Want a FIPS 140-2 RNG? Look at the universe Source: Big Bang left us with a perfect random number generator Unfortunately the processing power required is a bit much for home computers…

Because it’s out of date – nowadays you need to be using TLS! You can download the best practices here… Source: Qualys SSL Labs – Projects / Documentation

Source: Your Unhashable Fingerprints Secure Nothing An article on how poor fingerprint security is: – they are not secret – they can be copied (even from photos!) – they are not revocable – they can’t be hashed

Combo Breaker is a motorized, battery powered, 3D printed, Arduino-based combination lock cracking device. It is portable, open source, 3D models provided, and exploits a new technique I’ve discovered for cracking combination locks in 8 attempts or less, but in an even more exciting, automated fashion. Source: Combo Breaker – combination lock cracking device

Let’s Encrypt has received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let’s Encrypt certificates can enjoy a secure browsing experience with no special configuration required. Source: Let’s Encrypt is Trusted Let’s Encrypt wants to Read more about Let’s Encrypt is Trusted by browsers[…]

Wifatch’s code does not ship any payloads used for malicious activities, such as carrying out DDoS attacks, in fact all the hardcoded routines seem to have been implemented in order to harden compromised devices. We’ve been monitoring Wifatch’s peer-to-peer network for a number of months and have yet to observe any malicious actions being carried Read more about WifiWatch virus infects poorly defended routers and then hardens them for you[…]

names, addresses, Social Security numbers, email addresses and other sensitive data were contained in the system accessed as well as encrypted passwords. Source: scottrade.com Don’t we just love huge databases?

Patreon is a funding site for artists and creators. 15 GB file hits dump sites Source: Patreon attackers drop data, expose users Because the source code was left outside the firewall, there is a chance that the encryption is vulnerable too.

The data included some personally identifiable information for approximately 15 million consumers in the US, including those who applied for T-Mobile USA postpaid services or device financing from September 1, 2013 through September 16, 2015, based on Experian’s investigation to date. This incident did not impact Experian’s consumer credit database Source: Experian Notifies Consumers In Read more about Experian hacked, loses 15m U.S. T-Mobile customer records, offerts 2 years of credit monitoring[…]

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG). ISRG is a California public benefit corporation, and is recognized by the IRS as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code. Source: Blog It will hopefully be live in about a month.

Oh dear, it seems they have been stealing from the POS terminals between 21 april – 27 july 2015, from Hilton as well as Doubletree, Embassy Suites, Hampton, and Waldorf Astoria hotels. Source: Hilton hotels in credit-card-stealing malware infection scare

The US Department of Justice (DoJ) said Bridges admitted to using a seized administrator account on Silk Road in order to lift Bitcoin from various accounts and deposit them into his own wallet. He then sold off the Bitcoin on the Mt Gox exchange between March and May of 2013 and came away with $820,000 Read more about Ex-Secret Service agent who siphoned almost $1m worth of Bitcoin from Silk Road takes plea deal[…]

It’s a good idea – you can easily share your WiFi keys with people in your contacts list. However, Microsoft keeps the keys encrypted (how?) on their own servers to do this. This is not a good idea, turning the MS cloud into a treasure trove of WiFi passwords and locations. Also, if you’re giving Read more about Windows 10 keeps your Wi-Fi keys on the MS Cloud[…]

DescriptionThe LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these password for the most commonly-used software. At this moment, it supports Read more about The LaZagnen – recover various passwords from within Windows[…]

Bishop Fox consultant Byrne and Trustwave testing chief Henderson say passwords Z66816 and 166816 – the 1 and Z being variations according to PoS keyboard layouts via Cash register maker used same password – 166816 – non-stop since 1990 • The Register.

The Wassenaar Arrangement, signed by 42 nations, can be implemented differently by each of these nations. Hackers are worried that exploits are controlled by these arms controls and will be punishable. Leaving 0-day exploits in the wild or unpublished is not good for IT security, as only the people who have them can use them Read more about Hackers fear arms control pact makes exporting flaws illegal[…]

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). via Lynis – Security auditing tool for Unix/Linux systems.

Hint: Truecrypt, Tor, PGP, ZRTP Inside the NSA's War on Internet Security – SPIEGEL ONLINE.

“Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die,” said Michael Barrett, president of the FIDO Alliance. “FIDO Alliance pioneers can forever lay claim to ushering in the ‘post password’ era, which is already revealing new dimensions in Internet Read more about FIDO v1 out – broadly adopted passwordless authentication for (eventually) everything[…]

GlassWire displays your network activity on an easy to understand graph while searching for unusual Internet behavior that could indicate malware or violations of your privacy. Once unusual network activity is discovered you’re instantly alerted with detailed information so you can protect your computer, privacy, and data. via GlassWire Network Security Monitor & Firewall Tool.

Fact does not come from the grand leaps of discovery but rather from the small, careful steps of verification. That is the premise of the Open Source Security Testing Methodology Manual also known as the OSSTMM (pronounced as "awstem") It is a peer-reviewed manual of security testing and analysis which result in verified facts. These Read more about Open Source Security Testing Methodology Manual (OSSTMM)[…]

LibreSSL is backed by OpenBSD and will be prepped for other platforms later. Now they’re working through a complete rewrite as apparently OpenSSL is just too too messy. Read the story here:OpenSSL code beyond repair, claims creator of “LibreSSL” fork | Ars Technica. read the rage and the coding diffs here on OpenSSL Rampage