philjr + security   170

Reminder: macOS still leaks secrets stored on encrypted drives | Ars Technica
Thumbnails from encrypted drives live on long after the drives are disconnected.
security  macos  storage 
4 weeks ago by philjr
BYOD in SMEs linked to security incidents
Bring your own device practices have been identified as a cyber security risk for six in 10 SMEs.
via:SecurityFeed  security  business  2018 
8 weeks ago by philjr
Digital Photocopiers Loaded With Secrets - CBS News
Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine. In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data. If you're in the identity theft business it seems this would be a pot of gold. "The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms," John Juntunen said, "that information would be very valuable." Buffalo Reacts to CBS News Investigation
via:mvuijlst  via:popular  security  Printers 
9 weeks ago by philjr
How to keep your ISP’s nose out of your browser history with encrypted DNS | Ars Technica
Using Cloudflare’s, other DNS services still require some command-line know-how.
encryption  privacy  security  dns  network  internet  how-to  2018 
april 2018 by philjr
Hacking your brain(scan): security bugs in EEG software open hospitals to attack | Ars Technica
Cisco Talos reveals “multiple vulnerabilities” in hardware common at hospitals.
security  healthcare  2018 
april 2018 by philjr
Penetration Testing Cheat Sheet For Windows Machine
In the event that your Windows machine has been compromised or for any other reason, this cheat sheet is intended to help.Penetration Testing Cheat Sheet
cheatsheet  security  windows 
january 2018 by philjr
FedRAMP Templates | FedRAMP
Readiness Assessment Phase Template Download Updated The FedRAMP High RAR Template and its underlying assessment are intended to enable FedRAMP
government  infosec  security  IT  templates  @wa 
december 2017 by philjr
Treason Against the United States. -
By Section 110 of Article III. of the Constitution of the United States, it is declared that:
politics  security  history  1861  espionage  Government  law  legal  vocabulary 
december 2017 by philjr
Extreme Security Measures for the Extra Paranoid
You've covered the basics. You've checked off the more-than-basics. But you still can't fight a nagging feeling that it's not quite enough. At a certain point, if a nation-state wants to compromise your devices or your privacy badly enough, it's going to find a way. You can at least make it harder for them. Here are a few measures designed to do just that.
security  Advice  via:SecurityFeed 
december 2017 by philjr
Yubikey and SSH via PAM
The purpose of this document is to guide readers through the configuration steps to use two factor authentication for SSH using Yubikey. This document assumes that the reader has advanced knowledge and experience in Linux system administration, particularly for how PAM authentication mechanism is configured on a Linux platform.
guide  how-to  security  yubico  yubikey  linux  pam  authentication 
december 2017 by philjr
How To Install Elasticsearch, Logstash, and Kibana (ELK Stack) on Ubuntu 14.04 | DigitalOcean
In this tutorial, we will go over the installation of the Elasticsearch ELK Stack on Ubuntu 14.04—that is, Elasticsearch 2.2.x, Logstash 2.2.x, and Kibana 4.4.x. We will also show you how to configure it to gather and visualize the syslogs of your sys
devops  logging  tutorial  logstash  Sys_Admin  security  how-to 
november 2017 by philjr
File audit script : PowerShell
I posted on this yesterday and I want to base this around event ID 5145 This doesn't work, I can't get the replace.value piece to work. I enable...
powershell  code  example  security  script 
november 2017 by philjr
Digital Ocean

How To Install and Configure OpenLDAP and phpLDAPadmin on Ubuntu 16.04
how-to  security  ldap  linux 
october 2017 by philjr
Equifax Breach Fallout: Your Salary History
At issue is a service provided by Equifax’s TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan.
security  via:SecurityFeed 
october 2017 by philjr
Testing U2F Security Keys
Security Keys implement the FIDO U2F spec, which borrows a lot from ISO 7816-4. Each possible transport (i.e. USB, NFC, or Bluetooth) has its own spec for how to encapsulate the U2F messages over that transport (e.g. here's the USB one). FIDO is working on much more complex (and more capable) second versions of these specs, but currently all security keys implement the basic ones...
security  via:SecurityFeed 
october 2017 by philjr
So, Equifax says your data was hacked—now what? | Ars Technica
143 million now face identity theft threat, so here's what to do if you're one of them.
money  government  security  privacy 
september 2017 by philjr
European Court Limits Employers’ Right to Monitor Workers
Europe’s human rights court on Tuesday limited the ability of companies to read employees’ email, overturning an earlier ruling that seemed to give them broad leeway in monitoring workplace communications.
security  Government  politics  privacy  business  via:SecurityFeed 
september 2017 by philjr
How to Record Calls on Your Smartphone | WIRED
We look at TapeACall, Google Voice, and other software and hardware options.
how-to  security  smartphone  phones 
august 2017 by philjr
How to Switch UAC Levels with scripts
Includes a SwitchUACLevel PowerShell module
(UAC = User Account Controls; ie: the annoying prompts.)
security  powershell  script  sysadmin 
july 2017 by philjr
Python Secure FTP module
Overview In the previous post we covered the ftplib module in Python, which you can read more about here. In ...
python  tutorial  security  network 
july 2017 by philjr
Does my site need HTTPS?
"But my site doesn't have forms or collect information from users."

