Cybersecurity

https://www.kaspersky.com/blog/encrypted-usb-drives-audit/17948/?utm_source=kasperskysocialchannel.com&utm_medium=Kaspersky+Lab+%28Employees%2C+USA%29&utm_campaign=kasperskysocialchannel.com How can you be sure the “secure” USB drive you’re using is really secure and the data you store on it can’t be extracted? That’s exactly the question Google’s security researchers Ellie Bursztein, Jean-Michel Picod, and Rémi Audebert addressed in their talk, “Attacking encrypted USB keys the hard(ware) way,” at the recent Black Hat →

http://spectrum.ieee.org/the-human-os/computing/software/researchers-embed-malicious-code-into-dna-to-hack-dna-sequencing-software This sounds like plot from scifi movie: University of Washington researchers successfully stored malware in synthetic DNA strands, and used it to gain control of the computer analyzing it. Researchers at the University of Washington have shown that by changing a little bit of computer code they can insert malware into a strand of →

https://access.redhat.com/blogs/766093/posts/3031361?sc_cid=7016000000127ECAAY The SSL/TLS protocol uses RSA, Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) primitives for the key exchange algorithm. RSA is based on the fact that when given a product of two large prime numbers, factorizing the product (which is the public key) is computationally intensive, but a quantum computer could efficiently solve this problem →

https://opensource.com/article/17/6/3-security-musts-software-developers?sc_cid=7016000000127ECAAY 1. Don’t encrypt passwords, hash them. 2. Don’t put secret backdoors in software. 3. Authenticate users on every page—not only on the login page. →

https://docs.google.com/forms/d/e/1FAIpQLSfTwnopvY7UYcSf-1QOkHTFUkow4mPeuses7ibDRAxPs7BptQ/viewform It is not uncommon to see trolls tricking new Linux/Unix users run commands as a joke. This page tries to collect the commands you should be warned of. →

https://motherboard.vice.com/en_us/article/8xazek/hackers-show-proof-of-concepts-to-beat-hardware-based-2fa “Hardware security devices are an improvement… However, we need to be mindful of our hardware, and just because we say this magic token is secure, we don’t implicitly assume that.” Hardware tokens provide possibly the best way to add an extra lock onto your account. Two-factor authentication sent by SMS can be intercepted. It is probably →

http://mashable.com/2017/07/28/safe-cracking-robot-defcon/#4DUijhH.lgqL If hackers want what’s on your computer, chances are they can find a way to get it. But what about your non-digital goods you keep in a safe at home? Turns out those aren’t that secure, either.  At the 25th annual DEF CON in Las Vegas professional tinkerer and founder of SparkFun Electronics Nathan →

http://www.edn.com/design/systems-design/4458666/Wireless—IoT-protocols—their-security-tradeoffs?utm_content=buffer01b00&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer Many products suddenly become hacking targets when their products become smart and connected. This article is about securing them. The issue is that bad press and major security and privacy issues might slow down the adoption of IoT for improving our lives. Many end users are already skeptical to connect simple devices we rely →

http://blog.sec-consult.com/2017/07/reverse-engineering-hardware.html?m=1 Nowadays, we are living in a world dominated by embedded systems. Everyone can be spied on through various channels. Routers, IP-cameras, phones, and other embedded devices are affected by security vulnerabilities and are therefore easily hack-able.  This article covers some basic hardware reverse engineering techniques on PCB-level, which are applicable to any electronic embedded →

http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/ Mozilla has a website add-on section that has thousands of useful add-ons in different categories. Some of these add-ons are useful for penetration testers and security analysts. These penetration testing add-ons helps in performing different kinds of attacks, and modify request headers direct from the browser.  This article lists a few popular and interesting Firefox add-ons →