philjr + security   180

Election-Hacking Lessons from the 2018 Def Con Hackers Conference | The New Yorker
Sue Halpern on the 2018 Def Con hackers conference, where hackers were invited to try to infiltrate several types of widely used vote-counting machines.

(tag really should read “Advice”)
politics  2018  technology  espionage  advice  security 
august 2018 by philjr
Handle secret credentials in Ruby On Rails — Varvet
Suggestions on storing credentials for Ruby; suggestion is a YAML file that is never checked into source control. But no actual encryption at play.

Seems dated?
security  ruby  how-to  yaml 
july 2018 by philjr
Use keyring to store your credentials – alexwlchan
Using Python's Keyring library to secure credentials in scripts.
python  security  how-to 
july 2018 by philjr
When a Stranger Decides to Destroy Your Life
Monika Glennon has lived in Huntsville, Alabama, for the last 12 years. Other than a strong Polish accent, she fits a certain stereotype of the All-American life. She’s blonde. Her husband is a veteran Marine. Her two children, a boy and a girl, joined the military as adults. She sells houses—she’s a real estate agent at Re/Max—helping others realize their own American dream.
2018  culture  internet  law  privacy  security 
july 2018 by philjr
Installing PowerShell on Kali Linux | Kali Linux
You may already be aware that you can safely add external repositories to your Kali Linux installation but you may not be aware that one of the many repositories available online includes one from Microsoft that includes PowerShell. The repository is for Debian but its packages install perfectly well on Kali, as we will show in this post.
powershell  linux  security  how-to 
june 2018 by philjr
10 Common Database Security Issues - DZone Security
A look at some common and avoidable errors that database and development teams make that can lead to lack-luster database security and data security breaches.
security  databasesecurity  cybersecurity  db  DBA  Advice 
june 2018 by philjr
Reminder: macOS still leaks secrets stored on encrypted drives | Ars Technica
Thumbnails from encrypted drives live on long after the drives are disconnected.
security  macos  storage 
june 2018 by philjr
BYOD in SMEs linked to security incidents
Bring your own device practices have been identified as a cyber security risk for six in 10 SMEs.
via:SecurityFeed  security  business  2018 
may 2018 by philjr
Digital Photocopiers Loaded With Secrets - CBS News
Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine. In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data. If you're in the identity theft business it seems this would be a pot of gold. "The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms," John Juntunen said, "that information would be very valuable." Buffalo Reacts to CBS News Investigation
via:mvuijlst  via:popular  security  Printers 
may 2018 by philjr
How to keep your ISP’s nose out of your browser history with encrypted DNS | Ars Technica
Using Cloudflare’s, other DNS services still require some command-line know-how.
encryption  privacy  security  dns  network  internet  how-to  2018 
april 2018 by philjr
Hacking your brain(scan): security bugs in EEG software open hospitals to attack | Ars Technica
Cisco Talos reveals “multiple vulnerabilities” in hardware common at hospitals.
security  healthcare  2018 
april 2018 by philjr
Penetration Testing Cheat Sheet For Windows Machine
In the event that your Windows machine has been compromised or for any other reason, this cheat sheet is intended to help.Penetration Testing Cheat Sheet
cheatsheet  security  windows 
january 2018 by philjr
FedRAMP Templates | FedRAMP
Readiness Assessment Phase Template Download Updated The FedRAMP High RAR Template and its underlying assessment are intended to enable FedRAMP
government  infosec  security  IT  templates  @wa 
december 2017 by philjr
Treason Against the United States. -
By Section 110 of Article III. of the Constitution of the United States, it is declared that:
politics  security  history  1861  espionage  Government  law  legal  vocabulary 
december 2017 by philjr
Extreme Security Measures for the Extra Paranoid
You've covered the basics. You've checked off the more-than-basics. But you still can't fight a nagging feeling that it's not quite enough. At a certain point, if a nation-state wants to compromise your devices or your privacy badly enough, it's going to find a way. You can at least make it harder for them. Here are a few measures designed to do just that.
security  Advice  via:SecurityFeed 
december 2017 by philjr
Yubikey and SSH via PAM
The purpose of this document is to guide readers through the configuration steps to use two factor authentication for SSH using Yubikey. This document assumes that the reader has advanced knowledge and experience in Linux system administration, particularly for how PAM authentication mechanism is configured on a Linux platform.
guide  how-to  security  yubico  yubikey  linux  pam  authentication 
december 2017 by philjr
How To Install Elasticsearch, Logstash, and Kibana (ELK Stack) on Ubuntu 14.04 | DigitalOcean
In this tutorial, we will go over the installation of the Elasticsearch ELK Stack on Ubuntu 14.04—that is, Elasticsearch 2.2.x, Logstash 2.2.x, and Kibana 4.4.x. We will also show you how to configure it to gather and visualize the syslogs of your sys
devops  logging  tutorial  logstash  Sys_Admin  security  how-to 
november 2017 by philjr
File audit script : PowerShell
I posted on this yesterday and I want to base this around event ID 5145 This doesn't work, I can't get the replace.value piece to work. I enable...
powershell  code  example  security  script 
november 2017 by philjr
Digital Ocean

