HackDig : Dig high-quality web security articles for hacker

BYOD Makes Application Security a Matter of National Security

Several publications have commented on a new study from Harvard’s Berkman Center for Internet and Society. The study was called “Don’t Panic: Making Progress on the ‘Going Dark’ Debate.” Apple and others have designed products with so-called “end-to-end encryption,” meaning that a message between two users can
Publish At:2016-02-12 14:05 | Read:3613 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

NSA Directorates

An earlier post made the point that security problems can come from subdivisions of an organization pursuing incompatible goals. In the Cold War, for example, lack of coordination between the CIA and the State Department allowed the KGB to identify undercover agents. The Guardian reports that the NSA is reorganizing to address this issue. Previously, its off
Publish At:2016-02-05 19:20 | Read:2286 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

An idea to help secure U.S. cybersecurity…

… and looking for the right person to show us how to do so. A few years back I was watching a presentation given by General Keith B. Alexander, who was at the time Commander, U.S. Cyber Command and previously Director of the National Security Agency (NSA). Gen. Alexander’s remarks focused on the cybersecurity climate from his perspective and the impact on U.
Publish At:2015-12-03 18:15 | Read:2370 | Comments:1 | Tags:Industry Observations Vulnerabilities Web Application Securi

The Ad Blocking Wars: Ad Blockers vs. Ad-Tech

More and more people find online ads to be annoying, invasive, dangerous, insulting, distracting, expensive, and just understandable, and have decided to install an ad blocker. In fact, the number of people using ad blockers is skyrocketing. According to PageFair’s 2015 Ad Blocking Report, there are now 198 million active adblock users around the world with
Publish At:2015-12-03 00:10 | Read:2380 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

“Crash Course – PCI DSS 3.1 is here. Are you ready?” Part II

Thanks to all who attended our recent webinar, “Crash Course – PCI DSS 3.1 is here. Are you ready?”. During the stream, there were a number of great questions asked by attendees that didn’t get answered due to the limited time. This blog post is a means to answer many of those questions. Still have questions? Want to know more about
Publish At:2015-12-01 12:00 | Read:2603 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

URLs are content

Justifications for the federal government’s controversial mass surveillance programs have involved the distinction between the contents of communications and associated “meta-data” about those communications. Finding out that two people spoke on the phone requires less red tape than listening to the conversations themselves. While “
Publish At:2015-11-30 17:55 | Read:3041 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Saving Systems from SQLi

There is absolutely nothing special about the TalkTalk breach — and that is the problem. If you didn’t already see the news about TalkTalk, a UK-based provider of telephone and broadband services, their customer database was hacked and reportedly 4 million records were pilfered. A major organization’s website is hacked, millions of records containing PII are
Publish At:2015-10-27 22:15 | Read:2555 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

The Death of the Full Stack Developer

When I got started in computer security, back in 1995, there wasn’t much to it — but there wasn’t much to web applications themselves. If you wanted to be a web application developer, you had to know a few basic skills. These are the kinds of things a developer would need to build a somewhat complex website back in the day: ISP/Service Provide
Publish At:2015-08-28 14:30 | Read:2565 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

Conspiracy Theory and the Internet of Things

I came across this article about smart devices on Alternet, which tells us that “we are far from a digital Orwellian nightmare.” We’re told that worrying about smart televisions, smart phones, and smart meters is for “conspiracy theorists.” It’s a great case study in not having a security mindset. This is what David Petraeus said about the Internet of Things
Publish At:2015-08-14 15:55 | Read:1838 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

#HackerKast 43: Ashley Madison Hacked, Firefox Tracking Services and Cookies, HTML5 Malware Evasion Techniques, Miami Co

Hey Everybody! Welcome to another HackerKast. Lets get right to it! We had to start off with the big story of the week which was that Ashley Madison got hacked. For those of you fortunate enough to not know what Ashley Madison is, it is a dating website dedicated to members who are in relationships and looking to have affairs. This breach was a twist from m
Publish At:2015-07-28 03:40 | Read:1913 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Web Security for the Tech Impaired: What is two factor authentication?

You may have heard the term ‘two-factor’ or ‘multi-factor’ authentication. If you haven’t heard of these terms, chances are you’ve experienced this and not even known it. The interesting thing is that two factor authentication is one of the best ways to protect your accounts from being hacked. So what exactly is it? Well traditional authentication will ask y
Publish At:2015-07-25 05:35 | Read:1733 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

Lowering Defenses to Increase Security

Starting at WhiteHat was a career change for me. I wasn’t sure exactly what to expect, but I knew there was a lot of unfamiliar terminology: “MD5 signature”, “base64″, “cross-site request forgery”, “‘Referer’ header”, to name a few. When I started testing real websites, I was surprised that a lot
Publish At:2015-07-15 01:35 | Read:2207 | Comments:0 | Tags:Industry Observations Technical Insight True Stories of the

#HackerKast 41: HackingTeam, Adobe Flash Bug, UK Government’s Possible Encryption Ban

Hello everyone! Welcome to Week 41! Hope everyone enjoyed the holiday last week. Let’s get right to it: First off, we talked about HackingTeam which is an Italian survaillence firm which sells its tools to governments to spy on citizens. We don’t know much about the breach itself in terms of technical details but the fact that this is a security
Publish At:2015-07-10 18:35 | Read:1915 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

Importance of a Security Mindset

Back in 2008, Bruce Schneier wrote an article in Wired about the security mindset. In it he wrote: This kind of thinking is not natural for most people. It’s not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinkin
Publish At:2015-07-10 01:25 | Read:1503 | Comments:0 | Tags:Industry Observations Bruce Schneier paranoia security minds

#HackerKast 40: OPM Breach, Sourcepoint, AdBlock Plus, NSA and AV software, Adobe Flash, Chrome Listens In via Computer

Regards, Hey Everybody! Welcome to our 40th HackerKast! Thanks for listening as always and lets get to the news! Our first story to chat about this week was news bubbling up still about the recent OPM breach. This time, the news outlets are latching on to the fact that data encryption wouldn’t have helped them in this case. Jeremiah poses the question
Publish At:2015-06-27 04:20 | Read:4721 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud