VirtualTam's bookmarks

181. We’re Opening X-Pack | Elastic 2018-02-28

     tags: observability/elastic, security, security/authentication

     [ permalink ]

     • https://www.elastic.co/blog/heya-elastic-stack-and-x-pack
     • https://www.elastic.co/blog/doubling-down-on-open
     • https://twitter.com/bluxte/status/968675301499654144
     • https://www.elastic.co/blog/opening-x-pack-phase-1-complete
182. Weak cryptographic standards removal notice | GitHub Engineering 2018-02-23

     tags: cryptography/encryption, network/http, network/transport-layer-security, security, source-code-management/github

     [ permalink ]
183. Google Cloud Platform Blog: 7 ways we harden our KVM hypervisor at Google Cloud: security in plaintext 2018-02-20

     tags: cloud, linux, virtualization, virtualization/kvm

     [ permalink ]
184. xkcd: 2018 CVE List 2018-02-19

     tags: comics, exploit, parody, security, xkcd

     [ permalink ]
185. Revue stratégique de cyberdéfense | Secrétariat général de la défense et de la sécurité nationale 2018-02-15

     tags: internet, leak, research/whitepaper, security

     [ permalink ]

     • http://www.sgdsn.gouv.fr/uploads/2018/02/20180206-np-revue-cyber-public-v3.3-publication.pdf
     • https://blog.lukaszolejnik.com/highlights-of-french-cybersecurity-strategy/
186. security - What is a retpoline and how does it work? - Stack Overflow 2018-02-11

     tags: linux, linux/kernel, meltdown, security, spectre

     [ permalink ]

     • https://support.google.com/faqs/answer/7625886
     • https://git.kernel.org/pub/scm/linux/kernel/git/ak/linux-misc.git/commit/?h=spec/retpoline-415-1
     • https://lkml.org/lkml/2018/1/4/724
187. 3-D Secure - e-commerce Merchant Plugin 2018-02-08

     tags: bank, e-commerce, payment, smartcard, visa

     [ permalink ]

     • https://technologypartner.visa.com/Library/3DSecure.aspx

     • https://www.quora.com/What-is-3D-Secure-payment-What-does-it-exactly-do-How-does-it-secure-the-transaction-Can-it-lead-to-an-increase-in-bounce-rate-Is-it-important-to-have-3D-Secure-payment-and-is-there-a-possible-alternative

     • https://www.quora.com/What-is-a-3-D-secure-payment

     • https://www.adyen.com/blog/how-to-win-with-dynamic-3d-secure

     • https://www.gpayments.com/

     • https://www.gpayments.com/about/3d-secure

     • https://www.gpayments.com/about/3d-secure-2.0

     • https://www.gpayments.com/blog/article/5-things-merchants-need-to-know-before-implementing-3d-secure/

     • https://stackoverflow.com/questions/13758482/how-to-implement-3d-secure-payment-securely

188. Common approaches to securing Linux servers and what runs on them. 2018-02-08

     tags: internet-of-things, linux, security, server

     [ permalink ]

     • https://www.reddit.com/r/linux/comments/7vepi4/common_approaches_to_securing_linux_servers_and/
     • https://en.wikipedia.org/wiki/Security_controls
     • https://blog.qualys.com/news/2017/09/26/achieve-continuous-security-and-compliance-with-the-cis-critical-security-controls
189. Content Security Policy CSP Reference & Examples 2018-02-07

     tags: internet/browser, privacy, security, web, xss

     [ permalink ]

     • https://en.wikipedia.org/wiki/Content_Security_Policy
     • https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
     • https://www.owasp.org/index.php/Content_Security_Policy
     • https://developers.google.com/web/fundamentals/security/csp/
190. Data Privacy Day 2018: Live Free of Facebook and Google Tracking 2018-02-07

     tags: data, privacy, search, security

     [ permalink ]

     • https://spreadprivacy.com/how-to-remove-google/
     • https://duckduckgo.com/app
191. Exploiting modern microarchitectures: Meltdown, Spectre, and other attacks 2018-02-05

     tags: hack, hardware, hardware/cpu, meltdown, memory, security, spectre

     [ permalink ]

     • https://fosdem.org/2018/interviews/jon-masters/
     • https://fosdem.org/2018/schedule/event/closing_keynote/
192. entropy - How secure are "pattern" passwords? - Information Security Stack Exchange 2018-01-28

     tags: entropy, privacy, security, security/password

     [ permalink ]

     • https://github.com/davean/typing-effort
193. Don't publicly expose .git, or how we downloaded your website's sourcecode - An analysis of Alexa's 1M 2018-01-20

     tags: apache, network/http, network/http-server/nginx, security, source-code-management, source-code-management/git, web

     [ permalink ]

     • https://stackoverflow.com/questions/2530372/how-do-i-disable-directory-browsing
     • https://httpd.apache.org/docs/current/mod/mod_rewrite.html

     via https://git.github.io/rev_news/2017/06/14/edition-28/

194. Privacy Tools - Encryption Against Global Mass Surveillance 2018-01-12

     tags: cryptography/encryption, internet/browser, privacy, security, web

     [ permalink ]
195. How to Setup FileBeat with Basic Auth for LogStash Output? - Filebeat - Discuss the Elastic Stack 2018-01-12

     tags: cryptography/certificate, cryptography/certificate-authority, network/transport-layer-security, observability/elastic, observability/elastic/beats, observability/elastic/logstash, security, security/authentication

     [ permalink ]

     • https://github.com/logstash-plugins/logstash-input-beats/issues/8
     • https://www.elastic.co/guide/en/logstash/current/plugins-inputs-beats.html
     • https://www.elastic.co/guide/en/beats/filebeat/master/config-filebeat-logstash.html
     • https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html
     • https://www.gilesorr.com/blog/elkbeats-beats-secure.html
     • https://discuss.elastic.co/t/beats-logstash-security-use-of-security-token-to-authenticate-clients/104981/4
     • https://stackoverflow.com/questions/40341664/how-to-configure-logstash-and-filebeat-ssl-communication
196. Shodan 2018-01-09

     tags: device, hack, internet-of-things, network, privacy, security

     [ permalink ]

     • https://news.ycombinator.com/item?id=5512477

     • https://thehackernews.com/search/label/shodan

     • https://www.forbes.com/sites/kashmirhill/2013/09/05/the-crazy-things-a-savvy-shodan-searcher-can-find-exposed-on-the-internet/#7d00f4f23c7e

     • https://www.wired.com/2013/05/googles-control-system-hacked/

     • https://www.forbes.com/sites/andygreenberg/2011/11/09/researchers-spot-blue-coat-web-control-gear-in-another-bad-regime-burma/#6a615a3e329c

     • https://www.forbes.com/sites/kashmirhill/2013/08/13/how-a-creep-hacked-a-baby-monitor-to-say-lewd-things-to-a-2-year-old/#3ce17adcaad6

     • https://raidforums.com/Thread-Using-Shodan-for-Fun-and-Profit

197. Trinity uses nmap in The Matrix Reloaded 2018-01-08

     tags: hack, matrix, movie, network/nmap, network/ssh, security

     [ permalink ]

     • https://nmap.org/movies/
     • https://nmap.org/movies/matrix/
     • https://www.quora.com/Is-the-use-of-the-NMAP-command-shown-in-The-Matrix-Reloaded-movie-valid
     • https://www.securityfocus.com/news/4831
198. Who was responsible for leaking the Meltdown/Spectre story beforehand, and thus breaking the co-ordinated patched release planned for 9th-Jan between various vendors? 2018-01-08

     tags: hack, hardware, hardware/cpu, intel, linux, memory, security

     [ permalink ]

     • https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
     • https://cyber.wtf/2018/01/05/behind-the-scene-of-a-bug-collision/
     • https://lwn.net/Articles/738975/
     • https://lwn.net/Articles/741878/
     • https://lwn.net/Articles/741882/
     • https://twitter.com/misc0110/status/948706387491786752
     • https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
199. Meltdown and Spectre 2018-01-04

     tags: amd, arm, attack, google, hack, hardware, hardware/cpu, intel, memory, research, security

     [ permalink ]

     • https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
     • https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
     • https://www.reddit.com/r/linux/comments/7nybl1/meltdown_and_spectre/
     • https://www.reddit.com/r/linux/comments/7nzsih/intel_was_aware_of_the_chip_vulnerability_when/
     • https://www.reddit.com/r/linux/comments/7nyaku/todays_cpu_vulnerability_what_you_need_to_know/

     Exploits:

     • https://github.com/IAIK/meltdown
200. RFID cat door using Arduino -Use Arduino for Projects 2018-01-03

     tags: arduino, cat, door, rfid, security/authentication

     [ permalink ]

     • https://playground.arduino.cc/Main/DIYRFIDReader
     • http://www.instructables.com/id/RFID-pet-feeder/
     • https://electronics.stackexchange.com/questions/24481/134-2-khz-rfid-reader-for-arduino