How To Install and Configure OpenLDAP and phpLDAPadmin on Ubuntu 16.04
how-to  security  ldap  linux 
october 2017 by philjr
Equifax Breach Fallout: Your Salary History
At issue is a service provided by Equifax’s TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan.
security  via:SecurityFeed 
october 2017 by philjr
Testing U2F Security Keys
Security Keys implement the FIDO U2F spec, which borrows a lot from ISO 7816-4. Each possible transport (i.e. USB, NFC, or Bluetooth) has its own spec for how to encapsulate the U2F messages over that transport (e.g. here's the USB one). FIDO is working on much more complex (and more capable) second versions of these specs, but currently all security keys implement the basic ones...
security  via:SecurityFeed 
october 2017 by philjr
So, Equifax says your data was hacked—now what? | Ars Technica
143 million now face identity theft threat, so here's what to do if you're one of them.
money  government  security  privacy 
september 2017 by philjr
European Court Limits Employers’ Right to Monitor Workers
Europe’s human rights court on Tuesday limited the ability of companies to read employees’ email, overturning an earlier ruling that seemed to give them broad leeway in monitoring workplace communications.
security  Government  politics  privacy  business  via:SecurityFeed 
september 2017 by philjr
How to Record Calls on Your Smartphone | WIRED
We look at TapeACall, Google Voice, and other software and hardware options.
how-to  security  smartphone  phones 
august 2017 by philjr
How to Switch UAC Levels with scripts
Includes a SwitchUACLevel PowerShell module
(UAC = User Account Controls; ie: the annoying prompts.)
security  powershell  script  sysadmin 
july 2017 by philjr
« earlier      
per page:    204080120160

related tags

2fa  @automation  @comparison  @keyboard_maestro  @lol  @ranking  @read  @wa  advice  amazon  analysis  analytics  android  api  apple  apps  aps  arc  article  authentication  authorization  awesome  aws  best  best-practices  bestpractices  bitcoin  blog  botnet  breach  browser  bsd  build  business  cheatsheet  checklist  cis269  citizenlab  cloud  code  codinghorror  comparison  compromised  console  container  containers  conversion  converter  corpus  crack  cryptography  csv  culture  cybersecurity  data  database  databasesecurity  dataBrokers  db  DBA  ddos  dev  development  devops  distributed  dns  docker  dockerhub  dropbox  education  eff  election  email  embedded  encrypted  encryption  espionage  Europe  example  examples  excel  facebook  Feedly  filesharing  firewall  gdpr  github  glitch_video  gmail  go  google  government  govtech  gpg  guide  guidelines  hack  hacked  Hacking  hardware  healthcare  history  horrorstories  how-to  howto  html  iam  identity  ifttt  infosec  injection  Instapaper  intel  internet  iOS  iot  IT  javascript  k8s  kernel  kubernetes  laptop  law  ldap  legal  linux  log  logging  logstash  mac  macos  malware  manuals  mobile  money  mozilla  netsec  network  networking  news  Nginx  nist  nsa  oauth  oauth2  openssh  ops  osx  pam  password  passwords  pentest  pentesting  performance  phones  politics  ports  powershell  practices  precautions  Printers  privacy  programming  Projects  python  quote  random  ransomware  raspberrypi  reference  review  Root  router  ruby  russia  scratch  script  secrets  security  site  smartphone  software  spooks  sql  sql-injection  ssh  starwars  storage  surveillance  sysadmin  sysinternals  sys_admin  tech  technology  templates  tool  tools  tracking  training  travel  troubleshooting  tutorial  ubuntu  UI  utility  vaneck  via:amy  via:garyleatherman  via:mvuijlst  via:ninthart  via:popular  via:SecurityFeed  via:tremendo  via:WickedGood  vm  vocabulary  voting  vpn  web  webdev  web_dev  wifi  windows  wireless  World_Affairs  wpa2  yaml  yubico  yubikey 

Copy this bookmark: