security   451250

« earlier    

Certified malice • text/plain
Eric Lawrence:
<p>One unfortunate (albeit entirely predictable) consequence of making HTTPS certificates “fast, open, automated, and free” is that both good guys and bad guys alike will take advantage of the offer and obtain HTTPS certificates for their websites.

Today’s bad guys can easily turn a run-of-the-mill phishing spoof:

<img src="https://textplain.files.wordpress.com/2017/01/image43.png" width="100%" />

…into a somewhat more convincing version, by obtaining a free “domain validated” certificate and lighting up the green lock icon in the browser’s address bar:

<img src="https://textplain.files.wordpress.com/2017/01/image44.png" width="100%" />

The resulting phishing site looks almost identical to the real site…

By December 8, 2016, LetsEncrypt had issued 409 certificates containing “Paypal” in the hostname; that number is up to 709 as of this morning. Other targets include BankOfAmerica (14 certificates), Apple, Amazon, American Express, Chase Bank, Microsoft, Google, and many other major brands. LetsEncrypt validates only that (at one point in time) the certificate applicant can publish on the target domain. The CA also grudgingly checks with the SafeBrowsing service to see if the target domain has already been blocked as malicious, although they “disagree” that this should be their responsibility. LetsEncrypt’s <a href="https://letsencrypt.org/2015/10/29/phishing-and-malware.html">short position paper</a> is worth a read; many reasonable people agree with it.</p>


It's a real mess.
security  design  https  phishing 
2 days ago by charlesarthur
Wire for journalists — protecting sources when traveling – Wire News – Medium
Wire for journalists — protecting sources when traveling – Wire News – Medium
Security  wire  travel  t 
2 days ago by paulbradshaw
Basic Security Guide (Tech Solidarity)
Basic security precautions for non-profits and journalists in the United States, early 2017.
Security  tips 
2 days ago by paulbradshaw
Excel refusing to open files? Blame the KB 3115322, 3115262 security updates | InfoWorld
There are three workarounds listed in Freya's post: Stop using HTML to wrap XLS files, unblock access to individual files, or add the source of the files to the Trusted Locations list in Excel
Excel  security 
2 days ago by jasonsamuels
Flynn under fire for fake news
As Donald Trump’s national security adviser, retired Army Lt. Gen. Michael Flynn will have to advise the president of the veracity of foreign and domestic threats, separating those that require immediate policy action from propaganda or misinformation.

But Flynn himself has used social media to promote a series of outrageous conspiracy theories about Hillary Clinton, President Barack Obama and their inner circles in recent months — pushing dubious factoids at least 16 times since Aug. 9, according to a POLITICO review of his Twitter posts. Flynn, who has 106,000 Twitter followers, has used the platform to retweet accusations that Clinton is involved with child sex trafficking and has "secretly waged war” on the Catholic Church, as well as charges that Obama is a “jihadi” who “laundered” money for Muslim terrorists.
propaganda  disinformation  socialmedia  conspiracy  islamophobia  misogyny  sexism  racism  security 
2 days ago by campylobacter

« earlier    

related tags

2017-02-18  2017-02-19  2017-02-20  2017-02-21  2017  add-ons  adobe  adviser  america  android  anonymity  article  audio  automation  bitbucket  browser  browsers  challenges  cheatsheet  checker  chrome  cli  clustering  code  coding  commandline  conspiracy  courses  crime  critical  cryptography  ctf  dashboard  data  database  datascience  deployment  design  dev  development  devops  devos  diigo_-_coreystrock's_bookmarks  disinformation  dns  docker  documentation  education  educational  encryption  engine  excel  facebook  feed  fingerprint  firefox  firewall  flash  flynn  framework  freedom  future  generator  gh  git  github_repo  gone  google  great  hacking  history  howto  htaccess  http  https  identity  identitytheft  ifttt  immigration  important  informatiebeveiliging  internet  ios  iphone  islamophobia  journalism  keybase  letsencrypt  linux  lists  mac  macos  macosx-annoyances  macosx  mesos  michael  microservices  microsoft  misogyny  mmm  myaccount  national  netsec  networking  networks  news  nsa  number  opensource  oss  osx  password  passwordmanager  passwords  penetration  pentest  pentesting  phishing  pocket  policing  politics  postgres  privacy  programming  propaganda  protest  python  racism  random  reference  research  resistance  resources  safety  scanner  search  secrets  server  service  sexism  snowden  social  socialmedia  software  source  spyware  sql  ssd  ssh  ssl  strongswan  surveillance  sysadmin  t  technology  testing  threat_inteligence  tips  tls  tool  tools  tracking  training  travel  trump  trumpdonald  tutorial  tutorials  type:tutorial  ubuntu  unix  update  usa  ux  von  vpn  web  wire  wordpress  xxe   

Copy this bookmark:



description:


tags: