Information Security

Employees aren’t taking the proper steps to keep information safe while traveling

(IN)SECURE Magazine Notifications RSS - Thu, 11/15/2018 - 01:15

Employees aren’t taking the proper steps to keep their organizations’ information safe while traveling. ObserveIT surveyed more than 1,000 U.S. employees ages 18 – 65+ who have traveled with corporate devices in the past year and found that the majority are putting connectivity and efficiency above security; using public Wi-Fi and unauthorized devices to access work email and/or files on the go. While they may not have malicious intent, the negligent actions of employees caused … More →

The post Employees aren’t taking the proper steps to keep information safe while traveling appeared first on Help Net Security.

Re-enacting TRON on the Apple IIgs

Hack a Day - Thu, 11/15/2018 - 01:00

TRON is a science fiction classic, hitting cinemas in the midst of the burgeoning home computer era. It’s the film that created the famous light cycle, which spawned many video game recreations in the following years. Many years ago now, [Daniel] decided to flex his programming muscles by coding a version of the game for the Apple IIgs, with accidentally excellent results.

In the film, the characters find an escape from the light cycle game by forcing another player to crash into the walls of the play area. The resulting explosion left a hole, allowing the players to exit the light cycle game and explore the rest of the computer. Amusingly, due to a coding oversight, [Daniel] had created exactly this same flaw in his own code.

[Daniel]’s game differed from the original in that players were provided with missiles to destroy enemy trails. However, these missiles did not discriminate, and due to the simplicity of the code, were able to destroy the boundary on the play area. This was discovered when the computer player tried to escape an otherwise impossible situation. Upon blowing a hole in the arena wall, the computer player proceeded to drive off the screen – into invalid memory. This led to the computer crashing in short order, due to the unprotected memory space of the Apple II platform.

It’s a case of code imitating art – and completely by accident. The game managed to replicate the light cycle escape from the film entirely due to the unexpected behaviour of the simple missile code. [Daniel] steps through the code and how the bug happened, and covers the underlying principle behind the resulting crashes. It’s an entertaining tale of the risks of coding at low level; something we don’t always run into with today’s modern interpreted languages.

Thirsty for more tales of hacking the Apple II? How about going back in time to fix a 37 year old bug?

[Discussion] New IPad's limitations show were android tablets could have succeeded

Android - Thu, 11/15/2018 - 00:08

So I'm going to assume you all watched the reviews of the new IPad. Here's are examples for those who didn't: IPad reviews on Youtube

So the tldr is that is a good killer hardware device that is limited by IOS. And here's the thing the biggest limitation is where I believe Android shines at, file management and general "PC features".

So here's where I'm coming from. I had a galaxy tab A which I used to write notes in for school and now switched to an IPad pro. It's honestly because IOS has tablet apps but that's another discussion, the main thing I found to be absolutely frustrating was the file management (or lack thereof). Austin Evans video is a good example of how it always has to do a roundabout way to do something as simple as getting something from a sd card and it doesn't even accept flash drives. This is frustrating because I need my PC to use my IPad. But guess a what didn't need those limitations? My Galaxy tab. It's file management honestly made it a better PC replacement than any IPad. Even the 2000 dollar ones because it could read a flash drive (and a hard drive I assume). I feel like if Google had taken tablet developing seriously and had a comparable device it would smoke the new IPad.

Thoughts?

submitted by /u/Black_Dragon_King
[link] [comments]

[HELP] Dowload a dog pic and send to a whatsapp contact

Tasker: Total Automation for Android - Thu, 11/15/2018 - 00:04

Hi all, I have been working with a task which;

  1. using Reddit JSON and tasker parsefunction, get a URL of the second post of dogpictures
  2. HTTP GET to download to the image to a folder (no error til now)
  3. send the image to a specific WhatsApp contact via send intent (not working)

Please help! thanks in advance

A1: HTTP Get [ Server:Port:https://www.reddit.com/r/dogpictures.json Path: Attributes: Cookies: User Agent: Timeout:10 Mime Type: Output File: Trust Any Certificate:Off ] A2: JavaScriptlet [ Code:var imageurl = JSON.parse(global('HTTPD')).data.children[1].data.url; Libraries: Auto Exit:On Timeout (Seconds):45 ] A3: Flash [ Text:%imageurl Long:Off ] A4: HTTP Get [ Server:Port:%imageurl Path: Attributes: Cookies: User Agent: Timeout:10 Mime Type:image/* Output File:/sdcard/Download/dogs/pic.jpg Trust Any Certificate:Off ] A5: Variable Set [ Name:%path To:/sdcard/Download/dogs/pic.jpg Recurse Variables:Off Do Maths:Off Append:Off ] A6: Java Function [ Return:file Class Or Object:File Function:new {File} (String) Param:%path Param: Param: Param: Param: Param: Param: ] A7: Java Function [ Return:uri Class Or Object:Uri Function:fromFile {Uri} (File) Param:file Param: Param: Param: Param: Param: Param: ] A8: Send Intent [ Action:android.intent.action.SEND Cat:None Mime Type:image/* Data: Extra:android.intent.extra.STREAM: uri Extra: Extra: Package: com.whatsapp Class: Target:Activity ] submitted by /u/Pogolden
[link] [comments]

APK created with Tasker crashes immediately

Tasker: Total Automation for Android - Wed, 11/14/2018 - 22:58

I have a few free apps that have been up on the Play Store for several years. Just before the November deadline I updated them to target SDK 26. Today I discovered that they no longer work. The change in target SDK was the only change I made. Can anyone tell me what's going on?

I don't have a lot of users, but I feel terrible about having broken them and I don't know how to fix the problem.

submitted by /u/bquinlan
[link] [comments]

Friend's professor challenged the class to decode this, so far nobody has.

Cryptography - Wed, 11/14/2018 - 22:43

It's a simple string of characters, not sure exactly if this is a hash or something more simple:

2708h77345610e578

submitted by /u/Sky_Prodigy
[link] [comments]
Categories: Information Security

How do I gain remote access to a computer on a different network?

Your hacking tutorial - Wed, 11/14/2018 - 22:21

I know I probably have to send then a payload. I do have access to Kali Linux, in case I need to use it.

submitted by /u/TheMongolGod
[link] [comments]
Categories: Information Security

Vade Secure launches IsItPhishing Threat Detection to help SOCs identify phishing URLs

(IN)SECURE Magazine Notifications RSS - Wed, 11/14/2018 - 22:00

Vade Secure launched IsItPhishing Threat Detection, an anti-phishing solution that helps Security Operations Centers (SOCs) identify and block targeted phishing attacks. Easily integrating with existing SIEM and SOAR solutions through a lightweight API, IsItPhishing Threat Detection delivers a real-time verdict on whether a suspicious URL is phishing or not. These verdicts can be leveraged in SOC workflows to accelerate phishing detection, response and resolution. Real-time phishing detection powered by machine learning To detect unknown, targeted … More →

The post Vade Secure launches IsItPhishing Threat Detection to help SOCs identify phishing URLs appeared first on Help Net Security.

Centurion Bridge Layer, Now In RC

Hack a Day - Wed, 11/14/2018 - 22:00

Radio controlled models are great fun. Most of us have had a few RC cars as children and maybe dabbled with the occasional helicopter or drone. It’s a rare breed of modeler, however, that gets to drive a radio-controlled bridge laying tank.

The lads prepare to fight the good fight.

The model is a replica of the British Centurion Bridgelayer – a modified tank designed to allow mechanized units to readily cross rivers and similar obstacles in European battlefields. While the genuine article relied on hydraulics, the RC version takes a different tack. [hawkeye3guns] built custom linear actuators out of motors, gears, and brass to deploy the bridge.

The build shows other smart techniques of the enterprising modeler. Rather than start from scratch, the Centurion is built on a modified KV tank hull. After the modifications were complete, the tank received a lick of paint in the requisite British Army green. The final result is rather impressive.

It goes to show what can be achieved with some off-the-shelf parts and ingenuity. We’ve seen other impressive RC tanks before – like this French build with a homebrew targeting computer.

OpenStack Foundation board expands mission to host new open source projects

(IN)SECURE Magazine Notifications RSS - Wed, 11/14/2018 - 21:30

The board of directors of the OpenStack Foundation (OSF) adopted a resolution advancing a new governance framework supporting the organization’s investment in emerging use cases for OpenStack and open infrastructure. These include continuous integration and continuous delivery (CI/CD), container infrastructure, edge computing, datacenter and, newly added, artificial intelligence/machine learning (AI/ML). The board resolution authorizes the officers of the OSF to select and incubate Pilot projects. This new governance framework broadens the OSF’s mission to serve … More →

The post OpenStack Foundation board expands mission to host new open source projects appeared first on Help Net Security.

Cequence Security announces application security platform to stop bot attacks

(IN)SECURE Magazine Notifications RSS - Wed, 11/14/2018 - 21:00

Cequence Security released Cequence ASP, an application security platform that provides a scalable defense against the growing number of bot attacks affecting today’s hyper-connected organizations. These financially-motivated attacks target externally-facing web and mobile apps, as well as API services that provide connections to other applications across their digital ecosystem. Attack objectives can include account takeover, content scraping, distributed denial of service, and much more. “From a bad actor’s perspective, geo-distributed bot attacks are relatively easy … More →

The post Cequence Security announces application security platform to stop bot attacks appeared first on Help Net Security.

Cryptowerk introduces blockchain-based technology to certify data integrity of digital assets

(IN)SECURE Magazine Notifications RSS - Wed, 11/14/2018 - 20:30

Cryptowerk introduced Cryptowerk Seal, a blockchain-as-a-service (BaaS) solution that creates a seal for any form of digital assets. The cloud service writes digital seals or “fingerprints” of the data to one or more blockchains at speeds of up to one million times per second, creating a tamper-proof chain of custody that can be used in large-scale enterprise applications. With the digital seal, every product, process and transaction can now be matched to its original to … More →

The post Cryptowerk introduces blockchain-based technology to certify data integrity of digital assets appeared first on Help Net Security.

CISA's Palace: Congress backs new cybersecurity nerve-center for cyber-America's cyber-future

The Register - Wed, 11/14/2018 - 20:07
CISA heads off for Trump's signature – no, not that CISA, the good one

The US House of Representatives has unanimously passed a bipartisan bill that would create a new agency to lead the federal government's cybersecurity efforts.…

Citco launches new SaaS Æxeo Treasury solution on Amazon Web Services

(IN)SECURE Magazine Notifications RSS - Wed, 11/14/2018 - 20:00

The Citco Group of Companies (“Citco”) launched Æxeo Treasury, a Software-as-a-Service (SaaS) offering. The new product is a solution that gives alternative fund managers a method of managing treasury functions through a SaaS tool running on Amazon Web Services (AWS). It adds value by improving operational efficiencies and workflows, and provides a secure, centralized module for treasury operations. Æxeo Treasury is a stand-alone solution that enables firms to centralize their treasury functions, including funding investments, … More →

The post Citco launches new SaaS Æxeo Treasury solution on Amazon Web Services appeared first on Help Net Security.

Pages