Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

PGA of America Struck By Ransomware

LinuxSecurity.com - 12 Srpen, 2018 - 11:23
LinuxSecurity.com: While golfing fans have been all about this week's PGA Championship, extortion-minded hackers were more focused on the PGA of America's computer servers.
Kategorie: Hacking & Security

#DEFCON DHS Says Collaboration Needed for Secure Infrastructure and Elections

LinuxSecurity.com - 12 Srpen, 2018 - 11:20
LinuxSecurity.com: Speaking at DEFCON 26 in Las Vegas on the subject of "Securing our Nation's Election Infrastructure", Jeanette Manfra, assistant secretary, Office of Cybersecurity and Communications from the Department of Homeland Security stressed the need for public and private sector collaboration.
Kategorie: Hacking & Security

#DEFCON Government Attacks and Surveillance Continue to Increase

LinuxSecurity.com - 12 Srpen, 2018 - 11:17
LinuxSecurity.com: Speaking at DEFCON to deliver research on "a comprehensive list of Nation-State Big Brothers," security researcher Eduardo Lzycki said that there had been an increased number of governments both censoring and shutting down online services, as well as acquiring cyber espionage and offensive tools.
Kategorie: Hacking & Security

Nová zbraň proti hackerům: obrovské množství chyb v softwaru

Zive.cz - bezpečnost - 12 Srpen, 2018 - 11:12
** Vědci vymysleli nový systém obrany proti hackerům ** Pomocí speciálního systému implementují do softwaru spoustu chyb ** Tyto chyby nejsou zneužitelné, což útočník zjistí až po čase
Kategorie: Hacking & Security

DEF CON 2018: Hacking Medical Protocols to Change Vital Signs

Threatpost - 12 Srpen, 2018 - 02:00
LAS VEGAS – In recent years there has been more attention paid to the security of medical devices; however, there has been little security research done on the unique protocols used by these devices. Many of the insulin pumps, heart monitors and other gadgets found in hospital rooms use aging protocol to communicate with nurses’ […]
Kategorie: Hacking & Security

DEF CON 2018: Telltale URLs Leak PII to Dozens of Third Parties

Threatpost - 11 Srpen, 2018 - 20:50
Analytics, advertising and other web scripts can capture information housed in user confirmations for flight bookings, food delivery, medical testing and more.
Kategorie: Hacking & Security

The Enigma of AI & Cybersecurity

LinuxSecurity.com - 11 Srpen, 2018 - 11:36
LinuxSecurity.com: We've only seen the beginning of what artificial intelligence can do for information security.
Kategorie: Hacking & Security

NSA Brings Nation-State Details to DEF CON

LinuxSecurity.com - 11 Srpen, 2018 - 11:33
LinuxSecurity.com: DEF CON 26 - Las Vegas - For a brief time on Friday morning, "Spot the Fed" was the easiest game to play at DEF CON. That's because the fed was standing on a stage, talking to thousands of attentive hackers and attendees here.
Kategorie: Hacking & Security

#DEFCON L0pht Reunite to Find Security Unimproved

LinuxSecurity.com - 11 Srpen, 2018 - 11:30
LinuxSecurity.com: Despite security coming a long way from warnings of the internet being able to be taken down in fewer than 30 minutes, it has "still got a long way to go."
Kategorie: Hacking & Security

Google Public DNS turns 8.8.8.8 years old

Google Security Blog - 11 Srpen, 2018 - 03:31
Posted by Alexander Dupuy, Software Engineer

Once upon a time, we launched Google Public DNS, which you might know by its iconic IP address, 8.8.8.8. (Sunday, August 12th, 2018, at 00:30 UTC marks eight years, eight months, eight days and eight hours since the announcement.) Though not as well-known as Google Search or Gmail, the four eights have had quite a journey—and some pretty amazing growth! Whether it’s travelers in India’s train stations or researchers on the remote Antarctic island Bouvetøya, hundreds of millions of people the world over rely on our free DNS service to turn domain names like wikipedia.org into IP addresses like 208.80.154.224.
Google Public DNS query growth and major feature launches
Today, it’s estimated that about 10% of internet users rely on 8.8.8.8, and it serves well over a trillion queries per day. But while we’re really proud of that growth, what really matters is whether it’s a valuable service for our users. Namely, has Google Public DNS made the internet faster for users? Does it safeguard their privacy? And does it help them get to internet sites more reliably and securely?

In other words, has 8.8.8.8 made DNS and the internet better as a whole? Here at Google, we think it has. On this numerological anniversary, let’s take a look at how Google Public DNS has realized those goals and what lies ahead.
Making the internet faster

From the start, a key goal of Google Public DNS was to make the internet faster. When we began the project in 2007, Google had already made it faster to search the web, but it could take a while to get to your destination. Back then, most DNS lookups used your ISP’s resolvers, and with small caches, they often had to make multiple DNS queries before they could return an address.

Google Public DNS resolvers’ DNS caches hold tens of billions of entries worldwide. And because hundreds of millions of clients use them every day, they usually return the address for your domain queries without extra lookups, connecting you to the internet that much faster.
DNS resolution process for example.org
Speeding up DNS responses is just one part of making the web faster—getting web content from servers closer to you can have an even bigger impact. Content Delivery Networks (CDNs) distribute large, delay-sensitive content like streaming videos to users around the world. CDNs use DNS to direct users to the nearest servers, and rely on GeoIP maps to determine the best location.

Everything’s good if your DNS query comes from an ISP resolver that is close to you, but what happens if the resolver is far away, as it is for researchers on Bouvetøya? In that case, the CDN directs you to a server near the DNS resolver—but not the one closest to you. In 2010, along with other DNS and CDN services, we proposed a solution that lets DNS resolvers send part of your IP address in their DNS queries, so CDN name servers can get your best possible GeoIP location (short of sending your entire IP address). By sending only the first three parts of users’ IP addresses (e.g. 192.0.2.x) in the EDNS Client Subnet (ECS) extension, CDNs can return the closest content while maintaining user privacy.

We continue to enhance ECS, (now published as RFC 7871), for example, by adding automatic detection of name server ECS support. And today, we’re happy to report, support for ECS is widespread among CDNs.

Safeguarding user privacy

From day one of our service, we’ve always been serious about user privacy. Like all Google services, we honor the general Google Privacy Policy, and are guided by Google’s Privacy Principles. In addition, Google Public DNS published a privacy practice statement about the information we collect and how it is used—and how it’s not used. These protect the privacy of your DNS queries once they arrive at Google, but they can still be seen (and potentially modified) en route to 8.8.8.8.

To address this weakness, we launched a public beta of DNS-over-HTTPS on April 1, 2016, embedding your DNS queries in the secure and private HTTPS protocol. Despite the launch date, this was not an April Fool’s joke, and in the following two years, it has grown dramatically, with millions of users and support by another major public DNS service. Today, we are working in the IETF and with other DNS operators and clients on the Internet Draft for DNS Queries over HTTPS specification, which we also support.

Securing the Domain Name System

We’ve always been very concerned with the integrity and security of the responses that Google Public DNS provides. From the start, we rejected the practice of hijacking nonexistent domain (NXDOMAIN) responses, working to provide users with accurate and honest DNS responses, even when attackers tried to corrupt them.

In 2008, Dan Kaminsky publicized a major security weakness in the DNS protocol that left most DNS resolvers vulnerable to spoofing that poisoned their DNS caches. When we launched 8.8.8.8 the following year, we not only used industry best practices to mitigate this vulnerability, but also developed an extensive set of additional protections.

While those protected our DNS service from most attackers, they can’t help in cases where an attacker can see our queries. Starting in 2010, the internet started to use DNSSEC security in earnest, making it possible to protect cryptographically signed domains against such man-in-the-middle and man-on-the-side attacks. In 2013, Google Public DNS became the first major public DNS resolver to implement DNSSEC validation for all its DNS queries, doubling the percentage of end users protected by DNSSEC from 3.3% to 8.1%.

In addition to protecting the integrity of DNS responses, Google Public DNS also works to block DNS denial of service attacks by rate limiting both our queries to name servers and reflection or amplification attacks that try to flood victims’ network connections.

Internet access for all

A big part of Google Public DNS’s tremendous growth comes from free public internet services. We make the internet faster for hundreds of these services, from free WiFi in San Francisco’s parks to LinkNYC internet kiosk hotspots and the Railtel partnership in India‘s train stations. In places like Africa and Southeast Asia, many ISPs also use 8.8.8.8 to resolve their users’ DNS queries. Providing free DNS resolution to anyone in the world, even to other companies, supports internet access worldwide as a part of Google’s Next Billion Users initiative.

APNIC Labs map of worldwide usage (Interactive Map)
Looking ahead


Today, Google Public DNS is the largest public DNS resolver. There are now about a dozen such services providing value-added features like content and malware filtering, and recent entrants Quad9 and Cloudflare also provide privacy for DNS queries over TLS or HTTPS.

But recent incidents that used BGP hijacking to attack DNS are concerning. Increasing the adoption and use of DNSSEC is an effective way to protect against such attacks and as the largest DNSSEC validating resolver, we hope we can influence things in that direction. We are also exploring how to improve the security of the path from resolvers to authoritative name servers—issues not currently addressed by other DNS standards.

In short, we continue to improve Google Public DNS both behind the scenes and in ways visible to users, adding features that users want from their DNS service. Stay tuned for some exciting Google Public DNS announcements in the near future!
Kategorie: Hacking & Security

How to Detect and Prevent Secure Document Phishing Attacks

InfoSec Institute Resources - 11 Srpen, 2018 - 02:14

Secure document phishing attacks are some of the latest in client endpoint exploits that have been plaguing the computing world. While these phishing attempts may fool the uninformed, by reading this article you will be better able to detect and prevent secure document phishing from effecting your Information Security environment. What is a Secure Document […]

The post How to Detect and Prevent Secure Document Phishing Attacks appeared first on InfoSec Resources.

How to Detect and Prevent Secure Document Phishing Attacks was first posted on August 10, 2018 at 7:14 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

WordPress Phishing Scams: What Every User Needs to Know

InfoSec Institute Resources - 11 Srpen, 2018 - 02:06

WordPress powers 30% of the web and is by far the largest content management system (CMS). It’s easy-to-use and has fans that range from regular users to developers. However, popularity breeds exposure. When users adopt a platform, that means there is an opportunity—opportunities for hackers. Because so many businesses and individuals use it, it’s very […]

The post WordPress Phishing Scams: What Every User Needs to Know appeared first on InfoSec Resources.

WordPress Phishing Scams: What Every User Needs to Know was first posted on August 10, 2018 at 7:06 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Security awareness, training, and education

InfoSec Institute Resources - 11 Srpen, 2018 - 01:59

Learning is a continuum: it starts with awareness, builds to training, and evolves into education. We can use the definitions provided by NIST for further clarity. Awareness – the ability of the user to recognize or avoid behaviors that would compromise cybersecurity Training – the action provided to a user in the acquisition of security […]

The post Security awareness, training, and education appeared first on InfoSec Resources.

Security awareness, training, and education was first posted on August 10, 2018 at 6:59 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to Detect and Prevent Direct Deposit Phishing Scams

InfoSec Institute Resources - 11 Srpen, 2018 - 01:49

The same digital revolution that’s ushered in an era of business innovation has been as much of a boon for the enterprising criminal set. Moreover, organizations know that this revolution has a price tag — data breaches are now part of doing business. Many organizations, of course, are becoming better at protecting their corporate networks […]

The post How to Detect and Prevent Direct Deposit Phishing Scams appeared first on InfoSec Resources.

How to Detect and Prevent Direct Deposit Phishing Scams was first posted on August 10, 2018 at 6:49 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to Prevent CEO Fraud – 10 Tips

InfoSec Institute Resources - 11 Srpen, 2018 - 01:40

CEO fraud scams are on the rise. They aren’t that different than other phishing emails, except most get it and think it’s from the boss. The FBI labels these type of attacks as BEC (Business Email Compromise) incidents and has issued statements about them. The FBI issued public advisories on the BEC scams, identifying a […]

The post How to Prevent CEO Fraud – 10 Tips appeared first on InfoSec Resources.

How to Prevent CEO Fraud – 10 Tips was first posted on August 10, 2018 at 6:40 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to Detect & Prevent Payroll Phishing Attacks

InfoSec Institute Resources - 11 Srpen, 2018 - 00:09

Tax season is always the favorite time of the year for adversaries aiming to gain access to payroll data, but this year phishing schemes have surfaced earlier and in greater quantity than usual. A couple of months ago, the personal and financial information of the city of Batavia’s personnel was compromised due to email phishing […]

The post How to Detect & Prevent Payroll Phishing Attacks appeared first on InfoSec Resources.

How to Detect & Prevent Payroll Phishing Attacks was first posted on August 10, 2018 at 5:09 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Jak nepřijít o soukromí na Facebooku: není třeba hned rušit účet

Zive.cz - bezpečnost - 11 Srpen, 2018 - 00:00
** Facebook se potýká s úniky dat uživatelů. ** Ty způsobily díry v aplikacích, které data získávají. ** Dávejte si pozor, komu dáváte přístup a co sdílíte.
Kategorie: Hacking & Security

Chris Valasek and Charlie Miller: How to Secure Autonomous Vehicles

Threatpost - 10 Srpen, 2018 - 23:03
Famous car hackers Chris Valasek and Charlie Miller returned to Black Hat to discuss how manufacturers can secure autonomous vehicles.
Kategorie: Hacking & Security

The Phishing Response Playbook

InfoSec Institute Resources - 10 Srpen, 2018 - 21:00

Introduction As we know, Phishing remains one of the most well-known forms of Cyber-attacks to date. Although this form of threat has been in existence for a long time, the Cyber attacker of today has become very stealthy in their approaches. There are different variants of a Phishing attack, but in general, it can be […]

The post The Phishing Response Playbook appeared first on InfoSec Resources.

The Phishing Response Playbook was first posted on August 10, 2018 at 2:00 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Anti-Phishing Training vs. Software: Does Security Awareness Training Work?

InfoSec Institute Resources - 10 Srpen, 2018 - 20:30

Due to the increasing advances in today’s technology, endpoint protection, and security software solutions are becoming even better at protecting your data. However, while this software is becoming more efficient, so are cyber attacker’s methods and abilities to phish for your data. Phishing occurs when a fraudulent email or other mediums such as social media […]

The post Anti-Phishing Training vs. Software: Does Security Awareness Training Work? appeared first on InfoSec Resources.

Anti-Phishing Training vs. Software: Does Security Awareness Training Work? was first posted on August 10, 2018 at 1:30 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security
Syndikovat obsah