From Security Weekly Wiki
Jump to navigationJump to search
  1. XSS, GET and POST
  2. Toolsmith Release Advisory: Sysmon v6 for Securitay
  3. Investigating Off-Premise Wireless Behaviour (or, "I Know What You Connected To") - Nice little Powershell script to look at AD domain users and which wireless APs they've connected to. Kinda creepy, could be used in investigations or to enforce a policy of "do not connect to wireless outside the company".
  4. Lawmakers set to overturn broadband privacy rules, as ISPs requested - A consortium of 19 privacy and consumer-rights groups on January 27 urged Congress to let the FCC rules stand. The rules require consumers to opt in before a broadband provider can sell their web-browsing and other information to advertisers and other third parties, and they require that users be notified when user data is breached by hackers. Wow, time to put a permanent VPN at the house!
  5. Practical collision attack against SHA-1 , (Thu, Feb 23rd) - Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.
  6. Wide Range of New Security Technologies Debut at RSA Conference 2017
  7. Publicly Disclosed Windows Vulnerabilities Await Patches
  8. Java, Python FTP Injection Attacks Bypass Firewalls
  9. Marathon runners tracked data exposes phony time, cover-up attempt - An independent marathon-running investigator (yes, that's a thing) named Derek Murphy posted his elaborate analysis of Seo's scheme, and the findings revolved almost entirely around data derived from Seo's Garmin 235 fitness tracker.
  10. Malware Lets a Drone Steal Data by Watching a Computers Blinking LED - The researchers found that when their program read less than 4 kilobytes from the computer’s storage at a time, they could cause the hard drive’s LED indicator to blink for less than a fifth of a millisecond. They then tried using those rapid fire blinks to send messages to a variety of cameras and light sensors from an “infected” computer using a binary system of data encoding known as “on-off-keying,” or OOK.
  11. Gordon Ramsays father-in-law charged with hacking the chefs computer - It’s a long fall from grace for Hutcheson, who served as the CEO of Gordon Ramsay Holdings for many years. But back in October 2010, Ramsay fired his father-in-law, claiming that his computers had been hacked and that Hutcheson was behind the leaking of emails between Ramsay and his wife (who happens to be Hutcheson’s daughter).
  12. Are Slack Conversations Private? Popular Communications Platform May Not Be As Secure As You Think, Expert Says
  13. The 15 Biggest Threats Online, Ranked
  14. Researchers Offer Simple Scheme To Stop The Next Stuxnet
  15. Russian Military Admits Significant Cyber-War Effort
  16. Linux's Decade-Old Flaw: Major Distros Move To Patch Serious Kernel Bug
  17. Announcing The First SHA1 Collision
  18. How to Bury a Major Breach Notification