xer0x + security   221

OWASP Top 10 Vulnerabilities List — You’re Probably Using It Wrong
We break down the basics of what you need to know about the OWASP Top 10 Vulnerabilities List and how to use it the right way to support your development team.
security  guide 
6 days ago by xer0x
The Making of the American Gulag | Boston Review
ship, its emphasis on individuality, and its support of business. But the dominance of the security s
usa  history  2019  gulag  ice  child  dungeon  concentration  modern  failure  national  dominance  security  essay  article 
11 days ago by xer0x
Absolute scale corrupts absolutely - apenwarr
The Internet has gotten too big.

Growing up, I, like many computery people of my generation, was an idealist.
I believed that better, faste...
ifttt  internet  privacy  security  tech  Unread  Pocket  google  aws  amazon  corruption  monopoly  a:Avery-Pennarun★★  artificial-intelligence 
11 days ago by xer0x
D-Link Home Routers Open to Remote Takeover Will Remain Unpatched | Threatpost
CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device.
dlink  router  hack  code  cve-2019-16920  d-link  end  execution  hacks  home  life  malware  mobile  of  privacy  remote  routers  security  unpatched  vulnerabilities  web 
12 days ago by xer0x
New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
Cybersecurity researchers today revealed the existence of Simjacker, a SIM Card vulnerability that could allow remote hackers to spy on devices just by sending SMS
wtf  sim  phone  hack  message  security  breach  attacks  target  vulnerability 
5 weeks ago by xer0x
HTTP Security Headers - A Complete Guide
A description of each security header, why it is important, and how to configure your website in a secure way.
cors  devops  http  security  headers  reference  CSP  infosec  programming  web 
july 2019 by xer0x
Aporeto - Application Segmentation for Cloud | Microservices & Container Security
Application segmentation solutions enabling container and microservices security for private, public or hybrid cloud. A distributed homogenous security policy is enforced per workload independent of network or infrastructure configuration, enabling uniform security orchestration across multi-cloud environments.
network  security  k8s  istio  aporeto  nick 
june 2019 by xer0x
Web Single Sign-On, the SAML 2.0 perspective - Theodo
How does SAML work in practice ? What do I need to implement it ?
authentication  saml2  saml  security  sso  identity-management  json  oauth  openid  webdev  xml 
june 2019 by xer0x
WireGuard for Kubernetes: Introducing Gravitational Wormhole
We are excited to announce the new open source project: Gravitational Wormhole, a Kubernetes network plugin that combines the simplicity of flannel with encrypted networking from WireGuard.
kubernetes  security  vpn  wireguard 
april 2019 by xer0x
The Problem with SSH Agent Forwarding · Bogdan Popa
After hacking the matrix.org website today, the hacker opened a series of GitHub issues mentioning the flaws he discovered. In one of those issues, he mentions that “complete compromise could have been avoided if developers were prohibited from using [SSH agent forwarding]“.
Here’s what man ssh_config has to say about ForwardAgent:
Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s Unix-domain socket...
ssh  security  proxy 
april 2019 by xer0x
American Businesses Stayed Quiet On Chinese Hackers, Amid Concerns For Profits : NPR
The U.S. has largely failed to stop Chinese cybertheft of U.S. companies, but the companies themselves led the charge in keeping it under wraps.
china  usa  relations  hacker  security  trade  theft  legal  politics  business  administrator  government  wto 
april 2019 by xer0x
VPN - a Very Precarious Narrative - Dennis Schubert
Random thoughts, articles, projects, and even stickers created or collected by Dennis Schubert.
ifttt  privacy  security  vpn  Hacker_News  technology  toread 
april 2019 by xer0x
Researchers Find Google Play Store Apps Were Actually Government Malware - Motherboard
Famed hacker Kevin Mitnick sets up a social engineering attack against Motorola to steal the source code for the MicroTAC Ultralite cellphone.
april 2019 by xer0x
Ledger-Donjon/lascar: Ledger's Advanced Side-Channel Analysis Repository
Ledger's Advanced Side-Channel Analysis Repository - Ledger-Donjon/lascar
attack  devops  hacker  security  sidechannel  sysadmin 
february 2019 by xer0x
Mathematicians Seal Back Door to Breaking RSA Encryption | Quanta Magazine
Digital security depends on the difficulty of factoring large numbers. A new proof shows why one method for breaking digital encryption won’t work.
Cryptography  HEALTH  abstractions  cambridge  computer  crypto  encryption  equations  factoring  factors  math  mathematics  maths  notes  number  numbers  of  polynomial  prime  rsa  science  security  theory  university 
january 2019 by xer0x
Randall Degges - Please Stop Using Local Storage
Stop using local storage to store sensitive information. If you're putting a JWT in local storage you're doing it wrong.
architecture  javascript  jwt  localstorage  security  web  webdev  development  bestPractices  cookie 
november 2018 by xer0x
Endpoint Protection Platform for Enterprises | Endgame
Endpoint protection built to stop advanced attacks before damage and loss occurs. 0 breach tolerance. Schedule a demo now.
company  security  phising  tools 
october 2018 by xer0x
the frontendian
A little blog about building web applications. Posts arrive monthly on performance, security, accessibility, tooling, and more.
security  webdev  web  javascript  http  cors 
september 2018 by xer0x
Neatly bypassing CSP – Wallarm
Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting (XSS). It lists and describes paths and sources, from which the browser…
csp  web  cors  iframe  bypass  security 
july 2018 by xer0x
Timeless Debugging of Complex Software | Ret2 Systems Blog
In software security, root cause analysis (RCA) is the process used to “remove the mystery” from irregular software execution and measure the security impact...
debugging  tool  security  tutorial  javascript  via:hackernews 
june 2018 by xer0x
Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict - The New York Times
Until now, the Cyber Command has assumed a largely defensive posture, but in the spring the Defense Department opened the door to nearly daily raids on foreign networks, seeking to head off attacks.
america  crazy  first  trump  cyber  security  offensive  strategy 
june 2018 by xer0x
notes/Gathering-weak-npm-credentials.md at master · ChALkeR/notes
GitHub is where people build software. More than 28 million people use GitHub to discover, fork, and contribute to over 85 million projects.
npm  computers  security  ifttt  javascript  Instapaper  node  nodejs  password  passwords 
june 2018 by xer0x
Killcord is a tool used to build resilient deadman's switches for releasing encrypted payloads.
ethereum  deadman  switch  blockchain  encryption  privacy  security  censorship  death  ipfs 
may 2018 by xer0x
Microcontroller Firmware Recovery Using Invasive Analysis | Duo Security
Duo Labs security researchers show how to bypass microcontroller interfaces used for internet of things (IoT) devices - these invasive attacks require physical access to typical microcontrollers.
chip  security  diy  iot  hack  duo  neat  investigation 
may 2018 by xer0x
Alexa and Siri Can Hear This Hidden Command. You Can’t. - The New York Times
Researchers can now send secret audio instructions undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant.
alexa  amazon  pocket  security  ifttt  voice  NEWS  nyt  privacy  (popular 
may 2018 by xer0x
GoDaddy Forced to Revoke Thousands of SSL Certificates
The world’s largest domain registrar and web hosting provider GoDaddy has revoked nearly 9,000 SSL certificates as a result of a bug discovered in the validation process. GoDaddy took this as a precautionary measure to protect customers from further potential risks.
godaddy  ssl  mistake  security  danger 
april 2018 by xer0x
Carbon Black | Transforming Endpoint Security with Big Data Analytics
Carbon Black and the Cb Predictive Security Cloud are transforming endpoint security, supporting a number of services that deliver next generation endpoint protection and operations with big data and analytics.
antivirus  malware  attack  analysis  security  cyber  endpoint  ml  software  threat 
april 2018 by xer0x
mesalock-linux/mesalink: MesaLink is a memory-safe and OpenSSL-compatible TLS library.
