aldolat + security   205

Certificates for localhost - Let's Encrypt - Free SSL/TLS Certificates
Sometimes people want to get a certificate for the hostname “localhost”, either for use in local development, or for distribution with a native application that needs to communicate with a web application. Let’s Encrypt can’t provide certificates for “localhost” because nobody uniquely owns it, and it’s not rooted in a top level domain like “.com” or “.net”. It’s possible to set up your own domain name that happens to resolve to 127.0.0.1, and get a certificate for it using the DNS challenge. However, this is generally a bad idea and there are better options.
localhost  development  https  security 
27 days ago by aldolat
John Byrd's answer to What is the most sophisticated piece of software/code ever written? - Quora
The most sophisticated software in history was written by a team of people whose names we do not know.

It’s a computer worm.
hacking  security  virus  worm  Software  code 
7 weeks ago by aldolat
Font Steganography
Interesting research in steganography at the font level.
cryptography  encryption  steganography  security 
8 weeks ago by aldolat
Firefox Send
Condivisione di file riservata e crittata. Invia file in modo sicuro, riservato e crittato, con un link che scade automaticamente per garantire che i tuoi dati non rimangano online per sempre.
filesharing  security  tools  sharing  Firefox 
8 weeks ago by aldolat
Cryptomator: Free Cloud Encryption for Dropbox & Others
Free client-side encryption for your cloud files. Open source software: No backdoors, no registration.
encryption  privacy  security  cloud 
8 weeks ago by aldolat
Cryptomator come possibile erede di TrueCrypt
Cryptomator infatti permette di creare container di file inaccessibili senza la giusta chiave, scelta dall’utente e impostata esclusivamente Client Side, senza quindi che avvenga comunicazione alcuna con server della società o terze entità ulteriori.
encryption  privacy  security  cloud 
9 weeks ago by aldolat
Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw | Electronic Frontier Foundation
Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now.
PGP  GnuPG  OpenPGP  bug  attack  exploit  email  security  privacy 
9 weeks ago by aldolat
EFAIL
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails.
PGP  GnuPG  OpenPGP  bug  attack  exploit  email  security  privacy 
9 weeks ago by aldolat
Mail criptate, c'è un bug enorme che permette di leggere i messaggi. Anche quelli già spediti
Un ricercatore europeo ha trovato un enorme bug nel sistema PGP e S/MIME utilizzato per codificare le email end to end: non solo è possibile leggere il testo delle mail crittografate in chiaro, ma si può risalire anche ai vecchi messaggi.
PGP  GnuPG  OpenPGP  bug  attack  exploit  email  security  privacy 
9 weeks ago by aldolat
Expirybot makes it easier to use PGP
Journalists, human rights defenders, lawyers, developers and proactive citizens rely on open source cryptography to keep us all safe.
OpenPGP  GnuPG  PGP  security 
11 weeks ago by aldolat
GitHub - browserpass/browserpass: Chrome & Firefox browser extension for pass, a UNIX password manager.
Browserpass is a Chrome & Firefox extension for zx2c4's pass, a UNIX based password manager. It retrieves your decrypted passwords for the current domain and allows you to auto-fill login forms, as well as copy it to clipboard. If you have multiple logins for the current site, the extension shows you a list of usernames to choose from.
passwords  security 
11 weeks ago by aldolat
Plasma Pass
And so I dusted off my QML knowledge and wrote Plasma Pass: a systray Plasma applet to quickly find your password and copy it into the clipboard with a single mouse click.
passwords  security  KDE 
11 weeks ago by aldolat
Usare sottochiavi OpenPGP nello sviluppo di Debian - Debian Wiki
Le sottochiavi rendono più facile la gestione delle chiavi.
security  OpenPGP  GnuPG 
11 weeks ago by aldolat
Take These Steps to Secure Your Raspberry Pi Against Attackers
If you are not careful, your little hobby project might result in a security risk that acts as an entry point into your network. [Archived on https://archive.li/BeoNc]
RaspberryPi  security 
12 weeks ago by aldolat
Securing your Raspberry Pi - Raspberry Pi Documentation
The security of your Raspberry Pi is important. Gaps in security leave your Raspberry Pi open to hackers who can then use it without your permission. [Archived on https://archive.li/F0uYG]
RaspberryPi  security 
12 weeks ago by aldolat
Russia is Banning Telegram
If you want secure messaging, use Signal. If you're concerned that having Signal on your phone will itself arouse suspicion, use WhatsApp.
Telegram  security  privacy  encryption 
12 weeks ago by aldolat
Why You Should Stop Using Telegram Right Now 
Telegram has a wide range of security issues and doesn’t live up to its proclamations as a safe and secure messaging application.
security  encryption  privacy  Telegram 
12 weeks ago by aldolat
La TV svizzera indaga sull’Internet delle Cose: quante telecamere vulnerabili | Il Disinformatico
Nei mesi scorsi ho collaborato con la trasmissione Patti Chiari della Radiotelevisione Svizzera per esplorare l’Internet delle Cose.
IoT  privacy  security  TV 
april 2018 by aldolat
Obscure E-Mail Vulnerability
This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com.
security  email  Gmail 
april 2018 by aldolat
Protecting Code Integrity with PGP — Part 4: Moving Your Master Key to Offline Storage
Here in part 4, we continue the series with a look at how and why to move your master key from your home directory to offline storage.
GnuPG  gpg  security  cryptography  keys 
march 2018 by aldolat
KDE Project Security Advisory
Plasma Desktop: Arbitrary command execution in the removable device notifier
KDE  Plasma  security  USB 
february 2018 by aldolat
Uh-oh. How just inserting a USB drive can pwn a Linux box – HOTforSecurity
In short, if a USB memory stick is plugged into a vulnerable computer has a volume label containing the characters `` or $(), the text contained within the characters will be executed as shell commands.
KDE  Plasma  security  USB 
february 2018 by aldolat
How to Auto Update WordPress Salts
Even after the security keys and salts have been initially set, it's a good idea to update them every so often. Anything you can do to make your site more secure is generally a good idea.
WordPress  security  salt  update 
january 2018 by aldolat
The Big Debate, 2048 vs. 4096, Yubico’s Position | Yubico
While it is true that a longer key provides better security, we have shown that by doubling the length of the key from 2048 to 4096, the increase in bits of security is only 18, a mere 16%.
GnuPG  gpg  security  encryption  keys 
december 2017 by aldolat
GnuPG Frequently Asked Questions
At the time the decision was made, 2048-bit RSA was thought to provide reasonable security for the next decade or more while still being compatible with the overwhelming majority of the OpenPGP ecosystem.
GnuPG  gpg  security  encryption  keys  faq 
december 2017 by aldolat
CryptoParty
CryptoParty is a decentralized movement with events happening all over the world. The goal is to pass on knowledge about protecting yourself in the digital space. This can include encrypted communication, preventing being tracked while browsing the web, and general security advice regarding computers and smartphones.
security  privacy  GnuPG  gpg  PGP  cryptography 
november 2017 by aldolat
operational pgp - draft
This is a guide on how to email securely.
email  encryption  gpg  security  GnuPG 
october 2017 by aldolat
OpenPGP Best Practices - riseup.net
We have gathered here a lot of information about configuring GnuPG. There are detailed explanations for each configuration suggestion. Many of these changes require you to make changes to the GnuPG configuration file on your machine located at ~/.gnupg/gpg.conf. For your convenience, all the suggested changes to the gpg.conf file are gathered in one place near the bottom of this page. We strongly encourage you to not blindly copy the file, but read the document and understand what the settings do.

Also note that this guide was written for legacy versions of GnuPG (1.4) and may contain recommendations that are redundant with default settings in newer releases of GnuPG (2.1 and above). A review is in progress to make sure the guide is up to date. You can help by submitting changes yourself.
gpg  GnuPG  security  privacy  cryptography 
october 2017 by aldolat
drduh/YubiKey-Guide: Guide to using YubiKey as a SmartCard for GPG and SSH
This is a practical guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys.
An authentication key can also be created for SSH and used with gpg-agent.
Keys stored on a smartcard like YubiKey seem more difficult to steal than ones stored on disk, and are convenient for everyday use.
gpg  GnuPG  SSH  YubiKey  security 
october 2017 by aldolat
Using GPG and SSH keys (GnuPG 2.1) with a Smartcard (Yubikey 4) - Suva.sh's blog
The primary intention of this post is to document the research and the steps I’ve taken for my current ‘GPG & SSH keys on a smartcard’ setup, so that I can look it up for future reference and possible improvements. There are plenty of good articles around the same subject, but most of them are partly dated either regarding GnuPG versions, subkey separation or an older Yubikey.
gpg  GnuPG  SSH  YubiKey  security 
october 2017 by aldolat
Roombas will Spy on You
The company that sells the Roomba autonomous vacuum wants to sell the data about your home that it collects.
Roomba  IoT  security  privacy 
july 2017 by aldolat
Australia Considering New Law Weakening Encryption - Schneier on Security
Never mind that the law 1) would not achieve the desired results because all the smart "terrorists and drug traffickers and pedophile rings" will simply use a third-party encryption app, and 2) would make everyone else in Australia less secure. But that's all ground I've covered before.
security  encryption  Australia 
july 2017 by aldolat
Secure Salted Password Hashing - How to do it Properly
If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain why it's done the way it is.
password  hashing  cryptography  security 
july 2017 by aldolat
Why we still recommend Signal over WhatsApp ...even though they both use end-to-end encryption
WhatsApp's collaboration with Open Whisper Systems recently brought end-to-end encryption to the lives of a billion people around the world. (Open Whisper Systems develops Signal, an open source mobile messaging and VoIP app.) When WhatsApp integrated the encryption protocol developed for Signal, many of us began using end-to-end encryption without even realizing it.

Undoubtedly, this is an exciting and important development that will help protect the privacy of users all over the world. In this post, however, we would like to explain why we recommend Signal over WhatsApp, even though they both use the same protocol for end-to-end encryption.
WhatsApp  Signal  messaging  privacy  security 
july 2017 by aldolat
Famed Hacker Kevin Mitnick Shows You How to Go Invisible Online
If you’re like me, one of the first things you do in the morning is check your email. And, if you’re like me, you also wonder who else has read your email. That’s not a paranoid concern. If you use a web-based email service such as Gmail or Outlook 365, the answer is kind of obvious and frightening.
Mitnick  privacy  security  from pocket
july 2017 by aldolat
What the Repeal of Online Privacy Protections Means for You
Congress on Tuesday moved to dismantle online privacy rules created during the Obama era. The rules, which were scheduled to take effect this year, would have required internet providers to get permission before collecting and selling a customer’s online information, including browsing activities.
privacy  security  from pocket
july 2017 by aldolat
Nearly One Million Systems Provide "Guest" SMB Access, Most Are Linux
There are 2,306,820 devices connected to the Internet at the moment that feature open ports for SMB services, the same protocol that was used to infect hundreds of thousands of computers with the WannaCry ransomworm a month ago.
Linux  Samba  security  SMB  WannaCry  from pocket
july 2017 by aldolat
WikiLeaks rivela Cherry Blossom, il malware della Cia per compromettere i router
Sono operativi che conducono missioni in tutto il mondo con licenza di uccidere, supportati anche da cyber armi create nei loro laboratori, ma tra killer e nerd, sembrano avere anche slanci romantici, tanto da chiamare uno dei loro programmi Cherry Blossom, ovvero fior di ciliegio. Cherry Blossom, in realtà, di poetico e gentile ha ben poco: è un micidiale programma segreto messo a punto dalla Cia nel 2004, ma che è andato avanti almeno fino al 2012 e non è escluso che sia ancora in corso, considerato quanto longevo e ambizioso.
malware  router  security  WikiLeaks  from pocket
july 2017 by aldolat
7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely
A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines.
security  Samba 
may 2017 by aldolat
WannaCry Ransomware: Everything You Need To Know Immediately
The only positive thing about this attack is that — you are here — as after reading this easy-to-understandable awareness article, you would be so cautious that you can save yourself from WannaCry, as well as other similar cyber attacks in the future.
security  malware  ransomware 
may 2017 by aldolat
Wikileaks CIA Files - What this means for Internet security and encryption - ProtonMail Blog
Earlier today, Wikileaks dumped a large database of secret documents from the CIA in a released dubbed #Vault7. Here we do a deeper analysis of the leak and the broader implications on online security and encrypted services.
security  encryption  wikileaks  cia  leaks 
march 2017 by aldolat
"Proof Mode" for your Smartphone Camera
ProofMode is an app for your smartphone that adds data to the photos you take to prove that they are real and unaltered
photo  camera  proof  signature  security 
march 2017 by aldolat
TCnext - Site dedicated to the development of the next "truecrypt"
TrueCrypt.ch is the gathering place for all up-to-date information. Unfortunately TrueCrypt.org is dead. But, we (the pure-privacy people) will help organize a future.
TrueCrypt  security  cryptography 
february 2017 by aldolat
VeraCrypt - Home
VeraCrypt is a free disk encryption software brought to you by IDRIX and that is based on TrueCrypt 7.1a.
TrueCrypt  security  cryptography  VeraCrypt 
february 2017 by aldolat
TrueCrypt 7.1a Hashes
The SHA256, SHA1, and MD5 hashes of all TrueCrypt version 7.1a files.
TrueCrypt  security  cryptography 
february 2017 by aldolat
Guardian Project – People, Apps and Code You Can Trust
Guardian Project creates easy to use secure apps, open-source software libraries, and customized mobile devices that can be used around the world by any person looking to protect their communications and personal data from unjust intrusion, interception and monitoring.
privacy  security 
january 2017 by aldolat
Home | Me and my Shadow
Through your computer, mobile phone, and other digital devices, you leave behind hundreds of digital traces (also called data traces) every day: bits of information about you that are created, stored, and collected.  When your digital traces are put together to create stories about you or profiles of you, these become your digital shadows. These can give others huge insight into your life; and they can also be totally wrong. Either way, once they're out there, they are almost impossible to control....
privacy  security 
january 2017 by aldolat
security in-a-box | tools and tactics for digital security
Security in-a-Box is a guide to digital security for activists and human rights defenders throughout the world.
security  privacy  activism  human_rights  journalism  GnuPG  gpg 
january 2017 by aldolat
“Why I told my friends to stop using WhatsApp and Telegram”
Reading the above, you might think you are fine since WhatsApp, Facebook Messenger, and Google Allo also use the Signal Protocol. Well, you’re not.
security  messaging  WhatsApp  Telegram  Allo  Messenger  Signal 
january 2017 by aldolat
Moving to HTTPS on WordPress | CSS-Tricks
I just recently took CSS-Tricks "HTTPS everywhere". That is, every URL on this site enforces the HTTPS (SSL) protocol. Non-secure HTTP requests get redirected to HTTPS. Here's some notes on that journey.
security  Apache  SSL  server  TLS 
january 2017 by aldolat
An SQL Injection Attack Is a Legal Company Name in the UK - Schneier on Security
Someone just registered their company name as ; DROP TABLE "COMPANIES";-- LTD.
security 
january 2017 by aldolat
Should I escape translated strings in a WordPress plugin or theme? - James Collins
When writing a WordPress plugin recently, I wasn’t sure whether a translatable text/string is considered safe, or if it needs to escaped before being output.
security  WordPress  escape 
january 2017 by aldolat
WWW Malware Hides in Images - Schneier on Security
In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads.
security  malware  from instapaper
january 2017 by aldolat
Op-ed: Why I’m not giving up on PGP | Ars Technica
Every once in a while, a prominent member of the security community publishes an article about how horrible OpenPGP is. Matthew Green wrote one in 2014 and Moxie Marlinspike wrote one in 2015. The most recent was written by Filippo Valsorda, here on the pages of Ars Technica, which Matthew Green says "sums up the main reason I think PGP is so bad and dangerous."
In this article I want to respond to the points that Filippo raises. In short, Filippo is right about some of the details, but wrong about the big picture. For the record, I work on GnuPG, the most popular OpenPGP implementation.
security  OpenPGP  PGP 
january 2017 by aldolat
Op-ed: I’m throwing in the towel on PGP, and I work in security | Ars Technica
After years of wrestling with GnuPG with varying levels of enthusiasm, I came to the conclusion that it's just not worth it, and I'm giving up—at least on the concept of long-term PGP keys. This editorial is not about the gpg tool itself, or about tools at all. Many others have already written about that. It's about the long-term PGP key model—be it secured by Web of Trust, fingerprints or Trust on First Use—and how it failed me.
security  OpenPGP  PGP 
january 2017 by aldolat
Giving Up on PGP - Schneier on Security
Filippo Valsorda wrote an excellent essay on why he's giving up on PGP.
security  OpenPGP  PGP 
january 2017 by aldolat
Class Breaks
There's a concept from computer security known as a class break. It's a particular security vulnerability that breaks not just one system, but an entire class of systems. Examples might be a vulnerability in a particular operating system that allows an attacker to take remote control of every computer that runs on that system's software. Or a vulnerability in Internet-enabled digital video recorders and webcams that allow an attacker to recruit those devices into a massive botnet.
security  Internet  from instapaper
january 2017 by aldolat
Photocopier Security - Schneier on Security
A modern photocopier is basically a computer with a scanner and printer attached. This computer has a hard drive, and scans of images are regularly stored on that drive. This means that when a photocopier is thrown away, that hard drive is filled with pages that the machine copied over its lifetime. As you might expect, some of those pages will contain sensitive information.
security  hardware 
january 2017 by aldolat
WordPress Table Prefix: Changing It Does Nothing to Improve Security
Changing your WordPress table prefix is risky to implement and it does absolutely nothing to enhance your site security. In today’s post I’m going to explain what the original idea is behind this and why you should simply not do it.
WordPress  security  database  prefix 
december 2016 by aldolat
How Signal Is Evading Censorship - Schneier on Security
Signal, the encrypted messaging app I prefer, is being blocked in both Egypt and the UAE. Recently, the Signal team developed a workaround: domain fronting.
Signal  messaging  security  Google 
december 2016 by aldolat
Creating the perfect GPG keypair - Alex Cabal
You’d think that today, where laptops and world travel are commonplace, there’d be a little more information on how to secure a private key you have to travel with. But I could only find one resource: the Debian Wiki entry on subkeys. Fortunately it turns out this wiki page has exactly the solution we need.
OpenPGP  keypair  subkeys  GnuPG  security 
december 2016 by aldolat
Let's Encrypt
Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open.
ssl  encryption  security  certificate 
may 2015 by aldolat
VirusTotal - Free Online Virus, Malware and URL Scanner
VirusTotal è un servizio gratuito che analizza files sospetti e URLs e permette la rapida identificazione di virus, worm, trojan, e tutti i tipi di malware.
antivirus  scan  online  malware  tools  security  virus 
september 2014 by aldolat
NSA surveillance: how to stay secure | Bruce Schneier | World news | theguardian.com
The NSA has huge capabilities – and if it wants in to your computer, it's in. With that in mind, here are five ways to stay safe
nsa  surveillance  security  letture 
november 2013 by aldolat
Protection for WordPress Pingback Vulnerability : Perishable Press
If you know you aren’t using the XML-RPC functionality for anything, and would like to protect against any vulnerabilities, you can lock things down with a simple slice of .htaccess:
wordpress  security  pingbacks  letture 
january 2013 by aldolat
Data Sanitization and Validation With WordPress | Wptuts+
Proper security is critical to keeping your site or that of your theme or plug-in users safe. Part of that means appropriate data validation and sanitization. In this article we are going to look at why this is important, what needs to be done, and what functions WordPress provides to help.
wordpress  security  validation  sanitization  letture 
december 2012 by aldolat
WordPress 2-Step Verification plugin - WPMU.org
WordPress 2-Step Verification (WP2SV) is a fantastic new security plugin. (FYI: There’s another Google Authenticator plugin that allows app-specific passwords but doesn’t have email as a 2-factor authentication option, which I fancy.) It uses Google’s 2-step authentication (video describing the concept is below) for your WordPress logins.
plugin  security  authentication  wordpress 
august 2012 by aldolat
SuperGenPass: A Free Bookmarklet Password Generator
SuperGenPass is a different kind of password manager. Instead of storing your passwords on your hard disk or online—where they are vulnerable to theft and data loss—SuperGenPass uses a hash algorithm to transform a master password into unique, complex passwords for the Web sites you visit.
security  bookmarklet  generator  password 
april 2012 by aldolat
Schneier on Security: The Failure of Two-Factor Authentication
In 2005, I wrote an essay called "The Failure of Two-Factor Authentication," where I predicted that attackers would get around multi-factor authentication systems with tools that attack the transactions in real time: man-in-the-middle attacks and Trojan attacks against the client endpoint.
authentication  security  letture 
february 2012 by aldolat
« earlier      
per page:    204080120160

related tags

account  activism  Allo  antispam  antivirus  apache  attack  Australia  authentication  backup  bazaar  blackberry  blacklist  bookmarklet  bots  browser  bug  bzr  camera  cctv  certificate  cia  cloud  cloud-computing  code  comments  cryptography  database  development  diceware  disclorure  DNS  dropbox  ebook  elections  email  encryption  escape  execution  exploit  f2f  family  faq  filesharing  filesystem  Firefox  Firewall  firma  firma_digitale  fix  forensics  generator  Gmail  gnupg  google  googlebot  gpg  grep  hacking  hardware  hash  hashing  hijackthis  hotlinking  howto  htaccess  html  https  human_rights  identity  image  images  inclusion  internet  IoT  javascript  journalism  KDE  keypair  keys  keyserver  laptop  leaks  letture  linux  list  localhost  malware  messaging  Messenger  Mitnick  mobile  mysql  networking  nsa  online  OpenPGP  opensignature  opensource  p2p  password  passwords  pgp  PGP_Servers  pharma-hack  photo  php  pingbacks  Plasma  plugin  prefix  privacy  proof  protection  proxy  ransomware  RaspberryPi  recovery  reference  reset  resources  Roomba  router  rsa  salt  Samba  sanitization  scan  scanner  schneier  scrambling  screen  secure_communications  security  seo  server  sharing  Signal  signature  SMB  sniffer  social  software  spam  SSH  ssl  stallman  steganografia  steganography  stolen  storage  subkeys  surveillance  sync  sysadmin  Telegram  telephony  test  testing  text  theft  themes  tips  TLS  tools  tor  tracking  TrueCrypt  tutorials  TV  update  usb  useragents  utilities  validation  VeraCrypt  video  videosorveglianza  virus  voip  voting  vpn  vulnerability  WannaCry  web  webcam  webdev  webmaster  WhatsApp  wifi  wiki  wikileaks  wikipedia  windows  wordpress  worm  xss  youtube  YubiKey  zfone 

Copy this bookmark:



description:


tags: