security

⧉infominer 08-Aug-18 12:29 AM
Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
⧉infominer 10-Aug-18 10:14 AM
My experience disclosing a critical Bitcoin Cash vulnerability
⧉infominer 10-Aug-18 09:28 PM
Some useful hints and best practices that will help you not to get hacked during one of the most existing cryptocurrency conferences of…
⧉infominer 12-Aug-18 10:58 PM
Whether you’re a newfound blockchain devotee, or just want exposure to the potential upside, this guide will help get you started on the journey. Before you buy a significant amount, you’ll need to know how to keep it secure.  Traditional forms of currency, issued by...
⧉infominer 13-Aug-18 03:22 PM
OS and tools for building dependable systems. The Singularity research codebase and design evolved to become the Midori advanced-development OS project. While never reaching commercial release, at one time Midori powered all of Microsoft’s natural language search service fo...
Improving SSL Warnings: Comprehension and Adherence - https://dl.acm.org/citation.cfm?id=2702442 (edited)
"I just got robbed from the bank. They just took my stuff."
;login: logout -This World of Ours -https://www.usenix.org/system/files/1401_08-12_mickens.pdf (edited)
⧉infominer 13-Aug-18 03:50 PM
Format String Attacks -http://forum.ouah.org/FormatString.PDF (edited)
Getting around non-executable stack (and fix) -http://seclists.org/bugtraq/1997/Aug/63
Ceremony Design and Analysis -https://eprint.iacr.org/2007/399.pdf
Programming Satan's Computer -https://www.cl.cam.ac.uk/~rja14/Papers/satan.pdf
Survivable Key Compromise in Software Update Systems -https://justinsamuel.com/papers/survivable-key-compromise-ccs2010.pdf
⧉infominer 13-Aug-18 10:25 PM
Some thoughts on security after ten years of qmail 1.0 -https://cr.yp.to/qmail/qmailsec-20071101.pdf (edited)
NEW YORKERS ON MOBILE MESSAGING AND IMPLICATIONS FOR PRIVACY -https://simplysecure.org/resources/techreports/NYC15-MobMsg.pdf (edited)
⧉infominer 14-Aug-18 10:05 PM
Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution -https://foreshadowattack.eu/
⧉infominer 16-Aug-18 04:46 PM
Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library
⧉infominer 16-Aug-18 04:55 PM
A U.S. investor files a $224 million lawsuit against AT&T accusing the telecommunications giant of negligence that allegedly caused the California resident to lose roughly $24 million in cryptocurrency.
⧉infominer 17-Aug-18 06:15 PM
Break That Hash: Introduction to hash cracking with Hashcat. Principles behind password cracking and cover the specific attacks and command-line examples
⧉infominer 17-Aug-18 06:32 PM
The Best Resource for Information Security Researchers and Penetration Testing Professionals
⧉infominer 22-Aug-18 11:54 PM
So I'm working on a video about protecting yourself against abusive tech and I came across a really nasty bit of business that I thought I should post about. USB chargers with audio listen-in and GPS location have been around for a while- but now even the USB cables can ha...
Retweets
1165
Likes
1642
⧉infominer 23-Aug-18 12:03 AM
I spoke to @njkobie about my fears around the privacy & security of the next generation of sex tech, and why I believe we need the protocols facilitating remote sex to be metadata resistant. https://t.co/XRMJVtyWZ8
⧉infominer 23-Aug-18 07:23 AM
I took a look at those Chinese GSM location tracking UBS cables tweeted about by @securelyfitz a while ago. Write up: https://t.co/YXtLEqiZAA
Retweets
1052
Likes
1591
⧉infominer 25-Aug-18 03:12 AM
Automate Security Audit with Netool.sh - a bash script to automate frameworks like Metasploit, Nmap, Driftnet, SSLstrip, Ettercap, macchanger, webcrawler.
⧉infominer 25-Aug-18 10:26 PM
Wireless Hacking: Cracking the WPS PIN with Reaver #wireless #wifi #cybersecurity #infosec https://t.co/p31HIA4c6t
⧉infominer 25-Aug-18 10:42 PM
Raccoon: A high performance offensive security tool for reconnaissance and vulnerability scanning https://t.co/NId6uU9Nou
Retweets
401
Likes
777
⧉infominer 25-Aug-18 11:56 PM
Internet routing (BGP) is fundamentally insecure, which means eventually you're going to have to choose if you want to connect to the Russian internet, the Chinese internet, or the American internet, etc. https://t.co/7NiI3VzuDG We should fix this.
Likes
160
⧉infominer 26-Aug-18 12:34 AM
A new attack on Intel SGX compromising its confidentiality. "Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine’s private attestation key" https://t.co/Fhc7L2eFgh
Retweets
136
Likes
190
⧉infominer 04-Sep-18 11:49 AM
The trip to @ethindiaco was well worth it. One of the most impressive hacks came from @_pranav_singhal and his team. They had a new take on splitting up the private key with Shamir’s secret and a network of resetters on Telegram who are paid to help. https://t.co/UoyRk...
⧉infominer 07-Sep-18 11:37 PM
Like many things in InfoSec, we complicate concepts with new terms and lingo, but the concepts at their core are simple. “Domain Fronting”…
⧉infominer 22-Sep-18 09:55 PM
Like many things in InfoSec, we complicate concepts with new terms and lingo, but the concepts at their core are simple. “Domain Fronting”…
The Open Privacy Research Society is a non-profit Canadian group based in Vancouver, British Columbia. We believe that moral systems enable consent. Our society exists to invent, create, build, test, publish, deploy, promote, and to encourage the development of such systems
mt: @fisher85m #IoT attacks: #Top10 things you need to know Infographic #CyberSecurity #infosec #Security #DDoS @Fisher85M #BigData #DataScience #antivirus #Hacking #Firewall
⧉infominer 05-Oct-18 11:56 PM
GHash.IO and double-spending against BetCoin Dice
⧉infominer 14-Oct-18 10:51 AM
The truth is that anything connected to the internet can be hacked -- even cryptocurrency wallets.  However, hacking wasn’t always a problem.
⧉infominer 04-Nov-18 04:13 AM
Holy crap. I knew hardware attacks were a very real risk. However, when it’s on every significant sever motherboard around (e.g. AWS, Apple, and NSA), you realize how screwed we are. Must read👇🏼 https://t.co/eBjX5Vwud0
⧉infominer 04-Nov-18 08:57 AM
1/ My software recommendations to optimize your privacy. I just took control over the Wasabi website and originally I wanted to create a section there, but I am lazy, so this'll only be a tweetstorm.
⧉infominer 05-Nov-18 05:00 AM
Information security is my business. As founder and CEO of System of Systems, an IT consulting company, security is an important service…
⧉infominer 05-Nov-18 05:16 AM
🔑 Online Security Pro Tips Mandatory —Delete phone number for 2FA —Google Authenticator or similar for 2FA Basic —Use a password manager —VPN for public WiFi Expert —Secret burner phone for mandatory text 2FA —Secure 2FA device (e.g. Yubikey) God Mode ...
Retweets
152
Likes
524
⧉infominer 13-Nov-18 12:09 PM
“Cyber crime is the greatest threat to every company in the world.”       Ginni Rometty – Chairman, President, and CEO, IBM The consequences of data breaches are devastating. In 2017, …
⧉infominer 25-Nov-18 08:04 PM
Certified Hardware Important Information There is currently no specific hardware (e.g., specific laptop model) that the Qubes team recommends for individual users. However, we’re working hard to make a “reasonably secure laptop” a reality, and we look forward to sharing...
0/ This is a thread with basic steps that you can take to secure yourself on a very basic level. Yes, these are very basic and there are ways that tech gurus go beyond that to secure themselves. It has also been done before so not much new here. Lets begin:
Likes
152
⧉infominer 25-Nov-18 08:35 PM
In the cryptocurrency ecosystem, a wallet is an essential component, as it is used to receive, send and store cryptocurrencies. It operates in the crypto verse just like the banks do in the traditional financial system. As the crypto sector is continuously growing with more a...
⧉infominer 25-Nov-18 08:51 PM
In this Choose Your Own Adventure Game, you navigate the process of warning the world about an exploit you have uncovered in a large software project.
⧉infominer 07-Dec-18 03:08 AM
The CryptoCurrency Certification Consortium (C4) establishes cryptocurrency standards that help ensure a balance of openness & privacy, security & usability, and trust & decentralization.
⧉infominer 24-Dec-18 12:19 AM
There’s a lot you can make with a 3D printer: prosthetics, corneas, firearms — even an Olympic-standard luge. You can even 3D-print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D-printed model of his...
⧉infominer 24-Dec-18 12:29 AM
#MyCryptoWinter - December 17: Your Online Arsenal Install one of the following: -@metamask_io -@sniko’s @EthAddrLookup -@metacert’s Cryptonite This tip was brought to you by our friends at @infura_io! Join #MyCryptoWinter ❄️ and win prizes at https://t.co/8YqZg...
⧉infominer 12-Feb-19 03:21 PM
There is something to be said about the idea that technology has evolved in such a way that corporate & government surveillance is easy, but personal quantification is difficult.
⧉infominer 19-Feb-19 02:37 AM
Together with @nadiaheninger, just presented our work on biased nonces revealing secret keys in #bitcoin, #ethereum and #ripple at Financial Crypto #fc19. https://t.co/kMqQc7bJbL (photo by @zooko)
⧉infominer 25-Feb-19 12:38 AM
⧉infominer 11-Mar-19 09:12 PM
Here are some "fun" facts about vibrator security: 1. If your vibrator is bluetooth enabled it is trivially accessed by a local attacker. All the noise has mostly been around this attack vector but it's the most boring and least worrying. https://t.co/HeLlnq5m6B
Retweets
219
Likes
457
⧉infominer 11-Mar-19 09:33 PM
In this post, we take a closer look at HTTPS and SSL — what they are, what they do, their different types, and why they matter.
⧉infominer 11-Mar-19 09:55 PM
👍👏”arguments that quality bugs & security bugs ‘have equal value’, that security testing & QA are ‘the same thing’, that security testing should ‘just be performed by QA’ & that ‘there’s no specific skillset’ required to do security testing versus...
⧉infominer 11-Mar-19 10:08 PM
Have you received a small amount of unsolicited cryptocurrency into your wallet? You may be a victim of a Dusting Attack. Learn about dusting attacks.
⧉infominer 11-Mar-19 10:19 PM
Really excited to learn more about best in class private key management practices at the “Simple Cold Storage & Self-Custody” workshop with the pros: @anguschampion @ChristopherA @kanzure #SmartCustody ✊🔒
⧉infominer 11-Mar-19 10:32 PM
What will it take to convince people that privacy is something that they have a right to? https://t.co/YKGmuw6Cne
⧉infominer 03-Apr-19 12:59 PM
A curated list of Awesome Threat Intelligence resources - hslatman/awesome-threat-intelligence
⧉infominer 05-Apr-19 01:10 AM
A collection of various awesome lists for hackers, pentesters and security researchers - Hack-with-Github/Awesome-Hacking
⧉infominer 24-May-19 12:38 AM
Contents of screen display detectable via microphone https://t.co/StPNS7GamI
⧉infominer 26-May-19 04:16 AM
Unpopular Opinion: @signalapp sucks for both security and privacy because it uses phone numbers for identification and authentication. IMO the best chat app is @KeybaseIO which uses a cryptographic based identity system. They just need to add Bitcoin and remove the Shitc...
⧉infominer 17-Jun-19 10:44 PM
If i was trying to categorize security peeps - what am i missing? red team blue team compliance legal abuse / anti-abuse QA/QE IR appsec sec ops threat intel sec research sec automation other
⧉infominer 17-Jun-19 11:40 PM
What are some good VPNs for both desktop and/or mobile?
⧉infominer 18-Jun-19 12:35 PM
I want to do a privacy & security training made up of tweets from the security & privacy community commenting on bad privacy & data security practices they see in real life. Anyone have good examples of old tweets? (e.g. this person was doing sensitive company stuff on a p...
⧉infominer 11-Jul-19 11:01 AM
Tell HN: I came up with an interesting way to do decentralized account recovery | Hacker News https://news.ycombinator.com/item?id=20404933
jrpt
Thought I'd share this with the HN community.Link to the Escrovery paper: https://github.com/pickhardt/escrovery/blob/master/escrovery...I came up with an interesting way to do totally decentralized account recovery. Why might this be useful? Suppose you have some account on ...
⧉infominer 31-Jul-19 11:31 PM
The least you can do to frustrate would-be hackers.
⧉infominer 12-Aug-19 12:35 AM
😎 Curated list about cryptocurrency security (reverse / exploit / fuzz..) - nongiach/awesome-cryptocurrency-security