kmt + security   115

Essential Facts about the CSB and other Must-Reads | CSB
Essential Facts about the CSB and other ‘Must-Reads’
Relevant Documents Outlining the CSB's Value and Unique Mission 
chemistry  engineering  risks  security  reference 
5 weeks ago by kmt
The Illustrated TLS Connection: Every Byte Explained
Every byte of a TLS connection explained and reproduced.

In this demonstration a client has connected to a server, negotiated a TLS 1.2 session, sent "ping", received "pong", and then terminated the session. Click below to begin exploring.
security  network  howto  tutorial  documentation 
7 weeks ago by kmt
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
china  hardware  security  technology  hack 
9 weeks ago by kmt
.:: Phrack Magazine ::.
1 - Introduction
2 - Background
2.1 - A Brief History of Java Sandbox Exploits
2.2 - The Java Platform
2.3 - The Security Manager
2.4 - The doPrivileged Method
3 - Memory Corruption Vulnerabilities
3.1 - Type Confusion
3.1.1 - Background
3.1.2 - Example: CVE-2017-3272
3.1.3 - Discussion
3.2 - Integer Overflow
3.2.1 - Background
3.2.2 - Example: CVE-2015-4843
3.2.3 - Discussion
4 - Java Level Vulnerabilities
4.1 - Confused Deputy
4.1.1 - Background
4.1.2 - Example: CVE-2012-4681
4.1.3 - Discussion
4.2 - Uninitialized Instance
4.2.1 - Background
4.2.2 - Example: CVE-2017-3289
4.2.3 - Discussion
4.3 - Trusted Method Chain
4.3.1 - Background
4.3.2 - Example: CVE-2010-0840
4.3.3 - Discussion
4.4 - Serialization
4.4.1 - Background
4.4.2 - Example: CVE-2010-0094
4.4.3 - Discussion
5 - Conclusion
6 - References
7 - Attachments
security  esoteric  java  reference  tips-and-tricks 
9 weeks ago by kmt
Obama's Crackdown on Whistleblowers | The Nation
In the annals of national security, the Obama administration will long be remembered for its unprecedented crackdown on whistleblowers. Since 2009, it has employed the World War I–era Espionage Act a record six times to prosecute government officials suspected of leaking classified information. The latest example is John Kiriakou, a former CIA officer serving a thirty-month term in federal prison for publicly identifying an intelligence operative involved in torture. It’s a pattern: the whistleblowers are punished, sometimes severely, while the perpetrators of the crimes they expose remain free. 
americana  politics  diplomacy  espionage  hipocrisy  security 
12 weeks ago by kmt
How to PWN FoMo3D, a beginners guide : ethereum
I found out about FoMo3D today and saw that it's an pyramid game holding an insane $12M stash currently. Looking through the code, it's multiple contracts totaling thousands of lines of code. Let's be honest, $12M inside thousands of lines of Solidity... that's asking for it.
economics  security  cryptography  burn 
august 2018 by kmt
Hacker Curriculum
This site is intended to serve Computer Science researchers and teachers as a guide to the rich and diverse world of ethical hacker publications and to raise awareness of state-of-the-art research ideas that originate in the hacker community.

There are several excellent academic research labs that are aware of hacker research and appreciate hacker skills. We are grateful for your support! Unfortunately, to many others fellow academics the hacker community is a stereotyped unknown that is both distrusted and discounted. We would like to fix this and make sure that the ethical hacker community gets acknowledged for what it is - a national resource of great value.
security  teaching  reference  argument  read-later 
july 2018 by kmt
Xerox scanners/photocopiers randomly alter numbers in scanned documents [D. Kriesel]
In this article I present in which way scanners / copiers of the Xerox WorkCentre Line randomly alter written numbers in pages that are scanned. This is not an OCR problem (as we switched off OCR on purpose), it is a lot worse – patches of the pixel data are randomly replaced in a very subtle and dangerous way: The scanned images look correct at first glance, even though numbers may actually be incorrect. Without a fuss, this may cause scenarios like:
esoteric  hardware  bug  security  machine-learning 
july 2018 by kmt
All watched over by machines – a review of Yasha Levine’s “Surveillance Valley” | LibrarianShipwreck
Surveillance Valley is a troubling book, but it is an important book. It smashes comforting myths and refuses to leave its readers with simple solutions. What it demonstrates in stark relief is that surveillance and unnerving links to the military-industrial complex are not signs that the Internet has gone awry, but signs that the Internet is functioning as intended.
book  review  technology  politics  tor  security 
june 2018 by kmt
Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned: Milind Tambe: 9781107096424: Books
Global threats of terrorism, drug-smuggling, and other crimes have led to a significant increase in research on game theory for security. Game theory provides a sound mathematical approach to deploy limited security resources to maximize their effectiveness. A typical approach is to randomize security schedules to avoid predictability, with the randomization using artificial intelligence techniques to take into account the importance of different targets and potential adversary reactions. This book distills the forefront of this research to provide the first and only study of long-term deployed applications of game theory for security for key organizations such as the Los Angeles International Airport police and the U.S. Federal Air Marshals Service. The author and his research group draw from their extensive experience working with security officials to intelligently allocate limited security resources to protect targets, outlining the applications of these algorithms in research and the real world. The book also includes professional perspectives from security experts Erroll G. Southers; Lieutenant Commander Joe DiRenzo III, U.S. Coast Guard; Lieutenant Commander Ben Maule, U.S. Coast Guard; Erik Jensen, U.S. Coast Guard; and Lieutenant Fred S. Bertsch IV, U.S. Coast Guard.
security  strategy  book  read-later 
may 2018 by kmt
Revealed: US dirty tricks to win vote on Iraq war | World news | The Guardian
The United States is conducting a secret 'dirty tricks' campaign against UN Security Council delegations in New York as part of its battle to win votes in favour of war against Iraq.
Details of the aggressive surveillance operation, which involves interception of the home and office telephones and the emails of UN delegates in New York, are revealed in a document leaked to The Observer.
politics  security  americana  history  reference 
march 2018 by kmt
What It’s Like to Live in a Surveillance State - The New York Times
This personal information, along with your biometric data, resides in a database tied to your ID number. The system crunches all of this into a composite score that ranks you as “safe,” “normal” or “unsafe.”Based on those categories, you may or may not be allowed to visit a museum, pass through certain neighborhoods, go to the mall, check into a hotel, rent an apartment, apply for a job or buy a train ticket. Or you may be detained to undergo re-education, like many thousands of other people.
politics  security  survelliance  china  reference 
february 2018 by kmt
.:: Phrack Magazine ::.
|=--------=[ .NET Instrumentation via MSIL bytecode injection ]=---------=|
|=----------=[ by Antonio "s4tan" Parata <>]=-----------=|
security  esoteric  dotnet  win 
january 2018 by kmt
Objective-See - Why <blank> Gets You Root
In case you haven't heard the news there is a massive security flaw which affects the latest version of macOS (High Sierra). Essentially, bug allows anybody to log into the root account with a blank, or password of their choosing. Though post flaw was discovered by Lemi Orhan Ergin (@lemiorhan):
analysis  security  *nix 
november 2017 by kmt
CENSUS | IT Security Works
An introduction to the LightBulb Framework
This blog post serves as a followup to my summer B-Sides Athens 2017 talk entitled “Lightbulb framework – shedding light on the dark side of WAFs and Filters”.
PLT  security  read-later 
november 2017 by kmt
Copy-Paste from Website to Terminal
There are some good comments and suggestions on how you can mitigate this kind of attack on reddit and Hacker News. Also, oh-my-zsh now includes a fix for this issue (which relies on Bracketed Paste Mode support in the terminal). Oh, and it seems that other people wrote a detailed text about this issue in 2008.
hack  security  shell  web 
july 2017 by kmt
Gagallium : How I found a bug in Intel Skylake processors
"Nightmare-level" is not part of the Intel description but sounds about right.
security  compilers  hardware  bug 
july 2017 by kmt
Best Practices for Securing Active Directory | Microsoft Docs
This document provides a practitioner's perspective and contains a set of practical techniques to help IT executives protect an enterprise Active Directory environment. Active Directory plays a critical role in the IT infrastructure, and ensures the harmony and security of different network resources in a global, interconnected environment. The methods discussed are based largely on the Microsoft Information Security and Risk Management (ISRM) organization's experience, which is accountable for protecting the assets of Microsoft IT and other Microsoft Business Divisions, in addition to advising a selected number of Microsoft Global 500 customers.
win  security  work 
july 2017 by kmt
SSL/TLS - Typical problems and how to debug them
SSL/TLS - Typical problems and how to debug them

This guide tries to help with debugging of SSL/TLS problems and shows the most common problems in interaction between client and server. It is not intended to help with writing applications and thus does not care about specific API's etc. But it should help with problems outside of a specific API, like different or broken SSL stacks or misconfigurations.
security  documentation 
may 2017 by kmt
Microsoft Windows System Call Table (NT/2000/XP/2003/Vista/2008/7/8/10)
See also: Windows X86-64 System Call Table:

Special thanks to: MeMek

Windows NT, 2000 syscalls and layout by Metasploit Team
win  sysinternals  esoteric  security 
december 2016 by kmt
BearSSL - Constant-Time Mul
As noted in the section on constant-time crypto, integer multiplication opcodes in CPU may or may not execute in constant time; when they do not, implementations that use such operations may exhibit execution time variations that depend on the involved data, thereby potentially leaking secret information.
security  cryptography  esoteric  hardware 
december 2016 by kmt
Why I Still Don't Buy the Russian Hacking Story - Bloomberg View
In the real world outside of soap operas and spy novels, however, any conclusions concerning the hackers' identity, motives and goals need to be based on solid, demonstrable evidence. At this point, it's inadequate. This is particularly unfortunate given that the DNC hacks were among the defining events of the raging propaganda wars of 2016.
russian  politics  security  ukraine  USA2016 
december 2016 by kmt
« earlier      
per page:    204080120160

Copy this bookmark: