https://dev.to/ben/the-targetblank-vulnerability-by-example
in short:
use
rel="noopener noreferrer"
whenever a link is
target="_blank"
http://www.html5rocks.com/en/tutorials/security/content-security-policy/
Getting started
Download and install the software for your OS on the computer or device you are connecting from and on the computer you want to connect to. The package includes everything you need to communicate with another NoMachine-enabled computer.
Seems good if you use a few computers regularly (everytime the same computers) and want to remote access one of them.
Haven’t tried it!
The enterprise version is paid, the personal is free.
More info at https://www.nomachine.com
Encryption Library in C#
Twofish 512, Serpent 512, Rijndael 512, the HX series, and Super-Ciphers
Called USBdriveby, it’s a USB-powered microcontroller-on-a-chain, rigged to exploit the inherently awful security flaws lurking in your computer’s USB ports. In about 60 seconds, it can pull off a laundry list of nasty tricks. via techcrunch
Here are the source links talked about on techcrunch article:
A New Kind of Instant Messaging
With the rise of government monitoring programs, Tox provides an easy to use application that allows you to connect with friends and family without anyone else listening in. While other big-name services require you to pay for features, Tox is totally free, and comes without advertising.
Bash scripts to set up/bootstrap low end virtual servers
http://www.cs.tau.ac.il/~tromer/handsoff/
Overview
We demonstrated physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels and are based on the observation that the “ground” electric potential in many computers fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables.
Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz).
Truecrypt – Disk encryption tool recommended by Mr.Snowden? Gone
http://www.theinquirer.net/inquirer/news/2347200/truecrypt-encryption-is-no-longer-secure-due-to-windows-xp-end-of-life
http://arstechnica.com/security/2014/05/truecrypt-security-audit-presses-on-despite-developers-jumping-ship/
Lavabit – Secure email provider, recommended by Mr. Snowden? Gone
http://www.theinquirer.net/inquirer/news/2345905/ladar-levinson-reveals-why-he-closed-lavabit
Crooks get your credit card, here’s how.
http://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/
Government CyberTroops of some countries and big companies unite to highjack a powerfull bot network
http://krebsonsecurity.com/2014/06/backstage-with-the-gameover-botnet-hijackers/
Another security related blog: https://www.schneier.com/
And the NSA story, follow the links : http://arstechnica.com/security/2013/09/nsa-attains-the-holy-grail-of-spying-decodes-vast-swaths-of-internet-traffic/
Throughout the recent months (and particularly: weeks), people have asked me how to properly secure their SSL/TLS communication, particularly on web servers.
…
So I won’t be providing yet another soon-outdated tutorial that leaves you non-the-wiser. Instead, I’ll share my collection of free and for-pay documents, books and resources on the topic which I found particularly useful in the hope that they may help you in gaining some insight.