“Technologists have historically failed to evaluate the effectiveness of authentication requirements against all reasonable attacks, to disclose the shortcomings of these requirements, and to account for and acknowledge their negative impact on users.” Excellent article about #2FA but the lessons about #cybersecurity are more general.
▻https://medium.com/@stuartschechter/before-you-turn-on-two-factor-authentication-27148cc5b9a1
What are the Primary #security Architectures in use Today?
▻https://hackernoon.com/what-are-the-primary-security-architectures-in-use-today-ded1080e7e5e?so
What are the Primary Security Architectures in Use Today?Photo by Rubén Bagüés on UnsplashIn my latest article about “The Rise Of Zero Trust #architecture”, I wrote about the broad and rapid adoption of this relatively new concept in the world of #cybersecurity. However, there are still several other security architectures which are in use today:Traditional Network Perimeter SecurityTraditional network perimeter security is made up of many different parts, all of which work together to provide a security solution for the network.Traditionally, network security will begin with the authentication of the user, generally by using a username and password. This method is also referred to as one-factor authentication, with two-factor authentication there will be another item that needs to verified, (...)
What’s the Number One Concern Keeping Hotel Group CIOs Up at Night?
▻https://hackernoon.com/whats-the-number-one-concern-keeping-hotel-group-cios-up-at-night-ae4dd9
“People trust us to allow them to sleep safely and securely. There’s a longstanding tradition of an innkeeper, that we fulfill that commitment to them. Has it extended naturally, with the same diligence, to the digital environment? Not always.” — John Burns, President of #hospitality #technology Consulting.Last November’s news that the private information of approximately 500 million Marriott International guests had been leaked was a sobering reminder of the catastrophic #security vulnerabilities that exist in the hospitality industry.Cyber attacks on hotels are particularly prevalent because of the vast amount of personal data stored, with PwC’s Hotels Outlook Report 2018–2022 indicating that the hospitality industry suffers from the second highest number of data breaches across all sectors.But (...)
Ditch your SSH keys and enable #aws SSM!
▻https://hackernoon.com/ditch-your-ssh-keys-and-enable-aws-ssm-ec1c2b27350c?source=rss----3a8144
Photo by marcos mayer on UnsplashIf you manage AWS for an organization, big or small, chances are you have several Secure Shell (SSH) keys laying around you hardly use, OR WORSE, you don’t recall the account the key was made for. SSH key management is a rabbit hole in itself and most people understand the #security concerns that arise with improper SSH key hygiene. Luckily for us, there is a way to bid farewell to the the cumbersome practice of using SSH to remote into an EC2 instance. Allow me to introduce you the AWS service, Systems Manager (SSM).I will teach you the following in this guide:Identify SSM Remote Session Manager requirements-including for an enterpriseEnable Remote Session Manager for all EC2 instancesEnable Remote Session Manager loggingLock down Remote Session Manager (...)
What is the Best Free #privacy Software?
▻https://hackernoon.com/what-is-the-best-free-privacy-software-3b427ce871e2?source=rss----3a8144
Free and open source tools are the most trusted and respected privacy tools available. Since anyone can view the source code behind them…Continue reading on Hacker Noon »
#best-privacy-software #cybersecurity #free-privacy-software #security
How Software #security Vulnerabilities Work And What You Can Do To Stay Safe
▻https://hackernoon.com/how-software-security-vulnerabilities-work-and-what-you-can-do-to-stay-s
Most crucial aspects of our life including our finance, identity, and healthcare now depend on code. Software security is now a critical aspect for not just companies, but individuals as well.In the latest circumstances, we see that software security concepts should be understood at least on a basic level by anyone who is using modern software products and services. And for any developer that works on designing, creating or maintaining these products and services, a comprehensive understanding of security vulnerabilities and security best practices is a must to avoid security breaches that may now cost much more than ever.Most of the time, security vulnerabilities seem to us far and unfamiliar; they are potential issues to us that are not entirely tangible; thus easy to neglect. (...)
#cybersecurity #hacking #software-development #software-engineering
Why #decentralization Still Matters and How The World Got Carried Away
▻https://hackernoon.com/why-decentralization-still-matters-and-how-the-world-got-carried-away-28
By Mathias Klenk, the founder of PassbaseThe Internet is a playground — one that has enabled some of the biggest innovations across recent decades. With the ability to access a number of products and services instantly from any connected device, it’s no wonder it has become a mainstay of most households and businesses around the globe.Why decentralization still matters.An enhanced digital experience is largely powered by tapping into data — data that can help companies decode user preferences, shopping patterns, payment choices, and other related transactions that have simplified our lives. A major part of this was enabled by centralized services. Although centralization proved to be useful for many, there are a number of evangelists who still believe decentralization matters.Tech entrepreneur (...)
Why You Should Never Save #passwords on #chrome or Firefox
▻https://hackernoon.com/why-you-should-never-save-passwords-on-chrome-or-firefox-96b770cfd0d0?so
Extracting Your Passwords in Cleartext with 12 Lines of CodeIn this article I will demonstrate how easy it is for hackers to extract every username and password saved on your Chrome profile. One would think that Chrome would have safety measures to encrypt your password, but apparently that is not the case — sorta. My Chrome profile, like many others, is set up so that there is another encryption password that I have to enter in order to sync all my passwords, bookmarks, settings, browser history, and etc. so it was pretty shocking to me how easy it was for me to extract and decrypt my passwords. Twelve lines of code easy.Demonstration and Proof of ConceptBefore we get started, I should mention that I have not tested this on macOS or any Linux distributions. To replicate this demonstration, (...)
#russia’s #internet Crackdown
▻https://hackernoon.com/russias-internet-crackdown-a03a762584a6?source=rss----3a8144eabfe3---4
President Putin sees his country’s control of the internet as an important step for Russia’s technological autonomy away from his rivals the United States and China. For scores of protestors, however, this is a step too far.Photo by Tom Grimbert (@tomgrimbert) on UnsplashNew LawFor many, especially in the West, it comes as no surprise: Vladimir Putin, Russia’s autocratic leader, seems to be taking his rule, and policies, into an even greater authoritarian direction than in previous years, with his lawmakers trying to put through a new bill which, if successfully implemented, will reduce internet #freedom within the country.In retaliation to this, activists have begun a number of demonstrations against the new legislation. They see it as their government’s attempt to curb open criticism of (...)
#privacy : What You Need To Know
▻https://hackernoon.com/privacy-what-you-need-to-know-e183ef3563c1?source=rss----3a8144eabfe3---
If you share something with more than 5 people, you should not consider it private anymore. This is Entropy’s Law of Privacy, known as gossip.Here is how it works. Researcher and social psychologist, Dr. Cazzell (Stanford, Queensland, BYU, Yale), excellently described this in her Behavioral #economics article with the Game of Clue. Here is how it works:When you reveal your card, that Professor Plum did not commit the murder, then the other person also learns that information. This seems obvious, but when you contrast that with physical things, it is oddly different. If I give you money, a cake, a car, or anything else, then I lose it and you gain it. This is not true with information, both people gain knowledge win+win — at no loss. Think how silly it would be if your brain forgot the card (...)
The Rise of Zero-Trust #architecture
▻https://hackernoon.com/the-rise-of-zero-trust-architecture-17464e6cbf30?source=rss----3a8144eab
What is Zero-Trust Architecture and why is it Relevant Today?Breaking Down Zero Trust Architecture:Zero Trust architecture is an option to be considered by organizations who want a more reliable way of preventing leaks of confidential data and lowering the risk of modern #cyber-attacks against their network. Zero Trust was initially developed by the analytics firm, Forrester Research and it is marketed as an alternative to traditional #security architectures.The majority of businesses use traditional security architecture, which functions using the now incorrect theory that anything which is contained within their own network can be considered trustworthy. In the modern day, security threats can arise internally and with even more intelligence than ever before.New security methods need to (...)
A rhetorical question about the effectiveness of our #security solutions
▻https://hackernoon.com/a-rhetorical-question-about-the-effectiveness-of-our-security-solutions-
If our approach to cyber security is working, why in 2019, are we reading about hacking, social engineering and data breaches every day? Every day?I know it’s easier to attack than it is to defend, but we all know in the industry that many of the successful attacks can be prevented. Unfortunately, “PEOPLE” are the weakest link in the chain of our security solutions. And unfortunately, telling PEOPLE not to open emails from people they don’t recognize doesn’t stop them from… you know,… opening emails from people they don’t recognize. And telling them to “check the URL” is the single worst piece of advice you can give to anyone.Below are domains that are available right now for purchase. Buy one and then get yourself a free SSL cert from Let’s Encrypt. That will fool 99.9% of everyone you test, (...)
CTO #TechMind: Making Your #security “Too Expensive To Hack” Can Save You Millions
▻https://hackernoon.com/cto-techmind-making-your-security-too-expensive-to-hack-can-save-you-mil
What is the first thing you do when you wake up in the morning? If you’re anything like me, you either turn off the alarm and go back to sleep, or you reach out to your phone and check on your social profiles. Nothing like a few likes to start your day… right?Thousands of Facebook, Instagram and Whatsapp users woke up on Wednesday with that same intention: checking on their precious social profiles and messages. With one little exception: they couldn’t.While company quickly confirmed the outage was not related to malicious efforts, questions had already begun swimming around inside users’ minds… “Was Facebook hacked? Was I hacked? Is the world ending?” These questions kept me thinking.As someone who has worked with high-end technologies his entire adult life, I’ve been able to collect some (...)
Comparing three popular wallets. The differences are greater than you might think.
▻https://hackernoon.com/comparing-three-popular-wallets-the-differences-are-greater-than-you-mig
Wallets are gateways to cryptocurrencies and, as the #blockchain space has grown, the variety of wallets available has also grown. Most people who want to dabble with a small amount of crypto, start off their crypto journey by setting up hot wallets in the form of phone, desktop, or web application. Hot wallets focus primarily on convenience and are great for making coin transfers on the go.While hot wallets may be convenient, they force users to sacrifice #security and the underlying basis of crypto: having complete control of one’s wealth. Thus, as people get a stronger grasp of blockchain technology and understand how to improve security of their Crypto assets, they either opt for hardware wallets, or even brain wallets.User Experience is ImportantGiven that wallets are gateways to (...)
CCPA: What You Need to Know
▻https://hackernoon.com/ccpa-what-you-need-to-know-aede1acb792a?source=rss----3a8144eabfe3---4
CCPA: What you need to knowThe California Consumer #privacy Act takes effect on January 1st, 2020. If you’re a dev or work for a software company, this affects you.he California Consumer Privacy Act takes effect on January 1st, 2020. But it has provisions that reach back to January 1st, 2019. If you’re a software developer or work for a software company, it’s reasonably likely that CCPA is going to impact your roadmap, your website, and existing or planned features in the near future.DISCLAIMER: This is not legal advice and does not substitute for it. We are not lawyers.BackgroundThe California Consumer Privacy Act (aka CCPA or AB 375) of 2018 shot through the California legislature in seven days. It was going to be on the November ballot, and legislators feared it would become #law without (...)
How to deploy honeypots in your network
▻https://hackernoon.com/how-to-deploy-honeypots-in-your-network-91fe428d43fd?source=rss----3a814
What’s a honeypot what what it’s purpose ?It’s basically a computer or Virtual Machine emulating some services (ex: ssh, ftp, telnet, netbios, https, samba server etc) and accepting, logging and sending warnings of all incoming connections. You can use it as intrusion detection or early warning system but it also might go a little further and allow one to get inside the intruders ”head” since you get to log every interaction.How and where should it be placed?Let’s start with “where”. I usually place them in specific areas to get an idea how/or if the network is tested from outside or inside. So I have about three major areas; behind firewalls, in “sensible zones” where only pre-defined machines should have access and in the “public zone” such as administrative/general network.Placing a honeypot (...)
Best #healthcare APIs to Enhance your Software Security
▻https://hackernoon.com/best-healthcare-apis-to-enhance-your-software-security-f188038257c0?sour
Healthcare is one of the biggest industries in the world, expected to reach approximately $10,06 trillion by 2020. Because of the huge demand for new and innovative tools and services, healthcare has always been among the pioneers for testing and implementing cutting-edge technologies.On the other hand, healthcare should pay double attention to its security as it deals with highly personal information. The misuse of this information can lead to anything, from stolen identity to death, even.We have collected a list of the best APIs that, in our opinion, can help you secure your healthcare software and ensure it is used as intended.The essentials to protect your appBefore we get down to the third-party services, let’s talk about the basics that you should consider when developing an (...)
dWeb : The #decentralized Web
▻https://hackernoon.com/dweb-the-decentralized-web-a0e9c6a5c0ec?source=rss----3a8144eabfe3---4
The decentralized web has become famous due to HBO’s Silicon Valley TV show; which highlights the hilarious comedy and grilling drama of nerds coding out the future of the internet.But for all of us who are not programmers, what does ‘decentralized web’ mean? What’s the difference between that and the other thing?The difference is living at home and being treated like a kid, and living on your own and being an adult.Using centralized websites, like Google, YouTube, Facebook, etc. is like living at home. You always have somebody watching over you, whether you like it or not.This comes with benefits though. If you forgot your keys or got locked out of the house, they can open the door for you. But as you might guess, if they are able to open the door, then they are also able to go into your (...)
Understand Top 25 #blockchain #hacks in History in 5 Minutes (1)
▻https://hackernoon.com/tech-explained-top-24-blockchain-hacks-in-history-first-half-40c390dc4a9
Revealing techniques of 25 successful attacks on blockchain: from 2010 to 2018, $1.8+ billion USD.OverviewHacks on blockchain have always been controversial topics throughout history. Countless exchanges and platforms have been exploited by talented attackers who made away millions of dollars without leaving a trace.Numerous great articles have been focusing on the discussion of the procedure and impact of an attack, but this article steps aside to emphasize the technical approach of the attack. No worries. Rather than going through sophiticated techie murmurs, this post translates the attack method into a format that is more friendly for children and grandparents.Various hacks have different levels of details opened to the public. Some hacks disclosed too few, and some missed the (...)
BigData Behind #blockchain Forensics
▻https://hackernoon.com/bigdata-behind-blockchain-forensics-edce11b714fc?source=rss----3a8144eab
It seems a week doesn’t go by without more news of another #cryptocurrency hack, fault, failure, scam, or what have you. Just this week saw EOS have a hacker lift $7.7 million in EOS after a mistake by one of their validators. You will often hear about how these types of transactions get resolved later, but not a lot of information is provided about how that happened. Last week I saw the news that controversial Italian surveillance vendor Neutrino was acquired by Coinbase (which Coinbase has already come to regret) and when I read up on them, I realized that it was companies like Neutrino that are able to help repair those hacks, track down the terrorist funding, ransomware, the gun running, and drug sales and other nefarious activity that can take place on blockchain. This led me to (...)
#wifi Cracking
▻https://hackernoon.com/wifi-cracking-48ad5594ba60?source=rss----3a8144eabfe3---4
Noted that cracking into a network that is not yours or you do not have permission to is illegal. All of the networks in the follow article were owned by myself or agreed with the network administrator that these brute force attacks were going to be attempted.Successful crackGeneral IdeaHacking into Networks has a long history. Ever since the advent of the wireless networking, and obvious challenge is securing pieces of data over this non visible network. There have been various attempts at securing this phenom. These security attempts come in a few flavors called:Wired Equivalent Privacy (WEP)Wi-Fi Protected Access (WPA)Wi-Fi Protected Access II (WPA2)All of these methods have proven secure for a periods of time but have been cracked — either due to a actual security flaw, implementation (...)
Authorized requests to #s3 bucket
▻https://hackernoon.com/authorized-requests-to-s3-bucket-6c64ba02f60c?source=rss----3a8144eabfe3
Protected S3 buckets, protected filesThis notebook shows the finished product of adding basic permissioning to an S3 bucketWe use basic auth which is an HTTP protocol for simple auth on web-accessible files. ▻https://en.wikipedia.org/wiki/Basic_access_authenticationBasic auth isn’t very secure — however, we pair this with HTTPS and restrict access to the s3 bucket.Set up some python stuffIn [1]:import requests; import jsonAccess secure endpoint without authfirst were gonna try to access this file without any credentialsIn [2]:url = ’▻https://d17nii79zr8aom.cloudfront.net/success.json'resp = requests.get(url)resp.contentOut[2]:’Unauthorized’Next we add basic auth paramsAccess secure endpoint with auth!In [3]:user, password = ’user’, ’pass’resp = requests.get(url, (...)
Cyber Ponzi Scheme — Stay Alert!
▻https://hackernoon.com/cyber-ponzi-scheme-stay-alert-9626247f479f?source=rss----3a8144eabfe3---
Cyber Ponzi Scheme — Stay Alert!Ponzi schemes or pyramid schemes are easy to structure and enable a cyber attacker to hide behind layers of lies and distractions. These cyber schemes use well-known bank names without consent to gain credibility and lure more investors. It is crucial that we shed light on this topic to better educate ourselves on such schemes to avoid the consequences.Definition of the term & how it works:A Ponzi scheme is described as a fraudulent investment campaign in which people are deceived into #investing large sums of money and promised high rates of return that are not from legitimate business activities, profits or trading. The schemes advertised as being no risk to investors and are backed by financial reports and investor testimonials showing off their high (...)
#julia: a Language for the Future of #cybersecurity
▻https://hackernoon.com/julia-a-language-for-the-future-of-cybersecurity-76f13b869924?source=rss
Julia 1.0 was released in 2018. It is a language created to have both the high-level simplicity as python, but low-level performance as C. In this tutorial we will do some cool coding with it…Julia is a comparably new language that aimed to have the performance of C and simplicity of Python. Having the ability to perform data analysis without much trouble while shipping the code with competitive performance, Julia is expected to be a powerful tool in FinTech businesses. But I think it also have some great potentials regarding to the current trends in Cybersecurity.Julia, Image from MediumIn this article, I will explain why Julia can also be a great tool for the future of Cybersecurity. Meanwhile, I will share how I wrote a Julia script on my Mac computer to crack a cipher text encrypted (...)
#artificial-intelligence #julia-software-language #julia-language
How I “hacked” the MIT #technology Review website (+ many more) and gained unlimited online access…
▻https://hackernoon.com/how-i-hacked-the-mit-technology-review-website-many-more-and-gained-unli
How I “hacked” the MIT Technology Review website (+ many more) and gained unlimited online access to all the storiesSpoiler: Avoid blocking only by client-side!DISCLAIMER: All data and information provided in this article are for informational purposes only. The main goal is to increase security awareness, teach about information security, countermeasures and give readers information on how to implement a safe and functional system (in our case, a website). If you plan to use the information for illegal purposes, please leave this website now. I cannot be held responsible for any misuse of the given information. I do not use this method to avoid paying and neither should you.The word “hacking” usually has a strong meaning and most people would think of gaining root access to the website I (...)