POPULARITY
Online identity is a ticking time bomb. Are trustworthy, open-source solutions ready to disarm it? Or will we be stuck with lackluster, proprietary systems?Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:
This week we rocket back into your podcast feed with a look at the OrBit Linux malware teardown from Intezer, plus we cover security updates for cloud-init, Vim, the Linux kernel, GnuPG, Dovecot and more.
This week we cover security updates for dpkg, logrotate, GnuPG, CUPS, InfluxDB and more, plus we take a quick look at some open positions on the team - come join us!
In this episode we give a very (very) high level introduction to cryptography concepts. No math or programming background required!Links:Crypto 101, probably the BEST book for learning about cryptography concepts. And a relevant talk from PyCon!We mentioned RSA, which is the first publicly published algorithm for public key cryptography. These days most public key cryptography uses elliptic curves instead. It's possible that in the future, something else will be recommended instead!Playing around with GnuPG can be a great way to learn about cryptography as a user, but... it's also not the easiest thing to learn either, and we don't personally believe that GPG/PGP's web of trust model is a realistic path for user security. (But what we recommend instead, that's a topic for a future episode.) Still, a useful tool in all sorts of ways.Mixing and matching these things at a low level can be tricky, and unexpected vulnerabilities can easily occur. Cryptographic Right Answers has been a useful page, but the cryptography world keeps moving!
Dans ce fabuleux épisode réalisé en famille avec Quentin Adam, Marc Antoine Perennou, Julien Durillon et Pierre Zemb nous parlons de class action sur une entente Google / Apple sur les moteur de recherche, des processeurs Mobile eye by Intel et des annonces AMD et Intel pour de nouveaux procs, de GNUPG qui devient économiquement viable, du bug Exchange de l'an 2022. On vous présente les nouvelles recrues de Clever Cloud et enfin, on vous parle Kernel !
GnuPG has some great news, Libadwaita 1.0 has arrived and we share our thoughts, plus a big batch of updates from the Matrix project.
GnuPG has some great news, Libadwaita 1.0 has arrived and we share our thoughts, plus a big batch of updates from the Matrix project.
GnuPG has some great news, Libadwaita 1.0 has arrived and we share our thoughts, plus a big batch of updates from the Matrix project.
GnuPG has some great news, Libadwaita 1.0 has arrived and we share our thoughts, plus a big batch of updates from the Matrix project.
GnuPG has some great news, Libadwaita 1.0 has arrived and we share our thoughts, plus a big batch of updates from the Matrix project.
Using the GnuPG vim plugin to edit encrypted files. See show hpr3476 My mutt email setup http://www.hackerpublicradio.org/eps.php?id=3476 GnuPG Vim Plugin on vim.org https://www.vim.org/scripts/script.php?script_id=3645 GnuPG Vim Plugin on Github https://github.com/vim-scripts/gnupg.vim From man 1 gpg-agent: You should always add the following lines to your .bashrc or whatever initialization file is used for all shell invocations: GPG_TTY=`tty` export GPG_TTY It is important that this environment variable always reflects the output of the tty command. .bashrc snippet ## GPG Vim GPG_TTY=`tty` export GPG_TTY export EDITOR=vim GnuPG folder structure [mark@fedora-lt ~]$ tree .vim .vim ├── plugin │ └── vim-gnupg │ ├── autoload │ │ └── gnupg.vim │ ├── doc │ │ └── gnupg.txt │ ├── plugin │ │ └── gnupg.vim │ └── README.md └── spell ├── en.utf-8.add └── en.utf-8.add.spl vimrc set tabstop=2 softtabstop=0 expandtab shiftwidth=2 smarttab textwidth=80 syntax on autocmd BufRead,BufNewFile *.log set filetype=logtalk set spell spelllang=en_us Generate gpg full key gpg --full-generate-key or just a regular one, with less options gpg --gen-key Encrypt the file in question, with -r as the recipient In this case, I used part of the comment as the recipient Picture 1 Click the thumbnail to see the full-sized image This is more like it. gpg -e -r test thisIsMyTestFile.txt Now test edit the file vim thisIsMyTestFile.txt.gpg Picture 2 It is a good idea to shred the original text file shred - overwrite a file to hide its contents, and optionally delete it -u deallocate and remove file after overwriting -v, --verbose, show progress
Apple pushed out an iOS update in a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted. And Europol reported on a successful takedown operation against the notorious Emotet malware. With Kimberly Truong, Doug Aamoth and Paul Ducklin Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
Apple pushed out an iOS update in a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted. And Europol reported on a successful takedown operation against the notorious Emotet malware. https://nakedsecurity.sophos.com/apple-critical-patches-fix-in-the-wild-iphone-exploits https://nakedsecurity.sophos.com/gnupg-crypto-library-can-be-pwned-during-decryption https://nakedsecurity.sophos.com/emotet-takedown-europol-attacks-worlds-most-dangerous-malware With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
SUDO was pseudo secure, BigNox supply-chain attack, iMessage in a sandbox. Picture of the Week. Chrome rescinding another CA's root cert. An urgent update to the recently released GnuPG. An interesting supply-chain attack "BigNox". Apple quietly put iMessage in a sandbox in iOS 14. For the past 10 years, "SUDO" was only pseudo secure. SpinRite: February 1st Progress Report. NAT Slipstreaming 2.0. We invite you to read our show notes at https://www.grc.com/sn/SN-804-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: barracuda.com/securitynow itpro.tv/securitynow promo code SN30 extrahop.com/SECURITYNOW
Un grupo de usuarios de un foro se coordina para hundir Wall Street, haciendo temblar los cimientos del mercado bursátil. Cámaras Blue de ADT exponen tus trasmisiones de vídeo y audio del hogar, y Ring Neighbors de Amazon expone tu ubicación. Una patente de Microsoft apunta a la intención de hacerte un copia-pega para que sigas existiendo despues de morir. Publicadas múltiples vulnerabilidades de 0-day: actualiza ya tu iPhone, iPad, Apple TV, GnuPG, Kindle, Linux, y SonicWall. Corea de Norte lanza una campaña de phishing muy original atacando a expertos de seguridad para robarles sus investigaciones y exploits. El fin de vida de Adobe Flash afecta al gobierno sudafricano y al seguimiento de trenes en China. Notas y referencias en tierradehackers.com
Un grupo de usuarios de un foro se coordina para hundir Wall Street, haciendo temblar los cimientos del mercado bursátil. Cámaras Blue de ADT exponen tus trasmisiones de vídeo y audio del hogar, y Ring Neighbors de Amazon expone tu ubicación. Una patente de Microsoft apunta a la intención de hacerte un copia-pega para que sigas existiendo despues de morir. Publicadas múltiples vulnerabilidades de 0-day: actualiza ya tu iPhone, iPad, Apple TV, GnuPG, Kindle, Linux, y SonicWall. Corea de Norte lanza una campaña de phishing muy original atacando a expertos de seguridad para robarles sus investigaciones y exploits. El fin de vida de Adobe Flash afecta al gobierno sudafricano y al seguimiento de trenes en China. Notas y referencias en tierradehackers.com
I was giving a talk at DefCon one year and this guy starts grilling me at the end of the talk about the techniques Apple was using to encrypt home directories at the time with new technology called Filevault. It went on a bit, so I did that thing you sometimes have to do when it's time to get off stage and told him we'd chat after. And of course he came up - and I realized he was really getting at the mechanism used to decrypt and the black box around decryption. He knew way more than I did about encryption so I asked him who he was. When he told me, I was stunned. Turns out that like me, he enjoyed listening to A Prairie Home Companion. And on that show, Garrison Keillor would occasionally talk about Ralph's Pretty Good Grocery in a typical Minnesota hometown he'd made up for himself called Lake Wobegon. Zimmerman liked the name and so called his new encryption tool PGP, short for Pretty Good Privacy. It was originally written to encrypt messages being sent to bulletin boards. That original tool didn't require any special license, provided it wasn't being used commercially. And today, much to the chagrin of the US government at the time, it's been used all over the world to encrypt emails, text files, text messages, directories, and even disks. But we'll get to that in a bit. Zimmerman had worked for the Nuclear Weapons Freeze Campaign in the 80s after getting a degree in computer science fro Florida Atlantic University in 1978. And after seeing the government infiltrate organizations organizing Vietnam protests, he wanted to protect the increasingly electronic communications of anti-nuclear protests and activities. The world was just beginning to wake up to a globally connected Internet. And the ARPAnet had originally been established by the military industrial complex, so it was understandable that he'd want to keep messages private that just happened to be flowing over a communications medium that many in the defense industry knew well. So he started developing his own encryption algorithm called BassOmatic in 1988. That cipher used symmetric keys with control bits and pseudorandom number generation as a seed - resulting in 8 permutation tables. He named BassOmatic after a Saturday Night Live skit. I like him more and more. He'd replace BassOmatic with IDEA in version 2 in 1992. And thus began the web of trust, which survives to this day in PGP, OpenPGP, and GnuPG. Here, a message is considered authentic based on it being bound to a public key - one that is issued in a decentralized model where a certificate authority issues a public and private key where messages can only be encrypted or signed with the private key and back then you would show your ID to someone at a key signing event or party in order to get a key. Public keys could then be used to check that the individual you thought was the signer really is. Once verified then a separate key could be used to encrypt messages between the parties. But by then, there was a problem. The US government began a criminal investigation against Zimmerman in 1993. You see, the encryption used in PGP was too good. Anything over a 40 bit encryption key was subject to US export regulations as a munition. Remember, the Cold War. Because PGP used 128 bit keys at a minimum. So Zimmerman did something that the government wasn't expecting. Something that would make him a legend. He went to MIT Press and published the PGP source code in a physical book. Now, you could OCR the software, run it through a compiler. Suddenly, his code was protected as an exportable book by the First Amendment. The government dropped the investigation and found something better to do with their time. And from then on, source code for cryptographic software became an enabler of free speech, which has been held up repeatedly in the appellate courts. So 1996 comes along and PGP 3 is finally available. This is when Zimmerman founds PGP as a company so they could focus on PGP full-time. Due to a merger with Viacrypt they jumped to PGP 5 in 1997. Towards the end of 1997 Network Associates acquired PGP and they expanded to add things like intrusion detection, full disk encryption, and even firewalls. Under Network Associates they stopped publishing their source code and Zimmerman left in 2001. Network Associates couldn't really find the right paradigm and so merged some products together and what was PGP commandline ended up becoming McAfee E-Business Server in 2013. But by 2002 PGP Corporation was born out of a few employees securing funding from Rob Theis to help start the company and buy the rest of the PGP assets from Network Associates. They managed to grow it enough to sell it for $300 million to Symantec and PGP lives on to this day. But I never felt like they were in it just for the money. The money came from a centralized policy server that could do things like escrow keys. But for that core feature of encrypting emails and later disks, I really always felt like they wanted a lot of that free. And you can buy Symantec Encryption Desktop and command it from a server, S/MIME and OpenPGP live on in ways that real humans can encrypt their communications, some of which in areas where their messages might get them thrown in jail. By the mid-90s, mail wasn't just about the text in a message. It was more. RFC934 in 1985 had started the idea of encapsulating messages so you could get metadata. RFC 1521 in 1993 formalized MIME and by 1996, MIME was getting really mature in RFC2045. But by 1999 we wanted more and so S/MIME went out as RFC 2633. Here, we could use CMS to “cryptographically enhance” a MIME body. In other words, we could suddenly encrypt more than the text of an email and it since it was an accepted internet standard, it could be encrypted and decrypted with standard mail clients rather than just with a PGP client that didn't have all the bells and whistles of pretty email clients. That included signing information, which by 2004 would evolve to include attributes for things like singingTime, SMIMECapabilities, algorithms and more. Today, iOS can use S/MIME and keys can be stored in Exchange or Office 365 and that's compatible with any other mail client that has S/MIME support, making it easier than ever to get certificates, sign messages, and encrypt messages. Much of what PGP was meant for is also available in OpenPGP. OpenPGP is defined by the OpenPGP Working Group and you can see the names of some of these guardians of privacy in RFC 4880 from 2007. Names like J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. Despite the corporate acquisitions, the money, the reprioritization of projects, these people saw fit to put powerful encryption into the hands of real humans and once that pandoras box had been opened and the first amendment was protecting that encryption as free speech, to keep it that way. Use Apple Mail, GPGTools puts all of this in your hands. Use Android, get FairEmail. Use Windows, grab EverDesk. This specific entry felt a little timely. Occasionally I hear senators tell companies they need to leave backdoors in products so the government can decrypt messages. And a terrorist forces us to rethink that basic idea of whether software that enables encryption is protected by freedom of speech. Or we choose to attempt to ban a company like WeChat, testing whether foreign entities who publish encryption software are also protected. Especially when you consider whether Tencent is harvesting user data or if the idea they are doing that is propaganda. For now, US courts have halted a ban on WeChat. Whether it lasts is one of the more intriguing things I'm personally watching these days, despite whatever partisan rhetoric gets spewed from either side of the isle, simply for the refinement to the legal interpretation that to me began back in 1993. After over 25 years we still continue to evolve our understanding of what truly open and peer reviewed cryptography being in the hands of all of us actually means to society. The inspiration for this episode was a debate I got into about whether the framers of the US Constitution would have considered encryption, especially in the form of open source public and private key encryption, to be free speech. And it's worth mentioning that Washington, Franklin, Hamilton, Adams, and Madison all used ciphers to keep their communications private. And for good reason as they knew what could happen should their communications be leaked, given that Franklin had actually leaked private communications when he was the postmaster general. Jefferson even developed his own wheel cipher, which was similar to the one the US army used in 1922. It comes down to privacy. The Constitution does not specifically call out privacy; however, the first Amendment guarantees the privacy of belief, the third, the privacy of home, the fourth, privacy against unreasonable search and the fifth, privacy of of personal information in the form of the privilege against self-incrimination. And giving away a private key is potentially self-incrimination. Further, the ninth Amendment has broadly been defined as the protection of privacy. So yes, it is safe to assume they would have supported the transmission of encrypted information and therefore the cipher used to encrypt to be a freedom. Arguably the contents of our phones are synonymous with the contents of our homes though - and if you can have a warrant for one, you could have a warrant for both. Difference is you have to physically come to my home to search it - whereas a foreign government with the same keys might be able to decrypt other data. Potentially without someone knowing what happened. The Electronic Communications Privacy Act of 1986 helped with protections but with more and more data residing in the cloud - or as with our mobile devices synchronized with the cloud, and with the intermingling of potentially harmful data about people around the globe potentially residing (or potentially being analyzed) by people in countries that might not share the same ethics, it's becoming increasingly difficult to know what is the difference between keeping our information private, which the framers would likely have supported and keeping people safe. Jurisprudence has never kept up with the speed of technological progress, but I'm pretty sure that Jefferson would have liked to have shared a glass of his favorite drink, wine, with Zimmerman. Just as I'm pretty sure I'd like to share a glass of wine with either of them. At Defcon or elsewhere!