GitHub is where people build software. More than 27 million people use GitHub to discover, fork, and contribute to over 80 million projects.
openssl  tls  alternative  rust  security  wow  memory  safe  stem 
april 2018 by xer0x
Secure Access for the Digital Enterprise | Ping Identity
Ping Identity frees the digital enterprise by providing secure access that enables the right people to access the right things, seamlessly and securely.
cloud  identity  security  sso  company  email  saas  singlesignon  authentication  on 
february 2018 by xer0x
Escape Sequences | Git Diff & Git Log | TwistlockLabs
This post discusses how escape sequences are not something to treat lightheartedly and how easy it is to hide content from Git
article  diff  git  security  hidingcontent  howto  important  interesting  programming  shell 
december 2017 by xer0x
« earlier      
per page:    204080120160

related tags

!Links  !Priority  (popular  0day  12factor  802.1x  2017-07-06  a:Avery-Pennarun★★  abstractions  access  actix  administrator  adobe  adversarial  advice  afp  ai  airport  alexa  algorithm  algorithms  alternative  amazon  america  analysis  android  anonymity  anonymous  ansible  antivirus  apache  api  aporeto  app  apple  application  Applications_and_Resources  apps  appstore  apt  architecture  archive  article  articles  artificial-intelligence  asm  assembly  asus  attack  attacks  audio  audit  authentication  authorization  awesome  aws  backend  backtrack  backup  badtech  bank  BazQux  bcrypt  bestpractices  beta  beyondcorp  bgphack  bitcoin  bitfrost  bittorent  blackhat  blackphone  blizzard  blockchain  blog  blog-posts  blowfish  bohni  boingboing  bomb  bounty  breach  browser  browserid  bsdnow  bug  bugd  bugs  business  by:phy1729  bypass  byt3bl33der  cambridge  campaign  casestudy  caution  censorship  certificate  charon  chart  chat  cheatsheet  checksum  chess  child  chillispot  china  chip  chromebook  chromeos  cloud  cloud-computing  CloudComputing  cloudflare  cluster  code  coding  cognitive  coldboot  COMP3911  company  comparison  composer  computer  computer-science  computers  concentration  config  configuration  container  containers  content  cookie  cool  copyright  corruption  cors  cpu  crack  cracking  crash  crazy  crime  crypto  cryptocurrency  cryptography  csp  csrf  css  csv  ctf  culture  currency  cve-2019-16920  cyber  cybersecurity  d-link  daily  danger  dangling  darknet  data  database  ddos  deadman  death  debian  debugging  deep  deeplearning  defense  delete  Delicious  democrats  design  dev  development  devops  diff  diffie-hellman  Digg  digital  digitalWarfare  distributed  diy  dlink  dnn  docker  documentation  documents  dominance  dots  download  dungeon  duo  ecc  ecosystem  education  electronic  EllipticCurve  email  encryption  encryptionb  end  endpoint  engineering  env  enviroment  equations  erratasec  escape  espionage  essay  ethereum  ethics  europe  Evans  excel  exchange  execution  exploit  export  facebook  factoring  factors  fail  failure  fbi  feedly  figma  filesharing  filesystem  filetype:pdf  firewall  firmware  first  fixation  font  format  forms  fraud  free  freenet  freeware  from  from:reuters  fun  function  fungus  funny  future  fuzzing  game  gcp  gdpr  geek  getenv  getpocket  gfw  git  gitcoin  github  gmail  go  godaddy  golang  google  government  gpg  graph  graphics  great  gru  guide  gulag  hack  hackaday  hacker  hackerNews  Hacker_News  hacking  hacks  hardening  hardware  hash  hashing  headers  HEALTH  heap  help  helpful  hidingcontent  highsierra  hints  history  hit  hmac  home  howto  HR  html  html5  http  http2  https  huawai  HW  i2p  ice  idea  ideas  identity  identity-management  idm  iframe  ifttt  IIW  ime  important  informationSecurity  infosec  injection  Instapaper  intel  interesting  interface  internet  investigation  ios  iot  ip  ipfs  iphone  ipod  iran  istio  javascript  jit  jobs  journalism  js  json  Julia  jwt  k8s  kb_cpu  kernel  key  key-management  keybase  keys  keywhiz  killboard  killwall  kubernetes  kvm  l337  lambda  laptop  leak  learning  learn_it  leet  legal  letsencrypt  lib  libraries  library  lies  life  links  linux  list  livros  localstorage  login  logins  loopinsight  mac  macos  macosx  magazine  magento  mail  malware  mass-assignment  mass_assignment  math  mathematics  maths  mcafee  md5  memory  mersenne  mersennetwister  mesh  message  messagepack  messaging  metasploit  microsoft  mikey  military  mistake  mit  ml  mmm  mobile  modern  money  monitoring  monopoly  MorganGangwere  mtgox  nacl  nas  nat  national  neat  netsec  nettverk  network  networking  networks  new  news  NewsBlur  nginx  nice  nick  node  nodejs  notes  npm  nsa  nt  ntlm  ntp  number  numbers  nyt  oauth  oauth2  ocaml  of  offensive  old  olpc  omg  on  online  onlinetools  ooops  open-source  opencart  openid  opensource  openssl  openvpn  openweb  optimization  options  os  osx  Other_Bookmarks  owasp  p2p  package  packet  paper  papers  parser  password  passwords  patch  patches  paypal  pdf  pentest  pentesting  performance  perspective  phising  phone  phones  php  physics  pirataria  pki  plugin  pocket  politics  polygraph  polynomial  port  portable  practices  prime  privacy  private  problem  programming  project  protonmail  proxy  psychology  python  radio  rails  ram  rambleed  random  randomness  ransom  ransomware  rce  read  reading-diary  readlater  redteam  reference  relations  relay  remote  research  resources  rest  restful  reverse_engineering  review  rfid  roughttime  router  routers  rowhammer  rsa  ruby  russia  rust  s  s3  saas  safe  safety  salesforce  samba  saml  saml2  saved-twitter  scanner  scanning  schneier  science  scim  scott_heime  scrypt  sdk  search  secrecy  secret  secrets  secret_management  secure  security  seguridad  selinux  server  serverless  service  services  session  sftp  sha-1  sha1  share-ian-david  shell  siacoin  SIDE  side-channel-attacks  sidechannel  signatures  sikkerhet  sim  singlesignon  sip  sklar  smartphone  smartphones  snark  sniffer  soc  social  Social_Engineering  sociology  software  software-engineering  sp2  spectre  spoilers  spoofing  spreadsheet  square  ssdp  ssh  ssh2  ssl  sso  stack  Stack2017  standard  stem  storage  story  strategy  stuxnet  surveilance  switch  sync  sysadmin  systemd  target  taviso  tcp  tech  tech-security  technology  tesla  test  theft  theory  threat  timesaver  timing  tips  tls  token  tonews  tool  toolkit  tools  tor  toread  touchid  tracking  trade  trends  tresor  trojan  trump  trust  truth  tunnel  tunneling  tutorial  twister  twitter  uae  ubuntu  ultrasound  unikernel  university  unix  unpatched  Unread  Unsorted_Bookmarks  update  updates  upnp  urandom  usa  usb  variables  via:hackernews  virtualization  vnc  voice  vpn  vulnerabilities  vulnerability  wanted  weapons  web  web-app  webasm  webassembly  webdesign  webdev  webservices  wep  whatsapp  whoa  why  wifi  wiki  wikipedia  windows  wireguard  wireless  wow  writing  wrt  wtf  wto  x11  xml  xp  xss  xwindows  yaml 

Copy this bookmark: