Information Security

ExtraHop turns security analysts into threat experts with Reveal(x) winter 2019

(IN)SECURE Magazine Notifications RSS - Wed, 01/16/2019 - 23:00

ExtraHop released new capabilities designed to help Security Operations Center (SOC) and Network Operations Center (NOC) teams identify and safeguard critical assets, detect late-stage and insider threats, and transform security analysts into threat experts with streamlined investigation workflows. Demand for business agility and uptime have accelerated the modernization of IT, which is now dynamic and distributed – from the data center, to cloud infrastructure and SaaS, to remote sites and device edges. These changes introduce … More →

The post ExtraHop turns security analysts into threat experts with Reveal(x) winter 2019 appeared first on Help Net Security.

How to enumerate in telnet? (Linux)

Your hacking tutorial - Wed, 01/16/2019 - 22:49

I'm currently logged into the telnet port of a hackthebox box.

I just cant seem how to figure out how to navigate using telnets commands, I can only cd to directories but cant open any files and cant ls to show files/directories.

Anyone know what commands I use to open txt files and show files/dirs in the current dir?

Thanks

submitted by /u/OneKidOutHere
[link] [comments]
Categories: Information Security

RSA Encryption Cracked Easily (Sometimes)

Hack a Day - Wed, 01/16/2019 - 22:00

A large chunk of the global economy now rests on public key cryptography. We generally agree that with long enough keys, it is infeasible to crack things encoded that way. Until such time as it isn’t, that is. Researchers published a paper a few years ago where they cracked a large number of keys in a very short amount of time. It doesn’t work on any key, as you’ll see in a bit, but here’s the interesting part: they used an undescribed algorithm to crack the codes in a very short amount of time on a single-core computer. This piqued [William Kuszmaul’s] interest and he found some follow up papers that revealed the algorithms in question. You can read his analysis, and decide for yourself how badly this compromises common algorithms.

The basis for public key cryptography is that you multiply two large prime numbers to form a product and post it publicly. Because it is computationally difficult to find prime factors of large numbers, this is reasonably secure because it is difficult to find those prime numbers that are selected randomly.

However, the random selection leads to an unusual attack. Public keys, by their very nature, are available all over the Internet. Most of them were generated with the same algorithm and random number generation isn’t actually totally random. That means some keys share prime factors and finding a common factor between two numbers isn’t nearly as difficult.

In fact, that’s the heart of the problem. Factoring a 232-digit number took about 1,500 years of computing time. But finding common factors between two numbers is much easier. However, the original research paper mentioned they found common factors for 36 trillion pairs of keys in a matter of hours. That was faster than [William] expected.

Before you get too alarmed, the researches looked at 6.2 million keys and were able to crack fewer than 13,000. Not exactly a gaping security hole, unless you are one of the 13,000, of course. However, the entire post highlights two things: first, speeding up algorithms is usually more efficient than making faster computersm, and second, you never know when your carefully crafted encryption is going to be rendered worthless by a better algorithm.

It is widely thought that quantum computing will significantly change what you’ll have to do to be secure. We’ve seen before where an implementation of an algorithm is a weak point.

Aerohive announces cloud management for its A3 Secure Access Management solution

(IN)SECURE Magazine Notifications RSS - Wed, 01/16/2019 - 22:00

Aerohive Networks released the cloud management for its A3 Secure Access Management solution. A3 brings an approach to Corporate, BYOD, Guest, and IoT client device onboarding, authentication, and network access control (NAC). First launched in May 2018 as an on-premises solution, Aerohive now introduces a new deployment option for A3 with cloud-based monitoring and, expected in Q2, configuration for all customer sites, while localized tasks like device onboarding and access-control enforcement will be executed by … More →

The post Aerohive announces cloud management for its A3 Secure Access Management solution appeared first on Help Net Security.

Hide errors and loading with .vbs script

Your hacking tutorial - Wed, 01/16/2019 - 21:34

I'm working on a program that compresses a folder to a .zip file and I want to hide to .vbs errors when it says "windows was unable to add one or more empty directories..." and when it is just taking too dang long to compress the file and the "Compression Loading Bar" pops up. How can I hide this?

VBS script....

Set objArgs = WScript.Arguments InputFolder = objArgs(0) ZipFile = objArgs(1) CreateObject("Scripting.FileSystemObject").CreateTextFile(ZipFile, True).Write "PK" ^& Chr(5) ^& Chr(6) ^& String(18, vbNullChar) Set objShell = CreateObject("Shell.Application") Set source = objShell.NameSpace(InputFolder).Items objShell.NameSpace(ZipFile).CopyHere(source) wScript.Sleep 6000

How to open the .vbs file, open CMD and type...

cd "%USERPROFILE%\wherevever\" CScript _zipIt.vbs %USERPROFILE%\folder_2_compress %USERPROFILE%\export_as.zip

How can I make the .vbs script run without the annoying errors and loading bar popping up? basically so it is silent.

submitted by /u/jjdog123
[link] [comments]
Categories: Information Security

BigID and Ionic Security partner to enhance data governance and privacy for multi-cloud compliance

(IN)SECURE Magazine Notifications RSS - Wed, 01/16/2019 - 21:30

BigID and Ionic Security partner to enable organizations to automate policy enforcement and auditability driven by data intelligence. The partnership removes barriers to cloud adoption for organizations struggling with compliance, allowing them to take a consolidated and granular approach to protecting sensitive data by integrating BigID discovery and classification with the Ionic Data Trust Platform’s real-time policy management. Together, BigID and Ionic provide an automated, accurate, and scalable solution that identifies, classifies, and enforces data … More →

The post BigID and Ionic Security partner to enhance data governance and privacy for multi-cloud compliance appeared first on Help Net Security.

Three quarters of US Facebook users unaware their online behavior gets tracked

The Register - Wed, 01/16/2019 - 21:08
You mean they are collecting our opinions to sell ads? Who would have guessed it?

Most Facebook users have no idea that the ad biz compiles data profiles of their online activities and interests, according to research conducted by the non-profit Pew Research Center.…

FireEye president Travis Reese joins Waterfall Security board of directors

(IN)SECURE Magazine Notifications RSS - Wed, 01/16/2019 - 21:00

Waterfall Security Solutions unveiled that cyber security veteran and industry leader Travis Reese is joining Waterfall’s board of directors. Mr. Reese is currently the president of FireEye and was the president and chief operating officer at Mandiant before Mandiant was acquired by FireEye in 2013. “We welcome Mr. Reese to Waterfall’s board,” said Lior Frenkel, CEO and Co-Founder of Waterfall Security Solutions. “With Waterfall’s Unidirectional Security Gateways having gone mainstream in a growing number of … More →

The post FireEye president Travis Reese joins Waterfall Security board of directors appeared first on Help Net Security.

Offensive Security appoints Ning Wang as CEO to lead organization’s next stage of growth

(IN)SECURE Magazine Notifications RSS - Wed, 01/16/2019 - 20:30

Offensive Security appoints Ning Wang as CEO. Wang joins the company with proven experience in growing businesses in the security and online training markets as COO and CFO of HackerOne and Lynda.com (formerly Spectrum Equity-backed and acquired by LinkedIn), respectively. Her appointment follows the growth investment in the company, led by Spectrum in September 2018. “In an age when software is in everything we touch and use, it’s now a matter of when and not … More →

The post Offensive Security appoints Ning Wang as CEO to lead organization’s next stage of growth appeared first on Help Net Security.

Do you feel 'lucky', well, do you, punk? Google faces down magic button patent claim

The Register - Wed, 01/16/2019 - 19:48
Israeli company was 'feeling lucky' but lost out

Google has won a patent dispute over its famous "I'm feeling lucky" button that immediately connects a user to its top-raking search link with a single click.…

$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?

The Register - Wed, 01/16/2019 - 19:29
Lawsuit claims coin thief was part of a gang targeting crypto whales

The victim of a $24m cryptocurrency heist is suing his assailants in what is believed to be the first ever RICO claim involving digital currency.…

[Help] tasks not deactivating

Tasker: Total Automation for Android - Wed, 01/16/2019 - 19:02

Hi. I'm fairly sure I'm doing something wrong here. I have a profile of "connected to my car bluetooth" and "phone ringing" that triggers a task of "end call" and "send text." Effectively, I want to reject calls while driving and send a text to whoever called saying i'm driving and will get back to them.

Now, this works. However, when I'm no longer connected to the bluetooth, it still rejects calls and sends the text. It feels like the profile is operating under an OR constraint, not an AND constraint.

submitted by /u/theshabz
[link] [comments]

The Embroidered Computer

Hack a Day - Wed, 01/16/2019 - 19:00

By now we’ve all seen ways to manufacture your own PCBs. There are board shops who will do small orders for one-off projects, or you can try something like the toner transfer method if you want to get really adventurous. One thing we haven’t seen is a circuit board that’s stitched together, but that’s exactly what a group of people at a Vienna arts exhibition have done.

The circuit is stitched together on a sheet of fabric using traditional gold embroidery methods for the threads, which function as the circuit’s wires. The relays are made out of magnetic beads, and the entire circuit functions as a fully programmable, although relatively rudimentary, computer. Logic operations are possible, and a functional schematic of the circuit is also provided. Visitors to the expo can program the circuit and see it in operation in real-time.

While this circuit gives new meaning to the term “wearables”, it wasn’t intended to be worn although we can’t see why something like this couldn’t be made into a functional piece of clothing. The main goal was to explore some historic techniques of this type of embroidery, and explore the relationship we have with the technology that’s all around us. To that end, there have been plenty of other pieces of functional technology used as art recently as well, but of course this isn’t the first textile computing element to grace these pages.

Thanks to [Thinkerer] for the tip!

 

Turn on Touch Lock on WearOS Watch with Tasker

Tasker: Total Automation for Android - Wed, 01/16/2019 - 18:34

Hi all,

I'm new to Tasker and want to know if it has the ability to automate tasks on my WearOS watch. My ultimate goal is to initialize a Google Assistant routine that will turn off my watch's notifications and turn on the touch lock for the night when I go to sleep. I've installed AutoWear and know how to trigger a Tasker profile from a routine, but I don't know how to set up a task that disables notifications and turns on touch lock.

Thanks in advance for any suggestions!

submitted by /u/Meticulous_Meeseeks
[link] [comments]

[LG] [G6] Use Tasker to change screen resolution?

Tasker: Total Automation for Android - Wed, 01/16/2019 - 18:26

I have a couple games I like to play in 4:3 or 16:9, and I get frustrated having to boot up my laptop every time i want to change my resolution.

The G6 does have options to do this in settings, but for some reason, (since after 7.0 update,) only a few apps allow it, and even then, a few of those apps don't actually reflect the changes.

18:9 is great, but I legitimately see performance increases on some games, as well as greater field of view, when using lower ratios, such as 16:9.

I may have to just stay on 16:9 permanently, but then I lose a good amount of screen real-estate while not in-game.

This phone cannot be unlocked.

submitted by /u/ruffyreborn
[link] [comments]

Pages