Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Hacked Twitter account spits out poison – make sure yours isn’t next

Sophos Naked Security - 24 Květen, 2017 - 13:22
Salem State University was horrified when its account was taken over and used to spout racist venom - how could they have prevented it? We've got some advice

4 Reasons the Vulnerability Disclosure Process Stalls

LinuxSecurity.com - 24 Květen, 2017 - 12:17
LinuxSecurity.com: The relationship between a manufacturer or vendor and security researchers can be filled with tension and unease, and it's most often put to the test during the vulnerability disclosure process. Although their intentions are pure, researchers often feel they are being shut out of the process, while vendors may see disclosure deadlines as a threat from researchers looking to produce headlines.
Kategorie: Hacking & Security

Microsoft Unveils Special Version of Windows 10 For Chinese Government

The Hacker News - 24 Květen, 2017 - 11:43
China is very strict about censorship, which is why the country has become very paranoid when it comes to adopting foreign technologies. The country banned Microsoft's Windows operating system on government computers in 2014 amid concerns about security and US surveillance. Even in the wake of that, China had been pushing its custom version of Windows XP and its forked version of Ubuntu
Kategorie: Hacking & Security

It's Insanely Easy to Bypass Samsung Galaxy S8 Iris Scanner with a Photo

The Hacker News - 24 Květen, 2017 - 09:34
Samsung recently launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, with both Facial and IRIS Recognition features, making it easier for users to unlock their smartphone and signing into websites. We already knew that the Galaxy S8's facial unlock feature could be easily fooled with just a simple photograph of the device owner, but now hackers have also discovered a
Kategorie: Hacking & Security

Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution

Threatpost - 23 Květen, 2017 - 23:33
Attackers can remotely execute code on targeted systems via specially crafted subtitle files for videos.
Kategorie: Hacking & Security

Breaking the iris scanner locking Samsung’s Galaxy S8 is laughably easy

Ars Technica - 23 Květen, 2017 - 23:10

Enlarge (credit: Chaos Computer Club)

Hackers have broken the iris-based authentication in Samsung's Galaxy S8 smartphone in an easy-to-execute attack that's at odds with the manufacturer's claim that the mechanism is "one of the safest ways to keep your phone locked."

The cost of the hack is less than the $725 price for an unlocked Galaxy S8 phone, hackers with the Chaos Computer Club in Germany said Tuesday. All that was required was a digital camera, a laser printer (ironically, models made by Samsung provided the best results), and a contact lens. The hack required taking a picture of the subject's face, printing it on paper, superimposing the contact lens, and holding the image in front of the locked Galaxy S8. The photo need not be a close up, although using night-shot mode or removing the infrared filter helps. The hackers provided a video demonstration of the bypass.

Starbug, the moniker used by one of the principal researchers behind the hack, told Ars he singled out the Samsung Galaxy S8 because it's among the first flagship phones to offer iris recognition as an alternative to passwords and PINs. He said he suspects future mobile devices that offer iris recognition may be equally easy to hack. Despite the ease, both Samsung and Princeton Identity, the manufacturer of the iris-recognition technology used in the Galaxy S8, say iris recognition provides "airtight security" that allows consumers to "finally trust that their phones are protected." Princeton Identity also said the Samsung partnership "brings us one step closer to making iris recognition the standard for user authentication."

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Google Elevates Security in Android O

Threatpost - 23 Květen, 2017 - 22:13
Android O, due in the third quarter, figures to elevate the security of the mobile OS with new features focused on improved third-party patching, a new permission model and hardening of existing features.
Kategorie: Hacking & Security

Beware! Subtitle Files Can Hack Your Computer While You're Enjoying Movies

The Hacker News - 23 Květen, 2017 - 21:54
Do you watch movies with subtitles? Just last night, I wanted to watch a French movie, so I searched for English subtitles and downloaded it to my computer. Though that film was excellent, this morning a new research from Checkpoint scared me. I was unaware that a little subtitle file could hand over full control of my computer to hackers, while I was enjoying the movie. Yes, you heard
Kategorie: Hacking & Security

Examining the FCC claim that DDoS attacks hit net neutrality comment system

Ars Technica - 23 Květen, 2017 - 21:00

Enlarge (credit: Getty Images | Valery Brozhinsky)

On May 8, when the Federal Communications Commission website failed and many people were prevented from submitting comments about net neutrality, the cause seemed obvious. Comedian John Oliver had just aired a segment blasting FCC Chairman Ajit Pai's plan to gut net neutrality rules, and it appeared that the site just couldn't handle the sudden influx of comments.

But when the FCC released a statement explaining the website's downtime, the commission didn't mention the Oliver show or people submitting comments opposing Pai's plan. Instead, the FCC attributed the downtime solely to "multiple distributed denial-of-service attacks (DDoS)." These were "deliberate attempts by external actors to bombard the FCC's comment system with a high amount of traffic to our commercial cloud host," performed by "actors" who "were not attempting to file comments themselves; rather, they made it difficult for legitimate commenters to access and file with the FCC."

The FCC has faced skepticism from net neutrality activists who doubt the website was hit with multiple DDoS attacks at the same time that many new commenters were trying to protest the plan to eliminate the current net neutrality rules. Besides the large influx of legitimate comments, what appeared to be spam bots flooded the FCC with identical comments attributed to people whose names were drawn from data breaches, which is another possible cause of downtime. There are now more than 2.5 million comments on Pai's plan. The FCC is taking comments until August 16 and will make a final decision some time after that.

Read 37 remaining paragraphs | Comments

Kategorie: Hacking & Security

Yahoo Retires ImageMagick After Bugs Leak Server Memory

Threatpost - 23 Květen, 2017 - 20:00
Researcher Chris Evans reported a new bug and showed how also used a previously known flaw in ImageMagick to leak Yahoo server data and steal images and authentication secrets.
Kategorie: Hacking & Security

Apple Receives First National Security Letter, Reports Spike in Requests for Data

Threatpost - 23 Květen, 2017 - 19:06
Apple revealed this week that it received at least one National Security Letter from the U.S. government for user data during the last six months of 2016
Kategorie: Hacking & Security

Cyber Crime Gang Arrested for Infecting Over 1 Million Phones with Banking Trojan

The Hacker News - 23 Květen, 2017 - 17:35
The Russian Interior Ministry announced on Monday the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called "CronBot." Russian Interior Ministry representative Rina Wolf said the arrests were part of a joint effort with Russian IT security firm Group-IB that
Kategorie: Hacking & Security

Digital watermark leads police straight to Bollywood pirates

Sophos Naked Security - 23 Květen, 2017 - 16:49
Digital signing led police to the would-be extortionists - a welcome turnaround for the movie industry after a run of thefts

Man jailed for stealing images and details from more than 50 women

Sophos Naked Security - 23 Květen, 2017 - 14:40
When someone like this is caught and jailed it's a sobering reminder to check our own digital footprint - here are some tips to help you secure your information

Statisíce počítačů jsou stále zavirované. Napravit to má WannaKey

Novinky.cz - bezpečnost - 23 Květen, 2017 - 14:02
Šíření škodlivého kódu WannaCry se sice podařilo zastavit, tento nezvaný návštěvník však přesto zvládl za pouhých pár hodin nakazit na 300 000 počítačů v různých koutech světa. A drtivá z nich bohužel zůstává stále uzamčena. Bezpečnostní experti se to nyní budou snažit napravit pomocí nástroje zvaného WannaKey.
Kategorie: Hacking & Security

Super Mario CTF Walkthrough

InfoSec Institute Resources - 23 Květen, 2017 - 14:00

Super Mario is an intermediate level Boot2root CTF. We hosted the VM in the virtual box and ran Nmap scan on the target. We noticed Nginx server is running on port 8180 and we opened it from the browser. Fired directory buster for finding internal files. We got two directories from dirbuster, and we opened […]

The post Super Mario CTF Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Jailbreaking Your Smartphone

InfoSec Institute Resources - 23 Květen, 2017 - 14:00

Introduction and Overview of the Last Article Our last few articles (specifically, the last four) have critically examined the Security threats and vulnerabilities that are posed to Smartphone devices today. We are often led to believe that we will be safe using our Smartphone devices because the mindset of not only the individual but also […]

The post Jailbreaking Your Smartphone appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Sn1per - Penetration Testing Automation Scanner

LinuxSecurity.com - 23 Květen, 2017 - 12:45
LinuxSecurity.com: Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Kategorie: Hacking & Security

Hackers Unlock Samsung Galaxy S8 With Fake Iris

LinuxSecurity.com - 23 Květen, 2017 - 12:40
LinuxSecurity.com: Biometric locks for phones are just getting more and more elaborate. Not content with fingerprints, some devices now offer facial recognition tech for accessing a device, and in the Samsung Galaxy S8's case, an iris scanner too.
Kategorie: Hacking & Security
Syndikovat obsah