internet. Whether the idea is to apply different security policies to sites using a special domain name like “.secure” (and possibly the existing .edu and .gov domains), or to create a parallel internet infrastructure, is not yet clear.
Fragmenting the Internet Is Not a Security Solution | Electronic Frontier Foundation
An Open Letter From Internet Engineers to the U.S. Congress | Electronic Frontier Foundation
Today, a group of 83 prominent Internet inventors and engineers sent an open letter to members of the United States Congress, stating their opposition to the SOPA and PIPA Internet blacklist bills that are under consideration in the House and Senate respectively. We, the undersigned, have played various parts in building a network called the Internet. We wrote and debugged the software; we defined the standards and protocols that talk over that network.
Truecrypt, is a free and open-source disk encryption software. In this post we will show you how to encrypt all your data using Truecrypt in 11 easy steps. With Truecrypt it is possible to encrypt a virtual disk (folder), a partition or a whole storage device.
How to secure your data with Truecrypt in 11 easy steps! | Ubuntu Manual
Same Origin Policy - Protecting Browser State from Web Privacy Attacks
Abstract Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes. This tracking is possible because persistent, client-side browser state is not properly partitioned on per-site basis in current browsers. We address this problem by refining the general notion of a "same-origin" policy and by designing and implementing two browser extensions that apply a same-origin policy to the browser cache and visited links. We also analyze various degrees of cooperation between sites to track users, and show that even if long-term browser state is properly partitioned, it is still possible for sites to use modern web features to bounce users between sites and invisibly engage in cross-domain tracking of their visitors.Home Page - www.SecurityXploded.com
HashGenerator is the FREE universal hash generator software which instantly generates the hash for a give file or text using 14 popular hash algorithms including MD5, SHA family, BASE64, CRC32, ROT13, RIPEMD, ALDER32, HAVAL, WHIRLPOOL etc.
Tor relays (2011-02-14) - Google Maps
The content displayed below and overlaid onto this map is provided by a third party, and Google is not responsible for it. Information you enter below may become available to the third party.
tahoe-lafs.org
Tahoe-LAFS is a Free and Open cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire filesystem continues to function correctly, including preservation of your privacy and security. Allmydata, Inc. sponsored the Tahoe-LAFS project by providing hardware and data-center facilities along with the initial developer time. We are eternally grateful for their generous and public-spirited support.
'Re: Allegations regarding OpenBSD IPSEC' - MARC
[ prev in list ] [ next in list ] [ prev in thread ] [ next in thread ] List: openbsd-tech Subject: Re: Allegations regarding OpenBSD IPSEC From: Theo de Raadt Date: 2010-12-21 19:34:54 Message-ID: 201012211934.oBLJYshp014050 () cvs ! openbsd ! org [ Download message RAW ] > without a 'hint' (true or fake), Well, the allegations came without any facts pointing at specific code.As if the JS LOIC concept didn't have serious enough implications on its own, though, researchers from Attack & Defense Labs recently presented a much more effective DoS attack vector at Blackhat Abu Dhabi , which relies on Web Workers and Cross Origin Requests in HTML5. This attack, though it only works in HTML5 browsers, is supposedly capable of performing between 3,000 to 4,000 requests a minute under real world conditions, which is a significant improvement over the simple but functional img tag reload attack. In my tests, the HTML5 attack clocked in at ~1500-2000 requests/minute, with the img reload attack hovering around 600 requests/minute.
d0z.me: The Evil URL Shortener « Spare Clock Cycles
ssl