Tag: security

Feb 06

Young Pirate hacker gets top security secrets – The Local

Young Pirate hacker gets top security secrets – The Local.

Feb 04

Kaspersky QR Scanner – Android Apps on Google Play

Description

QR codes are everywhere. We scan them in shops, on public transport, in museums or in magazines so we can get the latest news or special offers.

✔ Simple & Free

It’s quick and easy to scan QRs to access websites, images, text, contact details & more.

✔ Stay safe from scams

QR codes can conceal online threats. See the real link before you open it. Check it automatically with Kaspersky Security Network.

✔ Easy Wi-Fi Connection

Connect safely to Wi-Fi. It only takes a second to get the credentials by scanning the QR code.

✔ Save a contact

Put the details on a business card straight onto your device – no need for manual input.

via Kaspersky QR Scanner – Android Apps on Google Play.

Jan 21

RadicalResearch HSTS Super Cookies

Websites could use a security feature of your iPad to track your browsing even if you clear the browser history.

via RadicalResearch HSTS Super Cookies.

Jan 21

Gitrob: Putting the Open Source in OSINT | michenriksen.com

Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined.

Sometimes employees might publish things that should not be publicly available. Things that contain sensitive information or things that could even lead to direct compromise of a system. This can happen by accident or because the employee does not know the sensitivity of the information.

Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.

via Gitrob: Putting the Open Source in OSINT | michenriksen.com.

Jan 20

Priv8 :: Add-ons for Firefox

What is priv8? This is a Firefox addon that uses part of the security model of Firefox OS to create sandboxed tabs. Each sandbox is a completely separated world: it doesn t share COOKIEs, storage, and a lots of other stuff with the rest of Firefox, but just with other tabs from the same sandbox. Each sandbox has a NAME and a color, therefore it will be always easy to identify which tab is sandboxed. Also, these sandboxes are permanent! So, when you OPEN one of them the second time, maybe after a restart, that sandbox will still have the same COOKIEs, same storage, etc – as you left the previous time. You can also switch between sandboxes using the cONTEXT menu for the tab. Here an example: with priv8 you can read your gmail webmail in a tab, and another gmail webmail in another tab at the same time. Still, you can be logged in on Facebook in a tab and not in the others. This is nice! Moreover, if you are a web developer and you want to test a website using multiple accounts, priv8 gives you the opportunity to have each account in a sandboxed tab. Much easier then have multiple profiles or login and logout manung>ally every time! Is it stable? I don t know : It works but more test must be done. Help needed! Known issues: window.OPEN doesn t work from a sandbox and e10s is not supported yet. Priv8 is released under Mozilla Public License.

via Priv8 :: Add-ons for Firefox.

Jan 20

Secrypt 2015

CALL FOR PAPERS

International Conference on Security and Cryptography
SECRYPT website: http://www.secrypt.icete.org/

July 20 – 22, 2015
Colmar, Alsace, France

Sponsored by: INSTICC
INSTICC is Member of: WfMC, OMG and FIPA
Logistics Partner: SCITEVENTS

IMPORTANT DATES:
Regular Paper Submission: March 3, 2015
Authors Notification (regular papers): Mayl 18, 2015
Final Regular Paper Submission and Registration: May 26, 2015

You are cordially invited to submit a paper to the SECRYPT 2015 Conference, to be held in Colmar, Alsace, France. The deadline for paper submission is scheduled for March 3, 2015.

SECRYPT is an annual international conference covering research in information and communication security. The 12th International Conference on Security and Cryptography (SECRYPT 2015) will be held in Colmar, France on 20-22 July 2015.
The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography.

Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged.

SECRYPT is interested in promoting high quality research as it can be confirmed by last year acceptance rates, where from 139 submissions, 21% of which were orally presented and 22% presented as posters.

We would like to highlight the presence of the following keynote speakers:
– Anthony C. Boucouvalas, University of Peloponnese, Greece
– Eleni Karatza, Aristotle University of Thessaloniki, Greece
– Andrew Moore, University of Cambridge, United Kingdom

Submitted papers will be subject to a double-blind review process. All accepted papers will be published in the conference proceedings, under an ISBN reference, on paper and on CD-ROM support.
It is planned to publish a short list of revised and extended versions of presented papers with Springer in a CCIS Series book (final approval pending).

The proceedings will be submitted for indexation by Thomson Reuters Conference Proceedings Citation Index (ISI), INSPEC, DBLP, EI (Elsevier Index) and Scopus.
All papers presented at the conference venue will be available at the SCITEPRESS Digital Library (http://www.scitepress.org/DigitalLibrary/). SCITEPRESS is a member of CrossRef (http://www.crossref.org/).

Best paper awards will be distributed during the conference closing session. Please check the website for further information (http://www.secrypt.icete.org/BestPaperAward.aspx).

Workshops, Special sessions, Tutorials as well as Demonstrations dedicated to other technical/scientific topics are also envisaged: companies interested in presenting their products/methodologies or researchers interested in holding a tutorial are invited to contact the conference secretariat. Workshop chairs and Special Session chairs will benefit from logistics support and other types of support, including secretariat and financial support, to facilitate the development of a valid idea.

SECRYPT is part of ICETE, the 12th International Joint Conference on e-Business and Telecommunications. Registration to SECRYPT allows free access to all other ICETE conferences.

ICETE 2015 will be held in conjunction with ICINCO 2015, ICSOFT 2015, SIMULTECH 2015 and DATA 2015. Registration to ICETE allows free access to the ICINCO, ICSOFT, SIMULTECH and DATA conferences as a non-speaker.

ICETE CONFERENCE CO-CHAIRS
Mohammad S. Obaidat, Monmouth University, United States
Pascal Lorenz, University of Haute Alsace, France

PROGRAM CHAIR:
Pierangela Samarati, Universita degli Studi di Milano, Italy

PROGRAM COMMITTEE:
Please check the program committee members at http://www.secrypt.icete.org/ProgramCommittee.aspx

CONFERENCE TOPICS:

– Access Control
– Applied Cryptography
– Biometrics Security and Privacy
– Critical Infrastructure Protection
– Data Integrity
– Data Protection
– Database Security and Privacy
– Digital Forensics
– Digital Rights Management
– Ethical and Legal Implications of Security and Privacy
– Formal Methods for Security
– Human Factors and Human Behavior Recognition Techniques
– Identification, Authentication and Non-repudiation
– Identity Management
– Information Hiding
– Information Systems Auditing
– Insider Threats and Countermeasures
– Intellectual Property Protection
– Intrusion Detection & Prevention
– Management of Computing Security
– Network Security
– Organizational Security Policies
– Peer-to-Peer Security
– Personal Data Protection for Information Systems
– Privacy
– Privacy Enhancing Technologies
– Reliability and Dependability
– Risk Assessment
– Secure Software Development Methodologies
– Security and Privacy for Big Data
– Security and privacy in Complex Systems
– Security and Privacy in Crowdsourcing
– Security and Privacy in IT Outsourcing
– Security and Privacy in Location-based Services
– Security and Privacy in Mobile Systems
– Security and Privacy in Pervasive/Ubiquitous Computing
– Security and Privacy in Smart Grids
– Security and Privacy in Social Networks
– Security and Privacy in the Cloud
– Security and Privacy in Web Services
– Security and Privacy Policies
– Security Area Control
– Security Deployment
– Security Engineering
– Security in Distributed Systems
– Security Information Systems Architecture
– Security Management
– Security Metrics and Measurement
– Security Protocols
– Security requirements
– Security Verification and Validation
– Sensor and Mobile Ad Hoc Network Security
– Service and Systems Design and QoS Network Security
– Software Security
– Trust management and Reputation Systems
– Ubiquitous Computing Security
– Wireless Network Security

Jan 14

Metasploit: Google No Longer Provides Patches f… | SecurityStreet

Metasploit: Google No Longer Provides Patches f… | SecurityStreet.

Jan 14

Remote kill switch in Snapdragon processors

Snapdragon processors address mobile security with smartphone kill switch.

Jan 12

F-Secure Antivirus Test – Applications Android sur Google Play

This app is designed to safely test that your antivirus product detects viruses and other harmful applications. It is based on the security industry standard test file recommended by European Institute for Computer Anti-Virus Research (EICAR) for testing antivirus software. The app is completely harmless.

When you download this app, your virus protection software should detect it as infected and recommend you to uninstall it. The app also works with any PC security software, but please note that your PC antivirus may automatically remove or quarantine it.

via F-Secure Antivirus Test – Applications Android sur Google Play.

Nov 16

The Case of the Modified Binaries | Leviathan Security Group

Summary

After creating and using a new exitmap module, I found downloaded binaries being patched through a Tor exit node in Russia. Tor is a wonderful tool for protecting the identity of journalists, their sources, and even regular users around the world; however, anonymity does not guarantee security.

Background

At DerbyCon this year I gave a presentation of my binary patching framework, BDF. Many binaries are hosted without any transport layer security encryption. Some binaries are signed to prevent modification, but most are not. During that presentation, I talked about the MITM patching of binaries during download, and showed how easy it was using BDFProxy. I also mentioned that similar techniques are probably already in use on the Internet.

I had only circumstantial evidence until recently.

via The Case of the Modified Binaries | Leviathan Security Group.