je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.


Reassuring our users about government-backed attack warnings

Google Security Blog - 24 Březen, 2017 - 23:58
Posted by Shane Huntley, Google Threat Analysis Group

Since 2012, we’ve warned our users if we believe their Google accounts are being targeted by government-backed attackers.

We send these out of an abundance of caution — the notice does not necessarily mean that the account has been compromised or that there is a widespread attack. Rather, the notice reflects our assessment that a government-backed attacker has likely attempted to access the user’s account or computer through phishing or malware, for example. You can read more about these warnings here.
In order to secure some of the details of our detection, we often send a batch of warnings to groups of at-risk users at the same time, and not necessarily in real-time. Additionally, we never indicate which government-backed attackers we think are responsible for the attempts; different users may be targeted by different attackers.

Security has always been a top priority for us. Robust, automated protections help prevent scammers from signing into your Google account, GMail always uses an encrypted connection when you receive or send email, we filter more than 99.9% of spam — a common source of phishing messages — from GMail, and we show users when messages are from an unverified or unencrypted source.

An extremely small fraction of users will ever see one of these warnings, but if you receive this warning from us, it's important to take action on it. You can always take a two-minute Security Checkup, and for maximum protection from phishing, enable two-step verification with a Security Key.
Kategorie: Hacking & Security

Privacy Advocates Vow to Fight Rollback of Broadband Privacy Rules

Threatpost - 24 Březen, 2017 - 18:59
Privacy activists say rolling-back ISP privacy rules means health, financial and browsing habits can be used, shared and sold to the highest bidder without consent.
Kategorie: Hacking & Security

Instagram Adds Two-Factor Authentication

Threatpost - 24 Březen, 2017 - 18:46
Instagram became the latest in a long line of services over the years to offer users two-factor authentication.
Kategorie: Hacking & Security

Prosecutors access data from locked phones of 100 Trump protesters

Sophos Naked Security - 24 Březen, 2017 - 18:32
Personal data from protesters' devices including photographs will be available to all the defendants' lawyers via a cloud portal

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates

The Hacker News - 24 Březen, 2017 - 16:50
Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation (EV) certificates over the past few years. The Extended Validation (EV) status of all certificates issued by Symantec-owned certificate authorities will no longer be recognized by the Chrome browser for at least a year until
Kategorie: Hacking & Security

Latest WikiLeaks dump shows CIA targeting Apple earlier than others

Sophos Naked Security - 24 Březen, 2017 - 16:36
Focusing on Macs makes sense, say experts: 'many high-value targets love to use Macs'

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated]

Ars Technica - 24 Březen, 2017 - 16:22

Enlarge (credit: Nyttend)

In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have allegedly mis-issued more than 30,000 certificates.

Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site's authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.

More gradually, Google plans to update Chrome to effectively nullify all currently valid certificates issued by Symantec-owned CAs. With Symantec certificates representing more than 30 percent of the Internet's valid certificates by volume in 2015, the move has the potential to prevent millions of Chrome users from being able to access large numbers of sites. What's more, Sleevi cited Firefox data that showed Symantec-issued certificates are responsible for 42 percent of all certificate validations. To minimize the chances of disruption, Chrome will stagger the mass nullification in a way that requires they be replaced over time. To do this, Chrome will gradually decrease the "maximum age" of Symantec-issued certificates over a series of releases. Chrome 59 will limit the expiration to no more than 33 months after they were issued. By Chrome 64, validity would be limited to nine months.

Read 10 remaining paragraphs | Comments

Kategorie: Hacking & Security

Threatpost News Wrap, March 27, 2017

Threatpost - 24 Březen, 2017 - 15:45
The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.
Kategorie: Hacking & Security

Still running Windows Vista? Here’s a wake-up call for you

Sophos Naked Security - 24 Březen, 2017 - 15:25
Microsoft is finally ending its extended support for Windows Vista, which means no more security patches or other updates. If you're one of the hold-outs, it's time to act

Adware Apps Booted from Google Play

Threatpost - 24 Březen, 2017 - 14:37
More than a dozen apps removed from Google Play store after it was determined they were overly aggressive adware.
Kategorie: Hacking & Security

Man charged with $100m ‘whaling’ attack on two US tech giants

Sophos Naked Security - 24 Březen, 2017 - 13:05
Victims of whaling attack not named, but it's not the first time a big multinational has been targeted, and it won't be the last

Launching Shellcode from Cat Pictures

InfoSec Institute Resources - 24 Březen, 2017 - 13:00

We all know the internet loves cats! I was thinking of how we can combine cats and malware. Then, it struck me! I occasionally see a particular method of code execution which includes some executable file and an image. Usually, I will see that the program will download the image file and then convert it […]

The post Launching Shellcode from Cat Pictures appeared first on InfoSec Resources.

Kategorie: Hacking & Security

MASSCAN – Scan the Internet in minutes

InfoSec Institute Resources - 24 Březen, 2017 - 13:00

Scanning is a really important part of any penetration testing. It gives us more information about our target which leads to narrowing the scope of the attack. I am sure most of us are familiar with Nmap, the most famous port scanner available. Masscan produces the same results as Nmap and in a much faster […]

The post MASSCAN – Scan the Internet in minutes appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Spock will unlock Kirk ransomware – after you beam up a bunch of Monero

Sophos Naked Security - 24 Březen, 2017 - 12:13
It's ransomware, Jim, but not as we know it

Zaplaťte, nebo smažeme data miliónů uživatelů. Hackeři vyhrožují Applu - bezpečnost - 24 Březen, 2017 - 11:11
Velmi nepříjemnou situaci musí nyní řešit bezpečnostní experti společnosti Apple. Hackerům se totiž podařilo údajně dostat k údajům stovek miliónů uživatelů služby iCloud. Nyní tak americkému počítačovému gigantu vyhrožují, že pokud nezaplatí výkupné, smažou všechna data uložená uživateli a tím nevratně poškodí i pověst podniku s logem nakousnutého jablka.
Kategorie: Hacking & Security

Google proposes sending Symantec to TLS sin bin - 24 Březen, 2017 - 11:05 Google has announced plans to reduce the trust in Symantec TLS certificates until a point is reached in early 2018 where Chrome 64 will only trust certificates issued for 279 days or less from the security giant and its subsidiaries.
Kategorie: Hacking & Security

FBI director floats international framework on access to encrypted data - 24 Březen, 2017 - 11:03 FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.
Kategorie: Hacking & Security

Další várka úniků ze CIA: „Temná hmota“ a „sonický šroubovák“ jsou postrachem jablíčkářů - bezpečnost - 24 Březen, 2017 - 11:00
** Po dvou týdnech je tu další várka uniklých dokumentů ** Tato nepotěší majitele macbooků ** CIA má celý balík nástrojů na jejich odposlech
Kategorie: Hacking & Security
Syndikovat obsah