The hottest Cybersecurity Substack posts right now

And their main takeaways
Category
Top Technology Topics

Hai tham luận "nặng ký" tại TetCon 2013

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 31 Oct 12
🕹 Technology Cybersecurity
  1. The cybersecurity community in Vietnam faces a challenge of limited local experts, with more managers than technical specialists.
  2. TetCon 2013 introduces foreign speakers presenting in English, highlighting the importance of staying updated with global cybersecurity trends.
  3. Quality submissions from international experts like Eduardo Vela and Bruce Dang bring valuable insights to TetCon, emphasizing the significance of practical cybersecurity topics.

Á Căn Đình - ekoparty 2012

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 09 Oct 12
🕹 Technology Cybersecurity
  1. The author attended ekoparty 2012 to present the CRIME attack. This presentation was a success and received positive feedback.
  2. The conference had various activities including a CTF team area, a retro computer exhibit, and even a lock-picking demonstration.
  3. The author reflected on the presentation, noting the need for better preparation in the future to ensure a successful live demo.

TetCon 2013 - Call for Papers

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 10 Sep 12
🕹 Technology Cybersecurity
  1. The TetCon 2013 conference is calling for papers on various topics related to cloud computing, e-commerce, mobile devices, web browsers, cybersecurity, and more.
  2. Speakers at the conference have the opportunity to receive gifts from the organizers and may have travel expenses covered if they are not based in Ho Chi Minh City.
  3. Important dates for the conference include the submission deadline for papers on 3/12/2012, program announcement on 10/12/2012, and the conference date on 11/1/2013.

Tìm lổ kiếm tiền (2)

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 31 Aug 12
🕹 Technology Cybersecurity
  1. Being diligent in finding and reporting security vulnerabilities can lead to significant financial rewards, with some individuals earning thousands of dollars per week from bug bounty programs like those from Google and Facebook.
  2. Participating in bug bounty programs can be a great way to learn about application security, explore different types of vulnerabilities, and potentially kickstart a career in the field.
  3. Combining reading, bug hunting, and earning money through finding vulnerabilities can be a fruitful approach for those interested in cybersecurity.

Hội thảo Tết 2012

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 10 Dec 11
🕹 Technology Cybersecurity
  1. Ticket prices for the workshop vary based on registration date with a 50% discount available for valid student ID holders.
  2. The workshop welcomes submissions on a wide range of topics related to web applications, mobile devices, cloud computing, e-commerce, and cybersecurity.
  3. The annual workshop organized by HVA and VNSECURITY focuses on practical experiences and latest developments in information security locally and globally.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Tìm Lỗ Lấy Tiền

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 04 Nov 11
🕹 Technology Cybersecurity
  1. When identifying a security vulnerability, individuals can choose to keep it for personal use, sell it, report it for free, or disclose it widely. Each choice has different implications and risks.
  2. Participating in bug bounty programs offered by companies like Google, Mozilla, and Facebook can be a fun way for security enthusiasts to earn money, gain recognition, and potentially further their careers.
  3. Bug bounty programs provide rewards and acknowledgments to individuals who identify and report security vulnerabilities, creating opportunities for financial gains and professional development.

Cập nhật

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 30 Dec 10
🕹 Technology Cybersecurity
  1. The author is transitioning to a new location for work and study, balancing full-time work and part-time education, and emphasizing that work is also a form of learning.
  2. The author works for a small company specializing in information security consulting and research, while studying cryptography at a reputable university.
  3. The author looks forward to an exciting period ahead, expressing a willingness to write more and inviting readers to connect if they feel like meeting.

Vụ lừa đảo Macbook Air

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 03 Feb 10
🕹 Technology Cybersecurity
  1. Scammers can be clever in their schemes, like creating auctions to deceive victims and switching SIM cards to escape after receiving payment.
  2. Having comprehensive information about a scammer's activities is crucial for identifying and capturing them, highlighting the importance of security monitoring.
  3. Criminals may unintentionally leave real personal information behind, making it difficult for them to evade detection in the long run.

How to recover RSA private key in a coredump of ssh-agent - Sapheads HackJam 2009 Challenge 6

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 24 Sep 09
🕹 Technology Cybersecurity
  1. Sapheads HackJam 2009 Challenge 6 involved recovering an RSA private key from a coredump of ssh-agent, showcasing real-world scenarios in CTFs
  2. The coredump contained data structures like RSA and BIGNUM that could be extracted to retrieve the private key for SSH access
  3. Understanding ASN.1 and using tools like pyasn1 were recommended for generating RSA private keys from parameters like n, d, e, p, and q

Flickr's API Signature Forgery Vulnerability

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 14 Sep 09
🕹 Technology Cybersecurity
  1. Flickr's API has a vulnerability in its signing process that allows attackers to forge valid requests without the shared secret, potentially granting unauthorized access to user accounts.
  2. Web services similar to Flickr that use the same signing process could also be potentially vulnerable to the signature forgery attack.
  3. Vendor Yahoo! Flickr acknowledged the vulnerability and planned a fix, while other vendors responded differently to notifications about the issue, suggesting an inconsistency in addressing such vulnerabilities.

BKIS đã làm điều đó như thế nào?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 20 Jul 09
🕹 Technology Cybersecurity
  1. BKIS helped track down the culprits of a DDoS attack on US and South Korean websites, showcasing their technical prowess.
  2. The investigation involved identifying intermediary servers, infiltrating some of them, and ultimately discovering the original server controlling the attack.
  3. Despite BKIS's efforts and findings, the actual perpetrators behind the DDoS attack remain unidentified, highlighting the complexities of cybercrime investigations.

reality check

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 08 Jun 09
🕹 Technology Cybersecurity
  1. Success in competitions like Defcon CTF requires a balance of theory and real-world application, as highlighted by Richard Feynman's approach to physics.
  2. Building a strong hacking team demands dedication, expertise, and a deep understanding of both offensive and defensive tactics in cybersecurity.
  3. Participating in cybersecurity competitions showcases skills and can open up career opportunities in the field.

CodeGate 2009's Challenge 18 - Diffie-Hellman parameter tampering case study

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 12 Mar 09
🕹 Technology Cybersecurity
  1. CodeGate 2009 Challenge 18 involved a cryptography challenge focusing on RSA, Diffie-Hellman Key Protocol Agreement, and AES block cipher.
  2. The protocol in the challenge included steps where the client exchanged RSA public keys with the server, the server sent DH parameters to the client, and both parties used the shared secret as the key for AES encryption.
  3. Vulnerabilities in the protocol included weak RSA public-keys and susceptibility to Man-In-The-Middle attacks against Diffie-Hellman, leading to the decryption of messages by malicious third parties.

không phải cứ có lỗi là vá

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 26 Jul 08
🕹 Technology Cybersecurity
  1. Having a bug doesn't always mean it needs to be fixed immediately; prioritizing user needs over patching every issue is crucial.
  2. In cybersecurity, understanding the core business objectives is key; security measures should align with business goals rather than just technical solutions.
  3. Addressing security vulnerabilities should be done strategically; rushing to patch every flaw without assessing the impact or necessity can lead to more harm than good.

Hindsight analysis of the infamous DNS bug

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 24 Jul 08
🕹 Technology Cybersecurity
  1. Dan Kaminsky's research revealed DNS tricks like the 'CNiping' CNAME override, showing ways to manipulate cached data in DNS resolvers.
  2. Understanding the probability formula involving 'D', 'R', 'W', 'N', 'P', and 'I' can help in launching successful spoofing attacks on resolvers.
  3. Increasing 'R' and 'A' with specific values like 300 packets/s and 4000 queries can lead to a 51% success chance in poisoning target resolvers, showcasing the relative ease of the attack.

(Báo Động Đỏ) Lỗi bảo mật đặc biệt nghiêm trọng, mọi người chú ý

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 22 Jul 08
🕹 Technology Cybersecurity
  1. A critical security vulnerability in DNS systems poses a serious threat to stealing online information and controlling internet activities.
  2. DNS, or Domain Name System, is crucial in mapping computer addresses to human-readable names on the internet.
  3. Temporary solution to mitigate the risk includes switching to DNS servers like OpenDNS, which have already fixed the vulnerability.

Watch your ass - Adobe Flash zero-day attack in the wild

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 28 May 08
🕹 Technology Cybersecurity
  1. There is a new Adobe Flash zero-day attack happening, exploiting a vulnerability that is being injected into third-party websites to redirect users to malware-laden servers.
  2. Consider using NoScript with Mozilla Firefox to block potentially vulnerable plugins like Flash, Java, Silverlight, and QuickTime, preventing exploitation of security vulnerabilities.
  3. A whitelist-based pre-emptive script blocking approach can be more effective in preventing security issues than traditional methods.

Scary attacks

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 26 Mar 08
🕹 Technology Cybersecurity
  1. Highly targeted and technically advanced attacks can be carried out by well-funded and motivated individuals or groups.
  2. In practice, these attacks may involve the use of forged email headers, exploits within documents, keyloggers, and DNS-bouncer systems.
  3. The attackers may craft their exploits to evade detection by antivirus products, making the attacks harder to detect and defend against.

donotreply.com

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 21 Mar 08
🕹 Technology Cybersecurity
  1. Some major organizations use 'donotreply.com' as the address in email 'From' fields, causing bounced emails to go to the owner of that domain.
  2. The owner receives internal documents and emails from these organizations, leading to threats of lawsuits from companies.
  3. The owner plans to register similar 'noreply' variations at popular email providers to observe the emails received.

DNS Rebinding Attacks

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 08 Aug 07
🕹 Technology Cybersecurity
  1. DNS Rebinding Attacks can subvert the same-origin policy and turn browsers into open network proxies.
  2. These attacks have the potential to bypass firewalls and gain access to internal documents and services.
  3. It takes less than $100 to temporarily hijack 100,000 IP addresses for purposes like sending spam and defrauding pay-per-click advertisers.

Zombilizing The Web Browsers Via Flash Player 9

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 03 Aug 07
🕹 Technology Cybersecurity
  1. Organizing events like VNSECON07 can be challenging, with speakers facing difficulties in engaging the audience due to lack of interpreters for deep technical topics.
  2. Preparing ahead by taking notes and bringing the necessary equipment like a laptop can enhance the learning experience during presentations.
  3. Including clear signage and directions can improve the overall event experience, making it easier for attendees to navigate different sessions and rooms.

See you at VNSECON07!

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 02 Aug 07
🕹 Technology Cybersecurity
  1. VNSECON07 aimed to bridge the gap in cybersecurity between Vietnam and the rest of the world by bringing experts to share their latest research and insights.
  2. VNSECON07 stood out from other security conferences by following a rigorous selection process for presentations and hosting a hacking competition called Capture the Flag.
  3. The conference featured hot topics such as next-gen .NET attacks, live malware attacks, using Google for finding malware, cheating in online games, building a GSM interceptor, and banking security challenges in fast-developing countries.

Tấn công DDoS bằng PDF Spam

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 26 Jul 07
🕹 Technology Cybersecurity
  1. A client's server faced a DDoS attack through PDF spam, causing FPT Telecom's firewall to freeze due to high traffic.
  2. Investigating the server's services and analyzing log files helped determine the source of the attack - in this case, excessive traffic on SMTP and DNS ports.
  3. Disabling specific troublesome domains temporarily and monitoring traffic helped mitigate the DDoS attack effectively.

Thư rác VN

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 22 Jul 07
🕹 Technology Cybersecurity
  1. The article highlights the concerning rise of spamming in Vietnam and its impact on users and businesses.
  2. Vietnamese spam, though a smaller proportion globally, still contributes to global spam statistics, often due to botnet exploitation.
  3. Statistics from Sophos showcase the top countries in spam-relaying, shedding light on the scale of the issue worldwide.

Where are Vietnamese hackers/security researchers?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity
  1. The VNSECON 07 conference is seeking submissions from Vietnamese hackers and security researchers for technical and business tracks in Ho Chi Minh City.
  2. The conference organizers are disappointed with the low number of submissions received from Vietnam so far and are considering extending the submission deadline.
  3. There have been only three submissions from Vietnamese individuals, showing a need for more participation in sharing security experience and research.

Phần thưởng nào dành cho người làm bảo mật?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity
  1. In the field of information security, the lack of inherent rewards can make it less appealing than hacking, which can be inherently rewarding for some individuals.
  2. Security professionals often find more pleasure and credit in offensive security tasks, like finding and exploiting vulnerabilities, compared to defensive security tasks.
  3. The main reward for a security professional may come from projects unrelated to security, highlighting the importance of integrating security processes from the start in product development.

ADSL DoS

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity
  1. You can launch a DoS attack on someone using ADSL if you know their MAC address and exploit weakness in the PPPoE protocol.
  2. The vulnerability lies in how PPPoE uses the SESSION_ID and MAC address for connection control, making it possible to disrupt someone's PPPoE connection.
  3. Social engineering can be an effective way to obtain the victim's MAC address for carrying out such attacks, highlighting the importance of safeguarding sensitive information.

Hội hay là thảo?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity
  1. Attending security conferences can provide valuable insights and networking opportunities.
  2. Understanding security concepts like the perimeter of a system and directory harvest attacks is crucial in the field.
  3. Organizing small, focused, and serious security conferences can help local communities connect with the global cybersecurity landscape.

Đòn hi sinh của đám spammer

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity
  1. Spammers can go to extreme lengths to disrupt anti-spam systems, such as overwhelming them with strange spam emails.
  2. Technical challenges in dealing with spam, like a spam email causing a crucial software component to crash, require thorough investigation and debugging techniques.
  3. In the ongoing battle against spam, spammers may resort to sacrificial tactics, like using spam emails to specifically target and disable anti-spam software.

Chiêu mới của spammer

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity
  1. Spammers are constantly evolving their techniques to bypass anti-spam measures, such as utilizing botnets and image spam, making traditional methods less effective.
  2. Effective anti-spam strategies like Bayesian filtering require regular training, which many end users may not find appealing, highlighting a challenge in maintaining their effectiveness.
  3. Implementing SPF (Sender Policy Framework) alongside Bayesian filtering can enhance spam prevention by verifying the sending server's authenticity, but the adoption of SPF is relatively low despite its potential benefits.

Ôi mã nguồn mở của tôi

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity
  1. Advocating for open source software and its benefits is important but many misconceptions exist around selling open source products at a high price.
  2. Using open source software for commercial purposes without proper attribution can lead to ethical and legal issues.
  3. Copyright requirements in open source licenses mainly apply to developers and distributors, not end users.