Resources

  • Secure messaging scorecard – eff.org
    Many companies offer “secure messaging” products—but are these systems actually secure? EFF decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto.
  • Google Study: Email Users 36 Times More Likely To Get Scammed If Friends’ Accounts Get Hacked – consumerist.com
    So you think your job is done — you’ve secured your email against hackers by thinking up the best password in the entire world. You’re safe, or so you think. But a new study from Google says that if your friends and email contacts have already been hacked, you’re much more likely to get scammed, too.
  • Passcode vs. Touch ID: A Legal Analysis – 9to5mac.com
    Per a recent Virginia Circuit Court decision, law enforcement could not legally compel self-incrimination (and thereby violate the Fifth Amendment) by forcing anyone to reveal his passcode; however, they are legally allowed to take a suspect’s fingerprint following an arrest. Read the detailed analysis here.
  • Index of Hack.lu 2014 – archive.hack.lu
    Here’s an archive of Hack.lu 2014. You can download all the pdf files from here.

Tools

  • Nogotofail – github.com
    Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. Download it from here.
  • KdExploitMe – github.com
    A kernel driver to practice writing exploits against, as well as some example exploits using public techniques. You can download it form here.

Vulnerabilities

  • Home Depot: Hackers Stole 53M Email Addresses – krebsonsecurity.com
    As if the credit card breach at Home Depot didn’t already look enough like the Target breach: Home Depot said yesterday that the hackers who stole 56 million customer credit and debit card accounts also made off with 53 million customer email addresses.
  • What You Need to Know About WireLurker – zdziarski.com
    Mobile Security company Palo Alto Networks has released a new white paper titled WireLurker: A New Era in iOS and OS X Malware. Here’s the quick and dirty about WireLurker; what you need to know, what it does, what it doesn’t do, and how to protect yourself.

    • WireLurker, a shock in Apple World. – marcoramilli.blogspot.com
      Marco Ramilli want to stamp in his digital diary WireLurker since he has seen a “paradigm shift” on it. He find it a super fascinating peace of code where motivations are still unclear. Fascinating how simple is the thechnique used by the Malware writers to Trojanize a legitime APP.
    • WireLurker Mac OS X Malware Shut Down – threatpost.com
      WireLurker is no more. After causing an overnight sensation, the newly disclosed family of Apple Mac OS X malware capable of also infecting iOS devices has been put to rest.

Other News