background preloader

Security

isc Home | SANS Internet Storm Center; Cooperative Network Security Community - Internet Security
SANS: IT Information Security Awareness Training
Info Security

Wallet TrackR - Find Your Wallet Wallet TrackR - Find Your Wallet Purchase Wallet TrackR Today! What is a Wallet TrackR? The Wallet TrackR fits easily into any wallet - just like a credit card. When combined with the free Wallet TrackR iPhone app, it becomes a powerful new tool to keep you from losing your wallet. When the Wallet TrackR gets separated from your iPhone or iPad, the Wallet TrackR app gently alerts you that you may be leaving your wallet behind. The app also takes a GPS snapshot of where your wallet was at the moment of separation in case you didn't hear the alert. How does Wallet TrackR work? Forget-me-not reminder If you forget your wallet, the App will play your favorite song and the Wallet TrackR will beep before you get too far. Lost and Found Map The App remembers the location and time you separated from your Wallet TrackR and can show you on a map. Is your wallet hiding? If you cannot find your wallet, press the FIND button in the App to cause the wallet to beep. Device Specs Width: 4.1cm Length: 6.8cm "Handy, eh?"
Check For Open Ports
Free Packet Route Tracer
Security

Paros
在選購路由器這個話題上,Upsangel還有很多思路想和大家分享,之前的文章都是偏向“技術型”攻略,用選股票的套路說法,就是“從下而上”的選購方法:明白每個路由/AP的每個特性,然後再配合自己的需要。這篇文章就是自上而下:先瞭解整個路由器網絡設備市場,再找到自己需求的定位。希望可以幫到唔同思路喜好的各位! 802.11N:網絡硬件的XP? 2014年家用路由器ROUTER基本上可以分成舊一代的802.11N路由器,和新的802.11AC路由器。 現在802.11N路由器市場可以再分為N150, N300和N450,這是按MIMO的理論速度來分的(詳情:掃盲帖)。 單天線N150 (通俗叫150M)是Upsangel最不推薦購買的,價錢是便宜(1XX港幣、4XX臺幣),但是你覺得4餐大家樂可以換到什麽好的路由器? N300和N450 (通俗叫300M,450M)(雙頻就是N600、N750、N900,什麽是雙頻?) 對於很多普通用戶來說,100M的寬頻已經夠用。 802.11N現時也擁有和XP同樣的優勢:滿足用戶的基本需要,換新一代的AC花費一筆,802.11N的WIFI設備全球普及。 N750雙頻的MW4530R是水星這個牌子唯一一款性能追得上大廠(而價錢依然是山寨)的產品,國內國際大神在此機上把OpenWRT玩得出神入化。。。 2014年最適合購買802.11n的人群:中低端N:大眾化網絡使用、預算有限、無線網速供/需不高,高端N:喜歡刷3rd Party Firmware例如DD-wrt Openwrt 提供高級應用 2014年香港最多人討論的802.11n“長氣將軍”:TPLINK 1043ND,ASUS RT-N56U 2014入選小U網販802.11n的性價比之選: TOTOLINK N600R (雙頻600M 路由器,穩定實用100M之選,$2XX)(详细介绍及購買詳情)迅捷FW450R (N450路由器,Bandwidth <100M穿牆之選,$1xx)(详细介绍及購買詳情) 有興趣請聯繫我購買(upsangel@gmail.com / whatsapp:60981711 不需Yahoo拍賣Account)。 802.11AC:什麽時候才真正普及? 2014年的802.11AC市場絕對係Router / Network Hardware Manufacturers 比拼實力的一年。 2014年買什麽路由好?一看就懂的Router分享器大市攻略 | by Upsangel 2014年買什麽路由好?一看就懂的Router分享器大市攻略 | by Upsangel
Create WiFi Hotspot On Windows 8,8.1/7 Using Command Prompt – CMD Create WiFi Hotspot On Windows 8,8.1/7 Using Command Prompt – CMD Hi guys,Today I am going to show you how to create WiFi hotspot network without using any software’s within 2 minutes by using your command prompt in Windows 7 or Windows 8.1/8. In my previous articles, I showed you how to create a WiFi network in any windows PC or laptop using Connectify software. This methods works well with all Windows versions 8/7/8.1. Windows 8 users just scroll down up to step 1. Advertisements Two methods are different. This Command Prompt method is only for technical people like you . Step 1: To Create WiFi Hotspot in Windows 8,8.1, Windows 7 PC First you need to know that whether your PC hardware supports hotspot feature or not. Open your command prompt in administrative mode(if you don’t know this post your comment I will tell you) .Enter this command ::: netsh wlan show drivers If it show “yes” as you can in image you can create WiFi hotspot in your PC. Step 2 : To Create WiFi Hotspot Network in Windows Laptops netsh wlan start hostednetwork
Network Security

WhoHasAccess 檢查誰可以看到你 Google 雲端硬碟的檔案 WhoHasAccess 檢查誰可以看到你 Google 雲端硬碟的檔案 Google 雲端硬碟是一個相當好用的免費空間,除了可以把檔案同步、保存在雲端,更棒的是利用共享功能,還能直接將檔案分享給同事或聯絡人,或是與其他伙伴進行共同協作,但 Google Drive 本身沒有自動將分享權限關閉的設計,如果你經常使用,有非常大的機會你會忘記自己曾經分享過那些檔案。在某些情況下,對方可能仍有權限可以存取你數年前分享的檔案,聽起來相當可怕。 WhoHasAccess 是一個很方便的線上工具,只要登入、授權給它存取你的 Google 雲端硬碟,它就能夠掃描並列出那些使用者能夠存取你雲端硬碟裡的檔案,透過簡單的介面設計,你可以輕鬆找到那些人擁有存取你雲端硬碟資料的權限,並將他們的權限移除。 WhoHasAccess 僅會掃描能夠存取你雲端硬碟檔案的使用者,並不會保存、查看任何你雲端硬碟裡的檔案,其實安全性相當高,如果你時常使用 Google 雲端硬碟來共享檔案,趕快利用 WhoHasAccess 檢查一下你雲端硬碟的權限吧! 網站名稱:WhoHasAccess 網站鏈結: Step 1 開啟 WhoHasAccess 後,點選首頁的 Scan My Google Drive Now 並登入你的 Google 帳戶,登入後會跳出如下圖的授權訊息,必須點選接受來授權給 WhoHasAccess 存取你 Google 雲端硬碟。 Step 2 接下來會有一段掃描時間,依照檔案數量多寡,需要的時間也不一樣,可以先關閉視窗,待 WhoHasAccess 完成後會寄 Email 通知,或者你也可以把視窗開著。 Step 3 掃描後會跳出檢查報告,列出所有可以存取你 Google Drive 雲端硬碟的使用者,是不是比你想像中的還要來得多呢? Step 4 點選最下方的 Public on the web 可以查詢所有公開於網路上的檔案、點選 Anyone with Link 可以查看擁有鏈結可以存取的檔案,如果要移除權限,一樣是點選下方的 ”Revoke All Access” 按鈕,可以一次將所有檔案權限移除。 Step 5
Know the Trade – Your IT Security Information Portal CISSP/CEH/CISA/Hacker and Penetration Testing Specialist Google Hacking allintitle:Brains, Corp. camera allintitle:"index of/admin" allintitle:"index of/root" allintitle:restricted filetype:doc site:gov allintitle:restricted filetype :mail allintitle:sensitive filetype:doc allinurl:/bash_history allinurl:winnt/system32/ (get cmd.exe) ext:ini eudora.ini ext:pwd inurl:(service|authors|administrators |users) "# -FrontPage-" filetype:bak inurl:"htaccess|passwd|shadow|htusers" filetype:conf slapd.conf filetype:ctt "msn" filetype:mdb inurl:"account|users|admin|administrators|passwd|password" filetype:mdb inurl:users.mdb filetype:QDF QDF filetype:pdf "Host Vulnerability Summary Report" "Assessment Report" filetype:sql ("passwd values ****" | "password values ****" | "pass values ****" ) filetype:xls inurl:"email.xls" filetype:user eggdrop user intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html) intitle:"Welcome to IIS 4.0!" These log files record info about the SSH client PUTTY. Know the Trade – Your IT Security Information Portal CISSP/CEH/CISA/Hacker and Penetration Testing Specialist
Know the Trade – Your IT Security Information Portal | CISSP/CEH/CISA/Hacker and Penetration Testing Specialist
Android Security Bulletins | Android Open Source Project Security has always been a major focus for Android and Google Play: Android was built from day one with security in mind. Monthly device updates are an important tool to make and keep Android users safe. This page contains the available Android Security Bulletins. These security bulletins also include information users can follow to ensure their device has the latest security updates. Notifications To get notifications when a new Android bulletin is published, join the Android Security Updates group, and set your email delivery preference to receive all updates. Sources Fixes listed in the public bulletin come from various different sources: the Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chip (SOC) manufacturers. Android platform fixes are merged into AOSP 24-48 hours after the security bulletin is released and can be picked up directly from there. Bulletins Android Security Bulletins | Android Open Source Project
Computer Hacking / Security

The Essential Skills to Becoming a Master Hacker Many of my aspiring hackers have written to me asking the same thing. "What skills do I need to be a good hacker?" As the hacker is among the most skilled information technology disciplines, it requires a wide knowledge of IT technologies and techniques. This is my overview list of required skills to enter the pantheon of this elite IT profession. The Fundamental Skills These are the basics that every hacker should know before even trying to hack. 1. It probably goes without saying that to become a hacker you need some basic computer skills. Many of these basic skills can be acquired in a basic computer skills course like A+. 2. You need to understand the basics of networking, such as the following. DHCP NAT Subnetting IPv4 IPv6 Public v Private IP DNS Routers and switches VLANs OSI model MAC addressing ARP As we are often exploiting these technologies, the better you understand how they work, the more successful you will be. 3. 4. 5. 6. 7. The Essential Skills to Becoming a Master Hacker The Essential Skills to Becoming a Master Hacker
Top 10 best tutorials to start learning hacking with Kali Linux » TechWorm Kali Linux is one of the most loved distros by the hacking and security community because of its pentesting and exploit tools. It is one of the best security auditing operating systems based on the Linux kernel and the successor of the popular BackTrack. The Kali Linux has itself been upgraded to 2016.1, based on Debian GNU/Linux 8 “Jessie,” and that there’s an official Kali Linux Docker image that lets users run the distro on any platform. However, what good is a tool or an exploit for a wannabe hacker or security researcher, if you don’t know how to use it! Top 5 Best Websites To Learn Linux Online This is the reason that in this article we look at the top 10 best resources for hackers and security researchers to learn hacking with Kali Linux. 1. We start off this YouTube video tutorial which teaches you how to install basic Linux and Kali Linux on your computer. 2. The Kali Linux blog itself is a great resource for you to learn to use various tools and exploits. 3. 4. 5. 6. 8. 9. 10. Top 10 best tutorials to start learning hacking with Kali Linux » TechWorm
Tech Support Scams: a Beginner's Guide Tech Support Scams: a Beginner's Guide Posted by David Harley on November 26, 2015. Introduction I’ve spent a lot of time over the last few years writing and talking about tech support scams. Basic scam gambits Often, the scammer claims that the victim’s PC has been hacked, or is infected or affected by viruses or other forms of malware. The classic cold-calling scam works something like this: you get a telephone call from someone telling you that he is from or working with Microsoft, and that your Windows PC has been reported as being compromised in some way. The CLSID scam gambit A longstanding favourite is the CLSID gambit, when he tells you that this string of characters is unique to your system: ZFSendToTarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} In fact the ASSOC command will show this very same string on just about any Windows machine. The Event Viewer gambit Another gambit is to ‘prove’ that your PC is ‘infected’ by misrepresenting the results of running standard utilities such as Event Viewer. The New Wave Conclusion
Solar energy firm receives record fine for automated nuisance calls | UK news Solar energy firm receives record fine for automated nuisance calls | UK news A green energy company which plagued consumers with millions of nuisance phone calls offering ‘free’ solar panels has received a record fine from a Government watchdog for “deliberately and recklessly” breaching marketing regulations. Home Energy & Lifestyle Management Ltd (Helms), based in Glasgow, has been slapped with a £200,000 fine by the Information Commissioner’s Office (ICO) after pestering householders with millions of automated calls on an “industrial scale”. An ICO investigation found that Helms made over six million calls as part of a massive automated call marketing campaign offering ‘free’ solar panels. Helms – an accredited company in the failed Government Green Deal initiative to help people make energy saving improvements to their homes – admitted it didn’t even know what the rules were. In just over two months – from October to December 2014 – the ICO received 242 complaints from individuals.
The UK's biggest online pharmacy has been fined £130,000 ($200,000) for selling patients' personal data to scammers who targeted the sick and vulnerable. Pharmacy2U (P2U) was punished by the Information Commissioner's Office (ICO) for offering the names and addresses of people who purchased prescriptions and other remedies from their site through online marketing list company, Alchemy Direct Media. The pharmacy was found to have unlawfully sold the personal data of more than 21,000 NHS patients and P2U customers without informing them beforehand or getting their consent to have the data sold on. The companies which bought the data include Australian Lottery fraudsters who targeted male pensioners who were more likely to have chronic health conditions, a Jersey-based "healthcare supplement" company which was found to have conducted "misleading advertising" and "unauthorised health claims" and a UK charity which used the details to solicit donations for people with learning disabilities. UK's largest online pharmacy fined £130,000 for selling patients' personal data to scammers
