Active Cyber Defence - tackling cyber attacks on the UK - NCSC Site. On 1st November, the Chancellor announced the Government's new National Cyber Security Strategy and, as part of that, our Active Cyber Defence (ACD) programme.
Bits of this have been alluded to before, but I thought it would be a good idea to put down a high level overview of what we're planning to do. We'll be publishing more detail as the programme progresses including - critically - data around what the different measures achieve. This (long!) Blog isn't intended to be a full technical deep dive, but I expect we'll be publishing some of those soon. There’s a common complaint from industry to governments about cyber security.
The ACD programme is intended to tackle, in a relatively automated way, a significant proportion of the cyber attacks that hit the UK. Hackers Stole Account Details for Over 60 Million Dropbox Users. Hackers have stolen over 60 million account details for online cloud storage platform Dropbox.
Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light. Motherboard obtained a selection of files containing email addresses and hashed passwords for the Dropbox users through sources in the database trading community. In all, the four files total in at around 5GB, and contain details on 68,680,741 accounts. ICMPTX (IP-over-ICMP) HOWTO. See the current ICMPTX project home page.
Problem You're sitting in an airport or in a cafe, and people want your money for Internet access. They do allow ICMP traffic, though (i.e., you can ping machines on the Internet). Enters ICMPTX. (If you can't use ping, but you can issue name queries, use NSTX: IP-over-DNS.) Once you've followed these instructions, you basically have a remote proxy, providing you with access to the Internet. Note that these instructions play nicely with NSTX. Notes on "how to clone delicious in 48 hours" You may have heard that Delicious is shutting down (or not?).
Someone on Twitter suggested that a group of engineers should get together on a weekend and build a Delicious clone. In anticipation of this mystery group of people sitting down and doing this, I thought I'd make a quick todo list for them. Podcast 492: How to travel like an international superspy. Google Will Soon Shame All Websites That Are Unencrypted. Google wants everything on the web to be travelling over a secure channel.
That’s why in the future your Chrome browser will flag unencrypted websites as insecure, displaying a red “x” over a padlock in the URL bar. With this upcoming change in Chrome, Google makes it clear that the web of the future should all be encrypted, and all sites should be served over HTTPS, which is essentially a secure layer on top of the usual HTTP web protocol. Several companies and organizations have been pushing for more encrypted sites as part of a campaign to “Encrypt All The Things,” which consists of promoting more websites to abandon the traditional, less secure HTTP protocol and adopt HTTPS. Cossack Labs / Why you should avoid SSL for your next application. Introduction Everyday software developers trust SSL / TLS encryption to protect their communications without considering whether or not this is the right thing to do.
We frequently see new SSL vulnerabilities. Theoretical threats rapidly become practical. But we still see (perhaps for the sake of convenience and familiarity) SSL /TLS being deployed everywhere without a backthought, providing a false sense of security rather than security itself. This article provides a short overview on what we (and other security and cryptographic engineers around the world) find wrong with SSL/TLS and particularly in the case of non-Web application development, when you should use it, when you should avoid it and why. Warning! Note: SSL, TLS and SSL/TLS are used interchangeably in this article, except where the exact version or version family is specified. What SSL/TLS is supposed to provide Wikipedia accurately defines TLS as: So, what exactly is wrong with SSL? A "short" list of problems. Using Stormpath's ID Site to Host your User Management UI - Stormpath. In this guide, we discuss how to set up Stormpath to host a set of web pages that enable your applications to quickly and securely offer common identity management functions like login, registration, and password reset.
ID site pages are a convenience feature in Stormpath. If you prefer to build and host your own pages, you can recreate much of the functionality using Stormpath’s SDKs and Core API. What is an ID Site? Stormpath ID Site is a set of hosted and pre-built user interface screens that take care of common identity functions for your applications — login, registration, and password reset.
ID Site can be accessed via your own custom domain like id.mydomain.com and shared across multiple applications to create centralized authentication if needed. The screens, and even the functionality, of ID site are completely customizable. AuthRocket - Auth as a Service. Launch Faster.