HackDig : Dig high-quality web security articles

HTTPS is not a magic bullet for Web security

We're in the midst of a major change sweeping the Web: the familiar HTTP prefix is rapidly being replaced by HTTPS. That extra "S" in an HTTPS URL means your connection is secure and that it's much harder for anyone else to see what you're doing. And on today's Web, everyone wants to see what you're doing.HTTPS has been around nearly as long as the Web, but
Publish At:2016-07-11 14:10 | Read:6812 | Comments:0 | Tags:Features Risk Assessment HTTPS

The impossible task of creating a “Best VPNs” list today

For the security minded, one of the scariest revelations from the now three-year-old Snowden leaks had nothing to do with accommodating ISPs (shocking) or overreaching and often vague anti-terrorism practices and policy (an even bigger shock, right?). Instead, when news trickled out about matters like the National Security Agency’s Vulcan data repository
Publish At:2016-06-01 23:40 | Read:5423 | Comments:0 | Tags:Features Risk Assessment privacy vpns

OK, panic—newly evolved ransomware is bad news for everyone

There's something inherently world-changing about the latest round of crypto-ransomware that has been hitting a wide range of organizations over the past few months. While most of the reported incidents of data being held hostage have purportedly involved a careless click by an individual on an e-mail attachment, an emerging class of criminals with slightly
Publish At:2016-04-08 13:40 | Read:5945 | Comments:0 | Tags:Features Risk Assessment crypto ransomware

The first rule of zero-days is no one talks about zero-days (so we’ll explain)

How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unkno
Publish At:2015-10-20 12:25 | Read:5582 | Comments:0 | Tags:Features Law & Disorder Risk Assessment Technology Lab zdi z

Paranoid Android redux: “going dark” with Silent Circle’s Blackphone 2

Specs at a glance: Silent Circle Blackphone 2Screen2560×1440 5.5” Full HD IPSOSSilent OS (based on Android Lollipop)CPUQualcomm® Snapdragon 615, 1.7GHz Octa-coreRAM3GBGPUAdreno 405Storage32GB, with up to 128GB additional via microSDNetworkingDual-band 2.4/5.0GHz 802.11 a/b/g/n/ac, Bluetooth 4.0LE. LTE and worldwide 3G/HSPA+ cellular data.PortsMicro USB 2.0,
Publish At:2015-09-29 05:15 | Read:5839 | Comments:0 | Tags:Features Gear & Gadgets Risk Assessment android for work bla

How security flaws work: The buffer overflow

The buffer overflow has long been a feature of the computer security landscape. In fact the first self-propagating Internet worm—1988's Morris Worm—used a buffer overflow in the Unix finger daemon to spread from machine to machine. Twenty-seven years later, buffer overflows remain a source of problems. Windows infamously revamped its security focus after
Publish At:2015-08-26 11:56 | Read:4901 | Comments:0 | Tags:Features Risk Assessment

Highway to hack: why we’re just at the beginning of the auto-hacking era

Imagine it’s 1995, and you’re about to put your company’s office on the Internet. Your security has been solid in the past—you’ve banned people from bringing floppies to work with games, you’ve installed virus scanners, and you run file server backups every night. So, you set up the Internet router and give everyone TCP/IP addresses. It’s not like you’re
Publish At:2015-08-23 13:30 | Read:5599 | Comments:0 | Tags:Cars Technica Features Risk Assessment

A public marketplace for hackers—what could possibly go wrong?

Last November, Charles Tendell quietly launched a website called Hacker's List. Its name was literal. In this online marketplace, white-hat security experts could sell their services in bite-size engagements to people with cyber-problems beyond their grasp."Hacker's List is meant to connect consumers who have online issues to hackers or professionals out
Publish At:2015-07-28 05:50 | Read:5293 | Comments:0 | Tags:Features Ministry of Innovation Risk Assessment

“EPIC” fail—how OPM hackers tapped the mother lode of espionage data

Government officials have been vague in their testimony about the data breaches—there was apparently more than one—at the Office of Personnel Management. But on Thursday, officials from OPM, the Department of Homeland Security, and the Department of the Interior revealed new information that indicates at least two separate systems were compromised by att
Publish At:2015-06-22 06:00 | Read:4400 | Comments:0 | Tags:Features Law & Disorder Risk Assessment breach DHS opm

Single sign-on with OpenConnect VPN server over FreeIPA

In March of 2015 the 0.10.0 version of OpenConnect VPN was released. One of its main features is the addition of MS-KKDCP support and GSSAPI authentication. Putting the acronyms aside that means that authentication in FreeIPA, which uses Kerberos, is greatly simplified for VPN users. Before explaining more, let’s first explore what the typical login pr
Publish At:2015-06-18 11:35 | Read:5063 | Comments:0 | Tags:Cryptography Features Fedora Security authentication GSSAPI

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks

Not long after blowing the lid off a National Security Agency-backed hacking group that operated in secret for 14 years, researchers at Moscow-based Kaspersky Lab returned home from February's annual security conference in Cancun, Mexico to an even more startling discovery. Since some time in the second half of 2014, a different state-sponsored group had
Publish At:2015-06-10 20:40 | Read:6312 | Comments:0 | Tags:Features Law & Disorder Risk Assessment Technology Lab advan

Why the “biggest government hack ever” got past the feds

In April, federal authorities detected an ongoing remote attack targeting the United States' Office of Personnel Management (OPM) computer systems. This situation may have gone on for months, possibly even longer, but the White House only made the discovery public last Friday. While the attack was eventually uncovered using the Department of Homeland Sec
Publish At:2015-06-08 17:25 | Read:6526 | Comments:0 | Tags:Features Law & Disorder Risk Assessment Technology Lab

Review: Anonabox or InvizBox, which Tor router better anonymizes online life?

A while back, we covered the controversy over a few Kickstarter projects aiming to provide something in increasing demand as of late: a foolproof way to connect any Wi-Fi capable device to the Tor anonymized network. Two such Tor "travel router" projects have since become actual product: InvizBox, from a team in Ireland, and the resurrected Anonabox, whi
Publish At:2015-04-08 22:36 | Read:5755 | Comments:0 | Tags:Features Risk Assessment Technology Lab

Anti-doxing strategy—or, how to avoid 50 Qurans and $287 of Chick-Fil-A

"Nate, wake up. Your phone keeps going off."This was two months ago—Monday morning, 4am—and I was asleep. But I remember what happened vividly. A decently hard nudge from my girlfriend did what technology couldn't, and I woke up to look at my phone. It showed two missed calls from unrecognized numbers alongside a slew of texts. I took a quick glance at t
Publish At:2015-03-15 21:45 | Read:6873 | Comments:0 | Tags:Features Law & Disorder Risk Assessment doxxing doxxing week

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last

CANCUN, Mexico — In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at lea
Publish At:2015-02-16 19:00 | Read:5604 | Comments:0 | Tags:Ars Technica Videos Features Law & Disorder Risk Assessment

Tag Cloud