thank you!
The link appears dead with an access denied error, does anyone have a mirror?
it seems like maybe a more reasonable conclusion to draw is that the search feature is still being tested and tweaked quietly, and as such facebook's press office isn't hitting the gas as hard on getting it media…
the common theme for half of the top 10 seems to be physical proximity to the pentagon, fort meade, or both. UMD, GW, George Mason, Georgetown and Hopkins are all in driving distance.
I agree, it also does a lot of little things right that other platforms mess up. For example, it's the only platform that doesn't penalize a team's defense for scores that occur when they're not on the field (e.g. an…
right, that's the aspect they address, it's the same for sellers agents. The issue is that if the agent (recruiter) has the option to increase the salary by say, 2000$, they see a small percentage of that, maybe 100$…
With regards to your last point, it's true that the recruiter and candidate's objectives are loosely aligned, but it plays out a lot like the relationship between a real estate agent and client in practice, in which the…
reading between the lines, it seems like they may have cause to believe fitbit induced the employees to grab that information before leaving. If that's the case then the case against fitbit makes more sense
I enjoyed this part in particular: Conley made the most colorful remarks of the day, including saying that he didn’t believe technical experts who said building backdoors is impossible. “Did John Kennedy say we couldn’t…
Aspect Security - Application Penetration Testers https://www.aspectsecurity.com We're looking for people with application security skills to join our team. If you've been doing security for a while, or you're a…
yes, though it's probably worth noting that a video of their CEO talking about it is probably pretty hard to fake
FYI, to reply directly to a comment, hit the "reply" link right below it, rather than typing into the "add comment" box at the top. It makes the thread more readable that way
An aspect of this no one is touching on is the mechanism for it. If it's done digitally, securing the process sufficiently would be nigh impossible. I had an instructor in an application security course who said "the…
Title is slightly misleading in that that's only the REPORTED losses. I'd venture to guess that the actual numbers are significantly higher. A lot of these go unreported due to embarassment, etc.
Except TPB doesn't actually host the leak, all they do is index the .torrent files, so if it's going to leak, it'll leak, and another tracker will have a link to it. The takedown and the DDoS came pretty close to each…
If they're going to insist on binding ID to account, it seems like the simplest way to do it would be just to submit the ID as an additional parameter in the login POST request and associate it as a single transaction,…
Right? I'm also curious about the fix. The vulnerability he describes is most obviously that they fail to associate the token you get after login with an actual account, so you can re-use that token to bind an arbitrary…
Lots of ways. They're actually relatively cheap to buy if you're sufficiently motivated. This might be of interest to you: http://krebsonsecurity.com/2014/10/id-theft-service-customer...
It makes it more secure, but not fully. If the password hashes ever got dumped via other means, the effort required to brute force those hashes (even salted) would still be far less than you want it to be.
you can check a hash without uploading the file in question. VT only stores a set of results if it has seen the actual file, not if a hash is checked against it. This is why, when doing incident response, a lot of…
This is all true. There exist essentially blackhat versions of virustotal that don't submit the samples, and don't have a feed delay that are pretty popular among the virus writing community. One of the ways that…
thank you!
The link appears dead with an access denied error, does anyone have a mirror?
it seems like maybe a more reasonable conclusion to draw is that the search feature is still being tested and tweaked quietly, and as such facebook's press office isn't hitting the gas as hard on getting it media…
the common theme for half of the top 10 seems to be physical proximity to the pentagon, fort meade, or both. UMD, GW, George Mason, Georgetown and Hopkins are all in driving distance.
I agree, it also does a lot of little things right that other platforms mess up. For example, it's the only platform that doesn't penalize a team's defense for scores that occur when they're not on the field (e.g. an…
right, that's the aspect they address, it's the same for sellers agents. The issue is that if the agent (recruiter) has the option to increase the salary by say, 2000$, they see a small percentage of that, maybe 100$…
With regards to your last point, it's true that the recruiter and candidate's objectives are loosely aligned, but it plays out a lot like the relationship between a real estate agent and client in practice, in which the…
reading between the lines, it seems like they may have cause to believe fitbit induced the employees to grab that information before leaving. If that's the case then the case against fitbit makes more sense
I enjoyed this part in particular: Conley made the most colorful remarks of the day, including saying that he didn’t believe technical experts who said building backdoors is impossible. “Did John Kennedy say we couldn’t…
Aspect Security - Application Penetration Testers https://www.aspectsecurity.com We're looking for people with application security skills to join our team. If you've been doing security for a while, or you're a…
yes, though it's probably worth noting that a video of their CEO talking about it is probably pretty hard to fake
FYI, to reply directly to a comment, hit the "reply" link right below it, rather than typing into the "add comment" box at the top. It makes the thread more readable that way
An aspect of this no one is touching on is the mechanism for it. If it's done digitally, securing the process sufficiently would be nigh impossible. I had an instructor in an application security course who said "the…
Title is slightly misleading in that that's only the REPORTED losses. I'd venture to guess that the actual numbers are significantly higher. A lot of these go unreported due to embarassment, etc.
Except TPB doesn't actually host the leak, all they do is index the .torrent files, so if it's going to leak, it'll leak, and another tracker will have a link to it. The takedown and the DDoS came pretty close to each…
If they're going to insist on binding ID to account, it seems like the simplest way to do it would be just to submit the ID as an additional parameter in the login POST request and associate it as a single transaction,…
Right? I'm also curious about the fix. The vulnerability he describes is most obviously that they fail to associate the token you get after login with an actual account, so you can re-use that token to bind an arbitrary…
Lots of ways. They're actually relatively cheap to buy if you're sufficiently motivated. This might be of interest to you: http://krebsonsecurity.com/2014/10/id-theft-service-customer...
It makes it more secure, but not fully. If the password hashes ever got dumped via other means, the effort required to brute force those hashes (even salted) would still be far less than you want it to be.
you can check a hash without uploading the file in question. VT only stores a set of results if it has seen the actual file, not if a hash is checked against it. This is why, when doing incident response, a lot of…
This is all true. There exist essentially blackhat versions of virustotal that don't submit the samples, and don't have a feed delay that are pretty popular among the virus writing community. One of the ways that…