User Tools

Site Tools


security

Links - Security

Security sites

Non-CVE vulnerability IDs

OVI - Open Vulnerability ID is a free vulnerability identification number that can be obtained by anyone. Just click below to get your number and use it for your disclosure.
OVE These are unique IDs that you may use to refer to software security vulnerabilities (one ID per vulnerability), much like we use CVE IDs. The difference is that OVE IDs are trivial and quick to obtain, unlike CVE IDs, but as a consequence OVE IDs are issued without any verification, and moreover there's currently no mechanism to reject wrongly assigned/used OVE IDs, nor to merge duplicates.
GitHub - distributedweaknessfiling/DNA-Registry The goal of this project is to allow well-known security researchers and company security teams to assign DWF-style identifiers to security vulnerabilities with minimal overhead.

Blogs

Tools

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Portknocking

Suites/Applicaties

PacketFence is a Free and Open Source network access control (NAC) system.

Misc

Iomega Zip Disks
Hacker Challenges -- Boon or Bane? Commentary by Gene Spafford, with responses from Sameer Parekh, Jon Wiederspan, and Jeff Weinstein
IEEE Computer Society's Technical Committee on Security and Privacy Neohapsis

“Lichtelijk offtopic, maar wellicht een leuk weetje.. Met Javascript kan een website uitlezen wat je op je Clipboard(Ctrl+C) hebt staan.. Voorbeeld

Geen bug maar een feature
Denk de volgende keer maar 2 keer na als je aan wachtwoord kopieerd en plakt..”

USB Stick beveiligingsmethoden

Why popular antivirus apps 'do not work'
Eighty percent of new malware defeats antivirus
Why Popular Anti-Virus Apps 'Don't Work'

JavaScript Malware Open The Door to the Intranet
JavaScript vormt toenemend veiligheidsrisico

Known Vulnerabilities in Mozilla Products
Thunderbird 2.0 Alpha 1, Firefox 1.5.0.5 Available
Nieuwe update verhelpt ernstige Firefox-fouten (1.5.0.5)

http://www.firewallleaktester.com/
IT Security Cookbook

Master-Keyed Lock Vulnerability
Is it harmful to discuss security vulnerabilities?

Reflections on Trusting Trust by Ken Thompson

SSLVPN Vulnerabilities - Client Certificates offer a superior defense over OTP devices

SecurityFocus - Analyzing Malicious SSH Login Attempts

dominick baier on .net, security and other stuff

Explaining the “New” TCP Resource Exhaustion Denial of Service (DoS) Attack

[Full-disclosure] Blocking Skype:
The access list then is of the following form :

# Your acl definitions
acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl connect method CONNECT

# Apply your acls
http access deny connect numerics_IPs all

Smashing Magazine - SVN Server Admin Issue: Fix It! .svn directories van productie websites die in SVN worden ontwikkeld zijn in veel gevallen in te zien.

Social Media Security - Exposing the insecurities of social media

Fully Countering Trusting Trust through Diverse Double-Compiling

Mobile Matters - Why Nokia wants my email password? describes how Nokia's e-mail settings wizzard sends your emailaddress and password over HTTPS to their server(s) and asks why.
Mobile Matters - Information about Nokia email case contains instructions to reproduce the tests yourself.
Mobile Matters - Info about the "Nokiagate"
Mobile Matters - Nokia's statement about the Nokiagate

Life without a CA

SkullSecurity - Just another security weblog
SkullSecurity - DNS Backdoors with dnscat
SkullSecurity - Weaponizing dnscat with shellcode and Metasploit
SkullSecurity - Wiki - dnscat

PaulDotCom - Cracking MD5 Passwords with BozoCrack “(…)it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.”

Coda Hale - How To Safely Store A Password
The Open Web Application Security Project (OWASP)
Secure Programming for Linux and Unix HOWTO -- Creating Secure Software free ebook by David A. Wheeler.
W3C Security Home
UNIX Security

matousec.com is a project run by a group of security experts oriented on desktop users security.

xkcd - Password Strength correct horse battery staple

Beneath the Waves - Motorola Is Listening
Knowledge Brings Fear - Blackberry 10 macht E-Mail-Passworte für NSA und GCHQ zugreifbar
heise online - BlackBerry späht Mail-Login aus

DoctorBeet's Blog - LG Smart TVs logging USB filenames and viewing info to LG servers via Slashdot - User Alleges LG TVs Phone Home With Your Viewing Habits

CloudCracker Blog - Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate in other words: stop using PPTP.

Helsinki Times - Nokia smartphone leaks information abroad via Slashdot - Lumia Phones Leaking Private Data To Microsoft

MikNet - S/Key Dungeon Attack

Links - Ben Laurie blathering - Who Remembers VASCO?

CIRCL - TR-27 - GNU Bash Critical Vulnerability - CVE-2014-6271 - CVE-2014-7169
Red Hat - Security Blog - Bash specially-crafted environment variables code injection attack
lcamtuf's blog - Quick notes about the bash bug, its impact, and the fixes so far

Ranting for the Revolution! - What's wrong with the kids these days?

EFF - How to Protect Yourself from NSA Attacks on 1024-bit DH

CAPEC-471: DLL Search Order Hijacking

Tweakers.net - Onderzoekers schakelen Intel Management Engine uit via ongedocumenteerde functie

Certificate Authorities

Open Source

Cryptography

DNS

USB

FTP

Keyloggers

Hardware

BIOS/UEFI/Firmware

Physical Locks

Routers

Misfortune Cookie is a critical vulnerability that allows an intruder to remotely take over an Internet router and use it to attack home and business networks.

CPUs

Tweakers - Architectuurfout in oudere x86-cpu's Intel maakt rootkit mogelijk - update
Tweakers - Intels zakelijke processors bevatten al sinds 2008 ernstig lek “ Intels Active Management Technology bevat ernstige kwetsbaarheden waardoor aanvallers de beheerfuncties kunnen gebruiken en zo toegang kunnen krijgen tot hele systemen en netwerken. De kwetsbaarheden zitten in firmwareversies vanaf 2008.”

Cloud

Blogposts/Articles

security.txt · Last modified: 2024/09/07 21:34 by bas

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki