Security LLC - Chargen - If You're Typing The Letters A-E-S Into Y Understudy note In tonight’s performance (January 2015) and onward, the role of MIKE TRACY will be played by JEFF JARMOC. A “young, cool-people’s” coffee shop on the first floor of an old office building in downtown Chicago. “My band is playing” notices line the wall. Did you see that? What? He got all those little beans and put them in the thing and tamped them down and Whatever. and he clickity-clack clickity-clacked with the machine and Jeff! Jeff walks to a table at the side of the shop, grabbing a lid and a sleeve for his coffee. Miffed I don’t know. Why SSO? Jeff is maneuvering around people entering the shop through a door leading out to the hallway. It’s got crypto in it. Thomas follows Jeff, walking towards the elevators. Yeah, that could work. Print an invoice. Yeah, this will work. So, a base64 blob AES encrypted with a key both servers share? DING. You’ll be surprised. Uh, I’d encrypt the cookie? Show us how on the pad? Does it matter what language I write it in? Oh, ok. Sorry. Sure. Um.
10 dumb things users do that can mess up their computers Users find plenty of ways to run into trouble, from gunking up their system with shareware to leaving it exposed to attackers to forgetting about using surge protectors. Share this list with your own users so they can sidestep preventable problems like these. We all do dumb things now and then, and computer users are no exception. Nervous newbies are often fearful that one wrong move might break the computer forever. Note: This article is also available as an article and as a PDF download. #1: Plug into the wall without surge protection Here's one that actually can physically destroy your computer equipment, as well as the data it holds. You can protect your systems against damage from power surges by always using a surge protector, but it's important to be aware that most cheap surge protectors will survive only a single surge and need to be replaced afterward. #2: Surf the Internet without a firewall #3: Neglect to run or update antivirus and anti-spyware programs #6: Open all attachments
How Secure Is My Password? Entries are 100% secure and not stored in any way or shared with anyone. Period. As Seen On Data breaches and identity theft are on the rise, and the cause is often compromised passwords. Pro Tip: We recently rolled out a new password generator tool that will help you create super secure passwords in a snap! How To Create Secure Passwords The best practices for creating secure passwords are: A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords.A password should include a combination of letters, numbers, and characters.A password shouldn’t be shared with any other account.A password shouldn’t include any of the user’s personal information like their address or phone number. Why Is Password Security Important? Not having secure passwords has its consequences, which include but are not limited to: The Impact of Stolen Passwords Impact on Businesses
Customizing OpenStack RBAC policies OpenStack uses a role based access control (RBAC) mechanism to manage accesses to its resources. With the current architecture, users' roles granted on each project and domain are stored into Keystone, and can be updated through Keystone's API. However, policy enforcement (actually allowing or not the access to resources according to a user's roles) is performed independently in each service, based on the rules defined in each policy.json file. In a default OpenStack setup (like Devstack), two roles are created: The Member role, which when granted to a user on a project, allows him to manage resources (instances, volumes, ...) in this project.The admin role, which when granted to a user on any project, offers to this user a total control over the whole OpenStack platform. However, the OpenStack policy engine allows operators to specify fine grained set of rules to control access to resources of each OpenStack service (Keystone, Nova, Cinder, ...). Example: admin and super_admin Notes
A Resource for IT Professionals Why desktop 3D printing still sucks Why desktop 3D printing still sucks 3D printing is an amazing technology, but the usefulness of desktop printers has been incredibly overhyped. Dell is back in bed with Linux Dell is back in bed with Linux Dell is at it again... selling Linux powered laptops. VMware may fall victim to virtualization cost cutting VMware may fall victim to virtualization cost cutting Keith Townsend explores whether VMware vSphere has gone from a product that reduces costs to a baseline expense that enterprises are looking to cut. Michael Kassner // June 19, 2015, 1:30 PM PST Matchlight finds breaches faster by scouring the dark web for stolen data Matchlight detects data breaches faster, more accurately, and in a way you might not expect. Don't Miss Our Latest Updates Editor's Daily Picks Week in Review Nick Heath // June 19, 2015, 4:54 AM PST If you can't beat 'em, join 'em. Load More Editor's Picks Your genome costs less than your iPhone The M&A strategies of 10 tech giants
How to Use Wireshark to Capture, Filter and Inspect Packets Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets. This tutorial will get you up to speed with the basics of capturing packets, filtering them, and inspecting them. Getting Wireshark You can download Wireshark for Windows or Mac OS X from its official website. Just a quick warning: Many organizations don’t allow Wireshark and similar tools on their networks. Capturing Packets After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Click the stop capture button near the top left corner of the window when you want to stop capturing traffic. Color Coding Sample Captures
I was just asked to crack a program in a job interview ! I was just asked to crack a program in a job interview. and got the job. Hello everyone, i am quite excited about my new blog here.I am planning to write couple of blog posts every week. Since the title gives you a brief information about general concept , i would like to tell you my story about a job interview that was held in Ankara,TR. I applied a position named as "Software Security Engineer" and In the interview , they asked me really low level stuff some of them i know , some of them i dont. Then they send me an email which includes an attachment for a protected and encrypted binary. When i got home , i downloaded it and it asked me only a password to unlock it.They wanted me to find that password :) At first , it looks pretty hard but i will try to introduce the general concept that i had followed :) Here is the first thing i typed in the terminal root@lisa:~# . I typed something stupid keyword 3 times and it quited. :) I have more tools to analyze.Lets get more info about the file. Ok. #!
Raise your tech IQ: Listen to these five podcasts Podcasts are enjoying a resurgence in the wake of the Serial phenomenon, but the tech world has been at the forefront of podcasting long before it went mainstream. If you work in tech, you have plenty of great content to choose from. Since the tech industry changes faster than any other, it puts tremendous pressure on tech professionals to stay current and keep an eye on what's next. Podcasts are a great way to make yourself smarter and better prepared when people ask, "Hey, what do you think about...?" So enlist some help to stay informed. 1. Leo Laporte's This Week in Tech, which has been running continuously for 10 years, remains the gold standard of tech podcasts. 2. The best tech podcast you may have never heard of is MVP from Peter Rojas, former co-founder of both Engadget and Gizmodo, and Ryan Block, former editor in chief of Engadget. I've been listening to Rojas and Block podcasting together since they did podcasts at both Engadget and GDGT. 3. 4. 5. Also see
Recommended Reading | The Homepage of @attrc This page lists books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering. These books range from introductory texts to advanced research works. While some of these books may seem dated, the information contained is still very useful to people learning today, and much of the information is essential to becoming proficient in the information security realm. Please note that, in order to avoid ranking individual books, each category is listed in alphabetical order and each book is listed in alphabetical order within its category. If you notice any errors with this page or have books that you think should be listed then please contact me. Application Security - Native Application Security - Web Cryptography Database Forensics Digital Forensics and Incident Response Exploitation / Penetration Testing Linux Usage Memory Forensics Network Forensics Networking Reverse Engineering
Five trustworthy password recovery tools In a bad situation, you may have to use a specialized tool to recover a password. Here are five reliable apps you can turn to. Many people take a dim view of password recovery tools for ethical reasons -- understandably so. You have a tool that can, in some cases, crack passwords on machines. But in certain situations, these tools wind up being the last ditch effort that can save you from having to go as far as reinstalling the operating system. Note: This list is also available as a photo gallery. LCP (Figure A) is a user-account password recovery tool for Windows NT/2000/XP/2003. Figure A 2: Ophcrack Ophcrack (Figure B) is one of the most popular password recovery tools. Figure B Ophcrack Windows Key (Figure C) can reset your Windows password for you. Figure C Windows Key 4: Windows Password Unlocker Windows Password Unlocker (Figure D) also creates a USB or CD that can then be booted to recover passwords. Figure D Windows Password Unlocker 5: Hash Suite Figure E Hash Suite To the rescue
WebSockets – Varnish, Nginx, and Node.js This post was published 2 years ago. Due to the rapidly evolving world of technology, some concepts may no longer be applicable. Like many others I have been drawn in by the appeal of websockets and their use in (near) real-time communication. As such one of my current projects uses Node.js and websockets (via socket.io). To maximize compatibility, I would, of course, like my Node.js site to run on port 80. My server, however, is not used exclusively for this project – it also has traditional PHP/MySQL sites running on it. My current setup has Varnish as a caching layer – to cache the dynamic PHP scripts – and Nginx as a webserver. As is good practice, static content will be served from a separate subdomain, but I would like all remaining content (including the websockets) to be served from the main domain. To recap, the objectives are: My server stack is Varnish Below is an edited version of my /etc/varnish/default.vcl. Nginx Tracking a Request The logged request is as follows: