Links - Security

Dia original in .zip file.

Similar to Zooko's triangle.

US-CERT Vulnerability Notes Database
CERT
Secunia - Vulnerability and Virus Information
SecurityFocus
VulnWatch - Vulnerability Disclosure List
Computer Security News
Threat Minded
Ultimate Windows Security
Insecure.Org
Center for Internet Security

CVE Details provides an overview of CVEs per vendor/product. Examples:

• CVE Details - Apache HTTPD vulnerabilities by version
• CVE Details - Apache Tomcat vulnerabilities by version
• CVE Details - OpenBSD vulnerabilities by version
• CVE Details - PHP vulnerabilities by version
• CVE Details - VMware ESXi vulnerabilities by version
• CVE Details - VMware vCenter Server Appliance vulnerabilities by version

GitHub - Distributed Weakness Filing
CVE Data Updates and RSS Feeds
NVD Data Feeds

Bruce Schneier - security technologist.

NSA Security Configuration Guides

B.I.S.S. - Bluetack Internet Security Solutions home van BlockList Manager (BLM)

Black Sheep Networks - Information Security contains security guides for Windows, Netware and serveral flavors of UNIX.

Peter Gutmann's Home Page:

• Secure Deletion of Data from Magnetic and Solid-State Memory

OVI - Open Vulnerability ID is a free vulnerability identification number that can be obtained by anyone. Just click below to get your number and use it for your disclosure.
OVE These are unique IDs that you may use to refer to software security vulnerabilities (one ID per vulnerability), much like we use CVE IDs. The difference is that OVE IDs are trivial and quick to obtain, unlike CVE IDs, but as a consequence OVE IDs are issued without any verification, and moreover there's currently no mechanism to reject wrongly assigned/used OVE IDs, nor to merge duplicates.
GitHub - distributedweaknessfiling/DNA-Registry The goal of this project is to allow well-known security researchers and company security teams to assign DWF-style identifiers to security vulnerabilities with minimal overhead.

Get secure with Steve Riley
What The Hell? Security

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Portknocking

PacketFence is a Free and Open Source network access control (NAC) system.

Iomega Zip Disks
Hacker Challenges -- Boon or Bane? Commentary by Gene Spafford, with responses from Sameer Parekh, Jon Wiederspan, and Jeff Weinstein
IEEE Computer Society's Technical Committee on Security and Privacy Neohapsis

“Lichtelijk offtopic, maar wellicht een leuk weetje.. Met Javascript kan een website uitlezen wat je op je Clipboard(Ctrl+C) hebt staan.. Voorbeeld

Geen bug maar een feature
Denk de volgende keer maar 2 keer na als je aan wachtwoord kopieerd en plakt..”

USB Stick beveiligingsmethoden

Why popular antivirus apps 'do not work'
Eighty percent of new malware defeats antivirus
Why Popular Anti-Virus Apps 'Don't Work'

JavaScript Malware Open The Door to the Intranet
JavaScript vormt toenemend veiligheidsrisico

Known Vulnerabilities in Mozilla Products
Thunderbird 2.0 Alpha 1, Firefox 1.5.0.5 Available
Nieuwe update verhelpt ernstige Firefox-fouten (1.5.0.5)

http://www.firewallleaktester.com/
IT Security Cookbook

Master-Keyed Lock Vulnerability
Is it harmful to discuss security vulnerabilities?

Reflections on Trusting Trust by Ken Thompson

SSLVPN Vulnerabilities - Client Certificates offer a superior defense over OTP devices

SecurityFocus - Analyzing Malicious SSH Login Attempts

dominick baier on .net, security and other stuff

Explaining the “New” TCP Resource Exhaustion Denial of Service (DoS) Attack

[Full-disclosure] Blocking Skype:
The access list then is of the following form :

# Your acl definitions
acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl connect method CONNECT

# Apply your acls
http access deny connect numerics_IPs all

Smashing Magazine - SVN Server Admin Issue: Fix It! .svn directories van productie websites die in SVN worden ontwikkeld zijn in veel gevallen in te zien.

Social Media Security - Exposing the insecurities of social media

Fully Countering Trusting Trust through Diverse Double-Compiling

Mobile Matters - Why Nokia wants my email password? describes how Nokia's e-mail settings wizzard sends your emailaddress and password over HTTPS to their server(s) and asks why.
Mobile Matters - Information about Nokia email case contains instructions to reproduce the tests yourself.
Mobile Matters - Info about the "Nokiagate"
Mobile Matters - Nokia's statement about the Nokiagate

Life without a CA

SkullSecurity - Just another security weblog
SkullSecurity - DNS Backdoors with dnscat
SkullSecurity - Weaponizing dnscat with shellcode and Metasploit
SkullSecurity - Wiki - dnscat

PaulDotCom - Cracking MD5 Passwords with BozoCrack “(…)it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.”

Coda Hale - How To Safely Store A Password
The Open Web Application Security Project (OWASP)
Secure Programming for Linux and Unix HOWTO -- Creating Secure Software free ebook by David A. Wheeler.
W3C Security Home
UNIX Security

matousec.com is a project run by a group of security experts oriented on desktop users security.

xkcd - Password Strength correct horse battery staple

Beneath the Waves - Motorola Is Listening
Knowledge Brings Fear - Blackberry 10 macht E-Mail-Passworte für NSA und GCHQ zugreifbar
heise online - BlackBerry späht Mail-Login aus

DoctorBeet's Blog - LG Smart TVs logging USB filenames and viewing info to LG servers via Slashdot - User Alleges LG TVs Phone Home With Your Viewing Habits

CloudCracker Blog - Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate in other words: stop using PPTP.

Helsinki Times - Nokia smartphone leaks information abroad via Slashdot - Lumia Phones Leaking Private Data To Microsoft

MikNet - S/Key Dungeon Attack

Links - Ben Laurie blathering - Who Remembers VASCO?

CIRCL - TR-27 - GNU Bash Critical Vulnerability - CVE-2014-6271 - CVE-2014-7169
Red Hat - Security Blog - Bash specially-crafted environment variables code injection attack
lcamtuf's blog - Quick notes about the bash bug, its impact, and the fixes so far

Ranting for the Revolution! - What's wrong with the kids these days?

EFF - How to Protect Yourself from NSA Attacks on 1024-bit DH

CAPEC-471: DLL Search Order Hijacking

Tweakers.net - Onderzoekers schakelen Intel Management Engine uit via ongedocumenteerde functie

ps Enable - A Brief Primer on Digital Certificates and File Types

OpenCA
OpenXPKI

Matt Blaze's cryptography resource
Crypto Law Survey by Bert-Jaap Koops

DNS leak test.com

GitHub - Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB)
USB Rubber Ducky, GitHub - Payloads

RFC 2577 - FTP Security Considerations

KeyGrabber

Mitre - Extreme Privilege Escalation on Windows 8/UEFI Systems presentation. Via Tweakers - Onderzoekers vinden ernstige kwetsbaarheden in uefi

InfoSec Handlers Diary Blog - New Supermicro IPMI/BMC Vulnerability & CARISIRT: Yet Another BMC Vulnerability (And some added extras)

YouTube - Combo Breaker - motorized combo lock cracking device by Samy Kamkar. Via Tweakers - Hacker automatiseert lockpicking met Arduino-systeem.
YouTube - Break open any Master Combo Lock in 8 tries or less! by Samy Kamkar

Misfortune Cookie is a critical vulnerability that allows an intruder to remotely take over an Internet router and use it to attack home and business networks.

Tweakers - Architectuurfout in oudere x86-cpu's Intel maakt rootkit mogelijk - update
Tweakers - Intels zakelijke processors bevatten al sinds 2008 ernstig lek “ Intels Active Management Technology bevat ernstige kwetsbaarheden waardoor aanvallers de beheerfuncties kunnen gebruiken en zo toegang kunnen krijgen tot hele systemen en netwerken. De kwetsbaarheden zitten in firmwareversies vanaf 2008.”

Cloud Security: Virtualization, Containers, and Related Issues by David A. Wheeler