whip_lash + security   394

SSL spy boxes on your network getting you down? But wait, here's an IETF draft to fix that • The Register
Before you get too excited though, it's worth noting that security considerations to this approach have yet to be considered: the relevant section is listed as simply "To do."
encryption  security 
9 days ago by whip_lash
DUHK Attack
Developers of cryptographic software should stop using the X9.31 generator. It was removed from the list of FIPS-approved random number generation algorithms in January 2016. If you must use a block cipher-based RNG, don't use a hard-coded key, and regenerate the key frequently.
security  cryptography  crypto 
24 days ago by whip_lash
IoT Cybersecurity: What's Plan B? - Schneier on Security
What the bill does do is leverage the government's buying power to nudge the market: any IoT product that the government buys must meet minimum security standards. It requires vendors to ensure that devices can not only be patched, but are patched in an authenticated and timely manner; don't have unchangeable default passwords; and are free from known vulnerabilities. It's about as low a security bar as you can set, and that it will considerably improve security speaks volumes about the current state of IoT security.
law  security  iot 
4 weeks ago by whip_lash
Attackers Start Scans for SSH Keys After Report on Lack of SSH Security Controls
Website owners are advised to check if they haven't accidentally uploaded their SSH private key on their public servers, or committed the SSH private key to Git or SVN repositories. Setting a passphrase to access the private SSH key also prevents an attacker from using the key, even if he manages to get his hands on it.
ssh  security 
4 weeks ago by whip_lash
https://threatdragon.org/login
Threat Dragon is a free, open-source threat modeling tool from OWASP.
analysis  security 
6 weeks ago by whip_lash
Crowbar - Brute Forcing Tool (SSH, OpenVPN, RDP, VNC) - KitPloit - PenTest Tools for your Security Arsenal ☣
As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests, to be used to attack other SSH servers.
ssh  security  pentest  bruteforce 
8 weeks ago by whip_lash
https://pastebin.com/raw/5pWX75yf
Crime Bay takes the security of this service very seriously. Our staff will never prioritize business operations over security. Our focus on security is how we always work to keep our customers, operatives and service safe from law enforcement and other adversaries. We outline some of our security measures on this page because we disagree with security through obscurity as a method for keeping law enforcement out. Our users deserve to know and understand the measures we take to keep this site running and secure their accounts.
opsec  crime  security 
9 weeks ago by whip_lash
US carriers partner on a better mobile authentication system
The idea is to marry current 2FA with systems that "reduce mobile identity risks by analyzing data and activity patterns on a mobile network to predict, with a high degree of certainty, whether the user is who they say they are,"
privacy  security  creepy  2fa  mfa 
9 weeks ago by whip_lash
Mind Maps
Information Security related Mind Maps
hacking  mindmap  security  pentest  ctf 
12 weeks ago by whip_lash
Chilkat API, SDK, Components, Libs for iOS, Windows, Android, Linux, Mac OS X, and more.
Chilkat is a cross-language, cross-platform API providing 90+ classes for many Internet protocols, formats, and algorithms.
python  library  security 
july 2017 by whip_lash
« earlier      
per page:    204080120160

related tags

2fa  activedirectory  afghanistan  aircraft  analysis  android  ansible  antivirus  app  apple  apps  apt  ascii  assembly  authentication  aws  banking  base64  bash  bigbrother  binary  biology  bitcoin  blogs  bloodhound  board  book  books  Brazil  britain  bruteforce  bufferoverflow  bugbounty  burp  c  c++  career  certification  cheatsheet  china  cis  cisco  cissp  class  cloud  code  coldfusion  commandinjection  communications  compliance  compromise  conference  consulting  conversion  courses  crackmapexec  craigslist  creepy  crime  crypto  cryptography  ctf  culture  darkweb  data  database  debugging  defcon  defense  design  devops  dfir  diamond  dictionary  disassembler  dns  docker  domain  dos  download  drive  drm  economics  education  egypt  elasticsearch  electricity  elkstack  email  encryption  ethics  events  exchange  exfiltration  exploit  facebook  fbi  firewall  foreignpolicy  forum  fraud  free  freebsd  freeware  fuzzing  gadgets  games  gigs  github  glba  goldenticket  google  government  guide  hacking  hardening  hardware  hash  hashcat  hex  hipaa  howto  hping3  html  http  https  humor  i2p  ichidan  icmp  ida  idiocracy  ids  iis  indicators  infraguard  injection  intelligence  internet  intrusionanalysis  ios  iot  iphone  ipsec  java  javascipt  javascript  joke  juniper  kali  keepass  kerberoast  kerberos  lab  laps  law  learning  lemons  lfi  library  linux  literature  localadmin  logging  mac  mainframe  malware  messaging  metasploit  mexico  mfa  microsoft  military  mimikatz  mindmap  mitm  mobile  monitoring  moonlighting  music  netcat  netripper  networengineering  network  networking  nmap  nsa  ntlm  obama  online  openbsd  opensource  opsec  oscp  osint  p2p  packetcapture  passports  Password  passwords  penest  pentest  pgp  php  phy  physical  pivoting  plugin  police  politics  postexploitation  postscript  powershell  privacy  privesc  privilegeescalation  privitization  programming  promiscuous  proxcard  proxy  psychology  python  radio  rails  rdp  recommended  recon  redis  reference  registry  report  reverseengineering  reverseshell  rfi  rmi  router  ruby  sanbox  sans  sarbanes-oxley  scanner  schneier  science  Scripting  sdn  sdr  search  secrecy  secure  security  securityonion  sensepost  server  services  shell  shellcode  shodan  siem  sign  signature  smtp  socks  software  solaris  spam  splunk  sql  sqli  ssh  ssl  ssrf  sudo  swift  sysadmin  sysinternals  sysmon  taliban  tech  technology  terrorism  testing  tips  tool  tools  tor  torrent  training  transportation  travel  troubleshooting  tty  tutorial  tutorials  uac  ubuntu  unicornscan  unix  urldecode  usb  utilities  video  virtualization  vmware  voip  vpn  vulnerability  war  wargames  web  webapp  webdav  webdev  webshell  wifi  windows  wireless  wireshark  wordpress  workstation  wpad  wps  xml  xss  xxe  yara  youtube  yubikey 

Copy this bookmark:



description:


tags: