Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Already on probation, Symantec issues more illegit HTTPS certificates

Ars Technica - 20 Leden, 2017 - 22:40

Enlarge (credit: Own Work)

A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected websites.

One of the most fundamental requirements Google and other major browser developers impose on CAs is that they issue certificates only to people who verify the rightful control of an affected domain name or company name. On multiple occasions last year and earlier this month, the Symantec-owned CAs issued 108 credentials that violated these strict industry guidelines, according to research published Thursday by Andrew Ayer, a security researcher and founder of a CA reseller known as SSLMate. These guidelines were put in place to ensure the integrity of the entire encrypted Web. Nine of the certificates were issued without the permission or knowledge of the affected domain owners. The remaining 99 certificates were issued without proper validation of the company information in the certificate.

Many of the improperly issued certificates—which contained the string "test" in various places in a likely indication that they were created for test purposes—were revoked within an hour of being issued. Still, the move represents a major violation by Symantec, which in 2015 fired an undisclosed number of CA employees for doing much the same thing.

Read 7 remaining paragraphs | Comments

Kategorie: Hacking & Security

Coalition of Cryptographers, Researchers Urge Guardian to Retract WhatsApp Story

Threatpost - 20 Leden, 2017 - 21:31
A coalition of researchers and cryptographers are urging the Guardian to retract a story it published last week which suggested the encrypted messaging app WhatsApp contained a backdoor.
Kategorie: Hacking & Security

Hadoop, CouchDB Next Targets in Wave of Database Attacks

Threatpost - 20 Leden, 2017 - 20:18
Insecure Hadoop and CouchDB installations are the latest attack targets of cybercriminals who are hijacking and deleting stolen data.
Kategorie: Hacking & Security

How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature

The Hacker News - 20 Leden, 2017 - 19:36
Recently Apple released a new Feature for iPhone and iPad users, but it was so buggy that the company had no option other than rolling back the feature completely. In November, Apple introduced a new App Store feature, dubbed "Notify" button — a bright orange button that users can click if they want to be alerted via iCloud Mail when any game or app becomes available on the App Store.
Kategorie: Hacking & Security

Hack the Army Bounty Pays Out $100,000; 118 Flaws Fixed

Threatpost - 20 Leden, 2017 - 19:00
The U.S. Army released the results of its Hack the Army bug bounty, and said that close to $100,000 was paid out, and 118 unique and actionable vulnerabilities were reported.
Kategorie: Hacking & Security

Threatpost News Wrap, January 20, 2017

Threatpost - 20 Leden, 2017 - 17:50
Mike Mimoso, Tom Spring, and Chris Brook discuss security-wise what they hope will and won't change under a Trump presidency, then discuss the news of the week, including SHA-1 deprecation, Carbanak's return, and the WhatsApp "backdoor" debacle.
Kategorie: Hacking & Security

Protestors urged to try and swamp White House website

Sophos Naked Security - 20 Leden, 2017 - 17:23
As the inauguration of Donald Trump gets under way in Washington DC, one activist is calling for a DIY DDoS-style attack - which may not be legal

Meitu app is all the rage, but privacy concerns abound

Sophos Naked Security - 20 Leden, 2017 - 17:02
Be aware of what the the viral selfie-enhancing app is collecting, which includes Wi-Fi, Sim card, GPS location and cell data

Megaviral Meitu “beauty” app’s data grab is anything but skin-deep

Ars Technica - 20 Leden, 2017 - 14:54

Our editor, Sebastian, finally achieves self actualisation through technology. (credit: Sebastian Anthony)

A Chinese app which allegedly makes selfies look more attractive—or more like an anime character, at any rate—has a dark secret: it demands permissions for far more personal data than it needs, including users' IMEIs, phone numbers, and GPS coordinates.

Meitu, an app which has been out for years on both iOS and Android in China, has shot to fame outside the country in the last few weeks, due to the "beauty" filters it can apply to people's selfies. Among other functions, it can sharpen people's jaws, put a sparkle in their eyes, and smooth out and lighten their skin.

The result? Meitu-filtered pictures are suddenly everywhere. The backlash, however, has been just as swift.

Read 7 remaining paragraphs | Comments

Kategorie: Hacking & Security

Alleged child molester caught after 18 years thanks to facial recognition

Sophos Naked Security - 20 Leden, 2017 - 14:22
FBI database throws up a hit after alleged attacker applied for a passport using a stolen identity

Adding a Section to PE Binary

InfoSec Institute Resources - 20 Leden, 2017 - 14:00
Let’s take a look at expanding PE formatted binaries by hand. I was working on a project back in 2004 when we were required to add some interoperability for a program. Some of the problems that we ran into were that we needed space to make the modifications we needed and it was decided that […]
Kategorie: Hacking & Security

API Call Logging Part I

InfoSec Institute Resources - 20 Leden, 2017 - 14:00
API call logging is a mechanism of logging API call made by an application. In this series, we are going to learn about how to develop an API call logger using Windows API. Windows provides a feature for instrumenting applications known as Windows debugging API. These are certain calls which provide an interface for instrumentation. […]
Kategorie: Hacking & Security

Bezpečnostních chyb jako máku. Oracle opravuje najednou 270 trhlin

Novinky.cz - bezpečnost - 20 Leden, 2017 - 13:50
Bez nadsázky obří balík záplat vydala společnost Oracle, obsahuje totiž opravy pro bezmála tři stovky chyb. Aktualizace se týká prakticky celého softwarového portfolia této společnosti. Nemalé množství trhlin bylo přitom označováno jako velmi kritické.
Kategorie: Hacking & Security

School sues sysadmin for wiping its only login to Gmail

Sophos Naked Security - 20 Leden, 2017 - 12:51
Sysadmin's counter-suit alleges racial discrimination and claims that ACE underpaid him

Kyberzločinci mohou zaútočit dokonce už i na hřeben

Novinky.cz - bezpečnost - 20 Leden, 2017 - 11:56
Přibývá tzv. chytrých přístrojů, které sbírají nejrůznější, více či méně užitečná data. A roste také nebezpečí jejich zneužití. Teoreticky tak mohou kyberzločinci v dnešní době napadnout na dálku klidně i hřeben.
Kategorie: Hacking & Security

Machine learning versus spam

Kaspersky Securelist - 20 Leden, 2017 - 09:55

Machine learning methods are often presented by developers of security solutions as a silver bullet, or a magic catch-all technology that will protect users from a huge range of threats. But just how justified are these claims? Unless explanations are provided as to where and how exactly these technologies are used, these assertions appear to be little more than a marketing ploy.

For many years, machine learning technology has been a working component of Kaspersky Lab’s security products, and our firm belief is that they must not be seen as a super technology capable of combating all threats. Yes, they are a highly effective protection tool, but just one tool among many. My colleague Alexey Malanov even made the point of writing an article on the Myths about machine learning in cybersecurity.

At Kaspersky Lab, machine learning can be found in a number of different areas, especially when dealing with the interesting task of spam detection. This particular task is in fact much more challenging than it appears to be at first glance. A spam filter’s job is not only to detect and filter out all messages with undesired content but, more importantly, it has to ensure all legitimate messages are delivered to the recipient. In other words, type I errors, or so-called false positives, need to be kept to a minimum.

Another aspect that should not be forgotten is that the spam detection system needs to respond quickly. It must work pretty much instantaneously; otherwise, it will hinder the normal exchange of email traffic.

A graphic representation can be provided in a project management triangle, only in our case the three corners represent speed, absence of false positives, and the quality of spam detection; no compromise is possible on any of these three. If we were to go to extremes, for example, spam could be filtered manually – this would provide 100% effectiveness, but minimal speed. In another extreme case, very rigid rules could be imposed, so no email messages whatsoever would pass – the recipient would receive no spam and no legitimate messages. Yet another approach would be to filter out only known spam; in that case, some spam messages would still reach the recipient. To find the right balance inside the triangle, we use machine learning technologies, part of which is an algorithm enabling the classifier to pass prompt and error-free verdicts for every email message.

How is this algorithm built? Obviously, it requires data as input. However, before data is fed into the classifier, is must be cleansed of any ‘noise’, which is yet another problem that needs to be solved. The greatest challenge about spam filtration is that different people may have different criteria for deciding which messages are valid, and which are spam. One user may see sales promotion messages as outright spam, while another may consider them potentially useful. A message of this kind creates noise and thus complicates the process of building a quality machine learning algorithm. Using the language of statistics, there may be so-called outlier values in the dataset, i.e., values that are dramatically different from the rest of the data. To address this problem, we implemented automatic outlier filtration, based on the Isolation Forest algorithm customized for this purpose. Naturally, this removes only some of the noise data, but has already made life much easier for our algorithms.

After this, we obtain data that is practically ‘clean’. The next task is to convert the data into a format that the classifier can understand, i.e., into a set of identifiers, or features. Three of the main types of features used in our classifier are:

  • Text features – fragments of text that often occur in spam messages. After preprocessing, these can be used as fairly stable features.
  • Expert features – features based on expert knowledge accumulated over many years in our databases. They may be related to domains, the frequency of headers, etc.
  • Raw features. Perhaps the most difficult to understand. We use parts of the message in their raw form to identify features that we have not yet factored in. The message text is either transformed using word embedding or reduced to the Bag-of-Words model (i.e., formed into a multiset of words which does not account for grammar and word order), and then passed to the classifier, which autonomously identifies features.

All these features and their combinations will help us in the final stage – the launch of the classifier.

What we eventually want to see is a system that produces a minimum of false positives, works fast and achieves its principal aim – filtering out spam. To do this, we build a complex of classifiers, and it is unique for each set of features. For example, the best results for expert features were demonstrated by gradient boosting – the sequential building up of a composition of machine learning algorithms, in which each subsequent algorithm aims to compensate for the shortcomings of all previous algorithms. Unsurprisingly, boosting has demonstrated good results in solving a broad range of problems involving numerical and category features. As a result, the verdicts of all classifiers are integrated, and the system produces a final verdict.

Our technologies also take into account potential problems such as over-training, i.e., a situation when an algorithm works well with a training data sample, but is ineffective with a test sample. To preclude this sort of problem from occurring, the parameters of classification algorithms are selected automatically, with the help of a Random Search algorithm.

This is a general overview of how we use machine learning to combat spam. To see how effective this method is, it is best to view the results of independent testing.

Protesters Called To Join Inauguration Day DDoS Attack

LinuxSecurity.com - 20 Leden, 2017 - 08:59
LinuxSecurity.com: Protesters have been invited to flood WhiteHouse.gov ahead of Trump's inauguration to voice their opposition to the presidency. The founder of Protester.io is calling upon people to gather for a cyberattack on the White House website to protest Donald Trump's presidency on Inauguration Day.
Kategorie: Hacking & Security

Rsync errors lead to data breach at Canadian ISP, KWIC Internet

LinuxSecurity.com - 20 Leden, 2017 - 08:57
LinuxSecurity.com: Misconfigured Rsync instances across multiple servers has led to a data breach at a Canadian ISP, exposing sensitive information and affecting all of their customers.
Kategorie: Hacking & Security

Encrypted email service ProtonMail opens door for Tor users

LinuxSecurity.com - 20 Leden, 2017 - 08:56
LinuxSecurity.com: ProtonMail now has a home on the dark web. The encrypted email provider announced Thursday it will allow its users to access the site through the Tor anonymity service. The aim is to allow its more than 2 million users access the provider by taking "active measures to defend against state-sponsored censorship," such as government-mandated blocks at the internet provider level.
Kategorie: Hacking & Security
Syndikovat obsah