Web App Security

  • Most Topular Stories

  • Getting Superfish out of Firefox

    Mozilla Security Blog
    rbarnes
    27 Feb 2015 | 1:15 pm
    First things first: If you are reading this post on a recent Lenovo laptop, please click the lock icon in the URL bar, then click “More Information…”.  If you see “Verified by: Superfish, Inc.”, you are infected with Superfish, and you should follow these instructions to remove it. The Superfish adware distributed by Lenovo has brought the issue of SSL interception back to the headlines.  SSL interception is a technique that allows other software on a user’s computer to monitor and control their visits to secure Web sites — however, it also enables attackers to masquerade…
  • A Failed Hacker Unmasking Exercise

    Liquidmatrix Security Digest
    Bill Brenner
    10 Feb 2015 | 5:26 am
    “A ridiculous article which purports to show us the face of a hacker…” — Chris Wysopal, CTO of Veracode, in a tweet The ability of media outlets to create sophisticated images and graphics is light years beyond what it was when I was a young journalist in the 1990s. The technology has spawned a lot of cool projects, like this visual of a botnet from my former employer, CSOonline.com. The enhanced capability also leads to some truly ridiculous creations. For example, this Secure Thoughts piece on “hackers unmasked.” The writer asks, “Who are the…
  • Mobile App Wall of Shame: Tinychat for iPhone

    Zscaler Research
    viral
    20 Feb 2015 | 3:22 pm
    Tinychat Price : Free Category : Social Networking Updated : December 29, 2014 Version : 5.0 Size : 19.41 MB Language : English Vendor : Tinychat Co Operating system : iOS Background: Tinychat is a group video chat application that allows users to chat online and also create their own chart rooms. Currently, this application is ranked among the top 200 apps in the
  • Another XSS auditor bypass

    The Spanner
    Gareth Heyes
    19 Feb 2015 | 11:50 am
    This bug is similar to the last one I posted but executes in a different context. It requires an existing script after the injection because we use it to close the injected script. It’s a shame chrome doesn’t support self closing scripts in HTML or within a SVG element because I’m pretty sure I could bypass it without using an existing script. Anyway the injection uses a data url with a script. In order to bypass the filter we need to concat the string with the quote from the attribute or use html entities such as //. The HTML parser doesn’t care how…
  • NoScript Does Accept Bitcoin Donations

    hackademix.net
    Giorgio
    6 Feb 2015 | 7:02 am
    It just occurred to me that Google did not know about tweets at the time I wrote this one: So you want to donate in #bitcoin to help NoScript's development? Now you can, bitcoin:1H4kTbFK1zVWiXjvZxhmxoaJW4dukJHcdb Since I routinely receive inquiries from potential bitcoin donors, I hope this post to be easier to find.
  • add this feed to my.Alltop

    Mozilla Security Blog

  • Getting Superfish out of Firefox

    rbarnes
    27 Feb 2015 | 1:15 pm
    First things first: If you are reading this post on a recent Lenovo laptop, please click the lock icon in the URL bar, then click “More Information…”.  If you see “Verified by: Superfish, Inc.”, you are infected with Superfish, and you should follow these instructions to remove it. The Superfish adware distributed by Lenovo has brought the issue of SSL interception back to the headlines.  SSL interception is a technique that allows other software on a user’s computer to monitor and control their visits to secure Web sites — however, it also enables attackers to masquerade…
  • MWoS – Audit-Go

    gdestuynder
    20 Feb 2015 | 1:14 pm
    The Mozilla Winter of Security of last year is concluding and the participating teams of students are completing their projects. Our first team has completed the Audit-Go Heka plugin project recently with great success. The Audit-Go plugin is a native Go implementation of a Linux Audit client. It communicates with the kernel using the Netlink protocol and has no extra dependencies. The MWoS team and myself would like to thank our students Hardik Juneja, Arun Sori, Aalekh Nigam and their professor Sanjay Goel from the Jaypee Institute of Information Technology for their work and partnership…
  • Phase 2: Phasing out Certificates with 1024-bit RSA Keys

    kwilson
    28 Jan 2015 | 2:14 pm
    In the previous post about certificates with 1024-bit RSA keys we said that the changes for the second phase of migrating off of 1024-bit root certificates were planned to be released in Firefox in early 2015. These changes have been made in Firefox 36, in which the following 1024-bit root certificates were either removed, or their SSL and Code Signing trust bits were turned off. Verizon CN = GTE CyberTrust Global Root SHA1 Fingerprint: 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74 Symantec CN = Thawte Server CA SHA1 Fingerprint:…
  • Tighter Control Over Your Referrers

    Sid Stamm
    21 Jan 2015 | 5:40 am
    The purpose of the HTTP Referer (sic) header is to help sites figure out where their traffic comes from. However, as the Web got more complex, the amount of information in the Referer header ballooned, leading to bigger privacy problems. Firefox Beta supports a new feature to help sites protect their users’ privacy by changing the Referer header. HTTP Referer provides a wealth of information about where you came from to the sites you visit, but this context isn’t always necessary (or desired). In addition, it is an unreliable tool for authenticating the origin of an HTTP request unless…
  • Mozilla at HITB Malaysia

    Paul Theriault
    10 Nov 2014 | 4:18 pm
    The Mozilla security team was proud to be part of Hack In The Box (HITB) 2014, held from 15-16 October 2014 in Kuala Lumpur (KL), Malaysia. Mozilla has been involved in HITB for several years now, and this year‘s HackWEEKDAY contest was probably the best we’ve seen so far. HackWEEKDAY is a contest where contestants develop mobile apps (Firefox OS or any other platforms allowed) in a bid to win glory and prizes. The competition was fierce this year, with over 75 developers and 4 hours of judging! Notable entries included a Firefox extension which used Snort rules to block browser…
 
  • add this feed to my.Alltop

    Liquidmatrix Security Digest

  • A Failed Hacker Unmasking Exercise

    Bill Brenner
    10 Feb 2015 | 5:26 am
    “A ridiculous article which purports to show us the face of a hacker…” — Chris Wysopal, CTO of Veracode, in a tweet The ability of media outlets to create sophisticated images and graphics is light years beyond what it was when I was a young journalist in the 1990s. The technology has spawned a lot of cool projects, like this visual of a botnet from my former employer, CSOonline.com. The enhanced capability also leads to some truly ridiculous creations. For example, this Secure Thoughts piece on “hackers unmasked.” The writer asks, “Who are the…
  • New Adobe Flash Vulnerability – CVE-2015-0313

    Bill Brenner
    3 Feb 2015 | 6:10 am
    Oh, joy. Adobe has put out yet another security bulletin for vulnerabilities in Flash.  Details: Security Advisory for Adobe Flash Player Release date: February 2, 2015 Vulnerability identifier: APSA15-02 CVE number: CVE-2015-0313 Platform: All Platforms Summary A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in…
  • 3 Books that Changed My Life

    Bill Brenner
    3 Feb 2015 | 6:01 am
    The following is cross-posted from the Security Uncorked blog… My friend Jennifer Minella is doing a series where she asks folks from the security community about three books that changed their lives. She kicks it off with me. In this series, I asked infosec professionals to name 3 books that changed their life. This entry includes picks from journalist, writer and podcaster Bill Brenner. When I set out seeking contributors for this piece, one of the first people that came to my mind was Bill Brenner. Throughout the years, Bill has been someone I (and many in the industry) admire for…
  • The Oracle of Security Flaws

    Bill Brenner
    21 Jan 2015 | 12:45 pm
    When it comes to patching vulnerabilities, Oracle does nothing small. In its latest quarterly CPU (Critical Patch Update), the database giant hands its customers 169 new security fixes affecting many products. The full patch matrix is here. SiliconANGLE offers a decent analysis of the vulnerabilities and patches. From Maria Deutscher’s report: One flaw that drew an outsized amount of attention is a misconfiguration affecting the enterprise technology stalwart’s popular E-Business Suite, which “gobsmacked” its discoverer, in his own words. David Litchfield, a U.K.-based expert on…
  • “Hackers. It’s time to Unite”

    Bill Brenner
    19 Jan 2015 | 6:10 am
    Last week I wrote about the new anti-hacking laws President Obama plans to float in his State of the Union address and how the proposals are Draconian at best. I noted that it’s in our power to educate the masses and stop this thing before it becomes law. To that end, I have something to share with you. Derek Watson — better known in the security community as Blak Dayz (blakdayz) — posted the following call to action: Hackers. It’s time to UNITE. With these new proposed laws, they are literally coming for our freedom. If you are interested in joining in a fast…
  • add this feed to my.Alltop

    Zscaler Research

  • Mobile App Wall of Shame: Tinychat for iPhone

    viral
    20 Feb 2015 | 3:22 pm
    Tinychat Price : Free Category : Social Networking Updated : December 29, 2014 Version : 5.0 Size : 19.41 MB Language : English Vendor : Tinychat Co Operating system : iOS Background: Tinychat is a group video chat application that allows users to chat online and also create their own chart rooms. Currently, this application is ranked among the top 200 apps in the
  • Ongoing Angler Exploit Kit and Bedep Fraud Campaign

    John Mancuso
    11 Feb 2015 | 8:34 am
    In our recent post covering CVE-2015-0311, two of the Command and Control (C&C) domains used in the Domain Generation Algorithm (DGA), mapped back to the same Server IP address - 46.105.251.1. They were also using the same nameservers for resolution: ns1.regway.com ns2.regway.com We took a closer look at the domains using these nameservers and found a distinct correlation between the C&C 
  • Android Banking Trojan and SMS stealer floating in the wild

    viral
    2 Feb 2015 | 12:56 pm
    We recently came across an Android Banking Trojan with a very low antivirus detection rate that is targeting Chinese mobile users. This Android malware is capable of stealing banking information by intercepting SMS messages looking for certain keywords. It also steals all the contact information from the user's mobile device and relays it to a remote Command & Control (C2) server.
  • Exploit Kits: Anatomy of a Silverlight exploit

    Uday Pratap Singh
    30 Jan 2015 | 10:55 am
    With the significant adoption of Silverlight technology in today’s market, it has become one of the popular targets for the hacker community. We have observed many popular exploit kits (EKs) like Nuclear and Fiesta, serving specially crafted exploits targeting Silverlight vulnerabilities. Recently, we blogged about the Nuclear Exploit kit live infection cycle, which was leveraging Silverlight
  • Malvertising leading to Flash Zero Day via Angler Exploit Kit

    Deepen Desai
    22 Jan 2015 | 10:59 am
    UPDATE [01/25/2015]: Adobe released an update yesterday (APSA15-01) for CVE-2015-0311 that fixes the zero day exploit mentioned in this blog. Given the number of exploit attempts we are seeing for this vulnerability in the wild, it is critical for users to update the Adobe Flash player to the latest version 16.0.0.296. Background Earlier this week, Kafeine published a blog mentioning an
 
  • add this feed to my.Alltop

    The Spanner

  • Another XSS auditor bypass

    Gareth Heyes
    19 Feb 2015 | 11:50 am
    This bug is similar to the last one I posted but executes in a different context. It requires an existing script after the injection because we use it to close the injected script. It’s a shame chrome doesn’t support self closing scripts in HTML or within a SVG element because I’m pretty sure I could bypass it without using an existing script. Anyway the injection uses a data url with a script. In order to bypass the filter we need to concat the string with the quote from the attribute or use html entities such as //. The HTML parser doesn’t care how…
  • XSS Auditor bypass

    Gareth Heyes
    10 Feb 2015 | 11:56 am
    XSS Auditor is getting pretty good at least in the tests I was doing however after a bit of testing I found a cool bypass. Without studying the code it seems that it checks for valid JavaScript within the vector, I thought I could use this to my advantage. I came up with the idea of using an existing script block to smuggle my vector and reusing the closing script on the page. The page contains a script block like this: <script>x = "MY INJECTION"</script> As every XSS hacker knows you can use a “</script>” block to escape out of the script block and inject a HTML…
  • Bypassing the IE XSS filter

    Gareth Heyes
    7 Jan 2015 | 1:06 pm
    Mario noticed that the new version of the IE filter blocks anchors in attempt to prevent the same origin bypass where you double encode the vector and post a link to itself. I had to take a look and see if I could break it and…of course I did. The regex is very generic:- <a.*?hr{e}f This could cause problems with information disclosure if you can put something in between the “a” and “href” and detect if the filter is active which I’ll admit is pretty tricky now with the new protection against such attacks. Anyway lets move onto the vectors. I literally…
  • Unbreakable filter

    Gareth Heyes
    24 Oct 2014 | 2:13 pm
    I was bored so I thought I’d take a look at Ashar’s filters. I noticed he’d done a talk about it at Blackhat Europe which I was quite surprised at. Then I came across the following blog post about the talk which I pretty much agreed with. That blog post links to his filters so you can try them out yourself. The first one is basically multiple JavaScript regexes which are far too generic to be of any value. For example “hahasrchaha” is considered a valid attack =) because it has “src” in. I’m not joking. The regexes are below. function…
  • MentalJS bypasses

    Gareth Heyes
    24 Jun 2014 | 2:41 pm
    I managed to find time to fix a couple of MentalJS bypasses by LeverOne and Soroush Dalili (@irsdl). LeverOne’s vector was outstanding since it bypassed the parsing itself which is no easy task. The vector was as follows: for(var i i/'/+alert(location);0)break//') Basically my parser was inserting a semi colon in the wrong place causing a different state than the actual state executed. My fix inserts the semi colon in the correct place. Before the fix the rewritten code looked like this: for (var i$i$; / '/+alert(location);0)break//') As you can see the variables have been incorrectly…
  • add this feed to my.Alltop

    hackademix.net

  • NoScript Does Accept Bitcoin Donations

    Giorgio
    6 Feb 2015 | 7:02 am
    It just occurred to me that Google did not know about tweets at the time I wrote this one: So you want to donate in #bitcoin to help NoScript's development? Now you can, bitcoin:1H4kTbFK1zVWiXjvZxhmxoaJW4dukJHcdb Since I routinely receive inquiries from potential bitcoin donors, I hope this post to be easier to find.
  • Both Your Cheeks

    Giorgio
    16 Jan 2015 | 9:53 am
    Dear pope Francis, Thank you for for this chance to punch your face (both cheeks, the way you christians enjoy best) because your organization routinely defames and insults His Majesty Satan. Sincerely, Your friendly neighbourhood satanist P.S.: a very good article about this from The Guardian. P.P.S.: Yes, I think free thinking, free speech and censorship are very relevant to the Open Web.
  • s/http(:\/\/(?:noscript|flashgot|hackademix)\.net)/https\1/

    Giorgio
    19 Nov 2014 | 3:16 pm
    I'm glad to announce noscript.net, flashgot.net and hackademix.net have been finally switched to full, permanent TLS with HSTS Please do expect a smörgåsbord of bugs and bunny funny stuff :)
  • Avast, you're kidd... killing me - said NoScript >:(

    Giorgio
    19 Nov 2014 | 5:20 am
    If NoScript keeps disappearing from your Firefox, Avast! Antivirus is likely the culprit. It's gone Berserk and mass-deleting add-ons without a warning. I'm currently receiving tons of reports by confused and angry users. If the antivirus is dead (as I've been preaching for 7 years), looks like it's not dead enough, yet.
  • No Free Professional Service

    Giorgio
    12 May 2014 | 3:32 pm
    This is a real exchange from NoScript “User Reviews” section at AMO, copied here as a memento and a caveat (for NoScript potential “customers”? for free software developers?), since some or all of it may be edited by its authors or deleted by those nasty AMO editors in a near future. Deception and rude treatment of users Rated 1 out of 5 stars by JamesOnTheWay on May 12, 2014 My negative review was deleted; therefore, I no longer have confidence in NoScript or its developer. I was not looking for a bug fix. I was warning potential users away, which is permitted in the…
 
  • add this feed to my.Alltop

    Didier Stevens

  • Update oledump.py Version 0.0.10

    Didier Stevens
    26 Feb 2015 | 4:00 pm
    This version handles corrupt VBA macro streams without crashing. Corrupt VBA macro streams are marked with an E indicator (error). And an update to the plugin_http_heuristics and plugin_dridex plugins. oledump_V0_0_10.zip (https) MD5: 450C28232254F8FF3AF5E289F58D2DAB SHA256: 139671E5E69200CECCE0EF730365C1BF1B7B8904B90E3B1E08E55AB040464C73
  • Update: oledump.py Version 0.0.9

    Didier Stevens
    19 Feb 2015 | 2:19 pm
    The plugin_dridex plugin was updated. And oledump.py has a new option: –quiet: only print output from plugins. oledump_V0_0_9.zip (https) MD5: 849C26F32397D2508381A8472FE40F90 SHA256: 74887EA3D4362C46CCBF67B89BB41D7AACE9E405E4CB5B63888FEDCE20FD6A07
  • Analyzing A Fraudulent Document With Error Level Analysis

    Didier Stevens
    17 Feb 2015 | 4:00 pm
    Some time ago I had the chance to try out an image forensic method (Error Level Analysis) on a PDF. It was a fraudulent document (a form), but with a special characteristic: the criminal converted the original form (a PDF) to JPEG, edited the JPEG with a raster graphics editor, and then inserted the edited JPEG in a PDF document. This gave me the opportunity to try out Error Level Analysis (ELA) on a “text document”. I can’t share the PDF, but I recreated one to use in this blogpost. First I search for images in the PDF document: pdf-parser.py -s image example-edited.pdf…
  • Update: oledump.py Version 0.0.8

    Didier Stevens
    16 Feb 2015 | 4:00 pm
    This new version brings support for multiple YARA rule files. The plugin_http_heuristics plugin was updated, and there is a new plugin: plugin_dridex. oledump_V0_0_8.zip (https) MD5: 29EBF73F5512B0BC250CD0A0977A2C72 SHA256: 09C451116FCDE7763173E1538C687734D92267A0D192499AFD118D8D923165B9
  • Update EICARgen Version 2.1

    Didier Stevens
    15 Feb 2015 | 4:00 pm
    Version 2.1 of EICARgen can create an Excel spreadsheet (.xls) with the EICAR test file embedded with OLE.
  • add this feed to my.Alltop

    CERIAS Combined Feed

  • Registration for CERIAS 2015 is now Open

    CERIAS Webmaster
    20 Feb 2015 | 12:59 pm
    Registration is now open for the 16th Annual CERIAS Information Security Symposium. Visit: http://www.cerias.purdue.edu/site/symposium2015</> for more information. Overview Cybersecurity discussions have moved from the server room, to the board room, to the talking heads of the media — but all this new found mass awareness has not translated to being more secure. Major intrusions are now common place and a “standard operating procedure” within many industries. Join us for the 16th Annual CERIAS Security Symposium as we examine the current state and emerging trends in information…
  • Indiana to Launch New IN-ISAC and Enhance Cyberdefense Programs

    CERIAS Webmaster
    10 Feb 2015 | 9:34 am
    Unique Indiana state government partnership with Purdue University will also utilize private-sector expertise to defend state networks from next-generation cyberattacks. This breaking news demonstrates that cyberdefense is a top priority for Indiana Gov. Mike Pence. More information »
  • Cybersecurity Issue Goes Beyond the Anthem Headlines

    CERIAS Webmaster
    7 Feb 2015 | 5:46 am
    (Phys.Org) Eugene Spafford, the executive director of Purdue’s Center for Education and Research in Information Assurance and Security, says in the case of Anthem and others, the costs and dangers are hidden. “The personal information they listed can represent a problem for people for years to come,” he said. “That’s information that can be used for identity theft, extortion and to gain people’s trust. So, it really is a big problem, even if medical or credit card information is not given out. The company providing a year or two of credit monitoring won’t fix that.” More…
  • Not so Easy to Buy Privacy: Study Shows How ‘Anonymized’ Credit Card Data Still Identifies

    CERIAS Webmaster
    30 Jan 2015 | 11:26 am
    The study shows that when we think we have privacy when our data is collected, it’s really just an “illusion,” said Eugene Spafford, director of Purdue University’s Center for Education and Research in Information Assurance and Security. Spafford, who wasn’t part of the study, said it makes “one wonder what our expectation of privacy should be anymore.” More information »
  • North Korea’s Internet Outage Was Likely the Work of Hacktivists (The Washington Post)

    CERIAS Webmaster
    23 Dec 2014 | 12:34 pm
    “If the government wanted to do something about this, I would suspect they would do something more targeted toward the leadership rather than just shutting down the network,” said Eugene Spafford, a professor of information security at Purdue University. “Teenagers with botnets regularly shut down networks.” Targeting the financial assets of North Korean leaders (rather than the country’s Internet equipment) would be much more closely aligned with President Obama’s warning of a “proportional response” — and something the White House could accomplish that nameless hacktivists…
  • add this feed to my.Alltop

    Security Bloggers Network

  • Security site to bookmark: securityerrata.org

    itsecuriteer
    28 Feb 2015 | 4:00 pm
    Controversial but worth-readingIn the past, guilds regulated and controlled the practice of a craft. Securityerrata.org, an initiative from the attrition.org volunteer crew, aims to protect the information security profession from intruders.In an almos...
  • SBN Sponsor Post

    Kevin Riggins
    28 Feb 2015 | 12:00 pm
  • Check DSC Execution Status in Azure VMs

    Windows IT Pro
    28 Feb 2015 | 10:49 am
    Learn how to check DSC configuration in an Azure VM. read more
  • Soaring

    Marc Handelman
    28 Feb 2015 | 10:00 am
  • Saturday Security Maxim

    Marc Handelman
    28 Feb 2015 | 9:30 am
    Infinity Maxim: There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered (by the good guys or bad guys). Comment: ...
 
  • add this feed to my.Alltop

    blog.hotspotshield.com

  • Live Stream India vs West Indies in the Cricket World Cup

    Levent Sapci
    28 Feb 2015 | 4:34 pm
    Game 28 of the ICC Cricket World Cup brings India and West Indies head to head in Perth on March 5th at 10:30pm Pacific Time. Use Hotspot Shield to catch the action live. Follow these 3 easy steps to tune-in from anywhere in the world! 1. Download Hotspot Shield on your device (Windows, Mac, iOS, Android) and upgrade to the Elite version to get access to India virtual location. Which will enable you to live stream the cricket world cup for free. Use promo code “Cricket20″ to get 20% off a 1-year subscription. Download now: on your Android device, on your PC/Mac, on your iOS…
  • Recent Reports Dive-In Deep on Cloud Security

    Levent Sapci
    26 Feb 2015 | 8:18 am
    Understanding the Strength of the Cloud Many companies who turn to cloud storage do so with the assumption that the cloud is better protected from outages, disasters, and other events that can lead to data loss. This is true under the right circumstances, but those who don’t properly leverage the capabilities of the cloud end up just as vulnerable as those with information at a local datacenter. To keep data safe on the cloud, companies must utilize geographical redundancy. This means that their information is duplicated and stored at multiple points throughout the provider’s…
  • Net Neutrality’s Worldwide Impact

    Levent Sapci
    25 Feb 2015 | 7:35 pm
    For years, there has been no shortage of talk about net neutrality, and the conversation is reaching its climax. The debate over whether the Internet should be an open platform or if it should remain subject to the policies and whims of big companies is one that impacts people across the world. On February 26, the Federal Communications Commission (FCC) will take a vote about net neutrality. A previous article on the Hotspot Shield Blog delved into the details of that vote, but we haven’t yet discussed the potential worldwide ramifications of it. Where do other countries now stand on…
  • Live Stream Sri Lanka vs England ICC Cricket World Cup

    Levent Sapci
    25 Feb 2015 | 3:45 pm
    The 2015 ICC Cricket World Cup Game 22 will bring Sri Lanka and England to Wellington on February 28th at 2pm Pacific Time. Hotspot Shield can help you watch the action live. Follow these 3 easy steps to tune-in from anywhere in the world! 1. Download Hotspot Shield Elite and follow the steps to install on up to 5 devices to stream simultaneously. Use promo code “Cricket20″ to get 20% off a 1-year subscription. 2. Turn the Hotspot Shield application on and select India as your virtual location 3. Go to http://www.starsports.com/ and watch the games online for free! Watch a quick…
  • How to Watch “House of Cards” on Netflix from Anywhere

    Peter Nguyen
    25 Feb 2015 | 10:31 am
    If you’re a fan of the American political drama, “House of Cards”, you should be excited that the 3rd season of the series will be back on Netflix starting on February 27th, 2015. Unfortunately, for those living abroad, you will not be able to access Netflix’s US content. This is due to complicated licensing rights which only allows subscribers living in the US to get access to Netflix’s content. But, there is a work around to this, which will enable you to watch any content on Netflix from anywhere abroad. Use Hotspot Shield to bypass Netflix’s…
  • add this feed to my.Alltop

    Blog - CloudEntr

  • [Feature Release] Group Filtering for Active Directory Sync

    Ella Segura
    21 Feb 2015 | 2:00 am
    Ella Segura serves as the Product Manager for CloudEntr, guiding the product road map and all new features and developments.New Features in CloudEntr! Group Filtering for Active Directory Sync, Billing Management & Improved User Management Late last year we released our Microsoft Active Directory (AD) integration, enabling companies to extend their current access management system (AD) to the cloud. This extension gives operations and IT folk a one-stop shop to securely administer access to the local and web-based resources their employees need daily. No more duplicated efforts in two…
  • Cloud Security Through the Eyes of a Hacker

    Christopher Bartik
    17 Feb 2015 | 7:24 am
    Note: This is a hypothetical narrative devised for promoting awareness. I am a corporate hacker (again, I am not really a hacker, but playing the role on this blog for narrative purposes). I work out of my basement. I have time on my side, all the time in the world. You have customers to attend to. I don't. You have board meetings to run. I don't. You have your whiteboard sessions and Casual Fridays and customer success teams. I have my computer and a singularity of focus. I want in. Every moment you ignore your business' security system is a moment I'll seize and…
  • How to Tackle Your Top 3 Cloud Security Challenges: Part Two

    Macey Morrison
    12 Jan 2015 | 1:08 pm
    [This post is a part of a two part series on tackling the top 3 cloud security challenges today's IT pros face.]Just when you think you’ve got the drop on ‘Employee Data Exposure’ aka, the number one threat to cloud security, according to the 2015 State of SMB Cybersecurity report, along come threats numbers two and three — and both are spoiling for a fight.Of course, you’ve never been one to shrink from a challenge. As an IT pro, solving problems and making magic happen is what you do. Sure, it can feel daunting managing access and maintaining compliance in the clouds, but the good…
  • How to Tackle Your Top 3 Cloud Security Challenges

    Macey Morrison
    5 Jan 2015 | 4:00 am
    [This post is part of a two part series on tackling the top 3 cloud security challenges today's IT pros face.]It’s tough being a hero these days. As an IT pro, you serve and protect your fellow workers. You empower employees to do their jobs well. You keep your corporate citizens safe in a world where unseen dangers lurk on the web.But lately, things are shifting. There’s a disturbance in the Force. As the 2015 State of SMB Cybersecurity report revealed, most of you (a whopping 77%) are primarily concerned about the enemy within. Employees, your company’s greatest asset, are also…
  • IT Pros Speak: Top 3 Priorities for Your IT Security Budget in 2015

    Macey Morrison
    17 Dec 2014 | 4:00 am
    The year is wrapping up quickly (can you believe its mid December?!), meaning we’re all scrambling to finalize budgets and plans for next year. And cyber theft is certainly on our minds with the recent Sony Pictures Entertainment hack and the sheer fallout of confidential data exposure the company is currently experiencing.With Sony poised to be making some IT security changes in the near future and giants like Target and Home Depot making investments to improve their security in the wake of their breaches in the last year, can the same be said for the not so giant companies in 2015?From…
  • add this feed to my.Alltop

    HackerOne News & Security Blog

  • What's in a Name?

    25 Feb 2015 | 4:00 pm
    While there are many interpretations of the word "hacker," we choose to pay homage to the original MIT hackers by using the term in our company name. We favor their early definition of a hacker: "one who enjoys the intellectual challenge of creatively overcoming limitations."
  • Proposed Changes to the Computer Fraud and Abuse Act, Austin Powers, and You

    15 Jan 2015 | 4:00 pm
    Many security professionals, hackers, lawyers, law enforcement, and members of the media are keenly interested in the White House's proposed changes to laws affecting Internet security. Among the proposed amendments to the Computer Fraud and Abuse Act (CFAA), some of the proposed changes that represent the biggest concerns center around expanded language that pose an increased risk to performing many vulnerability research and security testing activities, and even reporting on breaches.
  • The Tale of the Privacy Pink Panther

    4 Jan 2015 | 4:00 pm
    Last Friday, on my way home from 31c3, a funny thing happened on my way through Charles de Gaulle airport in Paris: I was required by a security agent to not only power up, but also type in my password to unlock my laptop in order to board my flight.
  • Jingle Bugs - How to Rock in a Hard Place

    25 Dec 2014 | 4:00 pm
    With the end of 2014 dashing to a close and 2015 just over the hill, let's take a moment to look at the ghosts of bugs and breaches past. Vulnerability coordination, disclosure, and incident response have never been more important to get right. What could happen if we make adjustments in the way we approach security and how could that impact the bugs that will inevitably be delivered to both the naughty and nice in the future?
  • Introducing Reputation

    27 Oct 2014 | 5:00 pm
    One of the primary challenges when running a vulnerability coordination program is distinguishing the signal from the noise. Today, we're introducing a new reputation system to make running a program even easier.
 
Log in