2014-07-29

"Bugcrowd is all about connecting independent security researchers with companies big and small"
Introducing BugCrowd

Why Open Source isn't neccessarily secure

A good article on why open source isn't necessarily more secure. Personally I think the author doesn't take into account multiple factors, such as turn-around time to patch an identified vulnerability, or how active a product is to engage white-hat hackers.

2014-07-25

European Central Bank Hacked; 20K Email Addresses Stolen

The hackers anonymously alerted the bank via e-mail, asking a ransom for the data.....  The ECB was quick to downplay the ramifications. "No internal systems or market sensitive data were compromised," it said in a statement. However, there is quite a lot that hackers can do with 20,000 emails, including spamming, phishing, brute-forcing the accounts and testing them as credentials for other, more sensitive sites like online banking.
Full Story

2014-07-24

eBay Hacked - 128 Million Users Change Passwords NOW!

Update 22-May-2014:
Ebay's employees compromised. Their press release is here. An independent analysis by Troy Hunt

Update 27-May-2014:
Post the credential compromise, now an XSS exploit has been released which could lead to the compromise of any user's account!

Update 24-Jul-14:
Ebay faces a class-action lawsuit!

2014-07-19

Google Project Zero

Google's project tries to put an end to the wide impact of zero-day exploits. Scope has no bounds, and all the findings will be responsibly disclosed to the public. Sounds very ambitious!!

2014-07-09

Unauthorized Google Certs Issues by NIC, India

The National Informatics Centre (NIC) of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA), issued unauthorized certificates for Google's domains.

Mastering Kali Linux for Advanced Penetration Testing

I was requested by PacktPub to review a second book on Kali. The book is now published and available here.

2014-07-07

Encrypted IM obscures metadata

Now a tool, which not only encrypts the messages, but also leaves no meta-data, since it is all P2P. Called invisible.im
More info here