kybernetikos + security   34

PIN number analysis
I was able to find almost 3.4 million four digit passwords. Every single one of the of the 10,000 combinations of digits from 0000 through to 9999 were represented in the dataset.....

A table of the top 20 found passwords is shown on the right. A staggering 26.83% of all passwords could be guessed by attempting these 20 combinations!
data  security  statistics  password  pin  analysis  passwords  numbers  visualization 
december 2017 by kybernetikos
Hidden messages in JavaScript property names
Recently I came across this tweet by @FakeUnicode. It included a JavaScript snippet which looked pretty harmless but resulted in a hidden message being alerted. I took me a while to understand what's going on so I thought that documenting the steps I took could be interesting to someone.
javascript  unicode  ascii  security  hidden  message  quote 
july 2017 by kybernetikos
The crazy security story behind the birth of Zcash
A secret ceremony was underway. Before the company could release the source code of its digital currency and turn the crank on the engine, a series of cryptographic computations needed to be completed and added to the protocol. But for complex reasons, Wilcox had to prevent the calculations from ever being seen. If they were, it could completely compromise the security of the currency he had built.
security  sidechannel  zcash  crypto  cryptocurrency 
july 2017 by kybernetikos
The Hunting of the SNARK – QED-it
We are very excited to present to you The Hunting of the SNARK, a treasure hunt consisting of cryptographic challenges that will guide you through a zero-knowledge proof (ZKP) learning experience.
crypto  development  encryption  cryptocurrency  IFTTT  knowledge  proof  security 
july 2017 by kybernetikos
Troy Hunt: Passwords Evolved: Authentication Guidance for the Modern Era
In the beginning, things were simple: you had two strings (a username and a password) and if someone knew both of them, they could log in. Easy.
reference  security  password  authentication  passwords  architecture  web  advice 
july 2017 by kybernetikos
"Reverse Engineering for Beginners" free book
Dennis @Yurichev has published an impressive (and free!) book on reverse engineering
book  security  analysis  engineering 
july 2016 by kybernetikos
My First 10 Minutes On a Server - Primer for Securing Ubuntu
My First 5 Minutes on a Server, by Bryan Kennedy, is an excellent intro into securing a server against most attacks. We have a few modifications to his approach that we wanted to document as part of our efforts of externalizing our processes and best practices. We also wanted to spend a bit more time explaining a few things that younger engineers may benefit from.
server  linux  security  setup 
july 2016 by kybernetikos
vox.SPACE: Being privacy-aware in 2016
As more and more people are living a digital life inside their computers, discussions about privacy and whether or not we can expect to be protected from intrusions in our private lives are taking over the Internet. Regardless of your thoughts on the subject, if you are just a concerned citizen or the newest whistle-blower, there are some ways you can protect your privacy while browsing the Internet or visiting a new country. This is not an exhaustive list, it's just a compilation of useful information I gathered.
encryption  privacy  security 
june 2016 by kybernetikos
Get HTTPS for free!
You can now get free https certificates from the non-profit certificate authority Let's Encrypt! This is a website that will take you through the manual steps to get your free https certificate so you can make your own website use https! This website is open source and NEVER asks for your private keys. Never trust a website that asks for your private keys!
free  security  https  web 
january 2016 by kybernetikos
UsingTrustedRootsRespectfully | Mono
Dealing with certificates for https in early versions of mono.
security  mono  unity  https 
january 2016 by kybernetikos
OWASP top 10 in 2013
The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and many more. This release of the OWASP Top 10 marks this project’s tenth anniversary of raising awareness of the importance of application security risks.
security  development  web 
march 2014 by kybernetikos
An anonymity protocol. Avatar OS is based on it.
internet  security  phantom  protocol  anonymity 
february 2014 by kybernetikos
Cryptography Breakthrough Could Make Software Unhackable - Wired Science
A black box obfuscator would provide a way to instantly convert any private cryptography scheme to a public one that could be performed over the Internet by strangers. In a sense, obfuscation is the key to all cryptographies.
cryptography  science  security  obfuscation  program  public  private  code  secrecy  zeroknowledge 
february 2014 by kybernetikos
Schneier on Security: Hacking the Papal Election
When an election process is left to develop over the course of a couple of thousand years, you end up with something surprisingly good.
catholic  security  vote  election  pope  cardinal  conclave  hack  analysis 
march 2013 by kybernetikos
ROSEdu Techblog - From 0 to cryptography
This guide is designed to explain why you need to hide information and how can you do this when you do not trust the channel through which messages are conveyed. We will discuss about cryptographic system, encryption, decryption, one-way function, asymmetric keys and more. You may think of cryptography as the thing that keeps you untouchable inside of a soap bubble travelling by air around the world.
crypto  tutorial  security  cryptography  encryption  paint  diffe  helman  key  exchange  dhe 
september 2012 by kybernetikos
Javascript Cryptography Considered Harmful
The web hosts most of the world's new crypto functionality. A significant portion of that crypto has been implemented in Javascript, and is thus doomed.
http  javascript  crypto  cryptography  security  web 
september 2012 by kybernetikos
McSweeney’s Internet Tendency: Interviews With People Who Have Interesting or Unusual Jobs: Ken Doyle, Safecracker.
Q: Have you ever met a lock you couldn’t pick?
A: There are several types of locks that are designed to be extremely pick-resistant, as there are combination safe locks that can slow down my efforts at manipulation.

I’ve never met a safe or lock that kept me out for very long. Not saying I can’t be stumped. Unknown mechanical malfunctions inside a safe or vault are the most challenging things I have to contend with and I will probably see one of those tomorrow since you just jinxed me with that question.
interview  lockpicking  security  lock  pick  safe 
june 2012 by kybernetikos
Latest news on my hardware security research
We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems.
china  hardware  security  manufacturer  chip  backdoor  exploit  debug 
june 2012 by kybernetikos
How I Collect Passwords
Some of you out there know that I have been collecting passwords for quite some time. Since 1998 to be exact. Originally I did it just to have big wordlists for password cracking, then I started gathering them for research on my Perfect Passwords book, finally it became like a big ball of string where you just do it because it makes no sense to stop now. My list currently contains about 6 million unique username/password combinations (not counting those from public lists from Gawker, RockYou, and others).
security  password  google  productkey  key  secret 
april 2012 by kybernetikos
Stanford Javascript Crypto Library
The Stanford Javascript Crypto Library is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript.
crypto  cryptography  javascript  library  security  browser  ecc 
february 2012 by kybernetikos
A type-based solution to the "strings problem": a fitting end to XSS and SQL-injection holes?
In this article, we will look at one way (among many) to solve the strings problem: by adding Ruby-style string templates to Haskell. These templates support “interpolation” via the usual, convenient #{var} syntax, but here interpolation is type safe. Haskell’s type system will prevent us from inadvertently mixing incompatible string types, and it will detect mistakes at compile time, before they can become live XSS or SQL-injection holes. Further, our solution will offer us these benefits without making us jump through hoops or pay some onerous syntax penalty.
haskell  programming  security  xss 
february 2012 by kybernetikos
Educational Tool for Cryptography and Cryptanalysis
cryptography  tools  security  tutorial  opensource  crypto  encryption 
june 2009 by kybernetikos
IE Bug
If you look at this image in firefox, it seems like a normal image. If you look at it in IE, it executes some javascript.
IE  security  image  xss  bug 
february 2009 by kybernetikos
Browser Security Handbook
Googles handbook for browser security. This is Part I.
development  security  web  browser  google  reference  book 
december 2008 by kybernetikos
How to zap a camera
A simple countersurveillance technique discussed - using lasers to blind cameras.
surveillance  privacy  camera  security  laser 
january 2008 by kybernetikos
Institute for Applied Autonomys application for finding "the path of least surveillance" in Manhattan.
surveillance  maps  privacy  security  cctv 
january 2008 by kybernetikos
Handbook of Applied Cryptography
Nearly everything you need to know about cryptography, now available for free download.
cryptography  security  book  reference  crypto 
december 2007 by kybernetikos
The MIT Guide to Lockpicking
A good free guide to lockpicking. Nice way to start.
lockpicking  locks  tutorial  security 
october 2006 by kybernetikos
Tiger Envelopes
Easy mail crypto? Amazing. Also, I like p2p key distribution. Update: Messed up my system - not ready for wide use yet
email  encryption  security 
september 2006 by kybernetikos

related tags

advice  analysis  anonymity  architecture  ascii  authentication  backdoor  bitcoin  blanket  blog  book  browser  bruceschneier  bug  camera  cardinal  cards  catholic  cctv  china  chip  code  conclave  craft  crypto  cryptocurrency  cryptography  data  debug  development  dhe  diffe  ecc  economics  election  email  encryption  engineering  exchange  exploit  free  game  games  google  hack  hacking  hardware  haskell  helman  hidden  http  https  IE  IFTTT  image  internet  interview  javascript  key  knowledge  laser  library  linux  lock  lockpicking  locks  manufacturer  maps  math  message  microsoft  mistakes  money  mono  numbers  obfuscation  online  opensource  paint  password  passwords  phantom  pick  pin  poker  politics  pope  privacy  private  productkey  program  programming  proof  protocol  public  quote  random  reference  safe  satoshi  science  secrecy  secret  security  server  setup  sidechannel  software  statistics  surveillance  threat  tools  tutorial  unicode  unity  visualization  vote  web  xbox  xss  zcash  zeroknowledge 

Copy this bookmark: