Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Avast nám změřil počítače a zjistil, které programy používáme nejčastěji

Zive.cz - bezpečnost - 26 Březen, 2017 - 19:00
Zdaleka nejrozšířenějšími programy na počítači jsou vedle operačního systému webové prohlížeče, Flash Player a pak také antivirové programy. Autor jednoho z těch největších, Avast, toho využil a změřil své uživatele. [ArticleBox ORIGINÁL Přední ex-vývojář Mozilly: Odinstalujte antivirové programy, ...
Kategorie: Hacking & Security

Hackeři napadli prezidentův počítač, nahráli mu tam dětské porno

Novinky.cz - bezpečnost - 26 Březen, 2017 - 18:09
Počítač prezidenta Miloše Zemana na zámku v Lánech se před rokem stal terčem hackerů. Nahráli do něj fotografie dětského porna. Hackerský útok potvrdil v nedělním pořadu Pressklub rádia Frekvence 1 sám Zeman.
Kategorie: Hacking & Security

Fraudsters Using GiftGhostBot Botnet to Steal Gift Card Balances

The Hacker News - 25 Březen, 2017 - 16:05
Gift cards have once again caused quite a headache for retailers, as cyber criminals are using a botnet to break into and steal cash from money-loaded gift cards provided by major retailers around the globe. Dubbed GiftGhostBot, the new botnet specialized in gift card fraud is an advanced persistent bot (APB) that has been spotted in the wild by cyber security firm Distil Networks.
Kategorie: Hacking & Security

Experts Doubt Hackers’ Claim Of Millions Of Breached Apple Credentials

Threatpost - 25 Březen, 2017 - 14:00
Security experts say they are skeptical that a group called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials.
Kategorie: Hacking & Security

Nebuďte jako Emma Watson. Poradíme, jak nepřijít o hanbaté fotky

Zive.cz - bezpečnost - 25 Březen, 2017 - 09:02
** Pokud už choulostivé snímky vyfotíte, dbejte na jejich zabezpečení ** Útočníci je nejčastěji získají z cloudového úložiště ** Pozor si dejte i na phishing a řádné zabezpečení telefonu
Kategorie: Hacking & Security

Reassuring our users about government-backed attack warnings

Google Security Blog - 25 Březen, 2017 - 00:58
Posted by Shane Huntley, Google Threat Analysis Group

Since 2012, we’ve warned our users if we believe their Google accounts are being targeted by government-backed attackers.

We send these out of an abundance of caution — the notice does not necessarily mean that the account has been compromised or that there is a widespread attack. Rather, the notice reflects our assessment that a government-backed attacker has likely attempted to access the user’s account or computer through phishing or malware, for example. You can read more about these warnings here.
In order to secure some of the details of our detection, we often send a batch of warnings to groups of at-risk users at the same time, and not necessarily in real-time. Additionally, we never indicate which government-backed attackers we think are responsible for the attempts; different users may be targeted by different attackers.

Security has always been a top priority for us. Robust, automated protections help prevent scammers from signing into your Google account, GMail always uses an encrypted connection when you receive or send email, we filter more than 99.9% of spam — a common source of phishing messages — from GMail, and we show users when messages are from an unverified or unencrypted source.

An extremely small fraction of users will ever see one of these warnings, but if you receive this warning from us, it's important to take action on it. You can always take a two-minute Security Checkup, and for maximum protection from phishing, enable two-step verification with a Security Key.
Kategorie: Hacking & Security

Privacy Advocates Vow to Fight Rollback of Broadband Privacy Rules

Threatpost - 24 Březen, 2017 - 19:59
Privacy activists say rolling-back ISP privacy rules means health, financial and browsing habits can be used, shared and sold to the highest bidder without consent.
Kategorie: Hacking & Security

Instagram Adds Two-Factor Authentication

Threatpost - 24 Březen, 2017 - 19:46
Instagram became the latest in a long line of services over the years to offer users two-factor authentication.
Kategorie: Hacking & Security

Prosecutors access data from locked phones of 100 Trump protesters

Sophos Naked Security - 24 Březen, 2017 - 19:32
Personal data from protesters' devices including photographs will be available to all the defendants' lawyers via a cloud portal

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates

The Hacker News - 24 Březen, 2017 - 17:50
Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation (EV) certificates over the past few years. The Extended Validation (EV) status of all certificates issued by Symantec-owned certificate authorities will no longer be recognized by the Chrome browser for at least a year until
Kategorie: Hacking & Security

Latest WikiLeaks dump shows CIA targeting Apple earlier than others

Sophos Naked Security - 24 Březen, 2017 - 17:36
Focusing on Macs makes sense, say experts: 'many high-value targets love to use Macs'

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated]

Ars Technica - 24 Březen, 2017 - 17:22

Enlarge (credit: Nyttend)

In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have allegedly mis-issued more than 30,000 certificates.

Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site's authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.

More gradually, Google plans to update Chrome to effectively nullify all currently valid certificates issued by Symantec-owned CAs. With Symantec certificates representing more than 30 percent of the Internet's valid certificates by volume in 2015, the move has the potential to prevent millions of Chrome users from being able to access large numbers of sites. What's more, Sleevi cited Firefox data that showed Symantec-issued certificates are responsible for 42 percent of all certificate validations. To minimize the chances of disruption, Chrome will stagger the mass nullification in a way that requires they be replaced over time. To do this, Chrome will gradually decrease the "maximum age" of Symantec-issued certificates over a series of releases. Chrome 59 will limit the expiration to no more than 33 months after they were issued. By Chrome 64, validity would be limited to nine months.

Read 10 remaining paragraphs | Comments

Kategorie: Hacking & Security

Threatpost News Wrap, March 27, 2017

Threatpost - 24 Březen, 2017 - 16:45
The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.
Kategorie: Hacking & Security

Still running Windows Vista? Here’s a wake-up call for you

Sophos Naked Security - 24 Březen, 2017 - 16:25
Microsoft is finally ending its extended support for Windows Vista, which means no more security patches or other updates. If you're one of the hold-outs, it's time to act

Adware Apps Booted from Google Play

Threatpost - 24 Březen, 2017 - 15:37
More than a dozen apps removed from Google Play store after it was determined they were overly aggressive adware.
Kategorie: Hacking & Security

Man charged with $100m ‘whaling’ attack on two US tech giants

Sophos Naked Security - 24 Březen, 2017 - 14:05
Victims of whaling attack not named, but it's not the first time a big multinational has been targeted, and it won't be the last

Launching Shellcode from Cat Pictures

InfoSec Institute Resources - 24 Březen, 2017 - 14:00

We all know the internet loves cats! I was thinking of how we can combine cats and malware. Then, it struck me! I occasionally see a particular method of code execution which includes some executable file and an image. Usually, I will see that the program will download the image file and then convert it […]

The post Launching Shellcode from Cat Pictures appeared first on InfoSec Resources.

Kategorie: Hacking & Security

MASSCAN – Scan the Internet in minutes

InfoSec Institute Resources - 24 Březen, 2017 - 14:00

Scanning is a really important part of any penetration testing. It gives us more information about our target which leads to narrowing the scope of the attack. I am sure most of us are familiar with Nmap, the most famous port scanner available. Masscan produces the same results as Nmap and in a much faster […]

The post MASSCAN – Scan the Internet in minutes appeared first on InfoSec Resources.

Kategorie: Hacking & Security
Syndikovat obsah