131 private links
In a world of evolving and targeted cyber threats understanding your attacker’s intentions and tools has never been more crucial. By deliberately maintaining vulnerable systems, or Honey Pots, and letting the attackers in you can analyse their activity and gather intelligence so you can be ahead of the game if you ever have a compromise. When running an SSH Honey Pot you can gain a full log of the commands an attacker attempts to run on your system and any files which they attempt to download and can be a great way to obtain samples of malicious software for analysis or understand the techniques used by an attacker to scour your data.
BusKill is a Kill Cord for your laptop implementing a Dead Man Switch using $20 in USB hardware + udev rule to trigger your laptop self-destruct if stolen.
Thirty years ago, Cliff Stoll published The Cuckoo's Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.
I read this book when I was young. Still remember the atmosphere :-)
What we learned from the spy in your pocket.
I am not going to discuss why you need strong passwords. It is an open secret that strong passwords keep you relatively safer.
Generating strong passwords is something you can do on your own but putting all the combination of lower and upper cases, numbers, symbols can be a tiresome work.
But you need not worry. Linux has got you covered. We’ll see 5 best password generators for Linux that will ease the task for you.
Steganography is the study and practice of concealing communication. It plays a different role to cryptography, with its own unique applications and strengths.
In order to use a GnuPG key on a smartcard or Yubikey, a GnuPG key needs to be created. This post will show you how to create a GnuPG key with sub-keys for signing, encryption and authentication. The authentication key can be used later on to authenticate via ssh as well.
Why break into a company’s network when you can just walk right in — literally? Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certain…
How do you find hundreds of vulnerabilities hidden in millions of lines of firmware code?
Traditionally, a major source of high-quality pirate releases has been retail discs, such as Blu-ray or DVD. Today, torrent and streaming sites are regularly fueled by content culled from streaming services such as Netflix and Amazon. Known online as WEB releases, these files are the product of a decryption process using tools mostly not intended for public use. Recently, TF spoke with a person involved in the secretive WEB scene.
by Ben Laurie
The modern world doesn’t look like this at all. All the files on a typical computer belong to a non-expert user (for simplicity I am ignoring shared devices — this doesn’t really undermine the argument as I hope you will see). Indeed, the whole computer typically belongs to a single user. Printers do not need accounting and similarly belong to the same user. The enemy is the software that is running on the machine. Users no longer have a good understanding of the software they run. Software is enormously complex and uses all sorts of resources, many distributed over multiple systems, to accomplish their tasks. And frequently their task is only superficially in service of the user.
In short, the old threat model was untrusted tenants, trusted software, unit of protection is files and devices. The new threat model is trusted tenants, untrusted software, unit of protection is individual data items.
Explains how to Generate two-factor authentication code from your Linux oathtool command line & encrypt totp key with gpg2 for privacy and security reasons.
When it comes to using computers to steal money, few can come close to matching the success of Russian hacker Evgeniy Bogachev.
The $3 million bounty the FBI has offered for Bogachev’s capture is larger than any that has ever been offered for a cybercriminal—but that sum represents only a tiny fraction of the money he has stolen through his botnet GameOver ZeuS.1 At its height in 2012 and 2013, GameOver ZeuS, or GOZ, comprised between 500,000 and 1 million compromised computers all over the world that Bogachev could control remotely. For years, Bogachev used these machines to spread malware that allowed him to steal banking credentials and perpetrate online extortion.2 No one knows exactly how much money Bogachev stole from his thousands of victims using GOZ, but the FBI conservatively estimates that it was well over $100 million.
There are numerous file encryption tools available on the market to protect your files. We have already reviewed some encryption tools such as Cryptomater, Cryptkeeper, CryptGo, Cryptr, Tomb, and GnuPG etc. Today, we will be discussing yet another file encryption and decryption command line utility named “Toplip”.
It is a free and open source encryption utility that uses a very strong encryption method called AES256, along with an XTS-AES design to safeguard your confidential data. Also, it uses Scrypt, a password-based key derivation function, to protect your passphrases against brute-force attacks.
Looking for a quick, easy, and secure method to protect your files? Well, there is a simple shell utility called “Cryptr” that helps you to encrypt and decrypt files. All from command line, and you...
Sharing files can be a pain. The larger the file is, the more difficulty it inevitably creates. If you want those files kept private, you're in for a real nightmare. Well, not exactly.
Onionshare is a relatively new application that allows you to share files of any size securely and relatively anonymously over the Tor network without the need for a "midde-man" website. It's completely free and open source, and it's actually easy for anyone to use.
At the North America edition of the 2018
Linux Security Summit (LSS NA), which was held in late August in Vancouver,
Canada, Kees Cook gave a presentation on some of the dangers that come with
programs written in C. In particular, of course, the Linux kernel is
mostly written in C, which means that the security of our systems rests on
a somewhat dangerous foundation. But there are things that can be done to
help firm things up by "Making C Less Dangerous" as the title
of his talk suggested.
L1 Terminal Fault/Foreshadow explained in ~three minutes For a more detailed technical view of L1 Terminal Fault, please see this deeper dive with Jon Masters.