The hottest Security Substack posts right now

And their main takeaways
Category
Top U.S. Politics Topics

Another update on memset()

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 29 Dec 15
🕹 Technology Security
  1. Unit tests for submissions run through standard C tests with a function pointer, so function must work properly in a C program.
  2. Special compiler options or attributes to reduce code size are not used in unit tests.
  3. When sharing an implementation for testing, providing shellcode is preferred over an .asm file.

Đánh nhau bằng toán

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 28 Dec 15
🕹 Technology Security
  1. Juniper, RSA, and other companies were found to use the Dual EC algorithm which had a backdoor installed by the NSA, compromising security.
  2. Using closed-source security products without thorough scrutiny can lead to vulnerabilities in the system, highlighting the importance of investing in in-house expertise for secure solutions.
  3. Generating truly random numbers for encryption is a complex task, and backdoors in algorithms can pose serious security risks, emphasizing the need for caution in technology choices.

TetCon 2016 Final Program Released

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Dec 15
🕹 Technology Security
  1. The final program for TetCon 2016 has been released, promising a day filled with talks on hacking, security, and building security tools.
  2. The event will feature 10 out of 20 submitted talks, showcasing content on finding vulnerabilities in Microsoft Edge, hacking Android phones, and more.
  3. The event is scheduled to take place at the Sheraton Saigon soon, inviting hackers and security researchers to connect and learn together.

TetCon 2016 news

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 15 Dec 15
🕹 Technology Security
  1. The TetCon 2016 conference program is almost ready, with talks on building security tools and advancing security research in the community.
  2. Organizers are looking for sponsors to host a lunch party for attendees to promote networking and interaction between speakers and participants.
  3. Discounted tickets for TetCon 2016 are selling out quickly, so it's advisable to grab one soon to save money before prices go up.

Bad Life Advice: Never Give Up - Replay Attacks Against HTTPS

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 08 Dec 15
🕹 Technology Security
  1. Self-help advice of 'Never Give Up' can sometimes lead to vulnerabilities like replay attacks against HTTPS.
  2. Browsers like Chrome automatically retry failed requests, creating an opportunity for attacks by duplicating and replaying HTTPS traffic.
  3. TLS may protect against replay attacks, but there can still be mismatches between what it promises and what is actually deployed, requiring additional server defenses.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Why not validate Curve25519 public keys could be harmful

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 12 Sep 15
🕹 Technology Security
  1. Curve25519 public keys should be validated to prevent potential vulnerabilities in protocols that require contributory behavior.
  2. Protocols like TLS <= 1.2 may be vulnerable to attacks if Curve25519 public keys are not validated.
  3. An important solution is to check the shared value and raise exceptions if it is zero when working with Curve25519 public keys.

Khóa

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 19 Apr 15
🕹 Technology Security
  1. In designing home security, it's crucial for locks to allow easy escape from inside during emergencies.
  2. The primary function of a door should be to ensure safe exit for those inside, not just to prevent break-ins.
  3. When designing security systems, it's important to prioritize human usability and safety over extreme protection measures that could hinder escape during emergencies.

Javascript Crypto Is Useful

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 18 Jun 14
🕹 Technology Security
  1. Javascript crypto can help solve problems, but can be tricky due to lack of types and permissive run-times. It's important to validate input, minimize type conversions, use typed arrays, and employ Google Closure for type checking.
  2. Javascript crypto has various useful applications like building crypto clients, avoiding PCI DSS scope for credit card processing, securing data against leaks, and reducing latency through code caching with digital signatures.
  3. Despite its challenges, programming crypto in Javascript is feasible and has gained support from notable organizations like Stanford, Google, Microsoft, and W3C.

Fairy tales in password hashing with scrypt

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 19 Apr 14
🕹 Technology Security
  1. scrypt, a password-based key derivation function, is commonly used for password hashing but wasn't initially designed for this purpose
  2. Using scrypt incorrectly, such as with file encryption API instead of proper password hashing, can lead to weak security vulnerabilities
  3. When developing a crypto library, it's important to conduct user studies to ensure developers are using it correctly and securely

Những toilet không cửa hay là tại sao phải biết thiết kế

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 15 Mar 13
🪑 Design Security
  1. A well-designed toilet should be touch-free to ensure hygiene and ease of use.
  2. The design of everyday items, like toilets, requires careful consideration to meet user needs and protect their health.
  3. Good design balances security and usability, preventing user frustration and errors. Investing in learning about design principles can greatly benefit various products and services.

Bài này tự hay

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 03 Apr 12
🕹 Technology Security
  1. The post discusses lesser-known security vulnerabilities that can spread easily on social networks.
  2. It mentions potential harm these vulnerabilities can cause and references a talk at TetCon 2012.
  3. The emphasis is on the importance of being aware of such vulnerabilities to prevent widespread damage.

Khoe ;-)

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 01 Mar 12
🕹 Technology Security
  1. The post is about celebrating an achievement related to web hacking techniques over several years.
  2. The post includes multiple links to resources discussing the top web hacking techniques of different years.
  3. There is a mix of images and text throughout the post, emphasizing the celebratory tone.

Oakland 2011

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 22 May 11
🕹 Technology Security
  1. The misuse of cryptography in web security, particularly in ASP.NET, can lead to severe vulnerabilities allowing attackers to compromise web applications.
  2. Researching and questioning the implementation of cryptographic techniques can lead to the discovery of new attack methods and security flaws.
  3. Utilizing cryptography correctly is crucial for security solutions, but it is challenging as there are numerous serious vulnerabilities, requiring more focus and research in the field.

Hội thảo bảo mật quốc tế SyScan HCMC 2010

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 26 Aug 10
🕹 Technology Security
  1. Consider attending security conferences like SyScan HCMC 2010 to learn from top security experts and support the development of the industry.
  2. SyScan focuses on sharing research and experiences from leading security experts rather than commercial products or solutions.
  3. The conference covers hot security topics and offers reasonably priced registration, which includes opportunities for networking and even winning an iPad.

Hội thảo An ninh Web 17/06

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 15 Jun 10
🕹 Technology Security
  1. Conference on Web Application Security will be held on June 17 at Palace Hotel in HCMC. Topics include OWASP Top Ten 2010, Practical Crypto Attack, and Testing Web Application.
  2. Speakers will cover important aspects such as identifying vulnerabilities in web applications and real-world encryption attacks.
  3. The event is open to all without the need for an invitation, encouraging everyone to participate in the discussions.

Vụ lừa đảo Macbook Air (2)

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 05 Feb 10
🕹 Technology Security
  1. Proper investigation of fraud cases like the Macbook Air scam involves preserving the crime scene data by making backups, which protects evidence integrity.
  2. Analyzing data from security systems can often reveal the identity of the perpetrator without necessarily requiring access to external entities' information.
  3. Creating profiles with relevant details such as nicknames, emails, phone numbers, and IP addresses helps in tracking and expanding the investigation using publicly available data.

Lỗ hổng nghiêm trọng của TLS/SSL

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 06 Nov 09
🕹 Technology Security
  1. A serious vulnerability in TLS/SSL allows a man-in-the-middle attack to inject chosen plaintext unnoticed, jeopardizing security for protocols like HTTPS.
  2. The vulnerability highlights the importance of understanding the interactions between TLS/SSL and protocols like HTTP, SMTP, or POP3 to prevent exploitation.
  3. Potential attacks exploit the 'authentication gap' between TLS/SSL and higher-level protocols, allowing attackers to insert plaintext into encrypted streams undetected.

Flickr's API Signature Forgery Vulnerability

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 14 Sep 09
🕹 Technology Security
  1. Flickr's API has a vulnerability in its signing process that allows attackers to forge valid requests without the shared secret, potentially granting unauthorized access to user accounts.
  2. Web services similar to Flickr that use the same signing process could also be potentially vulnerable to the signature forgery attack.
  3. Vendor Yahoo! Flickr acknowledged the vulnerability and planned a fix, while other vendors responded differently to notifications about the issue, suggesting an inconsistency in addressing such vulnerabilities.

qualified

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 16 Aug 09
🕹 Technology Security
  1. Team CLGT performed well in the WOWHacker 2009 competition, finishing 8th out of 45+ teams.
  2. ISEC 2009 is a significant cybersecurity conference in Asia that features activities like Capture The Flag competitions.
  3. CLGT team is seeking sponsorship to cover expenses for the final round of the competition in South Korea in September.

này là cloud computing

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 02 Aug 09
🕹 Technology Security
  1. Cloud computing trends take time to reach different regions; blogging, web 2.0, and now cloud computing are examples of such trends.
  2. The success of cloud computing services lies in cost-effectiveness and the ability to handle large amounts of data for many users.
  3. Developing a public cloud computing service requires a high level of expertise, infrastructure, and financial resources, making it a playground for top tech giants.

Spot the vulnerability challenges

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 01 Mar 09
🕹 Technology Security
  1. Some challenges in C programs can be difficult to solve if you don't understand how C stores and interprets integer values.
  2. The challenges shared remind of the importance of understanding C language issues, particularly related to the misuse of integers.
  3. Engaging in challenges like these can be a great way to enhance coding skills and understanding of vulnerabilities.

Daemon02 - HITB Malaysia 2008 CtF

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 03 Nov 08
🕹 Technology Security
  1. Command injection vulnerability example with Daemon02, highlighting the importance of checking for dangerous metacharacters.
  2. Daemon02's vulnerability lies in its character checking method, allowing for potential bypasses to execute unintended commands.
  3. Exploiting Daemon02 is straightforward, involving sending specific input to execute commands on the host system.

(Báo Động Đỏ) Lỗi bảo mật đặc biệt nghiêm trọng, mọi người chú ý

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 22 Jul 08
🕹 Technology Security
  1. A critical security vulnerability in DNS systems poses a serious threat to stealing online information and controlling internet activities.
  2. DNS, or Domain Name System, is crucial in mapping computer addresses to human-readable names on the internet.
  3. Temporary solution to mitigate the risk includes switching to DNS servers like OpenDNS, which have already fixed the vulnerability.

BKAV Pro vi phạm bản quyền phần mềm?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jun 08
🕹 Technology Security
  1. BKAV Pro may be violating software copyright by using certain libraries without proper adherence to licensing agreements.
  2. The inclusion of an unregistered rar.exe file in BKAV Pro potentially leads to copyright infringement as users are required to register after a 40-day trial period.
  3. Challenges arise as Blue Moon Security identified security vulnerabilities in BKAV Pro, which BKIS declined to acknowledge and rectify.

matrix card - super cheap yet secure T-FA solution

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 01 Apr 08
🕹 Technology Security
  1. Two-factor authentication (T-FA) utilizes two different methods for higher security. Commonly, it involves something a person knows and something they have or are.
  2. Using a matrix card as the second authentication factor is a cost-effective solution compared to other options like RSA SecurID, making it easy to implement and inexpensive for service providers and customers.
  3. While T-FA with a matrix card is helpful, it does not fully protect against certain attacks like man-in-the-middle phishing. Authentication of transactions and vigilance for abnormal behavior are crucial for enhanced security.

detecting snake oil

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 31 Mar 08
🕹 Technology Security
  1. Security-clueless companies often focus too much on fancy network devices like firewalls and IDS without considering the human element, a key weak point in security.
  2. Be cautious of companies that claim their products or solutions are 'secure' without specifying what threats they protect against or how they handle unexpected disasters.
  3. Companies that overlook scalability, high-availability, and the importance of cryptography in their security solutions may not fully understand the comprehensive nature of security.

Rise And Fall of Paypal-made-in-VN

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 10 Oct 07
🕹 Technology Security
  1. In the e-payment industry, success hinges on speed to market and convincing banks to connect.
  2. Building an e-payment service in Vietnam faces challenges like outdated banking infrastructure and lack of technical expertise.
  3. The future of e-payment in Vietnam may involve banks establishing subsidiary companies to compete and innovate in the market.

www.tuoitre.com.vn thay đổi cách thiết kế menu

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 30 Jul 07
🕹 Technology Security
  1. The menu design change on www.tuoitre.com.vn, making menus unclickable, has caused inconvenience and confusion to users.
  2. The new menu design implies restrictions on readers, limiting access to all news in a topic area and forcing them to navigate through submenus.
  3. There is a connection between usability and security in software and websites, where good usability often correlates with better security measures.

Một phương pháp chống DDoS bằng xFlash

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Security
  1. The way browsers handle HTML forms with enctype="multipart/form-data" and enctype="application/x-www-form-urlencoded" is different. This difference is key to detecting POST requests from Flash, which cannot send requests in the "multipart/form-data" format.
  2. By automatically setting all HTML forms to enctype="multipart/form-data" through a reverse proxy with an Apache output filter module, one can detect and protect against DDoS attacks from Flash.
  3. While this method can limit the impact of existing xFlash attacks, it may not be a permanent solution. Avoiding Flash altogether or focusing on overall DDoS defense strategies like infrastructure investment and system optimization is crucial.

WordPress 2.1.1 chứa mã nguy hiểm

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Security
  1. A hacker managed to infiltrate WordPress' server and alter the source code of version 2.1.1, adding a backdoor to allow remote execution of PHP code.
  2. WordPress immediately took down the website to investigate the altered code in version 2.1.1.
  3. This incident highlights the importance of regularly updating software to protect against security threats and vulnerabilities.

Cái giá của spam

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
💼 Business Security
  1. Spam not only causes annoyance but also economic damage to businesses.
  2. Businesses often underestimate the financial impact of spam and focus more on implementing anti-spam solutions for the nuisance it causes.
  3. Calculating the cost of spam can reveal significant financial losses for a company, including factors like employee time spent dealing with spam emails.

Vàng hay bạc nhái

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Security
  1. Many IT solution providers are often just resellers of existing solutions from renowned companies, lacking in innovation and technical depth.
  2. A strong first impression is crucial in professional presentations, including being punctual and confident in communication.
  3. When assessing a cybersecurity company, it's important to look beyond certifications and explore their actual research and development, as well as tangible contributions to the field.

Phân tích Web-Attacker

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Security
  1. Web-Attacker is a Perl CGI script that can exploit website visitors to execute code on their local computers and is available for purchase.
  2. The script targets vulnerabilities in Internet Explorer and Mozilla Firefox to install programs on visitors' computers once it's installed.
  3. The Web-Attacker script is sold with a base price of $300 and can be upgraded for $25.