Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.
Enlarge / An LG Nexus 5 at the moment it is rooted using Rowhammer-induced bit flips. (credit: van der Veen et al.)
Researchers have devised an attack that gains unfettered "root" access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips.
The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.
Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren't reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. But the new proof-of-concept attack developed by an international team of academic researchers is challenging those assumptions.
Read 19 remaining paragraphs | Comments
Podvodník osloví klienta z profilu některého z jeho přátel s tím, že má problém s telefonem. Následně klienta požádá, jestli si může nechat poslat autorizační SMS na jeho telefon s tím, aby mu ji klient pak přeposlal. Tato SMS však ve skutečnosti patří klientovi a jejím přeposláním umožní podvodníkovi autorizovat platby ze svého vlastního účtu.
Za přísného utajení začíná vznikat na ministerstvu obrany tým vojenských zpravodajců, který bude mít na starosti kybernetickou obranu Česka. Obrana začala už intenzivně hledat počítačové odborníky, kteří budou schopni nejen ochránit důležité informační sítě a databáze, ale budou i v případě ohrožení umět jako hackeři zaútočit na nepřátelské počítače.
Ten percent of the 550,000 IoT nodes in the Mirai botnet are involved in ongoing DDoS attacks against DNS provider Dyn and others.
UPDATE — How an army of million of hacked Internet-connected smart devices almost broke the Internet today.
Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one such attacks that cause a massive damage to any service.
Recently, the Internet witnessed a record-breaking largest DDoS attack of over 1 Tbps against
A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.
But how the attack happened? What's the cause behind the attack?
Exact details of the attack remain
Velká porota kalifornského federálního soudu obvinila Rusa zadrženého tento měsíc v České republice z toho, že napadl počítače patřící firmám LinkedIn, Dropbox a Formspring. Podle agentury Reuters to oznámilo americké ministerstvo spravedlnosti.
Our new IoT overlords have arrived. (credit: peyri)
The distributed denial of service attacks against dynamic domain name service provider Dyn this morning have now resurged. The attacks have caused outages at services across the Internet.
But this second wave of attacks appears to be affecting even more providers. According to Dale Drew, the chief security officer at Level 3 Communications, the attack is at least in part being mounted from a "botnet" of Internet-of-Things (IoT) devices.
Drew explained the attack in a Periscope briefing this afternoon. "We're seeing attacks coming from a number of different locations," Drew said. "An Internet of Things botnet called Mirai that we identified is also involved in the attack."
Read 9 remaining paragraphs | Comments
Martin Thomson, a Principle Engineer at Mozilla confirmed TLS 1.3 will be turned on by default in Firefox 52.
Od dnešní patnácté hodiny se potýkají velké i menší webové služby s rozsáhlými výpadky. Mimo provoz se ocitnul Twitter, Spotify, Reddit, Soundcloud a další. Důvodem je DDoS útok na servery společnosti Dyn , tedy poskytovatele DNS. Twitter a Spotify - největší oběti dnešního útoku Na jeho webu sice ...
No sooner had we written about long-lived Linux kernel bugs...and along comes an 11-year-old vulnerability that's easy to exploit.
One hacker is claiming to have stolen a database of 73 million users: a whole lot of details for a whole lot of people who'd rather keep that bedroom door closed.
A privilege escalation vulnerability, nicknamed Dirty Cow and present in Linux since 2007, has been used in public attacks against web-facing Linux servers.
The dangers of Skyping and typing, the fingerprint warrant story, hiding credit card numbers in images, and more are discussed.
That estimate, based on criminal activity and losses reported to Action Fraud, represents an average of £210 for every UK resident age 16 and up.
DNS providers Dyn suffered a DDoS attack this morning that affected many of its major customers including Twitter, Spotify, Github and others. Services have been restored as of 9:36 a.m. today.
(credit: Jürgen Telkmann)
Update (12:04p ET): A second wave of DDoS attacks against Dyn is underway, as of noon Eastern Time today. Dyn is continuing to work on the issue. Our original story follows below; further updates will be added as information becomes available.
A distributed denial of service attack against Dyn, the dynamic DNS service, affected the availability of dozens of major websites and Internet services this morning, including Twitter and Reddit. The attack, which began this morning at 7:10am Eastern Time (12:10pm UK), is apparently focused on Dyn’s US East Coast name servers.
“This morning, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States,” Doug Madory, Director of Internet Analysis at Dyn, said in an e-mail sent to Ars this morning. “DNS traffic resolved from east coast name server locations are experiencing a service interruption during this time.” By 9:20am ET this morning, Dyn had mitigated the attack and services returned to normal.
Read 5 remaining paragraphs | Comments
You’ve probably been warned about the risks of trusting emails from people you don’t know, but what about emails from your friends, colleagues, long-standing doctor or smart-suited solicitor?
Hned několik velkých světových serverů se v pátek stalo terčem masivního útoku typu DDoS. Kyberzločinci začali webové stránky přetěžovat krátce po 12. hodině středoevropského času. Útok podle serveru Tech Crunch trval několik hodin.
Overview Google Hacking is a term that encapsulates a wide range of techniques for querying Google to reveal vulnerable Web applications and sometimes to pinpoint vulnerabilities within specific web applications. Besides revealing flaws in web applications, Google Hacking allows you to find sensitive data, useful for the Reconnaissance stage of an attack, such as emails […]