Category Archives: Security

target = blank vulenrability

https://dev.to/ben/the-targetblank-vulnerability-by-example

in short:

use

rel="noopener noreferrer"

whenever a link is

target="_blank"
Posted on August 29, 2016, 14:55 By
Categories: dev, Security, Webdesign Tags: ,
Content Security Policy – Way forward

http://www.html5rocks.com/en/tutorials/security/content-security-policy/

Posted on August 26, 2015, 10:54 By
Categories: dev, Security, Webdesign Tags: , ,
NoMachine – Free remote desktop for everybody

Getting started

Download and install the software for your OS on the computer or device you are connecting from and on the computer you want to connect to. The package includes everything you need to communicate with another NoMachine-enabled computer.

Seems good if you use a few computers regularly (everytime the same computers) and want to remote access one of them.

Haven’t tried it!

The enterprise version is paid, the personal is free.

More info at https://www.nomachine.com

Cipher EX V1.3

Cipher EX V1.3 on CodeProject

CEX Homepage

Encryption Library in C#

Twofish 512, Serpent 512, Rijndael 512, the HX series, and Super-Ciphers

 

USBdriveby – Unstoppable attack by usb

Called USBdriveby, it’s a USB-powered microcontroller-on-a-chain, rigged to exploit the inherently awful security flaws lurking in your computer’s USB ports. In about 60 seconds, it can pull off a laundry list of nasty tricks. via techcrunch

Here are the source links talked about on techcrunch article:

Tox – Skype alternative

A New Kind of Instant Messaging
With the rise of government monitoring programs, Tox provides an easy to use application that allows you to connect with friends and family without anyone else listening in. While other big-name services require you to pay for features, Tox is totally free, and comes without advertising.

http://tox.im/

Setup your VPS

Bash scripts to set up/bootstrap low end virtual servers

https://github.com/Xeoncross/lowendscript

Get Your Hands Off My Laptop

http://www.cs.tau.ac.il/~tromer/handsoff/

Overview

We demonstrated physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels and are based on the observation that the “ground” electric potential in many computers fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables.

Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz).

Posted on August 25, 2014, 13:52 By
Categories: Security
Sistemic insecurity

Truecrypt – Disk encryption tool recommended by Mr.Snowden? Gone

http://www.theinquirer.net/inquirer/news/2347200/truecrypt-encryption-is-no-longer-secure-due-to-windows-xp-end-of-life

http://arstechnica.com/security/2014/05/truecrypt-security-audit-presses-on-despite-developers-jumping-ship/

Lavabit – Secure email provider, recommended by Mr. Snowden? Gone

http://www.theinquirer.net/inquirer/news/2345905/ladar-levinson-reveals-why-he-closed-lavabit

Crooks get your credit card, here’s how.

http://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/

Government CyberTroops of some countries and big companies unite to highjack a powerfull bot network

http://krebsonsecurity.com/2014/06/backstage-with-the-gameover-botnet-hijackers/

Another security related blog: https://www.schneier.com/

And the NSA story, follow the links : http://arstechnica.com/security/2013/09/nsa-attains-the-holy-grail-of-spying-decodes-vast-swaths-of-internet-traffic/

 

Posted on June 9, 2014, 17:47 By
Categories: Security
The Incomplete SSL/TLS Bookmark Collection

Throughout the recent months (and particularly: weeks), people have asked me how to properly secure their SSL/TLS communication, particularly on web servers.

So I won’t be providing yet another soon-outdated tutorial that leaves you non-the-wiser. Instead, I’ll share my collection of free and for-pay documents, books and resources on the topic which I found particularly useful in the hope that they may help you in gaining some insight.

https://daniel.molkentin.net/2014/04/21/fighting-cargo-cult-the-incomplete-ssltls-bookmark-collection/

Posted on April 24, 2014, 17:17 By
Categories: Security Tags: