"This is the chronicle of the most epic retaliation and how I pranked my roommate with targeted Facebook Ads to the point of complete paranoia and delusion."
Funny anecdote but also a how-to on creating a Facebook ad campaign that targets a single person.
Mass mailing Internet scams intentionally use poor spelling, grammar etc to filter down to target ignorant audience .
A DEFCON talk “The Secret Life of SIM Cards” that covers running apps on your SIM card. Surprisingly they run a subset of Java and execute semi-independent of the Phone’s OS.
An interesting way to use the report-uri feature of CSP to detect if a user is logged into Google, Facebook etc.
Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”
FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.
"A routine request in Florida for records detailing the use of a surveillance tool known as stingray turned extraordinary Tuesday when the U.S. Marshals Service seized the documents before local police could release them."
Also what about the part where the PD reveals that its been using the stingray a bunch without telling any court and blames that on the manufacturer’s NDA.
Google’s XSS training game. Learn how to find XSS issues for fun and profit.
RT @PeerProd In Europe, encrypted traffic went from 1.47% to 6.10%, and in Latin America, it increased from 1.8% to 10.37%
Does it betray my innocence that I’m shocked by the amount of exec($_GET you can easily find on github? Hilarious comment thread on hacker news:
This is awful. Shell commands are not guaranteed to be idempotent, people! These should all be of the form exec($_POST, not exec($_GET.
Should you take the latest security scare seriously? I do, and here is what I am doing about it.
Its time to get a password manager.
Just a quick tutorial on exploiting heartbleed for session hijacking. Is it worse to use https than http today?
What It All Means: All Your Communications are Belong to U.S. In sum, if you use encryption they’ll keep your data forever. If you use Tor, they’ll keep your data for at least five years. If an American talks with someone outside the US, they’ll keep your data for five years. If you’re talking to your attorney, you don’t have any sense of privacy. And the NSA can hand over you information to the FBI for evidence of any crime, not just terrorism. All without a warrant or even a specific FISA order.
Not sure if this is saying all Tor data is collected or saying if someone uses Tor then start collecting that someone’s communication.
Redmond finally joins Google, Mozilla, by offering cash rewards for security flaws.
Good news everyone! Of course Microsoft employees are not eligible but that’s probably for the best.
Web Security Framework: Problem Statement and Requirements
According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.
The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.
Megabox is an ad-replacer - replacing ads on the web as you browse with its own. Ignoring security concerns, I hope this doesn’t result in over prescriptive laws that endanger things like Greasemonkey.
To listen to songs through Megabox, users will have two options—purchasing the music through the service, or installing “Megakey” software onto their computer to listen for free. The Megakey software, as Dotcom explained to Torrentfreak, acts like ad-blocking software—except that it isn’t. Megakey allows most advertisements to appear, but replaces about 15 percent of the ads served up by websites with ads hosted by Megabox.
An analysis of leaked PIN numbers.
… nearly 11% of the 3.4 million passwords are 1234 !!!