background preloader

Security/Encryption

Facebook Twitter

All things security/encryption related

Digital security resources. Getting up to speed and keeping-up-to-date Here are the go-to organizations for the latest information, policy, background papers and research on digital threats and how to combat them. • Tactical Technology Collective • Electronic Frontier Foundation • Digital Defenders Partnership • Frontline Defenders • Access Now Digital security research, studies & surveys # Building digital safety for journalism: a survey of selected issues, UNESCO (2016) Essential reading for keeping up with the latest threats, this study analyzes and explains the 12 main digital threats to journalism, from hacking of journalistic communications to Denial-of-Service attacks on media websites. # Journalist Security in the Digital World: A Survey – Are We Using the Right Tools?

Digital security resources

Tron v9.8.6 (2016-12-10) // fix Stage 2 stalling bug : TronScript. A Beginner Friendly Comprehensive Guide to Installing and Using A Safer Anonymous Operating System v1.0.2. Exercises. Keybase. Introducing the Keybase filesystem Alpha releases of the Keybase app are starting to come with a cryptographically secure file mount.

Keybase

It is brand new. And very different. a terminal glimpse into /keybase/public/chris Public, signed directories for everyone in the world. Fightforthefuture/anticensorship-mirror-python: Team Future Anti-censorship Alerts for Python. StevenBlack/hosts: Extending and consolidating hosts files from a variety of sources like adaway.org, mvps.org, malwaredomains.com, someonewhocares.org, yoyo.org, and potentially others. Is email encryption, as claimed by ProtonMail, possible? Strictly speaking it is not possible, for the following reason: if the Web service encrypts the message, then the Web service gets to see the unencrypted message at some point (note: I write service, not server).

Is email encryption, as claimed by ProtonMail, possible?

At best, the service may be honest and do its best not to have a look at the messages at they flow. Now let's see the claims of that "ProtonMail" service: Swiss Based. Well, I see no reason to find this implausible. Switzerland is a real country and there are people who live there. Summary: ProtonMail appears to be roughly the equivalent of using PGP, except that it is Web based, thus centralized. While ProtonMail is certainly better than plain, unencrypted email, it would be wrong to believe it to be the ultimate answer to email security. They use existing standards.They have an explicit threat model. Ricochet. Cyph – Encrypted Messenger. Secure Contacts. Updated 2/22/16 to add Ricochet and change a Jabber address This page explains how to reach me privately, using the best available security tools.

Secure Contacts

Best available does not mean perfect, but surveillance of these channels is costly, difficult and far less likely than the usual alternatives. If you are a beginner, or if too many choices make your head hurt, I'm happy to choose for you. Clear your browser. Find another computer, away from home and work, perhaps at a library or cafe. I do suggest you give some thought to what you want to keep private, who might try to listen in, and how much you care.

There are easier tools, but PGP (also known as OpenPGP, GnuPG and GPG) is still the gold standard for email encryption. My PGP key, as of July 10, 2015, is here and on all the usual keyservers. Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance. Warning: This guide has not updated in over a year.

Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance

Freedom of the Press Foundation is working on an updated version. If you're interested in contributing, or have ideas for what this guide should cover, please submit issues on GitHub Download: [en] PDF, LibreOffice ODT • [pt] PDF, LibreOffice ODT Encryption works. Linux Hidden web server for noobs. Squidblacklist.org - Blacklist Downloads. GNU Libreboot. Untitled. After two years of hard work Subgraph OS is finally available for alpha download!

untitled

Please note that this software is still in alpha and much testing and bug fixing still has to be done. Grsecurity. Security in Ubuntu, Linux Mint and Debian: an explanation and some tips - Easy Linux tips project. 25 Hardening Security Tips for Linux Servers. Everybody says that Linux is secure by default and agreed to some extend (It’s debatable topics).

25 Hardening Security Tips for Linux Servers

However, Linux has in-built security model in place by default. Need to tune it up and customize as per your need which may help to make more secure system. Linux is harder to manage but offers more flexibility and configuration options. Securing a system in a production from the hands of hackers and crackers is a challenging task for a System Administrator. Blog - \\server-adventures. VPN Pricing: Buy VPN With Credit Card, Paypal, Bitcoin. The open-source whistleblower submission system managed by Freedom of the Press Foundation. Untitled. Server Deployment Instructions · cryptocat/cryptocat Wiki. Deploying a Cryptocat server allows you to maintain Cryptocat conversations on your own network, without relying on the network at crypto.cat.

Server Deployment Instructions · cryptocat/cryptocat Wiki

Ethical Hacking, Penetration Testing, Information Security, Kali Linux, Backtrack Linux, Offensive Security. Yawnbox. GPGTools - It's worth protecting what you love. Backdooring your javascript using minifier bugs. In addition to unforgettable life experiences and personal growth, one thing I got out of DEF CON 23 was a copy of POC||GTFO 0x08 from Travis Goodspeed.

backdooring your javascript using minifier bugs

The coolest article I’ve read so far in it is “Deniable Backdoors Using Compiler Bugs,” in which the authors abused a pre-existing bug in CLANG to create a backdoored version of sudo that allowed any user to gain root access. This is very sneaky, because nobody could prove that their patch to sudo was a backdoor by examining the source code; instead, the privilege escalation backdoor is inserted at compile-time by certain (buggy) versions of CLANG.

That got me thinking about whether you could use the same backdoor technique on javascript. JS runs pretty much everywhere these days (browsers, servers, arduinos and robots, maybe even cars someday) but it’s an interpreted language, not compiled. However, it’s quite common to minify and optimize JS to reduce file size and improve performance. Hackme: Deconstructing an ELF File. A friend recently asked me to find the password for a little hard-to-hack program he had written and I agreed to it.

hackme: Deconstructing an ELF File

The short journey of a few hours that led me to its password were extremely interesting and this article describes the process as well as some of the new techniques learnt along the way. Few minutes after accepting his challenge, I received a binary called "hackme" in an E-mail and I got started! Those interested in giving it a shot can download the binary file and get back to this article later.

Untitled. NES web. OFTC - Home. PFSenseDocs. Autistici. Encrypt and decrypt text online. Utkusen/hidden-tear. An Encrypted Internet Is a Basic Human Right. Nico Sell is co-founder and co-chairman of Wickr Inc. This Op-Ed is part of a series provided by the World Economic Forum Technology Pioneers, class of 2015. Sell contributed this article to Live Science's Expert Voices: Op-Ed & Insights. George Washington could have become a king, but instead devoted his life to giving power back to the people.

This is why his political heritage remains so strong today, inspiring millions around the world to continue striving for liberty and democracy. One of my favorite U.S. presidents, Washington proved that great leaders rule by empowering the people, not by usurping power. In the next decade, billions of online citizens will join the Web, making national borders less relevant and the world more connected. The right to private communication The establishment of the U.S. The same commitment to privacy and access to free, uncensored information is the reason we started Wickr. I call that space the private Web. Away from prying eyes The encrypted future.

Occupytheweb's Profile. Installing & Using a Secure IRC Client with OTR. Information Security Stack Exchange. Privacy tools - encryption against global mass surveillance □ Cstørmˣˣ. Cybrary - Free Online IT and Cyber Security Training, Forever! Duplicity: Main. Tox: A New Kind of Instant Messaging.

Bluhell Firewall. Oxynger KeyShield - Ultimate Protection for Passwords from Hacking by Keyloggers. DoxBox (filtered) § s'qute. VeraCrypt - Home. Home Page. Open Source IDS / IPS / NSM engine. GlassWire Network Security Monitor & Firewall Tool. OneTime  —  Encryption with One-Time Pads. Note (2014-01-09): OneTime 2.0 is currently in beta testing. See the compatibility notes for details. OneTime is an open source encryption program that uses the one-time pad algorithm to allow two parties to communicate privately. It has features to assist with the bureaucracy of pad management, and comes with built-in help. OneTime requires Python 2.6 or higher, and is for users who are comfortable running command-line programs. GnuPGk. Some Apps (GPGshell, TitleTime) Gpg4usb - project : download. GPGTools - It's worth protecting what you love.

Gpg4win - Secure email and file encryption with GnuPG for Windows. The GNU Privacy Guard. Encreep.com - user friendly public-key cryptography. Cryptsync - A folder sync tool with encryption. Privnote - Send notes that will self-destruct after being read. Open Source Password Manager & File Storage. HerdProtect - Anti-Malware Multiscanning Platform in the Cloud. Secure Encryption Software. FlreFox #Prlvacy #Securlty #lnfosec.