What's the most secure email and messaging on a smartphone? Leo Laporte explains ways you can encrypt your messages.ProtonMail: https://protonmail.com/mailbox.org: https://mailbox.org/Posteo: https://posteo.de/Tutanota: https://tutanota.com/The GNU Privacy Guard: https://gnupg.org/Signal Private Messenger: https://signal.org/ Host: Leo Laporte Download or subscribe to this show at https://twit.tv/shows/ask-the-tech-guy Sponsor: LastPass.com/twit
What's the most secure email and messaging on a smartphone? Leo Laporte explains ways you can encrypt your messages.ProtonMail: https://protonmail.com/mailbox.org: https://mailbox.org/Posteo: https://posteo.de/Tutanota: https://tutanota.com/The GNU Privacy Guard: https://gnupg.org/Signal Private Messenger: https://signal.org/ Host: Leo Laporte Download or subscribe to this show at https://twit.tv/shows/ask-the-tech-guy Sponsor: LastPass.com/twit
What's the most secure email and messaging on a smartphone? Leo Laporte explains ways you can encrypt your messages.ProtonMail: https://protonmail.com/mailbox.org: https://mailbox.org/Posteo: https://posteo.de/Tutanota: https://tutanota.com/The GNU Privacy Guard: https://gnupg.org/Signal Private Messenger: https://signal.org/ Host: Leo Laporte Download or subscribe to this show at https://twit.tv/shows/ask-the-tech-guy Sponsor: LastPass.com/twit
What's the most secure email and messaging on a smartphone? Leo Laporte explains ways you can encrypt your messages.ProtonMail: https://protonmail.com/mailbox.org: https://mailbox.org/Posteo: https://posteo.de/Tutanota: https://tutanota.com/The GNU Privacy Guard: https://gnupg.org/Signal Private Messenger: https://signal.org/ Host: Leo Laporte Download or subscribe to this show at https://twit.tv/shows/ask-the-tech-guy Sponsor: LastPass.com/twit
Leo Laporte answers Ruchie's question about email encryption and whether email attachments also get encrypted.OpenPGP: https://www.openpgp.orgGnuPG: https://gnupg.orgGpg4win: https://gpg4win.orgGPG Suite: https://gpgtools.org Host: Leo Laporte Download or subscribe to this show at https://twit.tv/shows/ask-the-tech-guy Sponsor: LastPass.com/twit
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Samba Project Disabling SMBv1 By Default https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/ GnuPG Will No Longer Import Signatures From Keyservers https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html eChOraix Ransomware https://www.anomali.com/blog/the-ech0raix-ransomware
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Samba Project Disabling SMBv1 By Default https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/ GnuPG Will No Longer Import Signatures From Keyservers https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html eChOraix Ransomware https://www.anomali.com/blog/the-ech0raix-ransomware
Border agents in china are installing malware on phones, GnuPG has a serious problem, and Amazon saves your voice recordings indefinitely! All that coming up now on ThreatWire. #threatwire #hak5 Links:Support me on alternative platforms! https://snubsie.com/support https://www.youtube.com/shannonmorse -- subscribe to my new channel! ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire Links:https://www.nytimes.com/2019/07/02/technology/china-xinjiang-app.htmlhttps://www.vice.com/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malwarehttps://github.com/motherboardgithub/bxaqhttps://www.cnet.com/news/china-is-reportedly-scanning-tourists-phones-with-malware/ https://threatpost.com/pgp-ecosystem-targeted-in-poisoning-attacks/146240/https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystemhttps://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275fhttps://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html https://www.cnet.com/news/alexa-privacy-concerns-prompt-senator-to-seek-answers-from-amazon-ceo-jeff-bezos/https://www.cnet.com/news/amazon-alexa-keeps-your-data-with-no-expiration-date-and-shares-it-too/https://www.theverge.com/2019/7/3/20681423/amazon-alexa-echo-chris-coons-data-transcripts-recording-privacyhttps://www.cnet.com/how-to/you-can-finally-delete-most-of-your-amazon-echo-transcripts-heres-how/ -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆Our Site → https://www.hak5.orgShop → https://www.hakshop.comSubscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1Support → https://www.patreon.com/threatwireContact Us → http://www.twitter.com/hak5Threat Wire RSS → https://shannonmorse.podbean.com/feed/Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999 Host: Shannon Morse → https://www.twitter.com/snubsHost: Darren Kitchen → https://www.twitter.com/hak5darrenHost: Mubix → http://www.twitter.com/mubix-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/ Mozilla Server Side TLS Guide Updates https://wiki.mozilla.org/Security/Server_Side_TLS SKS Keyserver DoS Attack https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f QR Code Phishing https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/ Mozilla Server Side TLS Guide Updates https://wiki.mozilla.org/Security/Server_Side_TLS SKS Keyserver DoS Attack https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f QR Code Phishing https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
256 · Repaso a mis instalaciones de claves de cifrado y firma. GnuPG (ingles, requisito para los dos siguientes enlaces): https://www.gnupg.org/ Thunderbird: https://www.thunderbird.net/es-ES/ Enigmail (en ingles): https://enigmail.net/index.php/en/ Keybase: https://keybase.io PGP Encrypt - en la tienda sale como PGP Everywhere, ojo, pero por alguna razon en el iPhone, el icono dice "PGP Encrypt" https://itunes.apple.com/us/app/apple-store/id1011677987?mt=8 Contacta conmigo en Anchor: https://anchor.fm/gvisoc, en Twitter: https://twitter.com/gvisoc y en Telegram: https://t.me/gvisoc
Las mismas aplicaciones en Windows, MacOS y Linux, es el sueño de un switcher. ¿Es posible? Pues sí, y en este programa os vamos a mostrar casi una centena de aplicaciones bien conocidas que en ocasiones os sorprenderá saber que existen en las tres plataformas. APLICACIONES MULTIPLATAFORMA Os dejamos aquí el listado de las aplicaciones que mencionamos en el programa ordenadas por su tipología. Creación y edición multimedia Audacity Blender DaVinci Resolver OpenShot OBS Studio Inkscape Gimp Handbreak Reproducción multimedia VLC Plex Media Server Kodi Spotify Desarrollo Visual Code Studio Eclipse PHP Perl Python Java Navegadores Firefox Chromium Chrome Opera Productividad Mozilla Thunderbird LibreOffice OpenOffice MailSpring (cliente de correo) Simplenote (toma de notas) Escritura y editores de texto Scribus Typora LaTeX LyX VIM Sublime text Descargas y compresores FileZilla aMule Qbittorrent jDownloader2 Transmission Gestores de passwords y seguridad KeePass (permiten ports no oficiales y lo hay para TODO) Lastpass 1Password OpenPGP (estándar presente en las tres plataformas – cambia el programa) GnuPG (gpg) Utilidades para informáticos VirtualBox vmware (WS/Player/Fusion) balenaEtcher – Etcher Putty Lynx eLinks Apache XAMPP tcpdump Powershell Core Docker CE VNC Base de datos MySQL PostgreSQL MariaDB DBeaver SQuirrel Multiconferencia Jitsi Zoom Skype Hangouts Otras utilidades Telegram Desktop Raven (lector RSS) Ramme (cliente Instagram) Calibre (gestión biblioteca eBooks) Dropbox Juegos y entretenimiento MInecraft (Java Edition) Steam Otras aplicaciones Moodle (formación y cursos) openXpertya (CRM ERP B2B B2C) ADempiere (CRM)
En esta ocasión tocaba hablar de la criptografía, en la forma de GNU Privacy Guard. Repasamos un poco su historia desde que apareció Pretty Good Privacy en el año 91, sus entresijos y algún problema judicial. En este episodio por primera vez se estrena la sección "comentarios de los oyentes". Patreon: https://www.patreon.com/rcracking
Show notes for Security Endeavors Headlines for Week 5 of 2019Check out our subreddit to discuss this week's headlines!InfoSec Week 6, 2019 (link to original Malgregator.com posting)The Zurich American Insurance Company says to Mondelez, a maker of consumer packaged goods, that the NotPetya ransomware attack was considered an act of cyber war and therefore not covered by their policy.According to Mondelez, its cyber insurance policy with Zurich specifically covered “all risks of physical loss or damage” and “all risk of physical loss or damage to electronic data, programs or software” due to “the malicious introduction of a machine code or instruction.” One would think that the language in the cyber insurance policy was specifically designed to be broad enough to protect Mondelez in the event of any kind of cyber attack or hack. And NotPetya would seem to fit the definition included in the cyber insurance policy – it was a bit of malicious code that effectively prevented Mondelez from getting its systems back up and running unless it paid out a hefty Bitcoin ransom to hackers.Originally, Zurich indicated that it might pay $10 million, or about 10 percent of the overall claim. But then Zurich stated that it wouldn't pay any of the claim by invoking a special “cyber war” clause. According to Zurich, it is not responsible for any payment of the claim if NotPetya was actually “a hostile or warlike action in time of peace or war.” According to Zurich, the NotPetya cyber attack originated with Russian hackers working directly with the Russian government to destabilize the Ukraine. This is what Zurich believes constitutes "cyber war."https://ridethelightning.senseient.com/2019/01/insurance-company-says-notpetya-is-an-act-of-war-refuses-to-pay.html Reuters reports that hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients. According to investigators at cyber security firm Recorded Future, the attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets. Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients.https://www.reuters.com/article/us-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUSKCN1PV141 A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards.Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols.This new vulnerability has been detailed in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year.According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks.The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.Current IMSI-catcher devices target vulnerabilities in this protocol to downgrade AKA to a weaker state that allows the device to intercept mobile phone traffic metadata and track the location of mobile phones. The AKA version designed for the 5G protocol --also known as 5G-AKA-- was specifically designed to thwart IMSI-catchers, featuring a stronger authentication negotiation systemBut the vulnerability discovered last year allows surveillance tech vendors to create new models of IMSI-catchers hardware that, instead of intercepting mobile traffic metadata, will use this new vulnerability to reveal details about a user's mobile activity. This could include the number of sent and received texts and calls, allowing IMSI-catcher operators to create distinct profiles for each smartphone holder. https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/ The Debian Project is recommending the upgrade of golang-1.8 packages after a vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in the “go get” command, which could result in the execution of arbitrary shell commands.https://www.debian.org/security/2019/dsa-4380 It is possible to trick user’s of the Evolution email application into trusting a phished mail via adding a forged UID to a OpenPGP key that has a previously trusted UID. It's because Evolution extrapolates the trust of one of OpenPGP key UIDs into the key itself. The attack is based on using the deficiency of Evolution UI when handling new identifiers on previously trusted keys to convince the user to trust a phishing attempt. More details about how the flaw works, along with examples are included in the article, which is linked in the show notes. Let’s take a minute to cover a bit of background on Trust Models and how validating identities work in OpenPGP and GnuPG:The commonly used OpenPGP trust models are UID-oriented. That is, they are based on establishing validity of individual UIDs associated with a particular key rather than the key as a whole. For example, in the Web-of-Trust model individuals certify the validity of UIDs they explicitly verified.Any new UID added to the key is appropriately initially untrusted. This is understandable since the key holder is capable of adding arbitrary UIDs to the key, and there is no guarantee that new UID will not actually be an attempt at forging somebody else's identity.OpenPGP signatures do not provide any connection between the signature and the UID of the sender. While technically the signature packet permits specifying UID, it is used only to facilitate finding the key, and is not guaranteed to be meaningful. Instead, only the signing key can be derived from the signature in cryptographically proven way.GnuPG (as of version 2.2.12) does not provide any method of associating the apparent UID against the signature. In other words, from e-mail's From header. Instead, only the signature itself is passed to GnuPG and its apparent trust is extrapolated from validity of different UIDs on the key. Another way to say this is that the signature is considered to be made with a trusted key if at least one of the UIDs has been verified.https://dev.gentoo.org/~mgorny/articles/evolution-uid-trust-extrapolation.html If you’re up for some heavy reading about manipulation and deceit being perpetrated by cyber criminals, it may be worth checking out a piece from buzzfeednews. It tells a woeful and dark tale that does not have a happy ending. A small excerpt reads: “As the tools of online identity curation proliferate and grow more sophisticated, so do the avenues for deception. Everyone’s familiar with the little lies — a touch-up on Instagram or a stolen idea on Twitter. But what about the big ones? Whom could you defraud, trick, ruin, by presenting false information, or information falsely gained? An infinite number of individual claims to truth presents itself. How can you ever know, really know, that any piece of information you see on a screen is true? Some will find this disorienting, terrifying, paralyzing. Others will feel at home in it. Islam and Woody existed purely in this new world of lies and manufactured reality, where nothing is as it seems.”https://www.buzzfeednews.com/article/josephbernstein/tomi-masters-down-the-rabbit-hole-i-go Security researchers were assaulted by a casino technology vendor Atrient after responsibly disclosed critical vulnerabilities to them. Following a serious vulnerability disclosure affecting casinos globally, an executive of one casino technology vendor Atrient has allegedly assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. The article covers the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ Article 13, the new European Union copyright law is back and it got worse, not better. In the Franco-German deal, Article 13 would apply to all for-profit platforms. Upload filters must be installed by everyone except those services which fit all three of the following extremely narrow criteria:Available to the public for less than 3 yearsAnnual turnover below €10 millionFewer than 5 million unique monthly visitorsCountless apps and sites that do not meet all these criteria would need to install upload filters, burdening their users and operators, even when copyright infringement is not at all currently a problem for them.https://juliareda.eu/2019/02/article-13-worse/ Researchers from Google Project Zero evaluated Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS. There are bypasses possible, but the conclusion says it is still a worthwhile exploitation mitigation technique.Among the most exciting security features introduced with ARMv8.3-A is Pointer Authentication, a feature where the upper bits of a pointer are used to store a Pointer Authentication Code (PAC), which is essentially a cryptographic signature on the pointer value and some additional context. Special instructions have been introduced to add an authentication code to a pointer and to verify an authenticated pointer's PAC and restore the original pointer value. This gives the system a way to make cryptographically strong guarantees about the likelihood that certain pointers have been tampered with by attackers, which offers the possibility of greatly improving application security.There’s a Qualcomm white paper which explains how ARMv8.3 Pointer Authentication was designed to provide some protection even against attackers with arbitrary memory read or arbitrary memory write capabilities. It's important to understand the limitations of the design under the attack model the author describes: a kernel attacker who already has read/write and is looking to execute arbitrary code by forging PACs on kernel pointers.Looking at the specification, the author identifies three potential weaknesses in the design when protecting against kernel attackers with read/write access: reading the PAC keys from memory, signing kernel pointers in userspace, and signing A-key pointers using the B-key (or vice versa). The full article discusses each in turn.https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html There is a dangerous, remote code execution flaw in the LibreOffice and OpenOffice software. While in the past there have been well documented instances where opening a document would result in the executing of malicious code in paid office suites. This time LibreOffice and Apache’s OpenOffice are the susceptible suites. The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the software using a hidden onmouseover event.To exploit this vulnerability, the researcher created an ODT file with a white-colored hyperlink (so it can't be seen) that has an "onmouseover" event to trick victims into executing a locally available python file on their system when placing their mouse anywhere on the invisible hyperlink.According to the researcher, the python file, named "pydoc.py," that comes included with the LibreOffice's own Python interpreter accepts arbitrary commands in one of its parameters and execute them through the system's command line or console.https://thehackernews.com/2019/02/hacking-libreoffice-openoffice.html Nadim Kobeissi is discontinuing his secure online chat Cryptocat. The service began in 2011 as an experiment in making secure messaging more accessible. In the eight ensuing years, Cryptocat served hundreds of thousands of users and developed a great story to tell. The former maintainer explains on the project’s website that other life events have come up and there’s no longer available time to maintain things. The coder says that Cryptocat users deserve a maintained secure messenger, recommends Wire.The Cryptocat source code is still published on GitHub under the GPL version 3 license and has put the crypto.cat domain name up for sale, and thanks the users for the support during Cryptocat's lifetime.https://twitter.com/i/web/status/1092712064634753024 Malware For Humans is a conversation-led, independent documentary about fake news, big data, electoral interference, and hybrid warfare. Presented by James Patrick, a retired police officer, intelligence analyst, and writer, Malware For Humans covers the Brexit and Trump votes, the Cambridge Analytica scandal, Russian hybrid warfare, and disinformation or fake news campaigns.Malware For Humans explains a complex assault on democracies in plain language, from hacking computers to hacking the human mind, and highlights the hypocrisy of the structure of intelligence agencies, warfare contractors, and the media in doing so. Based on two years of extensive research on and offline, Malware For Humans brings the world of electoral interference into the light and shows that we are going to be vulnerable for the long term in a borderless, online frontier. A complete audio companion is available as a separate podcast, which can be found on iTunes and Spotify as part of The Fall series and is available for free, without advertisements.https://www.byline.com/column/67/article/2412 Security Endeavors Headlines is produced by SciaticNerd & Security Endeavors with the hope that it provides value to the wider security community. Some sources adapted for on-air readability.Special thanks to our friends at malgregator dot com, who allow us to use their compiled headlines to contribute to show’s content. Visit them at Malgregator.com. Additional supporting sources are also be included in our show notesWhy not start a conversation about the stories from this week on our Subreddit at reddit.com/r/SEHLMore information about the podcast is available at SecurityEndeavors.com/SEHL Thanks for listening and we'll see you next week!
First episode of 2019! This week we look "System Down" in systemd, as well as updates for the Linux kernel, GnuPG, PolicyKit and more, and discuss a recent cache-side channel attack using the mincore() system call.
Hernani Marques on Pretty Easy Privacy On this episode I'm joined by Hernani Marques, a hacker and member of the pEp Foundation, talking about Pretty Easy Privacy, a concerted attempt to make adoption of end-to-end email encryption easier and more ubiquitous through automation of key-making and management through partnering with programs like Outlook and Thunderbird. To learn more about pEp, check out the foundation's website and follow or get in touch with Hernani via their website, vecirex.net. - pEp.foundation (Core technology & community entity of pEp) - pEp.software (All usable pEp software, commercial and not, and all Free Software) - gnunet.org (P2P framework for secure decentralized applications, including - for pEp - messaging) - sequoia-pgp.org (new OpenPGP library from former GnuPG devs) Reach Out If you have a topic or guest suggestion for Error451, find us via our contact page on our website and drop us a line. To hear past episodes of the podcast, click the link in these shownotes or find them up at our website or in our podcast feed. Subscribing to our show is free and easy. Support You can also support TFSR/Error451 monetarily. Featured Track Suspect Device by Stiff Little Fingers off of State of Emergency
This week, SMBv1 is getting killed, GnuPG updates, the gift of USB, OnePlus 6 vulnerability, vulnerable Android devices, the worst 2FA, malware on macOS. Jason Wood from Paladin Security joins us for expert commentary this week, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode177 Visit http://hacknaked.tv to get all the latest episodes!
This week, SMBv1 is getting killed, GnuPG updates, the gift of USB, OnePlus 6 vulnerability, vulnerable Android devices, the worst 2FA, malware on macOS. Jason Wood from Paladin security joins us for expert commentary this week, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode177 Visit https://www.securityweekly.com/hnn for all the latest episodes! Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
GNUPG has just released a fix for a dangerous side-channel attack that could expose your private key, a leak of NASDAQ test data was picked up by real news organizations and caused a bit of a panic & the fascinating story of a security researched who managed to take over all .io domains with a little sleuthing and a few domain registrations. Plus Dan's got so much new stuff it has its own segment, and of course your feedback, a fantastic round-up & so much more!
GNUPG has just released a fix for a dangerous side-channel attack that could expose your private key, a leak of NASDAQ test data was picked up by real news organizations and caused a bit of a panic & the fascinating story of a security researched who managed to take over all .io domains with a little sleuthing and a few domain registrations. Plus Dan's got so much new stuff it has its own segment, and of course your feedback, a fantastic round-up & so much more!
GNUPG has just released a fix for a dangerous side-channel attack that could expose your private key, a leak of NASDAQ test data was picked up by real news organizations and caused a bit of a panic & the fascinating story of a security researched who managed to take over all .io domains with a little sleuthing and a few domain registrations. Plus Dan's got so much new stuff it has its own segment, and of course your feedback, a fantastic round-up & so much more!
How to hire infosec professionals, patching automation code, hijacked Android devices, Bitdefender support for Mac, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode521 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
How to hire infosec professionals, patching automation code, hijacked Android devices, Bitdefender support for Mac, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode521 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Die letzte Episode ist lange her, aber wir machen weiter. Versprochen! Heute erzählt m.eik vom Barcamp und der Generalversammlung. Das große Thema ist die (Un-)Vereinbarkeit des deutschen Genossenschaftsgesetzes mit dem Verwertungsgesellschaftengesetz. Aber in bester Hackermanier finden wir auch da einen Weg. Es gibt auch neue Verwaltungsräte, die wir hoffentlich bald im Podcast begrüßen dürfen. Bitte schickt fleißig Hörerfragen an flowfx@c3s.cc! Danke. :)
Big Linux Gaming news this week from GOG.com and Valve. In App News, updates from Wireshark and the Tor Browser. GnuPG announced a crowdfunding campaign and KDE Connect has something really cool on the horizon. This week we saw quite a few Distro Releases from Bodhi Linux, KaOS, and ROSA. We got some cool updates… Read more
Seald.io offers one click encryption to exchange sensitive info with the less clued contacts who wouldn't install GnuPG
In dieser Folge erklären wir, warum es wichtig ist, seine Mails und generell Daten zu verschlüsseln, und dass es gar nicht so kompliziert ist, wie man immer meint. Trackliste Timmya4000 – Last Ninja 2 Park Loader Strayboom – Endless Wooloop Mankeli – Expect Nothing RDMusic – Shadow of the Beast (Orchestrated) GnuPG :: GNU Privacy Guard Werner Koch :: Entwickler von GnuPG Netzpolitik Interview :: Interview mit Werner Koch G10Code :: Werner Kochs Firma PGP :: Pretty Good Privacy (Wikipedia) Symantec :: PGP bei Symantec PGPi :: PGP international Keyserverlist :: Liste von Schluesselservern fuer PGP NDG Nein :: Nein zum Nachrichtendienstgesetz (mit Hintergrundinfos) Cryptoparties :: Cryptoparties weltweit SRF Bericht Cryptoparty :: SRF berichtet von einer Cryptoparty des CCCZH File Download (176:36 min / 176 MB)
In dieser Folge erklären wir, warum es wichtig ist, seine Mails und generell Daten zu verschlüsseln, und dass es gar nicht so kompliziert ist, wie man immer meint. Trackliste Timmya4000 – Last Ninja 2 Park Loader Strayboom – Endless Wooloop Mankeli – Expect Nothing RDMusic – Shadow of the Beast (Orchestrated) GnuPG :: GNU Privacy Guard Werner Koch :: Entwickler von GnuPG Netzpolitik Interview :: Interview mit Werner Koch G10Code :: Werner Kochs Firma PGP :: Pretty Good Privacy (Wikipedia) Symantec :: PGP bei Symantec PGPi :: PGP international Keyserverlist :: Liste von Schluesselservern fuer PGP NDG Nein :: Nein zum Nachrichtendienstgesetz (mit Hintergrundinfos) Cryptoparties :: Cryptoparties weltweit SRF Bericht Cryptoparty :: SRF berichtet von einer Cryptoparty des CCCZH File Download (176:36 min / 176 MB)
Intro / Outro Christophe Deremy - Fairy Tail https://www.youtube.com/watch?v=X1Z9ODzO_zQ 00:02:40 Patch your vBulletin forum – or get popped goo.gl/14hvEC Millions of Steam game keys stolen after hacker breaches gaming site https://goo.gl/TT8Ftz GTAGaming Hack Blamed on Old vBulletin Software https://goo.gl/9LHbRS 00:09:40 Hackers Can Use Smart Sockets to Shut Down Critical Systems https://goo.gl/P7MxPV 00:11:46 DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise https://arxiv.org/abs/1608.03431 00:15:00 Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable https://goo.gl/jvZRCt 00:16:12 Cisco Begins Patching Equation Group ASA Zero Da https://goo.gl/ZAzguD 00:17:20 Researchers announce Linux kernel “network snooping” bug https://goo.gl/XQRN2h 00:23:36 IPhone Users Urged to Update Software After Security Flaws Are Found https://t.co/8mWfs6aril 00:26:22 This PC monitor hack can manipulate pixels for malicious effect https://goo.gl/9OT0Y4 00:29:07 Gotta Spam ‘em All - Pokémon GO Spam https://goo.gl/yc4vfF 00:30:35 Кибеаполиция про PokemonGo https://goo.gl/LyXQJO 00:31:42 Сторінка Нацгвардії у TWITTER зламана https://goo.gl/EhEfPg 00:32:24 “Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking https://goo.gl/GPNNYW Microsoft Windows UEFI Secure Boot — Insecure by Design? https://goo.gl/4q18oi https://rol.im/securegoldenkeyboot/ 00:34:52 Equation: The Death Star of Malware Galaxy https://goo.gl/deMaf3 00:39:26 PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50 and 3.55 - https://github.com/Fire30/PS4-3.55-Code-Execution-PoC 00:40:07 Fake Linus Torvalds' Key Found in the Wild, No More Short-IDs https://lkml.org/lkml/2016/8/15/445 00:41:10 Заява РНБО у зв’язку з ситуацією, що склалася навколо запуску системи електронного декларування https://goo.gl/5Q7FNv 00:42:15 Власти РФ отказались вводить уголовную ответственность за оборот биткоинов http://www.interfax.ru/business/523262 00:46:23 DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work https://goo.gl/Qo5XX6 00:47:53 Major Events and Hacktivism #OpOlympicHacking https://goo.gl/nrhxoy 00:47:59 Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316] https://goo.gl/zuN6LX 00:49:18 Key Fob Hack Allows Attackers To Unlock Millions Of Cars https://goo.gl/4VdOQ4 00:50:25 SQL Injection Vulnerability in Ninja Forms https://goo.gl/McUkFh 00:51:14 Немного об интересной рассылке 00:53:22 Resource: List of Car hacking tools, Car security tools and Car security resources https://goo.gl/ySXapK 00:54:09 WildfireDecryptor tool https://goo.gl/jFgr4V
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
GnuPG/libgcrypt Weak Random Numbers (CVE-2016-6316) https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html Wikileaks Leaked E-Mail Includes Malware https://github.com/bontchev/wlscrape/blob/master/malware.md Android Vulnerable to TCP Connection Hijack https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/ Cerber Ransomware Decryption Tool No Longer Operational https://www.cerberdecrypt.com/RansomwareDecryptionTool/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
GnuPG/libgcrypt Weak Random Numbers (CVE-2016-6316) https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html Wikileaks Leaked E-Mail Includes Malware https://github.com/bontchev/wlscrape/blob/master/malware.md Android Vulnerable to TCP Connection Hijack https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/ Cerber Ransomware Decryption Tool No Longer Operational https://www.cerberdecrypt.com/RansomwareDecryptionTool/
Wer E-Mail-Verschlüsselung sagt, meint meist: GnuPG. Doch obwohl das Programm als Standard gilt, scheiterte ein Spendenaufruf, der die Kosten für Erhaltung, Pflege und Weiterentwicklung ermöglichen sollte, beinahe. Und GnuPG ist kein Einzelfall: Die nachhaltige Finanzierung von Open Source-Projekten ist schwierig ist, obwohl viele Projekte immer wichtiger für die zentrale Infrastruktur im Netz werden. Welche Modelle gibt es? Welche sind denkbar? Darüber diskutiert Moderator Marcus Richter am Donnerstag den 26.02. ab 22 Uhr mit Gästen aus dem CCC sowie Matthias Kirschner von der Free Software Foundation Europe live im CCCB in der Marienstrasse 11. Einlass ab 19 Uhr. Der Eintritt ist frei. Für alle, die heute nicht live dabei sein können, stellt das VOC Video- und Audio-Streams http://streaming.media.ccc.de bereit.
Intro/Outro: La Fouine - Controle Abusif CTF движение в Украине и мире – интервью с Николаем Ильиным @MykolaIlin Рейтинги команд CTF https://ctftime.org и успехи dcua https://ctftime.org/team/762 Популярность CTF-соревнований в Украине и мире Принципы проведения CTF http://captf.com/maxims.html Типы соревнований, тактика и стратегия участия в CTF http://felicity.iiit.ac.in/contest/break_in/ http://ructf.org/e/2014/ http://ictf.cs.ucsb.edu/ http://www.phdays.com/ctf/king/ http://c2.cnews.ru/news/top/crc_opublikovany_rezultaty_onlajnkvesta https://ctftime.org/event/list/upcoming https://www.reddit.com/r/securityctf http://captf.com/calendar/ https://time.xctf.org.cn/ctfs/event/list/upcoming Для связи с Николаем используйте Twitter или пишите на mykola.ilin@defcon.org.ua Ten Million (Logins and) Passwords https://xato.net/passwords/ten-million-passwords/ https://www.reddit.com/r/10millionpasswords/comments/2w07mf/a_list_of_flaws_in_the_data_set/ Author: https://xato.net/about/#.VOioXELpb8F Online Check: http://peersm.com/findmyass Lenovo caught installing adware on new computers http://www.tripwire.com/state-of-security/security-data-protection/superfish-lenovo-adware-faq/ http://news.lenovo.com/article_display.cfm?article_id=1929 https://github.com/hannob/superfishy Кража миллиардов из 100 финансовых организаций по всему миру http://www.kaspersky.ru/about/news/virus/2015/ugroza-na-milliard http://krebsonsecurity.com/2015/02/the-great-bank-heist-or-death-by-1000-cuts/ Anunak vs Carbanak FAQ https://www.fox-it.com/en/press-releases/anunak-aka-carbanak-update/ Microsoft Pushes Patches for Dozens of Flaws http://krebsonsecurity.com/2015/02/microsoft-pushes-patches-for-dozens-of-flaws/ Bypassing Windows Security by modifying 1 Bit Only http://thehackernews.com/2015/02/bypassing-windows-security.html Universal XSS in IE 11 http://thehackernews.com/2015/02/internet-explorer-xss.html NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware http://top.rbc.ru/politics/17/02/2015/54e257fe9a7947e06164f582 Решили как-то за блогерами следить http://jurliga.ligazakon.ua/news/2015/2/13/124332.htm но потом передумали http://www.pravda.com.ua/rus/news/2015/02/16/7058739/ Рада ликвидировала Нацкомиссию по вопросам морали http://news.liga.net/news/politics/5053048-rada_likvidirovala_natskomissiyu_po_voprosam_morali.htm Отчет об уязвимости моб.интернета от Positive Technologies (pdf) http://www.ptsecurity.com/download/Vulnerabilities_of_Mobile_Internet.pdf The great SIM heist https://firstlook.org/theintercept/2015/02/19/great-sim-heist/ SSL is officially declared dead https://pciguru.wordpress.com/2015/02/07/ssl-is-officially-declared-dead/ GnuPG 2.1.2 released https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html Facebook SCAM Alert: Get FREE $200 Amazon Gift Card! http://www.hacker9.com/free-amazon-gift-card-facebook.html Spat leads to partial leak of Rig Exploit Kit http://threatpost.com/spat-leads-to-partial-leak-of-rig-exploit-kit/111029 Forbes.com compromised by Chinese cyber spies targeting US firms http://www.net-security.org/secworld.php?id=17938
Horst JENS und Gregor PRIDUN plaudern über freie Software und andere Nerd-Themen. Shownotes auf http://goo.gl/zA0xjB oder http://biertaucher.at
On this week's episode, we'll be talking with Ted Unangst of the OpenBSD team about their new signing infrastructure. After that, we've got a tutorial on how to run your own NTP server. News, your feedback and even... the winner of our tutorial contest will be announced! So stay tuned to BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD foundation's 2013 fundraising results (http://freebsdfoundation.blogspot.com/2014/01/freebsd-foundation-announces-2013.html) The FreeBSD foundation finally counted all the money they made in 2013 $768,562 from 1659 donors Nice little blog post from the team with a giant beastie picture "We have already started our 2014 fundraising efforts. As of the end of January we are just under $40,000. Our goal is to raise $1,000,000. We are currently finalizing our 2014 budget. We plan to publish both our 2013 financial report and our 2014 budget soon." A special thanks to all the BSD Now listeners that contributed, the foundation was really glad that we sent some people their way (and they mentioned us on Facebook) *** OpenSSH 6.5 released (https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-January/032152.html) We mentioned the CFT last week, and it's finally here (https://news.ycombinator.com/item?id=7154925)! New key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519 (now the default when both clients support it) Ed25519 public keys are now available for host keys and user keys, considered more secure than DSA and ECDSA Funny side effect: if you ONLY enable ed25519 host keys, all the compromised Linux boxes can't even attempt to login (http://slexy.org/view/s2rI13v8F4) lol~ New bcrypt private key type, 500,000,000 times harder to brute force Chacha20-poly1305 transport cipher that builds an encrypted and authenticated stream in one Portable version already in (https://svnweb.freebsd.org/base?view=revision&revision=261320) FreeBSD -CURRENT, and ports (https://svnweb.freebsd.org/ports?view=revision&sortby=date&revision=342618) Lots more bugfixes and features, see the full release note or our interview (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) with Damien Work has already started on 6.6, which can be used without OpenSSL (https://twitter.com/msfriedl/status/427902493176377344)! *** Crazed Ferrets in a Berkeley Shower (http://blather.michaelwlucas.com/archives/1942) In 2000, MWL (http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop) wrote an essay for linux.com about why he uses the BSD license: "It's actually stood up fairly well to the test of time, but it's fourteen years old now." This is basically an updated version about why he uses the BSD license, in response to recent comments from Richard Stallman (http://gcc.gnu.org/ml/gcc/2014-01/msg00247.html) Very nice post that gives some history about Berkeley, the basics of the BSD-style licenses and their contrast to the GNU GPL Check out the full post if you're one of those people that gets into license arguments The takeaway is "BSD is about making the world a better place. For everyone." *** OpenBSD on BeagleBone Black (http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black) Beaglebone Blacks are cheap little ARM devices similar to a Raspberry Pi A blog post about installing OpenBSD on a BBB from.. our guest for today! He describes it as "everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black" It goes through the whole process, details different storage options and some workarounds Could be a really fun weekend project if you're interested in small or embedded devices *** Interview - Ted Unangst - tedu@openbsd.org (mailto:tedu@openbsd.org) / @tedunangst (https://twitter.com/tedunangst) OpenBSD's signify (http://www.tedunangst.com/flak/post/signify) infrastructure, ZFS on OpenBSD Tutorial Running an NTP server (http://www.bsdnow.tv/tutorials/ntpd) News Roundup Getting started with FreeBSD (http://smyck.net/2014/02/01/getting-started-with-freebsd/) A new video and blog series about starting out with FreeBSD The author has been a fan since the 90s and has installed it on every server he's worked with He mentioned some of the advantages of BSD over Linux and how to approach explaining them to new users The first video is the installation, then he goes on to packages and other topics - 4 videos so far *** More OpenBSD hackathon reports (http://undeadly.org/cgi?action=article&sid=20140204080515) As a followup to last week, this time Kenneth Westerback writes about his NZ hackathon experience He arrived with two goals: disklabel fixes for drives with 4k sectors and some dhclient work This summary goes into detail about all the stuff he got done there *** X11 in a jail (https://svnweb.freebsd.org/base?view=revision&revision=261266) We've gotten at least one feedback email about running X in a jail Well.. with this commit, looks like now you can! A new tunable option will let jails access /dev/kmem and similar device nodes Along with a change to DRM, this allows full X11 in a jail Be sure to check out our jail tutorial and jailed VNC tutorial (http://www.bsdnow.tv/tutorials) for ideas *** PCBSD weekly digest (http://blog.pcbsd.org/2014/01/whoami-im-pc-bsd-10-0-weekly-feature-digest-15/) 10.0 "Joule Edition" finally released (http://blog.pcbsd.org/2014/01/pc-bsd-10-0-release-is-now-available/)! AMD graphics are now officially supported GNOME3, MATE and Cinnamon desktops are available Grub updates and fixes PCBSD also got a mention in eweek (http://www.eweek.com/enterprise-apps/slideshows/freebsd-open-source-os-comes-to-the-pc-bsd-desktop.html) *** Feedback/Questions Justin writes in (http://slexy.org/view/s21VnbKZsH) Daniel writes in (http://slexy.org/view/s2nD7RF6bo) Martin writes in (http://slexy.org/view/s2jwRrj7UV) Alex writes in (http://slexy.org/view/s201koMD2c) - unofficial FreeBSD RPI Images (http://people.freebsd.org/~gjb/RPI/) James writes in (http://slexy.org/view/s2AntZmtRU) John writes in (http://slexy.org/view/s20bGjMsIQ) ***
This week, Dave and Gunnar talk about: watching your email, hearing your GnuPG key, the smell of fresh-baked OpenStack, a taste of ARM on Fedora, a touch of Skynet. Subscribe via RSS or iTunes. This episode’s title is dedicated to Peter Larsen. We heard you, and welcome your feedback! Lauren wins the National Center for Women & Information Technology Aspirations in Computing 2014 Ohio Affiliate Award PaaS and Three Cruelties of Federal IT Gunnar enjoys Plague Inc when not catching up on Game of Thrones Dave says Roku 3 + Android app + {YouTube|Netflix} = Awesome Almost related: Fulfill your New Years resolution of clearing out your YouTube backlog at 2x speed Pandora for Android gets an alarm clock but it needs a cell or wifi connection Learn Over 60 Google Now Commands with This Infographic Jaguar makes fun of Mercedes-Benz cars for having the vestibular ocular reflexes of a chicken BadBIOS, part n: Acoustic cryptanalysis, and there’s a CVE for that Gmail blows up e-mail marketing by caching all images on Google servers Disable it if you want: Disable Automatic Image Loading in Gmail to Save Data and Privacy PSA: Your Phone Logs Everywhere You Go. Here’s How to Turn It Off Ebooks now read you Related: Google Play Books update allows ePub and PDF uploads right from your device Google Adds to Its Menagerie of Robots Related: U.S. military may have 10 robots per soldier by 2023 See also: Cyberdyne Systems, DARPA Tried to Build Skynet in the 1980s, A Bizarre Petting Zoo Where Robots Replace Animals D&G DIY Joke Kit of the Week: Robot anesthesiologists to put patients under before colonoscopies Turning mobile phones into 3D scanners Microsoft Security Essentials misses 39% of malware in Dennis test Open Cloud Meetup, hosted by our own Jason Callaway The Dan and Gunnar Show presents Is it PaaS or something else? via web January 14 and 15 Massachusetts launches open cloud to spur big data R&D Red Hat Enterprise Linux OpenStack Platform 4.0 is here Fedora 20 is out: ARM is now Tier 1 and Gunnar’s FedUp Today in “OS is dead”: Want to run OpenShift on ARM? OK, why not Dan Risacher on Hellekson’s Law Betteridge’s Law: For example, Is REST losing its flair – REST API Alternatives HT Robin Price: WebRTC and Echoplex Salt vs. gravel vs. cheese vs. beet juice Cutting Room Floor HT Jim Stogdill: Fear, Uncertainty, Dopamine (or: “How to build an effective cult”) Totally unrelated: Free OpenShift stickers! Easily denounce your friends with a North Korean press release generator This week in cognitive surplus: George Takei’s and Newt Gingrich’s Amazon reviews Why are eggs egg shaped? This Crazy Pneumatic Tube System Will Deliver Burgers at 87 MPH Nokia’s Strategy For Selling The Lumia 2520 Windows 8 Tablet Is To Make You Very Uncomfortable EGTS stands for Electric Green Taxiing System and can stand for other things too How to make really long words in German Charming Parisian Subway Etiquette Guide Airport cell phone crashing We Give Thanks Peter Larsen for being a good sport about our show titles Dan Risacher for advancing the cause of Hellekson’s Law astroturfing Robin Price for the WebRTC and Echoplex pointers Jim Stogdill for mind-hacking videos
Hosts Chris Gerling – @secbitchris Chris Mills - @thechrisam Mike Bailey – @mpbailey1911 Guests Ariany Mizrahi - @codemunkii BlackArch Linux http://www.blackarch.org/ Dave Kennedy - @dave_rel1k Derbycon https://www.derbycon.com/ TrustedSec https://www.trustedsec.com/ Topics BlackArch Linux A complementary expansion to Arch Linux for penetration testers. Derbycon It's like Shmoocon without being in crazy DC! What do you use to encrypt your email/IM? The GNU Privacy Guard http://www.gnupg.org/ Thunderbird + Enigmail www.mozilla.org/thunderbird/ https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/ Gibberbot https://guardianproject.info/apps/gibber/ surespot https://www.surespot.me/ zixmail http://www.zixcorp.com/email-encryption/zixmail/ MIT PGP Public Key Server http://pgp.mit.edu/ Bitmessage https://bitmessage.org/wiki/Main_Page PenLab Do not pull an AT&T: http://hardocp.com/news/2013/09/11/att_apologizes_for_lame_911_tweet Use Our Discount Codes Use code SecuraBit_05 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats. Register for any SANS CDI 2013 course and receive 5% off using coupon code “SecuraBit_05”. The training event takes place in Washington, DC – December 12 – 19, 2013. Upcoming events http://www.secore.info Links http://www.gh0st.net Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
Gregor PRIDUN und Johnny ZWENG plaudern über freie Software und andere Nerd-Themen. Shownotes auf http://goo.gl/wLSJN oder http://biertaucher.at Bitte nach Möglichkeit diesen Flattr-Link anlicken: http://flattr.com/thing/1589398/Biertaucher-Podcast-Folge-111
Verschlüsseln von eMails. Für viele ein Buch mit 7 Siegeln. Das muss und sollte nicht so sein, denn unverschlüsselte eMails könnten von jedem mitgelesen werden. Das Verschlüsseln sichert die Privatsphäre eines jeden einzelnen, wird aber oft als "Heimlichtuerei" verschriehen. Diese Folge will mit diesem Vorurteil aufräumen und ist allen tüchtigen Helfern des Arbeitskreises Vorratsdatenspeicherung gewidmet. Weiter so! Links: * PGP Source Code and Internals bei Amazon.de: http://www.amazon.de/Pgp-Source-Internals-Philip-Zimmermann/dp/0262240394/ref=sr_1_1/028-7992225-1050131?ie=UTF8&s=books-intl-de&qid=1192641664&sr=8-1 * GnuPG: http://www.gnupg.org * Wikibeitrag zum Thema "Ich habe doch nichts zu verbergen" beim Arbeitskreis Vorratsdatenspeicherung: http://wiki.vorratsdatenspeicherung.de/Nichts_zu_verbergen
Duração: 1 hora e 2 minutos Eventos V Encontro nacional LinuxChix-BR - Chamada de Trabalhos 7 e 8 de Setembro - Brasília/DF - Faculdade IESB Notícias FireGPG is a Firefox extension under GPL which brings an interface to encrypt, decrypt, sign or verify the signature of text in any web page using GnuPG. Google SMS http://www.google.com/intl/en_us/mobile/sms/ Safari para Windows Exploit duas horas depois Vista Recovery Command Prompt Nic.br divulgou recentemente o relatório da 2ª pesquisa sobre uso da Tecnologia da Informação e da Comunicação no Brasil, a TIC 2006. O arquivo em PDF de 322 páginas com a pesquisa completa pode ser abaixado diretamente do site do "Centro de Estudos sobre as Tecnologias da Informação e da Comunicação" (CETIC.br) ou consultada online (com páginas específicas sobre os dados referentes a domicílios e empresas). Algumas estatísticas interessantes deste estudo: * 54,35% da população brasileira nunca utilizou o computador e 66.68% nunca usou a Internet; * Somente 14,49% dos domicílios brasileiros possuem acesso a Internet; * Em 2006, apenas 14% dos brasileiros que já tiveram acesso á Internet declararam ter adquirido bens e serviços por meio da rede pelo menos uma vez; * Dentre os problemas de segurança mais freqüentes, o campeão de reclamações foi o ataque de vírus com perda de informação ou acesso não autorizado à maquina (20,3%). Assunto 1 How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab http://idgnow.uol.com.br/mercado/2007/06/04/idgnoticia.2007-06-04.0767960165 Nova versão do RFIDiots Outra ferramenta do genero Assunto 2 Security Reseacher Hopes He Has iPhone Security Exploit At the Ready http://blog.wired.com/27bstroke6/2007/06/security_reseac.html
In this episode: a discussion of OpenPGP, GnuPG, and how to use public-key cryptography to sign and encrypt emails and files (here are some excellent how-to's: GnuPG mini Howto, Gentoo Documentation on GnuPG, and Ubuntu Documentation on GnuPG); an audio Listener Tip on the "cal" command; audio and email Listener Feedback.