Same Origin Policy - Protecting Browser State from Web Privacy Attacks Stanford University Computer Science Department Abstract Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes. Black Hat: Top 20 hack-attack tools Network World - Turn someone else’s phone into an audio/video bug. Check. Use Dropbox as a backdoor into corporate networks.
Creepy, the Geolocation Information Aggregator What is Creepy ? So what is Creepy actually and how does it come into the “Geolocation” picture ? Creepy is a geolocation information aggregation tool. How to secure your data with Truecrypt in 11 easy steps! Truecrypt, is a free and open-source disk encryption software. In this post we will show you how to encrypt all your data using Truecrypt in 11 easy steps. With Truecrypt it is possible to encrypt a virtual disk (folder), a partition or a whole storage device. The two most beautiful things with Truecrypt are real-time instantaneous encryption and simple and easy setup. Probably you might ask yourself why you need it?! The matter of privacy today is very sensitive and as such sometimes we may need additional measures when our security might be compromised.
OWASP Developer Guide. OWASP Developer Guide The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP's first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering. Introduction The OWASP Developer Guide is the original OWASP project. It was first published in 2002, when Ajax was only a mote in Microsoft's eye with the new e-mail notification in Outlook Web Access (and only if you used Internet Explorer). The Web's #1 Hacking Tools Directory - with tutorial videos! Hacking Tools Directory with Video Tutorials By Henry Dalziel | Information Security Blogger | Concise Courses We are big fans of blogging about Hacker Tools – for one major reason: if you are serious about working in cyber security you need to be able to use these tools like a boss. Hacking tools are what boxing gloves are to a boxer or what a spanner is to a plumber.
EC-Council Certification Guide: Overview and Career Paths - Tom's IT Pro EC-Council offers some of the best-known ethical hacking and penetration testing certifications. This guide will help you get started with EC-Council's popular CEH and LPT credentials as well as other information security certs and career paths. The International Council of Electronic Commerce Consultants (EC-Council) is a professional organization headquartered in Albuquerque, New Mexico. The organization is known around the world as a leader in information security education, training and certification.
Fragmenting the Internet Is Not a Security Solution In light of the recent spate of high-profile hacking campaigns, and the overall poor state of security on the internet, NextGov.com reports that parts of the US government are advocating for a separate, “secure” internet. The idea calls for segmenting “critical” networks (not yet fully defined, but presumably including infrastructure and financial systems) and applying two security mechanisms to these networks: (1) increased deep packet inspection (DPI) to detect and prevent intrusions and malicious data; and (2) strong authentication, at least for clients. The trouble is that this “.secure” internet doesn’t make much technical or economic sense: the security mechanisms are simply not powerful or cost-effective enough to warrant re-engineering an internet. Whether the idea is to apply different security policies to sites using a special domain name like “.secure” (and possibly the existing .edu and .gov domains), or to create a parallel internet infrastructure, is not yet clear.
National Cyber Awareness System Four products in the National Cyber Awareness System offer a variety of information for users with varied technical expertise. Those with more technical interest can read the Alerts, Current Activity, or Bulletins. Users looking for more general-interest pieces can read the Tips. Current ActivityProvides up-to-date information about high-impact types of security activity affecting the community at large.AlertsProvide timely information about current security issues, vulnerabilities, and exploits.BulletinsProvide weekly summaries of new vulnerabilities. Hacker Tools (Top Ten List of 2016) Nmap, Wireshark, Metasploit Welcome to our Hacker Tools list of 2016… Since 2014 we’ve listed the web’s favorite hacking/ pentesting tools as used by hackers, geeks and security engineers. This list sprung to life when we organized an online poll that was very well received and the below recommended tools are a result of what our community voted as the ‘Top Ten List of Hacking Tools’. We’ve organized this list by including information and links to training courses for each of these tools as well as books, training course and additional information that we think will help you learn! Update! (June 2016)By popular demand we’ve replaced Burp Suite with Wireshark.
Best Information Security Certifications for 2016 - Certs - Tom's IT Pro InfoSec professionals who want to set themselves apart as leaders in IT security should seriously consider one of these top five information security certifications for 2016. When it comes to information security, you need only read the headlines to observe that those with malicious intent constantly find new and scary ways to access and misuse privileged information for criminal, unscrupulous or questionable purposes. As a result, IT professionals skilled in information security remain in very high demand and should do so for the foreseeable future. When evaluating prospective InfoSec candidates, employers frequently look to certification as one measure of excellence and commitment to quality. In this article, we take a look at five InfoSec certifications we consider to be leaders in the field of information security today. If you're serious about advancing your career in the IT field and are interested in specializing in security, certification is a good bet.