Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Watch a Homemade Robot Crack a Safe in Just 15 Minutes

LinuxSecurity.com - 21 Červenec, 2017 - 11:05
LinuxSecurity.com: Last Christmas, Nathan Seidle's wife gave him a second-hand safe she'd found on Craigslist. It was, at first glance, a strange gift. The couple already owned the same model, a $120 SentrySafe combination fire safe they'd bought from Home Depot. But this one, his wife explained, had a particular feature: The original owner had locked it and forgotten the combination. Her challenge to Seidle: Open it.
Kategorie: Hacking & Security

How Microsoft Cleverly Cracks Down On "Fancy Bear" Hacking Group

The Hacker News - 21 Červenec, 2017 - 10:53
What could be the best way to take over and disrupt cyber espionage campaigns? Hacking them back? Probably not. At least not when it's Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups. It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by "
Kategorie: Hacking & Security

Scammers demand Bitcoin in DDoS extortion scheme, deliver empty threats

LinuxSecurity.com - 21 Červenec, 2017 - 10:35
LinuxSecurity.com: The FBI has issued an advisory to businesses over a recent string of DDoS extortion attempts. The perpetrators are claiming to be affiliated with Anonymous or Lizard Squad, and their demands threaten sustained attacks unless a Bitcoin payment is made.
Kategorie: Hacking & Security

Ve Švédsku bijí na poplach, citlivé údaje miliónů lidí se objevily i v Česku

Novinky.cz - bezpečnost - 21 Červenec, 2017 - 10:30
Švédská Bezpečnostní policie (Säpo) prověřuje možný únik dat, s nimiž nakládají švédské vládní úřady. Důvodem je podle listu Dagens Nyheter to, že dopravní správa Transportstyrelsen dopustila únik dat o řidičích a autech registrovaných ve Švédsku. Data se měla dostat mimo jiné do České republiky, konkrétně k pracovníkům české pobočky společnosti IBM, která pro švédský úřad zajišťovala IT služby.
Kategorie: Hacking & Security

Google drops the boom on WoSign, StartCom certs for good

Ars Technica - 20 Červenec, 2017 - 23:57

(credit: Michael Rosenstein)

Last August, after being alerted by GitHub's security team that the certificate authority WoSign had errantly issued a certificate for a GitHub domain to someone other than GitHub, Google began an investigation in collaboration with the Mozilla Foundation and a group of security professionals into the company's certificate issuance practices. The investigation uncovered a pattern of bad practices at WoSign and its subsidiary StartCom dating back to the spring of 2015. As a result, Google moved last October to begin distrusting new certificates issued by the two companies, stating "Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome."

WoSign (based in Shenzen, China) and StartCom (based in Eliat, Israel) are among the few low-cost certificate providers who've offered wildcard certificates. StartCom's StartSSL offers free Class 1 certificates, and $60-per-year wildcard certificates—allowing the use of a single certificate on multiple subdomains with a single confirmation. This made the service wildly popular. But bugs in WoSign's software allowed a number of misregistrations of certificates. One bug allowed someone with control of a subdomain to claim control of the whole root domain for certificates. The investigation also found that WoSign was backdating the SSL certificates it issued to get around the deadline set for certificate authorities to stop issuing SHA-1 SSL certificates by January 1, 2016. WoSign continued to issue the less secure SHA-1 SSL certificates well into 2016.

Initially, Google only revoked trust for certificates issued after October 21, 2016. But over the past six months, Google has walked that revocation back further, only whitelisting certificates for domains from a list based on Alexa's top one million sites. But today, Google announced that it would phase out trust for all WoSign and StartCom certificates with the release of Chrome 61. That release, about to be released for beta testing, will be fully released in September.

Read 1 remaining paragraphs | Comments

Kategorie: Hacking & Security

Security Concerns Around Zombie Cloud Infrastructure

InfoSec Institute Resources - 20 Červenec, 2017 - 22:35

One of the most important benefits of the use of cloud instances over traditional network configurations is that one can be literally setup within seconds, by the click of a few buttons. This ability has dramatically reduced deployment times for test, model, and production systems. It also allows for great flexibility both from a technical […]

The post Security Concerns Around Zombie Cloud Infrastructure appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Tor Launches Bug Bounty Program — Get Paid for Hacking!

The Hacker News - 20 Červenec, 2017 - 20:32
With the growing number of cyber attacks and breaches, a significant number of companies and organisations have started Bug Bounty programs for encouraging hackers, bug hunters and researchers to find and responsibly report bugs in their services and get rewarded. Following major companies and organisations, the non-profit group behind Tor Project – the largest online anonymity network that
Kategorie: Hacking & Security

Final removal of trust in WoSign and StartCom Certificates

Google Security Blog - 20 Červenec, 2017 - 20:19
Posted by Andrew Whalley and Devon O'Brien, Chrome Security

As previously announced, Chrome has been in the process of removing trust from certificates issued by the CA WoSign and its subsidiary StartCom, as a result of several incidents not in keeping with the high standards expected of CAs.

We started the phase out in Chrome 56 by only trusting certificates issued prior to October 21st 2016, and subsequently restricted trust to a set of whitelisted hostnames based on the Alexa Top 1M. We have been reducing the size of the whitelist over the course of several Chrome releases.

