Offline
Post your new articles here
This one is on Kali Linux and specifically using it to test WEP security. WEP is outdated, but as the article mentions it is a good place to start with basic Pen Testing using either Kali or Parrot.
Offline
A google security group offers a program to select users to counteract against spear phishing, phishing and other malicious attacks. The team was put together after the fiasco of certain politicians emails being hacked. The program though not named is counted as the highest form of personal account security that google offers. Such attacks that are counted against are emails that are sent to campaign subscribers from the alleged politician designed to gain personal information.
-Daniel dagg
Offline
Widespread use of open source code used in popular Android apps has shown to be a large security risk. Critical vulnerabilities were found in very common apps including banking, ticket purchasing, sports and travel apps. 32 percent or 105 out 330 apps tested among 16 different categories averaged 19 vulnerabilities per app. According to ACI, there were 40,000 known open source vulnerabilities in the last 17 years, and one-third of them came from last year. This is a major concern given 90 percent of all software today contains open source software components.
~Seth Sampson
Offline
(Charles Barrett) A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by=14.4px identity thieves and other fraudsters unless the USPS beefed up security. they didn't listen and now 7 people were arrested for doing it and causing nearly $400,000 in unauthorized charges on credit cards they ordered in the names of residents.
Last edited by Cbarrett17 (11/09/2018 11:39 am)
Offline
China back to spying on and stealing from American businesses amid raging trade war
Last edited by BlaineP16 (11/09/2018 11:58 am)
Offline
It appears the newest build for Windows 10 might soon support WPA3. Although Microsoft has not officially stated that it will some insiders are saying that the newest Windows 10 preview build 18272 is showing that Microsoft is actively working toward that soon.
Last edited by MichaelNees (11/13/2018 10:57 am)
Offline
Several vulnerabilities found in hardware encryption implementations. This affects Crucial MX devices, Samsung EVO devices, and others. The vulnerable encryption implementations are ATA security and TCG Opal. Multiple vulnerabilities are discussed in the article, but to summarize:
Researchers with phyiscal access could modify the password validation process in RAM through the JTAG debugging interface, causing it to accept any password and decrypt the device
Crucial MX300 has a master password for decryption, which by default is an empty string
The Samsung 840 EVO has a "wear leveling" feature for preserving the longevity of the SSD that involves moving data to different locations on the SSD, but old data is preserved until overwritten. This means that if you have unprotected data and add a password, the wear leveling feature will preserve the unprotected data until overwritten
Bitlocker defaults to hardware encryption if available before using it's own software encryption, so Bitlocker doesn't protect against these hardware vulnerabilities
Crucial has patched all their devices, Samsung has patched some of their devices.
-Skyler
Offline