security - Dave's Blog


Search

Retweet of SwiftOnSecurity

Apr 13, 7:01
I should have fond memories of GTA IV, but instead it's "Hey cousin, do you want to go bowling?"
PermalinkComments

Retweet of sleevi_

Apr 7, 2:41
Rad to see Mozilla in on the fun! For Chrome, see https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/2LXKVWYkOus … and https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/pnsUO-KxzTs … // @metromoxie https://twitter.com/jruderman/status/585562933914181635 …
PermalinkComments

Retweet of SwiftOnSecurity

Apr 3, 7:24
Go watch Primer. Do it. It's the only movie you'll still feel like an idiot watching after 5 times. Seriously. It's amazing.
PermalinkComments

Retweet of shaver

Feb 20, 4:19
Facebook Security published a note with some info on Superfish: https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339 …
PermalinkComments

David_Risney: "With crypto in UK crosshairs, secret US report says it’s vital". I think the secret is out on crypto.

Jan 15, 10:10
David Risney @David_Risney :
"With crypto in UK crosshairs, secret US report says it’s vital". I think the secret is out on crypto. http://arstechnica.com/security/2015/01/with-crypto-in-uk-crosshairs-secret-us-report-says-its-vital/ …
PermalinkComments

How I Pranked My Roommate With Eerily Targeted Facebook Ads

2014 Sep 18, 2:27

“This is the chronicle of the most epic retaliation and how I pranked my roommate with targeted Facebook Ads to the point of complete paranoia and delusion.”

Funny anecdote but also a how-to on creating a Facebook ad campaign that targets a single person.

PermalinkCommentshumor security ad facebook

Why do Nigerian Scammers Say They are from Nigeria? - Microsoft Research

2014 Aug 26, 3:53

Mass mailing Internet scams intentionally use poor spelling, grammar etc to filter down to target ignorant audience .

PermalinkCommentstechnical security statistics

The Secret Life of SIM Cards - DEFCON 21 - simhacks

2014 Aug 16, 1:07

A DEFCON talk “The Secret Life of SIM Cards” that covers running apps on your SIM card. Surprisingly they run a subset of Java and execute semi-independent of the Phone’s OS.

PermalinkCommentstechnical phone sim-card security java

Detect login with CSP - When Security Generates Insecurity

2014 Jul 8, 1:13

An interesting way to use the report-uri feature of CSP to detect if a user is logged into Google, Facebook etc.

PermalinkCommentstechnical security csp web

On exploiting security issues in botnet C&C...

2014 Jun 23, 4:26


On exploiting security issues in botnet C&C software:

Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”

FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.

PermalinkCommentstechnical security

U.S. Marshals Seize Cops’ Spying Records to Keep Them From the ACLU | Threat Level | WIRED

2014 Jun 4, 6:08

"A routine request in Florida for records detailing the use of a surveillance tool known as stingray turned extraordinary Tuesday when the U.S. Marshals Service seized the documents before local police could release them."

Also what about the part where the PD reveals that its been using the stingray a bunch without telling any court and blames that on the manufacturer’s NDA.

PermalinkCommentstechnical law security phone

XSS game

2014 May 29, 1:10

Google’s XSS training game. Learn how to find XSS issues for fun and profit.

PermalinkCommentstechnical web security xss google

Encrypted Web Traffic More Than Doubles

2014 May 18, 1:20

RT @PeerProd In Europe, encrypted traffic went from 1.47% to 6.10%, and in Latin America, it increased from 1.8% to 10.37%
http://www.wired.com/2014/05/sandvine-report/ #NSA

PermalinkCommentstechnical security nsa encryption

exec($_GET

2014 Apr 29, 8:27

Does it betray my innocence that I’m shocked by the amount of exec($_GET you can easily find on github? Hilarious comment thread on hacker news: 

This is awful. Shell commands are not guaranteed to be idempotent, people! These should all be of the form exec($_POST, not exec($_GET.

ephemeralgomi

PermalinkCommentshumor security http php technical

The 5 Things To Do About the New Heartbleed Bug

2014 Apr 9, 9:06

Its time to get a password manager.

PermalinkCommentssecurity password technical

Hijacking user sessions with the Heartbleed vulnerability · Matt's Life Bytes

2014 Apr 8, 6:36

Just a quick tutorial on exploiting heartbleed for session hijacking. Is it worse to use https than http today?

PermalinkCommentstechnical security ssl heartbleed session-hijack

Xbox One Sign Out Trolling - YouTube

2014 Jan 8, 5:53PermalinkCommentsvideo game xbox voice security

Pixel Perfect Timing Attacks with HTML5 - Context » Information Security

2013 Aug 7, 8:25PermalinkCommentssecurity html html5 svg javascript requestAnimationFrame iframe

In Depth Review: New NSA Documents Expose How Americans Can Be Spied on Without A Warrant

2013 Jun 21, 10:43

What It All Means: All Your Communications are Belong to U.S. In sum, if you use encryption they’ll keep your data forever. If you use Tor, they’ll keep your data for at least five years. If an American talks with someone outside the US, they’ll keep your data for five years. If you’re talking to your attorney, you don’t have any sense of privacy. And the NSA can hand over you information to the FBI for evidence of any crime, not just terrorism. All without a warrant or even a specific FISA order.

Not sure if this is saying all Tor data is collected or saying if someone uses Tor then start collecting that someone’s communication.

PermalinkCommentstechnical legal tor nsa eff spying security privacy

Microsoft will pay up to $100K for new Windows exploit techniques

2013 Jun 21, 4:29


Good news everyone! Of course Microsoft employees are not eligible but that’s probably for the best.

PermalinkCommentssecurity exploit money microsoft technical
Older Entries Creative Commons License Some rights reserved.