Beginning with Chrome 61, the whitelist will be removed, resulting in full distrust of the existing WoSign and StartCom root certificates and all certificates they have issued.

Based on the Chromium Development Calendar, this change is visible in the Chrome Dev channel now, the Chrome Beta channel around late July 2017, and will be released to Stable around mid September 2017.

Sites still using StartCom or WoSign-issued certificates should consider replacing these certificates as a matter of urgency to minimize disruption for Chrome users.
Kategorie: Hacking & Security

Apple Patches BroadPwn Bug in iOS 10.3.3

Threatpost - 20 Červenec, 2017 - 20:08
Apple released iOS 10.3.3 Wednesday that serves as a cumulative patch update for multiple vulnerabilities including the high-profile BroadPwn bug.
Kategorie: Hacking & Security

News in brief: Street View goes out of this world; GoT fans warned on torrenting; Citadel man jailed

Sophos Naked Security - 20 Červenec, 2017 - 20:04
Your daily round-up of some of the other stories in the news

ATM crooks up the ante by using infrared to steal your PIN

Sophos Naked Security - 20 Červenec, 2017 - 18:55
Using infrared for data transfer isn't new, but finding an IR transmitter on an ATM in Oklahoma took law enforcement by surprise

“Orpheus’ Lyre” – where it came from, and what to do [VIDEO]

Sophos Naked Security - 20 Červenec, 2017 - 18:43
From how the "Orpheus' Lyre" bug got its weird name all the way to what we can learn from it. No jargon, just plain English. Enjoy...

Feds Seize AlphaBay and Hansa Markets in Major Dark-Web Bust

The Hacker News - 20 Červenec, 2017 - 18:40
It's finally confirmed — In a coordinated International operation, Europol along with FBI, DEA (Drug Enforcement Agency) and Dutch National Police have seized and taken down AlphaBay, one of the largest criminal marketplaces on the Dark Web. But not just AlphaBay, the law enforcement agencies have also seized another illegal dark web market called HANSA, Europol confirmed in a press release
Kategorie: Hacking & Security

US, European Law Enforcement Shutter Massive AlphaBay Market

Threatpost - 20 Červenec, 2017 - 18:32
U.S. authorities along with law enforcement Europe and Asia announced today the takedown of the dark web’s largest illicit market, AlphaBay.
Kategorie: Hacking & Security

FCC has no documentation of DDoS attack that hit net neutrality comments

Ars Technica - 20 Červenec, 2017 - 18:05

Enlarge / John Oliver takes on FCC Chairman Ajit Pai in net neutrality segment. (credit: HBO Last Week Tonight)

The US Federal Communications Commission says it has no written analysis of DDoS attacks that hit the commission's net neutrality comment system in May.

In its response to a Freedom of Information Act (FoIA) request filed by Gizmodo, the FCC said its analysis of DDoS attacks "stemmed from real time observation and feedback by Commission IT staff and did not result in written documentation." Gizmodo had asked for a copy of any records related to the FCC analysis that concluded DDoS attacks had taken place. Because there was no "written documentation," the FCC provided no documents in response to this portion of the Gizmodo FoIA request.

The FCC also declined to release 209 pages of records, citing several exemptions to the FoIA law. For example, publication of documents related to "staffing decisions made by Commission supervisors, draft talking points, staff summaries of congressional letters, and policy suggestions from staff" could "harm the Commission’s deliberative processes," the FCC said. "Release of this information would chill deliberations within the Commission and impede the candid exchange of ideas."

Read 20 remaining paragraphs | Comments

Kategorie: Hacking & Security

Facebook has got your number – even if it’s not your number

Sophos Naked Security - 20 Červenec, 2017 - 15:45
Make sure you check which phone number you have associated with your Facebook account - if it's assigned to someone else, they could take over your profile

AlphaBay Market: What is the Impact of the Cyber-criminal Underground?

InfoSec Institute Resources - 20 Červenec, 2017 - 15:35

The AlphaBay Market was shut down by the law enforcement AlphaBay Market was the largest black marketplace on the Dark Web, it was an excellent aggregator for buyers and sellers of any kind of illegal goods, including drugs, stolen data, malware. The AlphaBay Market went down last week on Tuesday, July 4th apparently without any explanation. The event […]

The post AlphaBay Market: What is the Impact of the Cyber-criminal Underground? appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Vault 7 Data Leak: Analyzing the CIA files

InfoSec Institute Resources - 20 Červenec, 2017 - 15:19

Digging the Vault 7 dumps In a first post on the Vault7 dump, we analyzed the information contained in files leaked by Wikileaks and allegedly originating from a network of the U.S. Central Intelligence Agency (CIA). At the time, we analyzed the following CIA projects: The Year Zero that revealed CIA hacking exploits for hardware and software. The Dark Matter dump […]

The post Vault 7 Data Leak: Analyzing the CIA files appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Tor Project Opens Bounty Program To All Researchers

Threatpost - 20 Červenec, 2017 - 14:42
The Tor Project is launching a public bug bounty program to encourage security researchers to responsibly report issues they find in the software.
Kategorie: Hacking & Security

Twitter users targeted by an army of 86,262 sex-starved bots

Sophos Naked Security - 20 Červenec, 2017 - 13:47
More than 30m wishful thinkers clicked on the links tweeted out by the bots - who were after your wallet rather than after your heart
Syndikovat obsah