Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

How to Select & Implement Effective Risk Management Standards & Frameworks

InfoSec Institute Resources - 12 Leden, 2018 - 15:22

According to ISO 31000, the family of standards relating to risk management codified by the International Organization for Standardization, risks can be defined as the effect of uncertainty on objectives. Taking into consideration the constant rise in the numbers and complexity of security threats, there is far more uncertainty in the landscape than what security […]

The post How to Select & Implement Effective Risk Management Standards & Frameworks appeared first on InfoSec Resources.

How to Select & Implement Effective Risk Management Standards & Frameworks was first posted on January 12, 2018 at 8:22 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Bitcoin conference won’t let you pay with Bitcoin

Sophos Naked Security - 12 Leden, 2018 - 14:10
The transaction fees, which have risen from pennies to tens of dollars, plus network congestion are causing some merchants to block bitcoin.

Police give out infected USBs as prizes in cybersecurity quiz

Sophos Naked Security - 12 Leden, 2018 - 12:59
Quiz winners at a data security expo were given USBs, which been accidentally infected with executable malware files

Brace yourselves for the 'terabyte (sic) of death', warns US army IT boss

LinuxSecurity.com - 12 Leden, 2018 - 09:48
LinuxSecurity.com: The outgoing head of the Defense Information Systems Agency, which handles computer security for the US Department of Defense, has warned a massive cyber-attack is "looming" at the American military's door.
Kategorie: Hacking & Security

Major Linux distros have Meltdown patches, but that's only part of the fix

LinuxSecurity.com - 12 Leden, 2018 - 09:46
LinuxSecurity.com: All the major Linux distributions have now released their Intel chip meltdown patches. But, someone must retune all those servers to get their performance up to speed and replace network devices and servers running up-to-date Linux distros.
Kategorie: Hacking & Security

Americký senát, námořnictvo i kancelář prezidenta: Využívají snad „revenge porn“?

Zive.cz - bezpečnost - 12 Leden, 2018 - 09:43
Řada uživatelů stránky Anon-IB, kde jsou zveřejňovány citlivé fotografie z pomsty, tzv. „revenge porn“, se na ní připojuje z amerických vládních počítačů. S takovým tvrzením přišel web The Daily Beast, podle kterého to ukázala analýza IP adres. Analýzu provedl bezpečnostní analytik Einar Otto ...
Kategorie: Hacking & Security

Here’s how, and why, the Spectre and Meltdown patches will hurt performance

Ars Technica - 11 Leden, 2018 - 22:30

Enlarge (credit: Aurich / Getty)

As the industry continues to grapple with the Meltdown and Spectre attacks, operating system and browser developers in particular are continuing to develop and test schemes to protect against the problems. Simultaneously, microcode updates to alter processor behavior are also starting to ship.

Since news of these attacks first broke, it has been clear that resolving them is going to have some performance impact. Meltdown was presumed to have a substantial impact, at least for some workloads, but Spectre was more of an unknown due to its greater complexity. With patches and microcode now available (at least for some systems), that impact is now starting to become clearer. The situation is, as we should expect with these twin attacks, complex.

To recap: modern high-performance processors perform what is called speculative execution. They will make assumptions about which way branches in the code are taken and speculatively compute results accordingly. If they guess correctly, they win some extra performance; if they guess wrong, they throw away their speculatively calculated results. This is meant to be transparent to programs, but it turns out that this speculation slightly changes the state of the processor. These small changes can be measured, disclosing information about the data and instructions that were used speculatively.

Read 47 remaining paragraphs | Comments

Kategorie: Hacking & Security

Security+: Types of Mitigation and Deterrent Techniques

InfoSec Institute Resources - 11 Leden, 2018 - 21:51

Introduction Mitigating potential risks and deterring would-be offenders are essential parts of any security infrastructure. To pass the CompTIA Security+ exam, you must understand the important concepts of mitigation and deterrent techniques as they appear in the current certification, and that we will discuss in this article. What Do I Need to Know About Monitoring […]

The post Security+: Types of Mitigation and Deterrent Techniques appeared first on InfoSec Resources.

Security+: Types of Mitigation and Deterrent Techniques was first posted on January 11, 2018 at 2:51 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Security+: PKI, Certificate Management, and Associated Components

InfoSec Institute Resources - 11 Leden, 2018 - 21:42

Introduction Public Key Infrastructure (PKI) is a framework (not a specific technology) used to provide security to transactions and messages on a large scale. PKI is a two-key asymmetric technique, and it has four main components. These components are: Certificate Authority (CA) Registration Authority (RA) RSA (it is an encryption algorithm) Digital Certificates Their detailed […]

The post Security+: PKI, Certificate Management, and Associated Components appeared first on InfoSec Resources.

Security+: PKI, Certificate Management, and Associated Components was first posted on January 11, 2018 at 2:42 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Skype finally getting end-to-end encryption

Ars Technica - 11 Leden, 2018 - 20:46

Enlarge (credit: Skype)

Since its inception, Skype has been notable for its secretive, proprietary algorithm. It's also long had a complicated relationship with encryption: encryption is used by the Skype protocol, but the service has never been clear exactly how that encryption was implemented or exactly which privacy and security features it offers.

That changes today in a big way. The newest Skype preview now supports the Signal protocol: the end-to-end encrypted protocol already used by WhatsApp, Facebook Messenger, Google Allo, and, of course, Signal. Skype Private Conversations will support text, audio calls, and file transfers, with end-to-end encryption that Microsoft, Signal, and, it's believed, law enforcement agencies cannot eavesdrop on.

Presently, Private Conversations are only available in the Insider builds of Skype. Naturally, the Universal Windows Platform version of the app—the preferred version on Windows 10—isn't yet supported. In contrast, the desktop version of the app, along with the iOS, Android, Linux, and macOS clients, all have compatible Insider builds. Private Conversations aren't the default and don't appear to yet support video calling. The latter limitation shouldn't be insurmountable (Signal's own app offers secure video calling). We hope to see the former change once updated clients are stable and widely deployed.

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

House Votes to Reauthorize Controversial Spy Provision, Section 702

Threatpost - 11 Leden, 2018 - 20:19
The U.S. House of Representatives voted to renew U.S. spy provisions, extending the powers of the NSA to collect internet communications for another six years.
Kategorie: Hacking & Security

FBI director says ‘unbreakable encryption is a public safety issue’

Sophos Naked Security - 11 Leden, 2018 - 17:38
FBI director Christopher Wray is still fighting for government-only encryption back door

WhatsApp Downplays Damage of a Group Invite Bug

Threatpost - 11 Leden, 2018 - 15:41
WhatsApp said that claims that infiltrators can add themselves to an encrypted group chat without being noticed is incorrect.
Kategorie: Hacking & Security

10 Questions You Should Ask Vendors About Their Risk Management Program

InfoSec Institute Resources - 11 Leden, 2018 - 15:10

Our supply chains are becoming ever more complex, not only in terms of the intricate web of suppliers and sub-suppliers, but also in the technologies used within the network. Supply chains may be complex, but they are worth it. In a survey, 79% of high-performing supply chains had greater-than-average revenue growth. Keeping the supply chain […]

The post 10 Questions You Should Ask Vendors About Their Risk Management Program appeared first on InfoSec Resources.

10 Questions You Should Ask Vendors About Their Risk Management Program was first posted on January 11, 2018 at 8:10 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Facebook settles after 14-year-old sues over nude image reposting

Sophos Naked Security - 11 Leden, 2018 - 15:08
The alleged extortionist, still facing charges, reposted the image to shame sites multiple times. Why didn't Facebook use hashes to stop it?

Drunk droning could cost you jail time in New Jersey

Sophos Naked Security - 11 Leden, 2018 - 14:41
The New Jersey law would make inebriated droning a disorderly person's offense.

Warbiking in Perth – how does Wi-Fi security stack up these days?

Sophos Naked Security - 11 Leden, 2018 - 13:57
Perth, Western Australia. Christmas in summer. Warbiking in the sunshine! Here's what we found...

Let's Encrypt disables TLS-SNI-01 validation

LinuxSecurity.com - 11 Leden, 2018 - 11:59
LinuxSecurity.com: Let's Encrypt has disabled TLS-SNI-01 validation after the discovery of an attack able to hijack certificates using the protocol.
Kategorie: Hacking & Security

Linux vs Meltdown: Ubuntu gets second update after first one fails to boot

LinuxSecurity.com - 11 Leden, 2018 - 11:59
LinuxSecurity.com: Canonical, the company that makes Linux distro Ubuntu, has re-released its Meltdown update for Ubuntu 16.04 LTS Xenial users after the first attempt tripped up machines.
Kategorie: Hacking & Security
Syndikovat obsah