background preloader


Related:  Fundamentals of Information SecurityIT Security

How to hide files in JPEG pictures If you’re looking to hide files on your PC hard drive, you may have read about ways to encrypt folders or change the attributes on a file so that they cannot be accessed by prying eyes. However, a lot of times hiding files or folders in that way requires that you install some sort of software on your computer, which could then be spotted by someone else. I’ve actually written quite a few articles on how you can hide files and folders in Windows XP and Vista before, but here I’m going to show you a new way to hide files that is very counter-intuitive and therefore pretty safe! Using a simple trick in Windows, you can actually hide a file inside of the JPG picture file! You can actually hide any type of file inside of an image file, including txt, exe, mp3, avi, or whatever else. Hide File in Picture In order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. Create a folder on your hard drive, i.e. Now here’s the fun part! And that’s it!

 Log Files and Linux. Log Files and Linux. by Isaac Ok. Adrian asked me to write up a quick synopsis of the "lecture" I gave at the first meeting. This is pretty basic stuff. So if you already know how Linux log files work, don't expect to learn anything new or enlightening here. Most versions of Linux, as far as I'm aware, use syslogd as their logging utility. syslogd is a fairly easy tool to learn and use. *.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages If you do a man on syslog.conf you'll get a lot more information about this. authpriv.* /var/log/secure All this means is log everything that authpriv does to /var/log/secure. Now, if you are curious about which log files are important, feel free to look in your /etc/syslog.conf (May have a different location. Now, another thing. My first log location is this. CustomLog /var/log/httpd/access_log combined. This shows any hit to the main website that isn't being redirected to a customlog. Pretty basic but shows some of the logging features.

Shamir's Secret Sharing Shamir's Secret Sharing is an algorithm in cryptography created by Adi Shamir. It is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret. Counting on all participants to combine together the secret might be impractical, and therefore sometimes the threshold scheme is used where any of the parts are sufficient to reconstruct the original secret. Mathematical definition[edit] The goal is to divide secret (e.g., a safe combination) into pieces of data in such a way that: Knowledge of any or more pieces makes easily computable.Knowledge of any or fewer pieces leaves completely undetermined (in the sense that all its possible values are equally likely). This scheme is called threshold scheme. then all participants are required to reconstruct the secret. Shamir's secret-sharing scheme[edit] points to define a polynomial of degree Suppose we want to use a where

remore exploit The GNU Awk User’s Guide This file documents awk, a program that you can use to select particular records in a file and perform operations upon them. Copyright © 1989, 1991, 1992, 1993, 1996–2005, 2007, 2009–2014 Free Software Foundation, Inc. This is Edition 4.1 of GAWK: Effective AWK Programming: A User’s Guide for GNU Awk, for the 4.1.1 (or later) version of the GNU implementation of AWK. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being “GNU General Public License”, the Front-Cover texts being (a) (see below), and with the Back-Cover Texts being (b) (see below). A copy of the license is included in the section entitled “GNU Free Documentation License”. “A GNU Manual” “You have the freedom to copy and modify this GNU manual. Short Table of Contents Table of Contents Foreword Arnold Robbins and I are good friends. Preface

Why does the government disallow dynamic languages? This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Patrick asks: I know some people who are currently working on a project for the US military (low security level, non-combat, human resources type data). An initial state of the project code was submitted to the military for review, and they ran the program through some sort of security analyzer tool. It returned a report of known security issues in the code and required changes that needed to be implemented before delivery of the final product. One of the items that needed to be resolved was removal of part of the project that was written in Ruby as it is a dynamic language. What is the background/reason for not allowing a dynamic language to be used in a secure setting? See the full, original question here. It's the interpreter Thomas Owens♦ answers (22 votes): Dangerous tricks For example:

Back¦Track-fr sécurité réseau & intrusion grep () NOTE: click here if you get an empty page. grep, egrep, fgrep - print lines matching a pattern grep [options] PATTERN [FILE...] grep [options] [-e PATTERN | -f FILE] [FILE...] Grep searches the named input FILEs (or standard input if no files are named, or the file name - is given) for lines containing a match to the given PATTERN. By default, grep prints the matching lines. In addition, two variant programs egrep and fgrep are available. -A NUM, --after-context=NUM Print NUM lines of trailing context after matching lines. A regular expression is a pattern that describes a set of strings. Grep's behavior is affected by the following environment variables. Normally, exit status is 0 if selected lines are found and 1 otherwise. Email bug reports to

How easy is it to hack JavaScript in a browser? This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Jesus Rodriguez asks: My question has to do with JavaScript security. Imagine an auth system where you're using a JavaScript framework like Backbone or AngularJS, and you need secure endpoints. But what if you need a little security without involving the server? For example, say you've got a client-side routing system and you want a concrete route to be protected for logged-in users. How easy is for a user to modify that variable and get access? My security (and JavaScript) knowledge isn't great. See the original question here. Sending secret data Joachim Sauer answers (66 votes): It's simple: any security mechanism that relies on the client to do only what you tell it to do can be compromised when an attacker has control over the client. Another route Benjamin Gruenbaum answers (17 vote): Notes:

Top 100 Network Security Tools Transport Layer Security protocol Updated: June 12, 2014 This topic for the IT professional describes how the Transport Layer Security (TLS) protocol works and provides links to the IETF RFCs for TLS 1.0, TLS 1.1, and TLS 1.2. The TLS (and SSL) protocols are located between the application protocol layer and the TCP/IP layer, where they can secure and send application data to the transport layer. Because the protocols work between the application layer and the transport layer, TLS and SSL can support multiple application layer protocols. TLS and SSL assume that a connection-oriented transport, typically TCP, is in use. The protocol allows client and server applications to detect the following security risks: Message tampering Message interception Message forgery The TLS and SSL protocols can be divided into two layers. TLS and SSL protocol layers The Schannel SSP implements the TLS and SSL protocols without modification. RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 This additional functionality:

Philips Smart TVs wide open to Gmail cookie theft, other serious hacks Internet-connected TVs manufactured by Philips running the latest firmware update are wide open to browser cookie theft and other serious attacks by hackers within radio range, a security researcher has warned. The hacks work against Philips Smart televisions that have a feature known as Miracast enabled, Luigi Auriemma, a researcher with Malta-based ReVuln (Twitter handle @revuln), told Ars. Miracast allows TVs to act as Wi-Fi access points that nearby computers and smartphones can connect to so their screen output can be displayed on the larger set. The hacking vulnerability is the result of a recent firmware update that allows anyone within range to connect to the TV, as long as they know the hard-coded authentication password "Miracast." Once someone has connected to the Miracast-enabled Wi-Fi network, they can use publicly available software to download any personal files that may be contained on USB drives plugged in to the Philips Smart TV.