Es gibt unter anderem: Hardening Tips for MAC OS X 10.6 Snow Leopard und Security Highlights of Windows 7

Possibly related posts (automatically generated)

• daily links
• Mac OS X vulnerability
• Sandboxed Safari
• Disable ssh access for password-guessing bots
• Find Personal Data

When verbally passing a message you usually need to know your contact persons to know if you can trust them, but you also have to know your technology a little to know if you can trust it. Technologies can leak or distort your message just as humans can. Technologies are invested in types of trust relations: some devices are safer than others, some can be modified, and some are better avoided.

This book tries to address these different layers by giving hands-on explanations on how to make your digital communication and data more secure and by providing the reader with a basic understanding of the concepts of digital communication and data security. It derives from the following principles:

1. No method is entirely secure;
2. You need to have a basic understanding on how and why technology works to make it work for you;
3. You need technology for safer communication: either some basic tools, or more sophisticated equipment, depending on where you’re at and where you go.

Possibly related posts (automatically generated)

• Off The Grid Password Generator
• Browser Exploit Against SSL/TLS
• NSA: Security Configuration Guides
• Website Security
• Gesprächs-Rekonstruktion aus verschlüsselten VoIP Paketen

“Anomalien im Netzwerkverkehr” der Datenbanken des Passwortspeicherdienstes LastPass lassen den Dienstleister vermuten, dass unter Umständen Einbrecher an vertrauliche Informationen gelangt sind – darunter möglicherweise einige Masterpasswörter von Kunden.

Desktop Lösungen wie KeePass oder 1Password sind eventuell doch sinnvoller, und man braucht weniger Vertrauen den den Online Dienstleiter.

Possibly related posts (automatically generated)

• Off The Grid Password Generator
• Firefox: Passwörter aus Bildern oder Text erstellen
• Password Manager für alle Situationen
• Password Strength Checker
• 1Password für Chrome

Today we’ll show you some examples of how a web application can be exploited so you can learn from them; for this we’ll use Gruyere, an intentionally vulnerable application we use for security training internally, too. Do not probe others’ websites for vulnerabilities without permission as it may be perceived as hacking; but you’re welcome—nay, encouraged—to run tests on Gruyere.

Possibly related posts (automatically generated)

• Website Security Basics
• Web Application Exploits and Defenses
• WebScarab, Paros Tutorial
• XSS
• XSS Rays

Public key encryption in Javascript encrypts form data at the client side for the whole transfer from sender to the final receiver. Form data can be transferred without using an SSL connection and is stored encrypted on the server. Only the final receiver can decrypt it.

Sicherlich nicht für jeden Einsatz sinnvoll, aber trotzdem sehr spannend!

Possibly related posts (automatically generated)

• turn.js
• Präsentationen mit impress.js
• Performance: Delayed Content
• AliceJS
• Interaktive Webseiten mit Tangle

1. Go to your Twitter settings page.
2. Tick the Always use HTTPS checkbox.
3. Click Save and re-enter your password when prompted.

Possibly related posts (automatically generated)

• Off The Grid Password Generator
• Browser Exploit Against SSL/TLS
• NSA: Security Configuration Guides
• Basic Internet Security
• Website Security

The researchers found that as much 67 percent of data stored in a file remained even after it was deleted from an SSD using the secure erase feature offered by Apple’s Mac OS X. Other overwrite operations – which securely delete files by repeatedly rewriting the data stored in a particular disk location – failed by similarly large margins when used to erase a single file on an SSD. Pseudorandom Data operations, for instance, allowed as much as 75 percent of data to remain, while the British HMG IS5 technique allowed as much as 58 percent.

Eine (naheligende) Lösung:

The researchers found the most effective way to sanitize data on SSDs was to use devices that encrypted their contents. Wiping happens by deleting the encryption keys from what’s known as the key store, effectively ensuring that the data will remain encrypted forever.

Possibly related posts (automatically generated)

• Off The Grid Password Generator
• Browser Exploit Against SSL/TLS
• NSA: Security Configuration Guides
• Basic Internet Security
• Website Security

First you need a suitable mp4 file to hide your TrueCrypt container. (…) Really any mp4 file will do, but try to find a file that matches the proportional size of the container you are going to create. Once you have your video file, create a TrueCrypt container. Use the “Hidden Container” option, this generates a container-inside-a-container. (…) Now that you have your two files, the magic happens. Martin Fiedler, a software engineer from Germany, created a Python script named tcsteg.py that will now merge these two files together. Execute “python tcsteg.py Movie.mp4 NameOfTrueCryptVolume.mp4” from a command line to make the merge.

Possibly related posts (automatically generated)

• Stegobot
• Social Steganography
• Hiding Files in PDF Documents
• Steganography Tools
• Steganography

Diese Webseite wurde gegruendet, um Sicherheitsluecken auf Social Network Portalen aufzuzeigen.
Der Autor hat in der Vergangenheit vergeblich versucht die entsprechenden Social Networking Betreiber zu kontaktieren, wurde dabei jedoch oftmals mit unzureichender Security Awareness seitens der “Ticketbearbeiter” enttaeuscht. (…) Diese Webseite soll entsprechend die Augen der Verbraucher oeffnen und durch das Aufdecken von Sicherheitsluecken auf Social-Network Seiten dazu beitragen, dass die Betreiber aktiv reagieren und die entsprechenden Sicherheitsluecken zeitnah schliessen. Die Praxis zeigt das medialer Druck auf die Betreiber einiges bewirken kann….

Possibly related posts (automatically generated)

• Off The Grid Password Generator
• Browser Exploit Against SSL/TLS
• AnonPlus
• NSA: Security Configuration Guides
• Basic Internet Security

When you visit my website, I can automatically and silently determine if you’re logged into Facebook, Twitter, GMail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you’re logged into GMail, but would you care if I could tell you’re logged into one or more porn or warez sites? Perhaps http://oppressive-regime.example.org/ would like to collect a list of their users who are logged into http://controversial-website.example.com/?

Das lässt sich natürlich auch halbwegs sinnvoll nutzen, z.B. um mailto: Links durch einen Gmail Compose Links zu ersetzen:

$('<img/>').hide()
 .attr('src','https://mail.google.com/mail/photos/static/AD34hIhNx1pdsCxEpo6LavSR8dYSmSi0KTM1pGxAjRio47pofmE9RH7bxPwelO8tlvpX3sbYkNfXT7HDAZJM_uf5qU2cvDJzlAWxu7-jaBPbDXAjVL8YGpI')
 .load(function(){
 $('a[href^="mailto:"]').each(function(){
 var email = $(this).attr('href').replace(/^mailto:/,'');
 $(this).attr('href','https://mail.google.com/mail/?view=cm&fs=1&tf=0&to='+escape(email));
 });
 })
 .appendTo('body');

Possibly related posts (automatically generated)

• Off The Grid Password Generator
• Browser Exploit Against SSL/TLS
• NSA: Security Configuration Guides
• Basic Internet Security
• Website Security