Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Google Play Bounty Promises $1,000 Rewards for Flaws in Popular Apps

Threatpost - 1 min 23 sek zpět
Google announced a public bug bounty for Google Play that brings developers and researchers together to find and patch flaws in popular apps.
Kategorie: Hacking & Security

Introducing the Google Play Security Reward Program

Google Security Blog - 1 hodina 14 min zpět
Posted by Renu Chaudhary, Android Security and Rahul Mishra, Program Manager

We have long enjoyed a close relationship with the security research community. To recognize the valuable external contributions that help us keep our users safe online, we maintain reward programs for Google-developed websites and apps, for Chrome and Chrome OS, and for the latest version of Android running on Pixel devices. These programs have been a success and helped uncover hundreds of vulnerabilities, while also paying out millions of dollars to participating security researchers and research teams.

Today, we’re introducing the Google Play Security Reward Program to incentivize security research into popular Android apps available on Google Play. Through our collaboration with independent bug bounty platform, HackerOne, we’ll enable security researchers to submit an eligible vulnerability to participating developers, who are listed in the program rules. After the vulnerability is addressed, the eligible researcher submits a report to the Play Security Reward Program to receive a monetary reward from Google Play.

With the ongoing success of our other reward programs, we invite developers and the research community to work together with us on proactively improving the security of some of the most popular Android apps on Google Play.

The program is limited to a select number of developers at this time to get initial feedback. Developers can contact their Google Play partner manager to show interest. All developers will benefit when bugs are discovered because we will scan all apps for them and deliver security recommendations to the developers of any affected apps. For more information, visit the Play Security Reward Program on HackerOne.
Kategorie: Hacking & Security

Google Play Store Launches Bug Bounty Program to Protect Popular Android Apps

The Hacker News - 1 hodina 38 min zpět
Better late than never. Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps. Dubbed "Google Play Security Reward," the bug bounty program offers security researchers to work directly with Android app developers to find and fix vulnerabilities in their
Kategorie: Hacking & Security

Hackers Take Aim at SSH Keys in New Attacks

Threatpost - 1 hodina 1 min zpět
SSH private keys are being targeted by hackers who have stepped up the scanning of thousands of WordPress website in search of private keys.
Kategorie: Hacking & Security

IRS chief: assume your identity has been stolen

Sophos Naked Security - 2 hodiny 19 min zpět
American's should “assume their data is already in the hands of criminals and ‘act accordingly.’”

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

The Hacker News - 3 hodiny 24 min zpět
Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme
Kategorie: Hacking & Security

Kids’ smartwatches harbouring major security flaws

Sophos Naked Security - 3 hodiny 1 min zpět
Norwegian Consumer Council says "these watches should be in no stores, even less so on a child's arm"

Půl miliardy počítačů je zavirovaných. Potají vydělávají podvodníkům peníze

Novinky.cz - bezpečnost - 3 hodiny 56 min zpět
Kryptoměny jsou fenoménem dnešní doby. Nefascinují přitom pouze běžné uživatele, ale také kybernetické piráty. Ti neustále hledají cesty, jak virtuální mince získat. Neštítí se při tom používat podvodný software, který je těží od nic netušících uživatelů. Takto napadených PC je na světě podle aktuálně zveřejněné analýzy až půl miliardy.
Kategorie: Hacking & Security

Mr. Robot eps3.1undo.gz – the security review

Sophos Naked Security - 5 hodin 37 min zpět
We're looking at how Mr Robot's treatment of security stacked up in episode 2 of season 3

Google Advanced Protection Trades Ease-of-Use for Security

Threatpost - 6 hodin 16 min zpět
Experts applaud a new Google service, Advanced Protection, which beefs up account password protection and limits access to a user’s Gmail and Drive.
Kategorie: Hacking & Security

How individuals can use online ad buying to spy on you

Sophos Naked Security - 7 hodin 38 min zpět
It's not just the advertisers who can track you

US-CERT study predicts machine learning, transport systems to become security risks

LinuxSecurity.com - 10 hodin 34 min zpět
LinuxSecurity.com: The Carnegie-Mellon University's Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis.
Kategorie: Hacking & Security

Nebezpečný virus Locky opět útočí, varují bezpečnostní experti

Novinky.cz - bezpečnost - 12 hodin 5 min zpět
Locky patřil v loňském roce k těm nejrozšířenějším vyděračským virům, které kolují internetem. I když se mohlo zkraje letošního roku zdát, že je na ústupu, v minulém měsíci udeřil opět plnou silou. Vyplývá to z analýzy jednotlivých virových hrozeb společnosti Check Point.
Kategorie: Hacking & Security

Štít chrání soukromí uživatelů v EU už přes rok

Novinky.cz - bezpečnost - 12 hodin 1 min zpět
Dohoda označovaná jako Štít EU-USA na ochranu soukromí funguje po prvním roce dobře, uvedla ve své zprávě Evropská komise (EK). Stále je však podle ní co zlepšovat. Cílem dohody je chránit osobní údaje osob v EU předávané společnostem v USA ke komerčním účelům.
Kategorie: Hacking & Security

Subaru má problém. S Raspberry Pi v kapse odemknete hromadu jeho vozů

Zive.cz - bezpečnost - 15 hodin 8 min zpět
Máte Subaru? Brzy už tomu tak možná nebude, zdá se totiž, že přinejmenším u několika modelů automobilka nehorázně odflákla zabezpečení dálkového ovládání. Každé dálkové ovládání vyšle zpravidla na kmitočtu 433 MHz signál, který dveře odemkne. Tento signál musí být pochopitelně pokaždé ...
Kategorie: Hacking & Security

Broadening HSTS to secure more of the Web

Google Security Blog - 18 Říjen, 2017 - 23:58
Posted by Ben McIlwain, Google Registry
The security of the Web is of the utmost importance to Google. One of the most powerful tools in the Web security toolbox is ensuring that connections to websites are encrypted using HTTPS, which prevents Web traffic from being intercepted, altered, or misdirected in transit. We have taken many actions to make the use of HTTPS more widespread, both within Google and on the larger Internet.

We began in 2010 by defaulting to HTTPS for Gmail and starting the transition to encrypted search by default. In 2014, we started encouraging other websites to use HTTPS by giving secure sites a ranking boost in Google Search. In 2016, we became a platinum sponsor of Let’s Encrypt, a service that provides simple and free SSL certificates. Earlier this year we announced that Chrome will start displaying warnings on insecure sites, and we recently introduced fully managed SSL certificates in App Engine. And today we’re proud to announce that we are beginning to use another tool in our toolbox, the HTTPS Strict Transport Security (HSTS) preload list, in a new and more impactful way.

The HSTS preload list is built in to all major browsers (Chrome, Firefox, Safari, Internet Explorer/Edge, and Opera). It consists of a list of hostnames for which browsers automatically enforce HTTPS-secured connections. For example, gmail.com is on the list, which means that the aforementioned browsers will never make insecure connections to Gmail; if the user types http://gmail.com, the browser first changes it to https://gmail.com before sending the request. This provides greater security because the browser never loads an http-to-https redirect page, which could be intercepted.

The HSTS preload list can contain individual domains or subdomains and even top-level domains (TLDs), which are added through the HSTS website. The TLD is the last part of the domain name, e.g., .com, .net, or .org. Google operates 45 TLDs, including .google, .how, and .soy. In 2015 we created the first secure TLD when we added .google to the HSTS preload list, and we are now rolling out HSTS for a larger number of our TLDs, starting with .foo and .dev.

The use of TLD-level HSTS allows such namespaces to be secure by default. Registrants receive guaranteed protection for themselves and their users simply by choosing a secure TLD for their website and configuring an SSL certificate, without having to add individual domains or subdomains to the HSTS preload list. Moreover, since it typically takes months between adding a domain name to the list and browser upgrades reaching a majority of users, using an already-secured TLD provides immediate protection rather than eventual protection. Adding an entire TLD to the HSTS preload list is also more efficient, as it secures all domains under that TLD without the overhead of having to include all those domains individually.

We hope to make some of these secure TLDs available for registration soon, and would like to see TLD-wide HSTS become the security standard for new TLDs.

Updated 2017-10-06: To clear up some confusion in the responses to this post, we are not rolling out HSTS to Google's previously launched open TLDs (.how, .soy, and .みんな).
Kategorie: Hacking & Security

FBI Asks Businesses to Share Details About DDoS Attacks

Threatpost - 18 Říjen, 2017 - 22:08
The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents.
Kategorie: Hacking & Security

Is security on the verge of a fuzzing breakthrough?

Sophos Naked Security - 18 Říjen, 2017 - 20:46
Smart, efficient fuzzing could give every developer the opportunity to find bugs efficiently, during development

Encryption chip flaw afflicts huge number of computers

Sophos Naked Security - 18 Říjen, 2017 - 20:14
A serious vulnerability exists in Infineon TPM cryptographic processors used by PCs, laptops, Chromebooks and other devices

BoundHook Attack Exploits Intel Skylake MPX Feature

Threatpost - 18 Říjen, 2017 - 19:37
A new attack method takes advantage a feature in Intel’s Skylake microprocessor allowing for post-intrusion application hooking and stealth manipulation of applications.
Kategorie: Hacking & Security
Syndikovat obsah