« earlier | later » Page 5 of 11
David A. Wheeler's Personal Home Page edit / delete
Includes several well-written, comprehensive postmortems on noteworthy security bugs (e.g. Heartbleed) -- probably of interest to security students.
Update on jQuery.com Compromises | Official jQuery Blog edit / delete
"Today at 11:15AM EDT, the jQuery Infrastructure team received widespread reports and confirmed a compromise of jquery.com." Using upstream's URLs for your Javascript libraries is only a good idea if you trust that site to never, ever be compromised or MITMd... (and even then I don't think it's a good idea.)
to javascript jquery security ... on 18 January 2015
C3TV - Cyber Necromancy edit / delete
The 31C3 presentation on reverse-engineering Metal Gear Online. You need to watch the video for this one.
to ag0907 ccc games mgo networking p2p reverse-engineering security ... on 18 January 2015
C3TV - Crypto Tales from the Trenches edit / delete
A group of journalists talk about how cryptography is useful to them -- and why it's a royal pain to use for the people they talk to. It's very encouraging to hear about the tools they use.
to ccc cryptography gpg journalism security tor whistleblowing ... on 18 January 2015
C3TV - Hacking Ethics in Education edit / delete
"At the University of Amsterdam, we have started an ethical committee for the System and Network Engineering Master." Interesting to me because I run the ethics committee for the department I'm in at work (and we're about to pick up a load of security-related student projects). I suspect a follow-up presentation next year might be more interesting, though, since it sounds like they didn't have any ethics framework in place before (?! -- how on earth do they do funded projects?). Comprehensible in audio only.
to academia ccc ethics security teaching ... on 18 January 2015
Why King George III Can Encrypt edit / delete
Coming up with better metaphors for how PGP signing and encryption works, and then *actually evaluating how effective they are with users*. The short answer: key/lock, seal/imprint. And tell a story about them.
to cryptography encryption gpg metaphors papers pgp security teaching ... on 18 January 2015
[SaveMGO] Tactical Revival Action edit / delete
Reverse-engineering the server for Metal Gear Online 1/2 -- there was an excellent presentation about this at 31C3 that explained how they did it. It's a peer-to-peer game, so the server actually isn't too complicated. AG0907 students will probably find it interesting to see what a real-world matchmaking protocol looks like.
to ag0907 games mgo networking p2p reverse-engineering security ... on 18 January 2015
"KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity." So that's three reasons why I won't be buying a Microsoft wireless keyboard, then.
to arduino keyboard keylogger microcontroller security wireless ... on 18 January 2015
Marcus R. Brown's site on PS2 homebrew, now defunct, but with some useful information: how to add a serial port, how to patch the Linux abstraction layer so you can use the whole of a memory card, and the details of the "Independence Exploit" (using a buffer overflow in the PS1 emulator) that used to be used for homebrew. Reading between the lines here you can see how he came up with the exploit too...
to homebrew linux playstation ps2 security ... on 18 January 2015
Vulnerability: Infiltrating a network via Powerline (HomePlugAV) adapters - www.bentasker.co.uk edit / delete
Attacking HomePlugAV devices (not all of them, but a large subset). It's a key distribution problem.
to crypto homeplugav networking security ... on 18 January 2015
« earlier | later » Page 5 of 11
tasty by Adam Sampson.