The Security Daily

Technology

Security B-Sides / BSidesSATX 2014

Shared by
Security BSides

securitybsides.com - STUDENTS AND ACTIVE DUTY MILITARY GET IN FREE!!! - We're on an honor system here folks!  We are excited to be working with the amazing folks at Delta Risk for a scavenger hunt style Capture the Fla...

usrbinnc/netcat-cpi-kernel-module · GitHub

Shared by
Dan Kaminsky

github.com - by Brandon Lucia, Andrew Olmstead, and David Balatero Welcome to the most unnecessarily complicated netcat album release format yet. In this repository, you will be able to compile your own kernel ...

How to take advantage of Twitter’s new profile page - CNET

Shared by
CNET

cnet.com - Those of you on Twitter may have noticed that your profile page now looks bigger (and a touch more Facebook-like). But what can you actually do with this new page? Let's dive in and find out. First...

Nike FuelBand’s wearable lesson not so clear-cut for Fitbit, Jawbone - CNET

Shared by
CNET

cnet.com - When the news hit this month that Nike is winding down its FuelBand efforts, there were bold claims that the nascent wearable tech market, it would seem, was suddenly in big trouble. The more nuanc...

IOActive Labs Research: Hacking the Java Debug Wire Protocol - or - “How I met your Java debugger”

Shared by
Iftach Ian Amit

blog.ioactive.com - root:~/tools/scapy-hg # ip addr show dev eth0 | grep "inet "     inet 192.168.2.2/24 brd 192.168.2.255 scope global eth0 Welcome to Scapy (2.2.0-dev) >>> sniff(filter="tcp port 8000 and host 192.16...

Attack Prediction: Malicious gTLD Squatting May Be The Next Big Threat - OpenDNS Security Labs

Shared by
Andrew Hay

labs.opendns.com - Late last year, ICANN began expanding the generic Top-Level Domains (gTLDs). In addition to the standard .COM, .ORG, and .NET TLDs, over 1,300 new names could become available in the next few years...

Critical update makes P2P Zeus trojan even tougher to remove - SC Magazine

Shared by
_Lumension

scmagazine.com - P2P Zeus is already plenty tough to wipe from infected systems, but researchers with Fortinet have observed the notorious peer-to-peer banking trojan performing a critical update that installs a ro...

Quick Control Panel Adds a Customizable Control Center to Android

Shared by
Lifehacker

lifehacker.com - Android: Control Center is one of the better new additions in iOS 7. If you want something like that on your Android device, Quick Control Panel does it for free and lets you customize it to your l...

x86/64 Assembly and Shellcoding on Linux « SecurityTube Trainings

Shared by
Security Tube

securitytube-training.com - The SecurityTube Linux Assembly64 Expert (SLAE64) aims to teach the basics of x86_64 assembly language on the Linux platform from a security perspective and its application to writing shellcode, en...

Korner Preview - CNET

Shared by
CNET

cnet.com - Your do-it-yourself home security options are continuing to expand, the latest of which looks like one of the simplest and most affordable yet. It's called Korner, and it wants to keep tabs on your...

Electronic Signature Software, Digital Signatures

Shared by
Alexander Heid

echosign.adobe.com - Adobe® EchoSign® is the electronic signature solution you can trust, from the company that brought you PDF and Acrobat. Organizations of all sizes rely on it to get documents signed and close busin...

A Wake-Up Light to Replace Your Alarm, Wacom Stylus, DIY Waffles

Shared by
Lifehacker

lifehacker.com - If you're still waking up every morning to a shrill alarm clock, you owe it to yourself to give a wake-up light a try. Gizmodo has wholeheartedly recommended this Philips model in the past, and you...

Server from IBM, Google, others part of effort to best Intel in data centers - CNET

Shared by
CNET

cnet.com - IBM's new compute architecture and the OpenPower Foundation have high aspirations: dislodge Intel from data centers. On Wednesday, IBM launched its Power8 chip architecture for next-generation serv...

Apple + Patching = You’re Doing It Wrong :(

Shared by
Marc Rogers

tombom.co.uk - Apple just released iOS 7.1.1, which contains a bunch of security fixes for a wide range of things. Of particular interest is the list of issues they fixed in WebKit, which includes: CVE-2013-2871 ...

WinRAR File Extension Spoofing vulnerability allows Hackers to Hide Malware

Shared by
The Hacker News™

thehackernews.com - Imagine, You Open a Winrar archive of MP3 files, but what if it will install a malware into your system when you play anyone of them. WinRAR, a widely used file archiver and data compression utilit...

Mobile Security & Antivirus - Applications Android sur Google Play

Shared by
avast! Antivirus

play.google.com - avast! Mobile Security préserve votre appareil des virus, programmes malveillants et logiciels espions. Il vous aide à localiser votre téléphone perdu avec notre fonction web de localisation de tél...

Javascript for Pentesters « SecurityTube Trainings

Shared by
Security Tube

securitytube-training.com - Javascript for Pentesters will take you beyond alert(‘XSS’) and equip you to demonstrate advanced attacks such as Hijacking Forms, Logging Keystrokes, DOM manipulation etc. This course is Beginner ...

Security Tips for Online Money Transfer | We use words to save the world

Shared by
Eugene Kaspersky

blog.kaspersky.com - In spite of occasional catastrophic Internet-wide security vulnerabilities, we’re at the point where it’s increasingly futile to try to avoid conducting financial transactions online. If you’re rea...

SANS Institute

Shared by
SANS Institute

sans.org - For a limited time, take $600 Off* select OnDemand and vLive courses including our most popular InfoSec, Pen Test, Forensics, Development and Management courses. SANS Online Training requires no tr...

Understanding How "Browser Fingerprinting" Can Be Used To Identify Cyber Criminals and Terrorists

Shared by
Christopher Soghoian

issworldtraining.com - Every device has a set of digital characteristics, or "fingerprint," that can be used by law enforcement and the intelligence community for tracking/identifying network devices and users. This sess...

Black Hat USA 2014

Shared by
Black Hat

blackhat.com - Day 1 Introduction to Android Security & AppUse Mobile application threat model - What makes mobile application security so different? • The Android linux OS security • The Dalvik VM • The Android ...

Assembly Language and Shellcoding on Linux « SecurityTube Trainings

Shared by
Security Tube

securitytube-training.com - The SecurityTube Linux Assembly Expert (SLAE) aims to teach the basics of assembly language on the Linux platform from a security perspective and its application to writing shellcode, encoders, dec...

Trend Micro Simply SecurityOptimizing Security for AWS » Trend Micro Simply Security

Shared by
Trend Micro

blog.trendmicro.com - I recently hosted a webinar on optimizing security for AWS. The goal of the webinar was to help raise awareness of how security changes as you move to the AWS Cloud. I strongly believe that if you’...

How To Share Gadgets Seamlessly In A Multi-Person Household

Shared by
Lifehacker

lifehacker.com - Not everyone can afford a separate computer or tablet for each member of the family, so you have to learn to share. It's not that difficult, as long as you set things up right and are willing to co...

Aereo To SCOTUS: Shut Us Down and You Shut Down Cloud Storage - Slashdot

Shared by
Nicholas J. Percoco

entertainment.slashdot.org - jfruh (300774) writes "Aereo is currently fighting for its life before the Supreme Court, and has issued a warning: if you take us down, you could take the entire cloud storage industry down with u...

Learn Pentesting Online

Shared by
Security Tube

pentesteracademy.com - This course will teach you Python scripting and its application to problems in computer and network security. This course is ideal for penetration testers, security enthusiasts and network administ...

Meeting Registration

Shared by
NIST

cc.readytalk.com - The primary guiding document for creating the next-generation “smart” energy grid is getting its first major update in two years. NIST is requesting public comment on a draft of the NIST Framework ...

Home Security and The Internet of Everything - The Network: Cisco's Technology News Site

Shared by
Cisco Security

newsroom.cisco.com - How important is security in helping to foster the Internet of Everything? Anyone who has suffered a break-in knows just how awful it feels. Even in cases where the damage and financial loss are mi...

VRT: Snake Campaign: A few words about the Uroburos Rootkit

Shared by
S.J. Moore

vrt-blog.snort.org - The unpacked code first disables all possible error reporting windows from popping up by using the SetErrorMode Windows API function. The binary then checks the version of the operating system, eve...

Heartbleed Detector - Applications Android sur Google Play

Shared by
Trend Micro

play.google.com - What does Heartbleed Detector check on your mobile device? • Whether your mobile device is affected by the Heartbleed bug • Whether applications on your mobile devices are affected by the Heartblee...

Oxygen Forensic Suite 2014: Data Acquisition from My Windows Phone

Shared by
sansforensics

forensicfocus.com - Oxygen Forensics has updated its flagship mobile evidence discovery solution, Oxygen Forensic Suite 2014, enabling data acquisition from My Windows Phone cloud. The new release enables investigator...

NetSupport Information Leakage Using Nmap Script - SpiderLabs Anterior

Shared by
Trustwave

blog.spiderlabs.com - With no information on the NetSupport packet format in my test network, I fired up Wireshark and captured all the relevant data sent from the NetSupport Manager when I performed an Inventory query ...

Errata Security: Heartbleed: Pointer-arithmetic considered harmful

Shared by
Virus Bulletin

blog.erratasec.com - Heartbleed: Pointer-arithmetic considered harmful Heartbleed has encouraged people to look at the OpenSSL source code. Many have called it "spaghetti code" -- tangled, fragile, and hard to maintain...

New Microsoft Threat Modeling Tool 2014 Now Available - Microsoft Security Blog - Site Home - TechNet Blogs

Shared by
Microsoft MMPC

blogs.technet.com - Today we’re announcing the release of the Microsoft Threat Modeling Tool 2014. This is the latest version of the free Security Development Lifecycle Threat Modeling Tool that was previously release...

150 Million Downloaded Android Apps Vulnerable to Heartbleed: FireEye

Shared by
SecurityWeek

securityweek.com - Following the disclosure of the significant Heartbleed vulnerability that rocked the technology world, new research from FireEye shows yet another example that the impact of the security flaw goes ...

Scan report for http://199.47.149.2/%7Esunnycha/overjoyed.php?to=john.doe&message=98a2b83 at 2014-04-23 07:05:29 UTC - VirusTotal

Shared by
Dancho Danchev

virustotal.com - Enter the email address associated to your VirusTotal Community account and we'll send you a message so you can setup a new password.

“The Rock is Dead” Fast & Furious 7 Scam In Circulation

Shared by
Malwarebytes

blog.malwarebytes.org - Duane Johnson – AKA The Rock – is currently being targeted by a rather grim Facebook scam doing the rounds, originating from “R. I. P. DWAYNE JOHNSON (1972 – 2014). He died filming a dangerous stun...

Report: Google looks to integrate PGP with Gmail - SC Magazine

Shared by
SCMagazine

scmagazine.com - Google is reportedly looking into ways to integrate PGP encryption into Gmail, to make the security tool more user-friendly. In a Monday article, an unnamed source at Google told VentureBeat that t...

Infosecurity - DBIR: POS Attacks Wane, Cyber-espionage is Up

Shared by
CoreSecurity

infosecurity-magazine.com - While enterprises struggle to get their arms around the escalating volume and complexity of cyber-attacks, perhaps analytics can come to the fore as a key in crafting effective preparedness and cou...

Amazon Cloud IaaS Service servers riddled with vulnerabilities

Shared by
helpnetsecurity

net-security.org - Amazon Cloud IaaS Service servers riddled with vulnerabilities An investigation spurred by one of the customers of their security product has lead researchers of security company Bkav to an unexpec...

¿Puede un blog de habla hispana ganar un premio internacional? ~ Security By Default

Shared by
Jaime Andrés R.

securitybydefault.com - Menuda sorpresa recibimos ayer, resulta que este humilde blog ha sido seleccionado finalista de los 'European Security Blogger Awards' unos prestigiosos premios que se celebran en el marco del even...

Netflix lanzará una comedia en español sobre fútbol con el equipo de ‘Nosotros los nobles’ - CNET en Español

Shared by
CNET

cnet.com - La serie de comedia, que se estrenará en Netflix en 2015, será producida por Alazraki Entertainment y se grabará en México. La historia es sobre una familia heredera de un equipo de fútbol y lo que...

SANS Institute

Shared by
sansforensics

sans.org - Digital Forensics and Incident Response (DFIR) professionals view the acquisition and analysis of physical memory as critical to the success of an investigation, be it a criminal case, employee pol...

Trend Micro Simply SecurityWhy Do I Need Protection on my Mobile Device? » Trend Micro Simply Security

Shared by
Trend Micro

blog.trendmicro.com - While I was at Mobile World Congress in Barcelona last week, I had to explain a few times to different people why there is a need nowadays to protect your mobile phone. I thought, “why not make a b...

Buggy Security Guidance from Apple

Shared by
daveaitel

randomascii.wordpress.com - In February 2014 Apple published their Secure Coding Guide. I glanced through it and noticed that their sample code for detecting integer overflow was buggy – it triggered undefined behavior, could...

Apple users left exposed to serious threats for weeks, former employee says

Shared by
Ryan Naraine

arstechnica.com - A noted whitehat hacker who spent more than a year on Apple's security team has dealt her former employer some blistering criticism for fixing critical vulnerabilities in iOS three weeks after they...

A Few Thoughts on Cryptographic Engineering: OpenSSL and NSS are FIPS 140 certified. Is the Internet safe now?

Shared by
Christopher Soghoian

blog.cryptographyengineering.com - OpenSSL and NSS are FIPS 140 certified. Is the Internet safe now? People like standards. The more important something is, the greater the likelihood that someone, somewhere has drawn up a standard ...

Speeds and Feeds › The Immutability of FIPS

Shared by
Christopher Soghoian

veridicalsystems.com - In addition to the problems with Dual EC DRBG that have now been well documented[1], it is apparent to many of us in the clear bright light of the Snowden revelations that quite a few things that w...

Apple's iOS 7.1.1 fixes Webkit bugs, encryption bypass issue - SC Magazine

Shared by
SCMagazine

scmagazine.com - About a month after the introduction of iOS 7.1, Apple has released an updated version of the mobile operating system, which includes a number of security fixes. Released Tuesday, iOS 7.1.1 brings ...

Decoders For Common Remote Access Trojans

Shared by
Lenny Zeltser

techanarchy.net - I have talked about decoding RATS several times now in previous posts and if you have read them you will know that im creating Static decoders for the most common Remote Access Trojans. In this pos...