polonus
4801
In the light of the new Whatssapp Facebook privacy threat,
read: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/08/statement-on-changes-to-whatsapp-and-facebook-s-handling-of-personal-data/
and then what ico should look into- the data farcebook sits on and their dealings both with commerce and state surveillance: http://www.zdnet.com/article/firm-facebooks-shadow-profiles-are-frightening-dossiers-on-everyone/
Hope Big Brother will not turn angry on us, frightening spying and data-slurping.
Who will check them eventually?
polonus
Pondus
4802
Asyn
4803
bob3160
4805
polonus
4806
polonus
4807
After Chrome 53 browser update, some extensions became corrupted and no longer functioned, like e.g. https everywhere.
Try to reinstall and repair, if this does not work use this as an alternative: https://chrome.google.com/webstore/detail/kb-ssl-enforcer/flcpelgcagfhfoegekianiofphddckof/related
polonus
Pondus
4808
polonus
4809
CSP often wrongly configured in the live website theater, it often can be circumvented in over 94% of cases.
Read: https://speakerdeck.com/mikispag/making-csp-great-again-michele-spagnuolo-and-lukas-weichselbaum?slide=9
Content Security Policy is a web platform mechanism designed to mitigate cross-site scripting (XSS), the top security vulnerability in modern web applications. In this paper, we take a closer look at the practical benefits of adopting CSP and identify significant flaws in real-world deployments that result in bypasses in 94.72% of all distinct policies. We base our Internet-wide analysis on a search engine corpus of approximately 100 billion pages from over 1 billion hostnames; the result covers CSP deployments on 1,680,867 hosts with 26,011 unique CSP policies – the most comprehensive study to date. We introduce the security-relevant aspects of the CSP specification and provide an in-depth analysis of its threat model, focusing on XSS protections. We identify three common classes of CSP bypasses and explain how they subvert the security of a policy. We then turn to a quantitative analysis of policies deployed on the Internet in order to understand their security benefits. We observe that 14 out of the 15 domains most commonly whitelisted for loading scripts contain unsafe endpoints; as a consequence, 75.81% of distinct policies use script whitelists that allow attackers to bypass CSP. In total, we find that 94.68% of policies that attempt to limit script execution are ineffective, and that 99.34% of hosts with CSP use policies that offer no benefit against XSS. Finally, we propose the ’strict-dynamic’ keyword, an addition to the specification that facilitates the creation of policies based on cryptographic nonces, without relying on domain whitelists. We discuss our experience deploying such a nonce-based policy in a complex application and provide guidance to web authors for improving their policies.
Source: https://research.google.com/pubs/pub45542.html
Complete article: https://static.googleusercontent.com/media/research.google.com/nl//pubs/archive/45542.pdf
polonus
on circumvention techniques: http://webcache.googleusercontent.com/search?q=cache:7dHCHaXZa94J:https://coolaj86.com/articles/how-to-get-around-latest-browser-security-measures/&num=1&hl=nl&gl=pl&strip=0&vwsrc=1 source AJoNeal (for security researchers only, else do not visit).
D
Asyn
4811
Eddy
4812
10(!) year old leak in Windows Media Player again used to spread malware :
http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html
DRM is supposed to let people only play legally obtained songs/movies.
It is a totally useless system if it can be used to spread illegal (malicious) content.
Pondus
4814
polonus
4815
Everyone worldwide that uses tor or VPN or unwillingly is part of a botnet could now be hacked by the FBI,
according to procedural changes to rule 41: https://blog.torproject.org/blog/fbis-quiet-plan-begin-mass-hacking: https://www.eff.org/deeplinks/2016/06/help-us-stop-updates-rule-41
polonus
BeSecure
4816
Pondus
4817
Asyn
4818
Pondus
4819
Pondus
4820
