Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

New Snowden Doc Exposes How NSA's Facility in Australia Aids Drone Strikes

The Hacker News - 20 Srpen, 2017 - 19:10
The new documents leaked by former NSA contractor Edward Snowden has exposed a United States secretive facility located near a remote town in Australia's Northern Territory for covertly monitoring wireless communications and aiding US military missions. The leaked documents have come from the massive trove of classified material stolen by Snowden from the US National Security Agency (NSA) in
Kategorie: Hacking & Security

Smart Devices Can Be Hijacked to Track Your Body Movements And Activities Remotely

The Hacker News - 20 Srpen, 2017 - 12:17
If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly. One such experiment has recently been performed by a team of student hackers, demonstrating a new attack method to turn smart devices
Kategorie: Hacking & Security

Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket

Threatpost - 18 Srpen, 2017 - 19:55
Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket.
Kategorie: Hacking & Security

How likely is a ‘digital Pearl Harbor’ attack on critical infrastructure?

Sophos Naked Security - 18 Srpen, 2017 - 18:19
The metaphor might be hyperbole, but there's real concern about the potential for attacks, warn two experts

It’s Not Exactly Open Season on the iOS Secure Enclave

Threatpost - 18 Srpen, 2017 - 18:00
Despite yesterday's leak of the Apple iOS Secure Enclave decryption key, experts are urging calm over claims of an immediate threat to user data.
Kategorie: Hacking & Security

OWASP Top 10 #4: Broken Access Control

InfoSec Institute Resources - 18 Srpen, 2017 - 17:01

Recently, OWASP (the Open Web Application Security Project) announced an update of their “Ten Most Critical Web Application Security Risks.” OWASP is a nonprofit organization devoted to helping create a more secure internet and the list is considered an important benchmark. (The new 2017 list is currently in the comments phase.) This is one of […]

The post OWASP Top 10 #4: Broken Access Control appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Drone firm says it’s stepping up security after US army ban

Sophos Naked Security - 18 Srpen, 2017 - 16:36
DJI security patch should ease military fears - but throws up further issues for pilots

‘Pulse wave’ DDoS – another way of blasting sites offline

Sophos Naked Security - 18 Srpen, 2017 - 16:04
If there's one thing we've learned, it's that any new way of DDoSing will reveal that there are a huge number of undefended devices online

Threatpost News Wrap, August 18, 2017

Threatpost - 18 Srpen, 2017 - 15:30
Mike Mimoso and Tom Spring discuss this week's security news, including a discussion on recent hijacking of popular Chrome extensions and Adobe's decision to end-of-life Flash Player.
Kategorie: Hacking & Security

Secret chips in replacement parts can completely hijack your phone’s security

Ars Technica - 18 Srpen, 2017 - 14:27

Enlarge (credit: Omer Shwartz et al.)

People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.

The concern arises from research that shows how replacement screens—one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0—can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it.

The research, in a paper presented this week at the 2017 Usenix Workshop on Offensive Technologies, highlights an often overlooked disparity in smartphone security. The software drivers included in both the iOS and Android operating systems are closely guarded by the device manufacturers, and therefore exist within a "trust boundary." The factory-installed hardware that communicates with the drivers is similarly assumed to be trustworthy, as long as the manufacturer safeguards its supply chain. The security model breaks down as soon as a phone is serviced in a third-party repair shop, where there's no reliable way to certify replacement parts haven't been modified.

Read 6 remaining paragraphs | Comments

Kategorie: Hacking & Security

PHP Lab: Review the code and spot the vulnerability

InfoSec Institute Resources - 18 Srpen, 2017 - 14:00

Introduction and background An application has been developed in PHP, and the source code of the login page is given for source code review to ensure that no serious vulnerabilities are left in the application. Please note that the following setting is enabled in the php.ini file. register_globals = On The application can be accessed […]

The post PHP Lab: Review the code and spot the vulnerability appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Phone location privacy – for armed robber – headed to Supreme Court

Sophos Naked Security - 18 Srpen, 2017 - 13:59
Defending a convicted armed robber's right to privacy feels distasteful, but defending rights are important - as this case seeks to do

Blowing the Whistle on Bad Attribution

LinuxSecurity.com - 18 Srpen, 2017 - 13:15
LinuxSecurity.com: The New York Times this week published a fascinating story about a young programmer in Ukraine who'd turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. It's a good read, as long as you can ignore that the premise of the piece is completely wrong.
Kategorie: Hacking & Security

Seriál o ransomware na Lupa.cz

CSIRT.cz - 18 Srpen, 2017 - 10:07
Kategorie: Hacking & Security

Android Trojan Now Targets Non-Banking Apps that Require Card Payments

The Hacker News - 18 Srpen, 2017 - 09:56
The infamous mobile banking trojan that recently added ransomware features to steal sensitive data and lock user files at the same time has now been modified to steal credentials from Uber and other booking apps as well. Security researchers at Kaspersky Lab have discovered a new variant of the Android banking Trojan called Faketoken that now has capabilities to detect and record an infected
Kategorie: Hacking & Security

Hacker Publishes iOS Secure Enclave Firmware Decryption Key

Threatpost - 18 Srpen, 2017 - 02:32
A hacker identified only as xerub published the decryption key unlocking the iOS Secure Enclave Processor.
Kategorie: Hacking & Security

Steal iCloud Keychain Secrets via OTR

InfoSec Institute Resources - 17 Srpen, 2017 - 23:12

Apple iCloud Keychain In Mac OS 8.6, Apple introduced its Keychain password management system. Still integrated into every Mac OS release since then, Keychain provides a centralized storage for passwords, network shares, notes, certificates, credit card details and many other sensitive types of data. With the increasing popularity of both cloud applications and password managers […]

The post Steal iCloud Keychain Secrets via OTR appeared first on InfoSec Resources.

Kategorie: Hacking & Security
Syndikovat obsah