HackDig : Dig high-quality web security articles for hacker

Conspiracy Theory and the Internet of Things

I came across this article about smart devices on Alternet, which tells us that “we are far from a digital Orwellian nightmare.” We’re told that worrying about smart televisions, smart phones, and smart meters is for “conspiracy theorists.” It’s a great case study in not having a security mindset. This is what David Petraeus said about the Internet of Things
Publish At:2015-08-14 15:55 | Read:2230 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Hammering at speed limits

Slate has a well-written article explaining an interesting new vulnerability called “Rowhammer.” The white paper is here, and the code repository is here. Here’s the abstract describing the basic idea: As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows
Publish At:2015-08-11 17:30 | Read:3021 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security A

Why is Passive Mixed Content so serious?

One of the most important tools in web security is Transport Layer Security (TLS). It not only protects sensitive information during transit, but also verifies that the content has not been modified. The user can be confident that content delivered via HTTPS is exactly what the website sent. The user can exchange sensitive information with the website, secur
Publish At:2015-07-31 01:45 | Read:2756 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

#HackerKast 43: Ashley Madison Hacked, Firefox Tracking Services and Cookies, HTML5 Malware Evasion Techniques, Miami Co

Hey Everybody! Welcome to another HackerKast. Lets get right to it! We had to start off with the big story of the week which was that Ashley Madison got hacked. For those of you fortunate enough to not know what Ashley Madison is, it is a dating website dedicated to members who are in relationships and looking to have affairs. This breach was a twist from m
Publish At:2015-07-28 03:40 | Read:2066 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Web Security for the Tech Impaired: What is two factor authentication?

You may have heard the term ‘two-factor’ or ‘multi-factor’ authentication. If you haven’t heard of these terms, chances are you’ve experienced this and not even known it. The interesting thing is that two factor authentication is one of the best ways to protect your accounts from being hacked. So what exactly is it? Well traditional authentication will ask y
Publish At:2015-07-25 05:35 | Read:1824 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

Bayes’ Theorem and What We Do

Back in 2012, The Atlantic Monthly published a behind-the-scenes article about Google Maps. This is the passage that struck me: The best way to figure out if you can make a left turn at a particular intersection is still to have a person look at a sign — whether that’s a human driving or a human looking at an image generated by a Street View car.
Publish At:2015-07-20 20:20 | Read:2831 | Comments:0 | Tags:Technical Insight automated scanning base rate neglect Bayes

Lowering Defenses to Increase Security

Starting at WhiteHat was a career change for me. I wasn’t sure exactly what to expect, but I knew there was a lot of unfamiliar terminology: “MD5 signature”, “base64″, “cross-site request forgery”, “‘Referer’ header”, to name a few. When I started testing real websites, I was surprised that a lot
Publish At:2015-07-15 01:35 | Read:2505 | Comments:0 | Tags:Industry Observations Technical Insight True Stories of the

OpenSSL CVE-2015-1793

OpenSSL released a security advisory regarding CVE-2015-1793, a bug in the implementation of the certificate verification process: … from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause ce
Publish At:2015-07-10 18:35 | Read:1924 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security c

#HackerKast 41: HackingTeam, Adobe Flash Bug, UK Government’s Possible Encryption Ban

Hello everyone! Welcome to Week 41! Hope everyone enjoyed the holiday last week. Let’s get right to it: First off, we talked about HackingTeam which is an Italian survaillence firm which sells its tools to governments to spy on citizens. We don’t know much about the breach itself in terms of technical details but the fact that this is a security
Publish At:2015-07-10 18:35 | Read:2105 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

Web Security for the Tech Impaired: Connecting to WiFi

We’ve all been at an airport or coffee shop and checked our phone to see that your internet connection is incredibly slow. You curse the heavens in frustration and then you notice that they offer free WiFi. “What fortuitous circumstances!” you think. You look on your phone for what networks are available around you and you see: Starbucks FREE_Starbucks Publi
Publish At:2015-06-30 18:15 | Read:2067 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security p

#HackerKast 40: OPM Breach, Sourcepoint, AdBlock Plus, NSA and AV software, Adobe Flash, Chrome Listens In via Computer

Regards, Hey Everybody! Welcome to our 40th HackerKast! Thanks for listening as always and lets get to the news! Our first story to chat about this week was news bubbling up still about the recent OPM breach. This time, the news outlets are latching on to the fact that data encryption wouldn’t have helped them in this case. Jeremiah poses the question
Publish At:2015-06-27 04:20 | Read:5047 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

#HackerKast 39: MLB Astros Hacked By Cardinals, Duqu 2.0, More Ad Blocking News and RIP Microsoft Ask Toolbar

Hey everybody and welcome to another week in Internet Security. Robert and I were trying our best to stay above water with Tropical Storm Bill hitting Southern Texas while Jeremiah was making us jealous with his palm trees and blue skies in Hawaii. I’ll remember that one Jer… Back on topic, our first story was some shameless self promotion of Je
Publish At:2015-06-23 14:15 | Read:4487 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security W

#HackerKast 38: Pulse tests .gov sites, China hacked US government, DuckDuckGo, NSA Quantum Insert attacks and Google fi

Hey All! Welcome to another HackerKast! I’m back whether you like it or not. Gave a quick rundown of my Europe trip before jumping into the news and we started with one of my favorite stories we’ve covered in a while. This one was about a project called Pulse which grabbed every .gov site it could get its hands on and ran an SSL Labs tester on i
Publish At:2015-06-12 21:45 | Read:3554 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

#HackerKast 37: More router hacking, StegoSploit, XSS Polyglot and Columbia Casualty Insurance refuses to pay Cottage He

One more lonely week without Matt Johansen as Jeremiah and I have braved another HackerKast on our own. Thankfully we were comforted by some very interesting stories. Most of them were technical but one of them was around insurance. First up was about router hacking – one of Jer and my favorite topics. It turns out someone has been automating intranet
Publish At:2015-06-03 17:20 | Read:2957 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security W

#HackerKast 36: Moose Router Worm, Adult Friend Finder male users hacked, Firefox and advertising, WHS Stats Report, and

It was just Jeremiah and me again today, as Matt is shamelessly galavanting around Europe at various security conferences (I think it’s safe to hate him for it, isn’t it?). But we had a ton of interesting stories this week to cover and didn’t have much time to do it. The first up was the Moose Router Worm – similar to the Internet Ce
Publish At:2015-05-29 02:35 | Read:2377 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security W

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud