Pinboard (traggett)
https://pinboard.in/u:traggett/public/
recent bookmarks from traggettHow a Thief with Your iPhone Passcode Can Ruin Your Digital Life2023-03-01T08:14:48+00:00
https://tidbits.com/2023/02/26/how-a-thief-with-your-iphone-passcode-can-ruin-your-digital-life/
traggettios security 1passwordhttps://pinboard.in/u:traggett/b:e31c9bc3ca85/Using the WPScan plugin to find vulnerabilities in your WordPress website2021-09-18T04:01:35+00:00
https://www.wpwhitesecurity.com/find-wordpress-vulnerabilities-using-wpscan/
traggettwordpress plugins securityhttps://pinboard.in/u:traggett/b:ba794f2da858/WordPress Malware Camouflaged As Code2021-08-18T23:56:37+00:00
https://www.wordfence.com/blog/2021/08/wordpress-malware-camouflaged-as-code/?_hsmi=150617535&_hsenc=p2ANqtz-9ly765rq_SZ0vy9XcQIuM9bQNF7b1SDBy5bddrvPpHTTy1NZzqnTa4ZFARASGl4fD-q76Lu0XD5wEjTRBoXS4L0HmF6Q
traggettWordPress securityhttps://pinboard.in/u:traggett/b:6e2b6aabca60/2021 Mid-Year WordPress Security Report: A Collaboration Between Wordfence and WPScan2021-08-17T06:03:37+00:00
https://www.wordfence.com/blog/2021/08/2021-mid-year-wordpress-security-report-a-collaboration-between-wordfence-and-wpscan/?_hsmi=148559692&_hsenc=p2ANqtz--7vdLT4sqDuAXqLcUDUllnFe5LhiLYFOsFN28hOpvBs3XZpRxglkJwB3GyIgdmXsBg_tXoWZHXTgo8rol33-_-AzC2tQ
traggettWordPress Securityhttps://pinboard.in/u:traggett/b:8ae7f8f26312/Switch to paper for security2021-07-21T12:05:21+00:00
https://twitter.com/Infosec_Taylor/status/1417472608124104711
traggettinfosec security availabilityhttps://pinboard.in/u:traggett/b:9ee7820756d3/Detecting Deepfake Picture Editing - Schneier on Security2021-06-11T02:20:35+00:00
https://www.schneier.com/blog/archives/2021/06/detecting-deepfake-picture-editing.html
traggettimages security manipulationhttps://pinboard.in/u:traggett/b:c053b50a4108/Confidential Computing Is Transforming Data Encryption in Healthcare, Finance – The New Stack2021-05-04T09:13:14+00:00
https://thenewstack.io/confidential-computing-is-transforming-data-encryption-in-healthcare-finance/
traggettConfidential computing is an up-and-coming technology that’s been generating buzz over the last few months. Google has gone so far as to call it “a breakthrough technology.” The basic idea is that it brings confidentiality to the entire data lifecycle, guaranteeing data will be safeguarded in-transit, at rest and while in use.
Interesting idea: can a userspace app do it in a phone secure enclave?]]>security healthwise computinghttps://pinboard.in/u:traggett/b:1a7f846d1f26/ndss2021_1C-3_23159_paper.pdf2021-04-19T07:36:05+00:00
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf
traggettmessaging Securityhttps://pinboard.in/u:traggett/b:14bc3bb815ec/Notes/interview-study-notes-for-security-engineering.md at master · gracenolan/Notes · GitHub2021-03-20T01:03:06+00:00
https://github.com/gracenolan/Notes/blob/master/interview-study-notes-for-security-engineering.md
traggettsecurity educationhttps://pinboard.in/u:traggett/b:b28e71ee06bb/How Apple's locked down security gives extra protection to the best hackers2021-03-03T07:16:05+00:00
https://www.technologyreview.com/2021/03/01/1020089/apple-walled-garden-hackers-protected/amp/?__twitter_impression=true
traggettsecurity obscurity ios futurehttps://pinboard.in/u:traggett/b:4a89de950b92/Welcome - Apple Support2021-02-19T01:05:10+00:00
https://support.apple.com/en-gb/guide/security/welcome/1/web
traggettLearn how Apple makes their services secure]]>apple security healthwise toreadhttps://pinboard.in/u:traggett/b:29ffacad78c9/Signal Is A Good Start, But Beware | Electronic Frontiers Australia2021-01-22T06:50:05+00:00
https://www.efa.org.au/2021/01/22/signal-is-a-good-start-but-beware/
traggettsecurity signal messaginghttps://pinboard.in/u:traggett/b:4a6c6d28909a/Hooray, no more ContentFilterExclusionList | Patrick Wardle on Patreon2021-01-14T05:44:47+00:00
https://www.patreon.com/posts/46179028
traggettOfficial Post from Patrick Wardle. Well done Apple for fixing this.]]>apple Securityhttps://pinboard.in/u:traggett/b:e17f1a074923/Project Zero: An iOS zero-click radio proximity exploit odyssey2020-12-04T00:28:40+00:00
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
traggettapple security wifi exploitshttps://pinboard.in/u:traggett/b:d91b88a418cf/Credential management2020-11-14T07:06:39+00:00
https://devopsdirective.com/posts/2020/11/credential-management/
traggettdevelopment credentials securityhttps://pinboard.in/u:traggett/b:e1396420f3d3/Security for payments2020-09-29T03:33:35+00:00
https://www.nccgroup.com/globalassets/our-research/uk/images/common_security_issues_in_financially-orientated_web.pdf.pdf
traggettSecurityhttps://pinboard.in/u:traggett/b:6d80f7a649f1/Decentraleyes | Local CDN Emulation2020-09-09T07:11:05+00:00
https://decentraleyes.org/
traggettA web browser extension that emulates Content Delivery Networks to protect your privacy.]]>security browserhttps://pinboard.in/u:traggett/b:bb5198847cb8/‘DiceKeys’ Creates a Master Password for Life With One Roll | WIRED2020-08-25T02:18:28+00:00
https://www.wired.com/story/dicekeys-cryptography/
traggettA new kit leaves your cryptographic destiny up to 25 cubes in a plastic box.
Nice idea.]]>Security cryptohttps://pinboard.in/u:traggett/b:d6b628d3dd6a/How to Use 1Password | Reviews by Wirecutter2020-07-30T05:20:45+00:00
https://www.nytimes.com/wirecutter/reviews/how-to-use-1password/
traggettOur expert walks you through how to set up and take advantage of the features in our favorite password manager, 1Password.]]>thestack 1password securityhttps://pinboard.in/u:traggett/b:478ee541f094/Why AnyList Won’t Be Supporting Sign In with Apple - AnyList Blog2020-06-29T23:41:59+00:00
https://blog.anylist.com/2020/06/sign-in-with-apple/
traggettThe official blog of the AnyList team. Good reasons not to support sign in with someone else.]]>privacy security third partyhttps://pinboard.in/u:traggett/b:67558fb345c3/OWASP/wstg: The Web Security Testing Guide is a comprehensive open source guide to testing the security of web applications and web services.2020-06-04T02:26:33+00:00
https://github.com/OWASP/wstg
traggettThe Web Security Testing Guide is a comprehensive open source guide to testing the security of web applications and web services. - OWASP/wstg]]>security infrastructurehttps://pinboard.in/u:traggett/b:7c0a0452cd43/zebra-crossing/README.md at master · narwhalacademy/zebra-crossing2020-06-01T02:17:04+00:00
https://github.com/narwhalacademy/zebra-crossing/blob/master/README.md
traggettZebra Crossing: an easy-to-use digital safety checklist - narwhalacademy/zebra-crossing]]>privacy security notnews stackhttps://pinboard.in/u:traggett/b:f16afeaf1b34/One Attacker Outpaces All Others2020-05-13T13:04:07+00:00
https://www.wordfence.com/blog/2020/05/one-attacker-rules-them-all/?_hsenc=p2ANqtz-8ToljTuxeOzX4px4griKe_77jPBmglV6g7dLYR2wjQzpSNUSBEK1lKtxV2pQitIm0JGWnkQ7Fc7rKbuF0zBXUDU4LWpw&_hsmi=87850880
traggettmndfhghjf
The presence of the following domains in your database or filesystem should be considered an indicator of compromise:
digestcolect[.]com
trackstatisticsss[.]com
stivenfernando[.]com
collectfasttracks[.]com
destinyfernandi[.]com]]>WordPress attack securityhttps://pinboard.in/u:traggett/b:0dd1189230e1/How to SSH Properly2020-04-08T03:28:45+00:00
https://gravitational.com/blog/how-to-ssh-properly/
traggettHow to SSH properly and easily improve the security of your SSH model without needing to deploy a new application or make any huge changes to UX.]]>security sshhttps://pinboard.in/u:traggett/b:1e42785cc0f9/Building data liberation infrastructure | beepb00p2020-04-08T03:16:19+00:00
https://beepb00p.xyz/exports.html
traggettdata personal backup extraction securityhttps://pinboard.in/u:traggett/b:22850cd7eba6/How to configure SSH keys using cPanel2020-04-03T02:09:51+00:00
https://www.a2hosting.com/kb/cpanel/cpanel-security-features/configuring-ssh-keys-with-cpanel
traggettIf you are using a passphrase, you may not want to have to re-type it every time you connect to the remote server. If your computer has OpenSSH version 7.2 or later, you can automatically store the passphrase in the SSH authentication agent. (To determine the OpenSSH version installed on your computer, type ssh -V at the command prompt.) Then when you connect to the remote server, you must type the passphrase the first time, but not for any subsequent connections.
To do this, add the...]]>macos ssh keychain securityhttps://pinboard.in/u:traggett/b:61e29cb49a97/Mobile Private Contact Discovery at Scale | USENIX2020-03-25T06:41:40+00:00
https://www.usenix.org/conference/usenixsecurity19/presentation/kales
traggettsecurity privacyhttps://pinboard.in/u:traggett/b:82ad0399140b/Popular iPhone and iPad Apps Snooping on the Pasteboard | Mysk2020-03-25T06:19:34+00:00
https://www.mysk.blog/2020/03/10/popular-iphone-and-ipad-apps-snooping-on-the-pasteboard/
traggettsecurity pasteboard ioshttps://pinboard.in/u:traggett/b:c3ccbd0893ef/SANS Security Awareness Work-from-Home Deployment Kit | SANS Security Awareness2020-03-25T06:15:44+00:00
https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit
traggettsecurity techwise towritehttps://pinboard.in/u:traggett/b:70343a58dea3/Genesis market 2020 overview, a bazaar for buying data out of compromised computers.2020-02-04T11:10:41+00:00
https://medium.com/@underthebreach/genesis-market-2020-overview-a-bazaar-for-buying-data-out-of-compromised-computers-85b581b903ec
traggettSecurity techwisehttps://pinboard.in/u:traggett/b:2549c7545ebd/GitHub - hongkonggong/tldr-digital-security: TLDR Digital Safety Checklist2019-12-03T05:26:20+00:00
https://github.com/hongkonggong/tldr-digital-security
traggettTLDR Digital Safety Checklist. Contribute to hongkonggong/tldr-digital-security development by creating an account on GitHub.]]>thestack techwise securityhttps://pinboard.in/u:traggett/b:fc14a7aa48dc/Stethoscope Security — Ragtag2019-12-03T05:05:52+00:00
https://ragtag.org/stethoscope
traggettA digital security health check-up for your computer.]]>securityhttps://pinboard.in/u:traggett/b:591323e15b52/Mac security2019-11-27T14:27:45+00:00
https://twitter.com/velour_shirt/status/1199525982304116736
traggettMac Securityhttps://pinboard.in/u:traggett/b:843f01a8dc32/Block Block2019-10-14T08:45:57+00:00
https://www.objective-see.com/products/blockblock.html
traggettmacos securityhttps://pinboard.in/u:traggett/b:7cb974445d15/GitHub - Phildo/expandpass: Implements a simple nested grammar for expanding passwords2019-09-24T07:29:20+00:00
https://github.com/Phildo/expandpass
traggettImplements a simple nested grammar for expanding passwords - Phildo/expandpass
Find passwords you think you know.]]>password recovery securityhttps://pinboard.in/u:traggett/b:42f902666362/Dymaxion: Coercion-Resistant Design2019-09-11T04:29:22+00:00
https://dymaxion.org/essays/coercionresistantdesign.html
traggettPocket security toreadhttps://pinboard.in/u:traggett/b:6ffafdbea522/iOS not secure2019-09-09T07:02:13+00:00
https://newsblur.com/site/5882445/schneier-on-security
traggettThis upends pretty much everything we know about iPhone hacking. We believed that it was hard. We believed that effective zero-day exploits cost $2M or $3M, and were used sparingly by governments only against high-value targets. We believed that if an exploit was used too frequently, it would be quickly discovered and patched.
None of that is true here. This operation used fourteen zero-days exploits. It used them indiscriminately. And it remained undetected for two years.ios securityhttps://pinboard.in/u:traggett/b:3c493ff3116c/Secured Android Smartphone - thaddeus t. grugq - Medium2019-09-08T05:54:39+00:00
https://medium.com/@thegrugq/secured-android-smartphone-32b28ae3fbd8
traggettPocket android security toread usehttps://pinboard.in/u:traggett/b:a04f99359ba3/A huge database of Facebook users’ phone numbers found online | TechCrunch2019-09-05T03:49:26+00:00
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
traggettHundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on […]
FB just didn't care.]]>security privacyhttps://pinboard.in/u:traggett/b:d77f890f5012/The Best VPN Service for 2019: Reviews by Wirecutter | A New York Times Company2019-08-15T02:14:25+00:00
https://thewirecutter.com/reviews/best-vpn-service/
traggettTunnelBear is the most transparent and trustworthy VPN provider offering fast, secure connections and easy setup.
Good article on VPNs.]]>security vpn thestackhttps://pinboard.in/u:traggett/b:efec5d573d7d/信息安全技术 移动互联网应用(App)收集个人信息基本规范 (草案) Information security technology — Basic specifications for collecting personal information in mobile internet applications (Apps) (Draft) : China Law Translate2019-08-14T10:39:09+00:00
https://www.chinalawtranslate.com/en/apppersonalinforsecurity/
traggettInformation security technology — Basic specifications for collecting personal information in mobile internet applications (Apps) (Draft)
Really interesting list from China giving quite strong personal information security protection]]>China security personal data health matcherhttps://pinboard.in/u:traggett/b:bd0514b09e3a/With warshipping, hackers ship their exploits directly to their target’s mail room | TechCrunch2019-08-12T03:02:55+00:00
https://techcrunch.com/2019/08/06/warshipping-hackers-ship-exploits-mail-room/
traggettWhy break into a company’s network when you can just walk right in — literally? Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certainly there will be no need to […]
So hard to defend from this. Wardriving done remotely.]]>hacking securityhttps://pinboard.in/u:traggett/b:a37568fe3ad9/GTFOBins2019-08-12T03:01:37+00:00
https://gtfobins.github.io/
traggetthacking linux Securityhttps://pinboard.in/u:traggett/b:3f084cc3d0e8/The 'Ghost User' Ploy to Break Encryption Won't Work | Davis Vanguard2019-07-31T08:55:57+00:00
https://www.davisvanguard.org/2019/07/the-ghost-user-ploy-to-break-encryption-wont-work/
traggettBy Jon Callas Note: This is part one of a four-part series where security expert Jon Callas breaks down the fatal flaws of a recent proposal to add a]]>notnews securityhttps://pinboard.in/u:traggett/b:6134699a16c9/The Encryption Debate Is Over - Dead At The Hands Of Facebook2019-07-30T07:21:05+00:00
https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#3267fc5b5362
traggettPutting this all together, the sad reality of the encryption debate is that after 30 years it is finally over: dead at the hands of Facebook. If the company’s new on-device content moderation succeeds it will usher in the end of consumer end-to-end encryption and create a framework for governments to outsource their mass surveillance directly to social media companies, completely bypassing encryption.
Hmm. I hope not.]]>security social notnewshttps://pinboard.in/u:traggett/b:8fc4342db8c3/Attorney General William Barr on Encryption Policy - Schneier on Security2019-07-25T01:42:40+00:00
https://www.schneier.com/blog/archives/2019/07/attorney_genera_1.html
traggettith this change, we can finally have a sensible policy conversation. Yes, adding a backdoor increases our collective security because it allows law enforcement to eavesdrop on the bad guys. But adding that backdoor also decreases our collective security because the bad guys can eavesdrop on everyone. This is exactly the policy debate we should be havingnot the fake one about whether or not we can have both security and surveillance.]]>notnews security surveillancehttps://pinboard.in/u:traggett/b:4e1d7c54898c/Lowercase Passwords2019-07-22T06:10:02+00:00
https://mjtsai.com/blog/2019/07/17/lowercase-passwords/
traggettnotnews passwords securityhttps://pinboard.in/u:traggett/b:f2757cce185d/Before You Use a Password Manager – Stuart Schechter – Medium2019-06-20T02:00:19+00:00
https://medium.com/@stuartschechter/before-you-use-a-password-manager-9f5949ccf168
traggettI cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us…]]>thestack privacy securityhttps://pinboard.in/u:traggett/b:ddbd2fa82b5e/Google’s login chief doesn’t mind Apple’s new sign-in button - The Verge2019-06-13T05:56:06+00:00
https://www.theverge.com/2019/6/12/18662594/google-login-apple-sso-account-security-passwords-mark-risher
traggettGoogle’s login chief is surprisingly sunny about competing with Apple’s new single sign-on (SSO) button, as long as it means fewer passwords.]]>thestack securityhttps://pinboard.in/u:traggett/b:79926b534e6d/Thrangrycat2019-05-24T00:28:43+00:00
https://thrangrycat.com/
traggettsecurityhttps://pinboard.in/u:traggett/b:5a7fcadada44/Protecting Yourself from Identity Theft2019-05-07T00:51:43+00:00
https://www.schneier.com/blog/archives/2019/05/protecting_your_2.html
traggettsecurity thestackhttps://pinboard.in/u:traggett/b:8f11cf879972/Securing Windows Workstations: Developing a Secure Baseline – Active Directory Security2019-05-05T02:55:05+00:00
https://adsecurity.org/?p=3299
traggettsecurity windows infrastructurehttps://pinboard.in/u:traggett/b:8665bfd6925d/A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions | WIRED2019-04-24T06:20:00+00:00
https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/
traggettnotnews securityhttps://pinboard.in/u:traggett/b:84b2cf9c8f62/Phishing and Security Keys – Mark Risher – Medium2019-04-11T03:33:01+00:00
https://medium.com/@mrisher_2499/phishing-and-security-keys-b5c8e8e26931
traggettEven some security experts don’t grok why Security Keys are so powerful against phishing. As FIDO gains adoption in most OSes and browsers, it’s time to look at one of the strongest defenses out there]]>infrastructure use securityhttps://pinboard.in/u:traggett/b:432b0862f58b/How bad can it git? Characterizing secret leakage in public GitHub repositories2019-04-09T08:13:49+00:00
https://blog.acolyer.org/2019/04/08/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/
traggettsecurity infrastructure usehttps://pinboard.in/https://pinboard.in/u:traggett/b:886bcc6df003/Secure Salted Password Hashing - How to do it Properly2019-03-29T00:00:07+00:00
https://crackstation.net/hashing-security.htm
traggettHow to hash passwords properly using salt. Why hashes should be salted and how to use salt correctly.]]>security use infrastructurehttps://pinboard.in/u:traggett/b:ec697e8e16fa/How To Spoof PDF Signatures2019-03-13T01:29:20+00:00
https://web-in-security.blogspot.com/2019/02/how-to-spoof-pdf-signatures.html
traggettsecurityhttps://pinboard.in/u:traggett/b:1ac9f51c8c7b/Attack of the week: searchable encryption and the ever-expanding leakage function – A Few Thoughts on Cryptographic Engineering2019-03-01T13:18:23+00:00
https://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/
traggettdatabase Security notnews encryptionhttps://pinboard.in/u:traggett/b:665aef9dfd6a/Security Checklist2019-01-21T09:42:37+00:00
https://securitycheckli.st/
traggettA checklist for staying safe on the internet
Part of the stack.]]>checklist internet securityhttps://pinboard.in/u:traggett/b:93e1eb6d3b17/Notes on Security in 2019 – Andreessen Horowitz2019-01-19T01:48:48+00:00
https://a16z.com/2019/01/18/notes-on-security-in-2019/
traggettSecurityhttps://pinboard.in/u:traggett/b:9ab0ed6219f2/Windows computer repair and maintenance — Decent Security2019-01-17T09:16:45+00:00
https://decentsecurity.com/holiday-tasks/
traggettWindows security fixinghttps://pinboard.in/u:traggett/b:0c0e0464b832/What the Marriott Breach Says About Security — Krebs on Security2018-12-06T23:01:16+00:00
https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/
traggettSecurityhttps://pinboard.in/u:traggett/b:445259a2f562/Friction-free Identification and Authentication | Callsign2018-11-20T00:16:56+00:00
https://www.callsign.com/
traggetthealth matcher identity Securityhttps://pinboard.in/u:traggett/b:198e3200fd40/Cash machines very insecure2018-11-17T01:55:04+00:00
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
traggettatm Security bankinghttps://pinboard.in/u:traggett/b:d23d0894abf3/Open Source Password Management Solutions | Bitwarden2018-11-16T14:42:57+00:00
https://bitwarden.com/
traggettSecurity passwordshttps://pinboard.in/u:traggett/b:47eedea72a87/The Illustrated TLS 1.3 Connection: Every Byte Explained2018-11-13T23:21:28+00:00
https://tls13.ulfheim.net/
traggettnetworking security tlshttps://pinboard.in/u:traggett/b:fd3782087679/Healthcare: Trusted Access from Duo Security | Duo Security2018-11-06T03:39:50+00:00
https://duo.com/use-cases/industry-solutions/healthcare
traggetthealthcare securityhttps://pinboard.in/u:traggett/b:1e174413f1c4/Duo Unified Access Security (UAS) | Duo Security2018-11-06T03:38:39+00:00
https://duo.com/
traggettsecurity service 2fahttps://pinboard.in/u:traggett/b:e5f07fc34cb3/The CIA's communications suffered a catastrophic compromise2018-11-05T10:27:25+00:00
https://www.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html
traggettsecurity intelligencehttps://pinboard.in/u:traggett/b:2dd88dcf3aa8/Troy Hunt: Extended Validation Certificates are Dead2018-09-19T04:53:19+00:00
https://www.troyhunt.com/extended-validation-certificates-are-dead/
traggettsecurity certificateshttps://pinboard.in/u:traggett/b:1a91f9b4c603/