Post 2017 Thanksgiving links

November 27, 2017

I hope everyone had a good Thanksgiving. Onward to Christmas!

What I'm reading

Using an Attack-for-Hire could get you in trouble with the law. Now you can do it from your mobile device!

Facebook's mission: ‘How do we consume as much of your time and conscious attention as possible?'

Interesting idea for setting goals. Three days, three months, and three years (what happened to three weeks?). New Year's is coming up!

Finding sensitive information in URLs is one of the easiest things to find in application security. Adam Baldwin went down a rabbit hole with this question: “wonder if any npm dependencies are using urls that contain tokens or passwords.”

CouchDB and the npm registry.

Good article on Digital Forensics Incident Response (DFIR) resources.

Root9B shuts down at the end of the year. It's a Brian Krebs article if you're wondering, "who is Root9B?"

Another Brian Krebs article. Scammed via Western Union? There's a fund for you.

Great take on the baseball Hall of Fame by Astros County

Troy Hunt is testifying in Washington DC regarding data breaches.

What I'm watching

Linkin Park & Friends Celebrate Life in Honor of Chester Bennington

When You Haven't Played Destiny 2 in 3 Weeks...

Destiny 2 Lore - The Story of Osiris

Leviathan Raid Funny Moments

#EarnedHistory | Houston Astros

This blog post first appeared on Exploring Information Security.

InfoSec Links April 9, 2014

April 9, 2014

Microsoft: Let's be clear, WE won't read your email - but the cops will - Lain Thomson - The Register

Note to self: don't use Hotmail to distribute pirated copies of Windows 8.

The Heartbleed Bug, explained - Timothy B. Lee - Vox

I good explanation of the OpenSSL bug that has rocked the infosec world the past couple days. This is a pretty serious bug that puts millions of sites at risk and potentially your information such as passwords. Unfortunately, there's really nothing you can do about it except hope that the sites you have accounts on apply the patch that fixes the bug ASAP. Most big sites have probably already done it.

Xbox password flaw exposed by five-year-old boy - BBC

Five-year-old wants to get into his dads Xbox account. What does he do? Find a vulnerability in Microsoft's Xbox Live, thus starting his illustrious hacking career. It's not the least bit surprising that his dad works in security.

This post first appeared on Exploring Information Security.

InfoSec Links April 5, 2014

April 5, 2014

Fandango, Credit Karma settle with FTC over app security flaws - by Kate Tummarello - The Hill

If you build an insecure app the FTC is going to come after you. Hopefully, this will make developers start taking security into consideration when build apps. Especially, when it deals with some form of currency.

Web TV service Boxee.tv Hacked, Details of 158,000 Forum Users Leaked - By Eduard Kovacs - Softpedia

If you have a Boxee.tv account you might want to go change your password. And this is just another example of why you want to have different passwords for different accounts. If you need help with managing your password might I suggest Password Safe (look for a post in the future).

Big Brother Goes Dutch - by Lee Munson - Security Watch

The Dutch have voted fore more surveillance. /facepalm

This post first appeared on Exploring Information Security.