Sicurezza ICT: c'è ancora differenza tra Safety e Security? Il significato in 6 punti Safety, il significato: Oggi ha ancora senso parlare di una differenza tra Safety e Security? Con la progressiva informatizzazione delle aziende, che significato ha valutare come diversi e separati gli ambiti della sorveglianza e della protezione? Perché si tende ancora oggi a considerare la sicurezza come un servizio, invece che come un asset strategico? L'assunto fondamentale è che oggi il business non esiste senza Internet. La maggior parte dei processi è digitale o in qualche modo passa dalle tecnologie digitali. Proteggere le persone, le aziende e le informazioni è parte integrante di una strategia in cui convergono sistemi di videosorveglianza, telecontrollo, antintrusione, antieffrazione ma anche di protezione da tutte le derive del cybercrime che colpisce gli utenti in azienda oppure in mobilità, a casa come in automobile, in treno o a piedi. Che cosa significa Safety e cosa significa Security Il significato di safety e di security. La sicurezza nelle smart city Garantendo:
Istruzione non è solo educare le nuove generazioni alla conoscenza di nozioni e alla trasmissione del sapere, ma anche e soprattutto insegnare il rispetto dei valori fondanti di una società, riaffermare quotidianamente, anche in ambito scolastico, quei principi di civiltà, come la riservatezza e la dignità della persona, che devono sempre essere al centro della formazione di ogni cittadino. In quest’ottica il Garante per la protezione dei dati personali ha pubblicato "La scuola a prova di privacy". La guida tiene conto delle innovazioni previste, ma ancora in fase di attuazione, dell’ultima riforma della scuola, e raccoglie i casi affrontati dal Garante con maggiore frequenza, al fine di offrire elementi di riflessione e indicazioni per i tanti quesiti che vengono posti dalle famiglie e dalle istituzioni scolastiche. La guida è articolata in cinque capitoli, che riportano regole ed esempi: Vademecum sulla privacy a scuola — Notizie della scuola
A new backdoor that was recently discovered in budget Android devices is sending user location data, text message, and call logs to a server in China every 72 hours, and no one seems to know the reason why. First reported on by the New York Times on Tuesday, the backdoor was discovered by Security firm Kryptowire. According to the New York Times report, the backdoor comes in the form of pre-installed monitoring software that collects the above-mentioned information. The Times said that American authorities are unsure if the data is being collected for advertising purposes, or if it is and actual governmental effort at surveillance. One of the most interesting aspects of this backdoor is that it is an intentional piece of the software on these devices. That, as noted by The Verge, makes it a feature of the device and not an exploited vulnerability. SEE: HummingBad malware infects 10 million Android devices, millions more at risk The 3 big takeaways for TechRepublic readers Also see Android backdoor is secretly sending user data and texts to China, and no one knows why
Shortly after the announcement of iOS 8 in 2014, Google made headlines by saying that it would make full-device encryption mandatory for new Android devices running version 5.0. It then made more headlines several months later when we discovered that the company backed down, "strongly recommending" that Android device makers enable encryption but stopping short of actually requiring it. Now Google has published an updated version of the Android Compatibility Definition Document (PDF) for Android 6.0, and it looks like mandatory encryption is back with a couple of exceptions. New devices that come with Marshmallow and have AES crypto performance above 50MiB-per-second need to support encryption of the private user data partition (/data) and the public data partition (/sdcard). The relevant portion of the document, emphasis ours: 9.9. The new rule continues to exempt phones and tablets that were launched with older versions of Android and upgraded to Marshmallow later. Android 6.0 re-implements mandatory storage encryption for new devices | Ars Technica
Google relaxes Android 5.0 Lollipop's encryption requirements
IT security

ForensicsWiki
How To Secure Your Wi-Fi Network Against Intrusion
Wi-Fi Best Practices | Mobile content from Windows IT Pro
Adblock Plus - Surf the web without annoying ads!
privacy tools - encryption against global mass surveillance □
Tor Browser
Privacy & Security

Social Security

TP|Republicans launch plan to annihilate Social Security
LAT|GOP unveils a permanent save for Social Security —massive benefit cuts
Salon|Trump’s Social Security heresy: Taking on Paul Ryan & the privatization push
How secure is your iPhone 5S fingerprint?
Metropolitan Police launches campaign to tackle rising iPhone theft
Verizon Spying Controversy Confuses Executive, Implies Personal Privacy Is Gone
Defender Security - Secure your Land Rover Defender - Paddock Spares
Defender Security - Secure your Land Rover Defender - Paddock Spares
Defender Security - Secure your Land Rover Defender - Paddock Spares
IoT Security - A Safer Internet of Things | GEMALTO
GSMA IoT Security Guidelines - complete document set | Connected Living
IoT Security Standards – Paving the Way For Customer Confidence | IEEE Standards University
Fascism and the Security State

Information Security

Cyber Security

Security Apps

Corso IT Security

Security - Botnet - DDoS attack -