Light up your house if fire alarm or outage. Prevent break-ins and intrusions by making home look lived-in. Source: Proactive Home Protection: Safety and Security
Let’s Encrypt has received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let’s Encrypt certificates can enjoy a secure browsing experience with no special configuration required. Source: Let’s Encrypt is Trusted Let’s Encrypt wants to Read more about Let’s Encrypt is Trusted by browsers[…]
Wifatch’s code does not ship any payloads used for malicious activities, such as carrying out DDoS attacks, in fact all the hardcoded routines seem to have been implemented in order to harden compromised devices. We’ve been monitoring Wifatch’s peer-to-peer network for a number of months and have yet to observe any malicious actions being carried Read more about WifiWatch virus infects poorly defended routers and then hardens them for you[…]
names, addresses, Social Security numbers, email addresses and other sensitive data were contained in the system accessed as well as encrypted passwords. Source: scottrade.com Don’t we just love huge databases?
Patreon is a funding site for artists and creators. 15 GB file hits dump sites Source: Patreon attackers drop data, expose users Because the source code was left outside the firewall, there is a chance that the encryption is vulnerable too.
The data included some personally identifiable information for approximately 15 million consumers in the US, including those who applied for T-Mobile USA postpaid services or device financing from September 1, 2013 through September 16, 2015, based on Experian’s investigation to date. This incident did not impact Experian’s consumer credit database Source: Experian Notifies Consumers In Read more about Experian hacked, loses 15m U.S. T-Mobile customer records, offerts 2 years of credit monitoring[…]
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG). ISRG is a California public benefit corporation, and is recognized by the IRS as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code. Source: Blog It will hopefully be live in about a month.
The strategy, known as predictive policing, combines elements of traditional policing, like increased attention to crime “hot spots” and close monitoring of recent parolees. But it often also uses other data, including information about friendships, social media activity and drug use, to identify “hot people” and aid the authorities in forecasting crime. Source: Police Program Read more about Minority Report Predictive Policing hits US[…]
Oh dear, it seems they have been stealing from the POS terminals between 21 april – 27 july 2015, from Hilton as well as Doubletree, Embassy Suites, Hampton, and Waldorf Astoria hotels. Source: Hilton hotels in credit-card-stealing malware infection scare
WASHINGTON — The number of people applying for or receiving security clearances whose fingerprint images were stolen in one of the worst U.S. government data breaches is now believed to be 5.6 million, not 1.1 million as first thought, the Office of Personnel Management announced Wednesday. The agency was the victim of what the U.S. Read more about 5.6m, not 1.1m fingerprint images of us gov security cleared people stolen[…]
The US Department of Justice (DoJ) said Bridges admitted to using a seized administrator account on Silk Road in order to lift Bitcoin from various accounts and deposit them into his own wallet. He then sold off the Bitcoin on the Mt Gox exchange between March and May of 2013 and came away with $820,000 Read more about Ex-Secret Service agent who siphoned almost $1m worth of Bitcoin from Silk Road takes plea deal[…]
It’s a good idea – you can easily share your WiFi keys with people in your contacts list. However, Microsoft keeps the keys encrypted (how?) on their own servers to do this. This is not a good idea, turning the MS cloud into a treasure trove of WiFi passwords and locations. Also, if you’re giving Read more about Windows 10 keeps your Wi-Fi keys on the MS Cloud[…]
DescriptionThe LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these password for the most commonly-used software. At this moment, it supports Read more about The LaZagnen – recover various passwords from within Windows[…]
Bishop Fox consultant Byrne and Trustwave testing chief Henderson say passwords Z66816 and 166816 – the 1 and Z being variations according to PoS keyboard layouts via Cash register maker used same password – 166816 – non-stop since 1990 • The Register.
The Wassenaar Arrangement, signed by 42 nations, can be implemented differently by each of these nations. Hackers are worried that exploits are controlled by these arms controls and will be punishable. Leaving 0-day exploits in the wild or unpublished is not good for IT security, as only the people who have them can use them Read more about Hackers fear arms control pact makes exporting flaws illegal[…]
Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). via Lynis – Security auditing tool for Unix/Linux systems.
Hint: Truecrypt, Tor, PGP, ZRTP Inside the NSA's War on Internet Security – SPIEGEL ONLINE.
“Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die,” said Michael Barrett, president of the FIDO Alliance. “FIDO Alliance pioneers can forever lay claim to ushering in the ‘post password’ era, which is already revealing new dimensions in Internet Read more about FIDO v1 out – broadly adopted passwordless authentication for (eventually) everything[…]
GlassWire displays your network activity on an easy to understand graph while searching for unusual Internet behavior that could indicate malware or violations of your privacy. Once unusual network activity is discovered you’re instantly alerted with detailed information so you can protect your computer, privacy, and data. via GlassWire Network Security Monitor & Firewall Tool.
Fact does not come from the grand leaps of discovery but rather from the small, careful steps of verification. That is the premise of the Open Source Security Testing Methodology Manual also known as the OSSTMM (pronounced as "awstem") It is a peer-reviewed manual of security testing and analysis which result in verified facts. These Read more about Open Source Security Testing Methodology Manual (OSSTMM)[…]
LibreSSL is backed by OpenBSD and will be prepped for other platforms later. Now they’re working through a complete rewrite as apparently OpenSSL is just too too messy. Read the story here:OpenSSL code beyond repair, claims creator of “LibreSSL” fork | Ars Technica. read the rage and the coding diffs here on OpenSSL Rampage
OpenSSL heartbeat PoC with STARTTLS support.. Also some exploiting tool called openmagic
Startup morphs website code against morphing malware, causing cries of anguish from attackers | VentureBeat | Security | by Barry Levine.
In the latest case, an employee from personal credit ratings firm Korea Credit Bureau KCB has been arrested and accused of stealing the data from customers of three credit card firms while working for them as a temporary consultant.Seoul’s financial regulators on Sunday confirmed the number of affected users as at least 20 million, in Read more about Bank data of 20 million customers leaked in South Korea[…]
Due to a DNS problem with onmicrosoft.com, the glue tying domain names to Microsoft cloud services logins, these services were down. Long live the cloud! http://www.theregister.co.uk/2013/11/14/office_365_cloudy_oopsie/