public marks

PUBLIC MARKS with tag security

January 2015

December 2014

November 2014

OWASP

by srcmax & 1 other
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

September 2014

Barbarians At The Password Gate | TechCrunch

by sbrothier
We’re now using the Internet for a wide range of everyday activities, including online banking, stock trading, online shopping, bill paying, socializing, gaming, entertainment and online research. In the last few years there’s been a massive growth in the number of social networking sites such as Facebook, Linkedin, Twitter, Craigslist, Instagram, Tumblr. We share all kinds of personal details on these sites as well as music, pictures and videos, most of which we would certainly prefer to protect, safeguard and keep private. Unfortunately, all of these sites have been “cracked” by hackers who exposed passwords and other personal information from thousands of users. If you haven’t had your password hijacked, it’s really just a matter of time.

An Introduction to Content Security Policy - HTML5 Rocks

by dzc
Instead of blindly trusting everything that a server delivers, CSP defines the Content-Security-Policy HTTP header that allows you to create a whitelist of sources of trusted content, and instructs the browser to only execute or render resources from those sources. Even if an attacker can find a hole through which to inject script, the script won’t match the whitelist, and therefore won’t be executed.

July 2014

Mathematics makes strong case that “snoopy2” can be just fine as a password | Ars Technica

by sbrothier
Reusing weaker passwords in some cases can improve security, researchers say.

NSA uses Google cookies to pinpoint targets for hacking - The Washington Post

by sbrothier (via)
The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance.

13 ways the NSA spies on us - Vox

by sbrothier
Over the last year, through the revelations of Ed Snowden and independent reporting by others, we've learned more and more about the National Security Agency's spying programs. Indeed, there have now been so many revelations that it can be hard to keep them straight. So here's a handy guide to the most significant ways the NSA spies on people in the United States and around the world.

Dragnet Nation: Available Now | Julia Angwin

by sbrothier
My book, Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance is now available on Amazon.com, Barnes & Noble and IndieBound. Here’s the description and some review

June 2014

Penetrasyon Testi

by SadeceSEO
Kısaca Pentest diyebilirsiniz. Penetrasyon testi; firmaların bilişim sistemlerini oluşturan ağ altyapılarını, donanım, yazılım ve uygulamalara kötü niyetli birinin (hackerın) saldırmasını öngören yöntemler kullanılarak yapılan saldırı ve müdahaleler ile güvenlik açıklarının tespit edilip bu açıklarla sisteme sızılmaya çalışılmasının simüle edilmesi ve tüm bu işlemlerin raporlanmasıdır.

April 2014

Welcome to i273.com - Creator of Hack RUN®

by sbrothier
Ever wanted to be a hacker? Hack your way into the heart of a mysterious organization to uncover their secrets..

Get ready to pay for things with your veins - Quartz

by sbrothier
Fingerprint scanners like those on the latest iPhones could soon give way to another biometric identifier: The geometry of the veins in your hands. + Hackers in the Chaos Computer Club last year fooled the Apple TouchID, which unlocks the iPhone 5S when presented with a familiar finger, by creating a copy of fingerprint residue. Fingerprints, the hackers wrote in a blog post, are a terrible way to secure your information: You leave them everywhere when you touch things, and it’s (relatively) easy to create fakes that fool the current scanner technology.

This reader mocked Heartbleed, posted his passwords online. Guess what happened next.

by sbrothier
This reader mocked Heartbleed, posted his passwords online. Guess what happened next.

Passwords are Obsolete — Cyber Security — Medium

by innipukinn & 1 other
I have 268 passwords on 268 different websites. At least that’s what my password manager says. I actually stopped saving new passwords a while back, so the real number of passwords I should change now that Heartbleed has been revealed is even higher than that. How many of those passwords do you think I’m going to change? It took me 10 minutes just to find the change password form for my bank! What about the average computer user who uses the same password for every website and doesn’t understand the details of the exploit? How many passwords will they change?

Passwords are Obsolete — Cyber Security — Medium

by sbrothier & 1 other
I have 268 passwords on 268 different websites. At least that’s what my password manager says. I actually stopped saving new passwords a while back, so the real number of passwords I should change now that Heartbleed has been revealed is even higher than that. How many of those passwords do you think I’m going to change? It took me 10 minutes just to find the change password form for my bank! What about the average computer user who uses the same password for every website and doesn’t understand the details of the exploit? How many passwords will they change?

The Heartbleed Hit List: The Passwords You Need to Change Right Now

by sbrothier
An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

The Internet's Telltale Heartbleed : The New Yorker

by sbrothier
The bug first appeared in OpenSSL code that was released in March, 2012—so the vulnerability has been open to exploitation for more than two years. The Internet-security firm Netcraft reported that up to five hundred thousand sites thought to be secure were, in fact, vulnerable—including Twitter, Yahoo, Tumblr, and Dropbox.

Heartbleed, The First Security Bug With A Cool Logo | TechCrunch

by sbrothier
It’s been fascinating to watch news of heartbleed, the massive OpenSSL exploit, spread on the web. After years of quietly putting us at risk, the general web user became aware of the exploit only a few days ago, and probably via heartbleed.com.

PUBLIC TAGS related to tag security

api +   architecture +   auth +   authentication +   clevermarks +   CommonJS +   faq +   identité +   identity +   imported +   javascript +   js +   oAuth +   openid +   opensource +   twitter +   web +