"Bugcrowd is all about connecting independent security researchers with companies big and small"Introducing BugCrowd
2014-07-29
Why Open Source isn't neccessarily secure
A good article on why open source isn't necessarily more secure. Personally I think the author doesn't take into account multiple factors, such as turn-around time to patch an identified vulnerability, or how active a product is to engage white-hat hackers.
2014-07-25
European Central Bank Hacked; 20K Email Addresses Stolen
The hackers anonymously alerted the bank via e-mail, asking a ransom for the data..... The ECB was quick to downplay the ramifications. "No internal systems or market sensitive data were compromised," it said in a statement. However, there is quite a lot that hackers can do with 20,000 emails, including spamming, phishing, brute-forcing the accounts and testing them as credentials for other, more sensitive sites like online banking.Full Story
2014-07-24
eBay Hacked - 128 Million Users Change Passwords NOW!
Update 22-May-2014:
Ebay's employees compromised. Their press release is here. An independent analysis by Troy Hunt
Update 27-May-2014:
Post the credential compromise, now an XSS exploit has been released which could lead to the compromise of any user's account!
Update 24-Jul-14:
Ebay faces a class-action lawsuit!
Ebay's employees compromised. Their press release is here. An independent analysis by Troy Hunt
Update 27-May-2014:
Post the credential compromise, now an XSS exploit has been released which could lead to the compromise of any user's account!
Update 24-Jul-14:
Ebay faces a class-action lawsuit!
2014-07-19
Google Project Zero
2014-07-09
Unauthorized Google Certs Issues by NIC, India
The National Informatics Centre (NIC) of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA), issued unauthorized certificates for Google's domains.
Mastering Kali Linux for Advanced Penetration Testing
I was requested by PacktPub to review a second book on Kali. The book is now published and available here.
2014-07-07
Encrypted IM obscures metadata
Now a tool, which not only encrypts the messages, but also leaves no meta-data, since it is all P2P. Called invisible.imMore info here
Subscribe to:
Posts (Atom)