Doesn't matter. HTTPS protects more than just form data! HTTPS keeps the URLs, headers, and contents of all transferred pages confidential.

"There's nothing sensitive on my site anyway."

Your site is a liability! Just because your site is hosted safely in your account doesn't mean it won't travel through cables and boxes controlled by who knows how many corporate- and state-owned entities. Do you really want someone injecting scripts, images, or ad content onto your page so that it looks like you put them there? Or changing the words on your page? Or using your site to attack other sites? This stuff happens: on airlines (a lot, and again), in China, even ISPs do it (a lot). And HTTPS prevents all of it. It guarantees content integrity and the ability to detect tampering. If we encrypt only secret content, then we automatically paint a target on those transmissions. Keep which of your transmissions contain secrets secret by encrypting everything.

"The site is HTTP, but our forms are submitted over HTTPS."

This is as bad as not using any HTTPS at all! All the attacker has to do is change the link or form action to a URL on his/her own server. There's no way to detect this because it happens over the wire with plain HTTP. Encrypt the WHOLE site and redirect HTTP to HTTPS.
security  webdev  via:popular 
july 2017 by philjr
Company fired an employee, he shut down water utility providers' networks
A former employee was sentenced to one year and one day in prison for damaging the IT networks of several water utility providers across the US East Coast.
security  via:SecurityFeed 
june 2017 by philjr
DRA firm left 1.1 TB of data unsecured on an Amazon S3, 198 million US voter records exposed
Chris Vickery revealed the DRA firm used by the GOP left 1.1 TB of data unsecured on an Amazon S3, 198 million US voter records exposed.
security  politics  via:SecurityFeed 
june 2017 by philjr
« earlier      
per page:    204080120160

related tags

!lol  1password  2fa  @automation  @comparison  @keyboard_maestro  @ranking  @read  @wa  advice  amazon  analysis  analytics  android  api  apple  Apps  aps  arc  article  authentication  authorization  awesome  aws  best  best-practices  bestpractices  bitcoin  blog  botnet  breach  browser  bsd  build  business  cheatsheet  checklist  cis269  citizenlab  cloud  code  codinghorror  comparison  compromised  console  container  containers  conversion  converter  corpus  crack  cryptography  csv  culture  cybersecurity  data  database  dataBrokers  DBA  ddos  dev  development  devops  distributed  dns  docker  dockerhub  dropbox  education  eff  election  email  embedded  encrypted  encryption  espionage  Europe  example  examples  excel  facebook  Feedly  filesharing  firewall  gdpr  github  glitch_video  gmail  go  google  government  govtech  gpg  guide  guidelines  hack  hacked  Hacking  hardware  healthcare  history  horrorstories  how-to  howto  html  humor  iam  identity  ifttt  infosec  injection  Instapaper  intel  internet  iOS  iot  IT  javascript  k8s  kernel  kubernetes  laptop  law  ldap  legal  linux  log  logging  logstash  mac  macos  malware  manuals  mobile  money  mozilla  netsec  network  networking  news  Nginx  nist  nsa  oauth  oauth2  openssh  ops  osx  pam  password  passwords  pentest  pentesting  performance  phones  politics  ports  powershell  practices  precautions  Printers  privacy  programming  Projects  python  quote  random  ransomware  raspberrypi  reference  review  Root  router  russia  scratch  script  secrets  security  site  smartphone  software  spooks  sql  sql-injection  ssh  starwars  storage  surveillance  sysadmin  sysinternals  sys_admin  tech  technology  templates  tool  tools  tracking  training  travel  troubleshooting  tutorial  ubuntu  UI  utility  vaneck  via:amy  via:garyleatherman  via:mvuijlst  via:popular  via:SecurityFeed  via:tremendo  via:WickedGood  vm  vocabulary  voting  vpn  web  webdev  web_dev  wifi  windows  wireless  World_Affairs  wpa2  yubico  yubikey 

Copy this bookmark: