#hack
Analysis of user #password strength
source: https://securelist.com/passworde-brute-force-time/112984/
Our study of resistance to brute-force attacks found that a large percentage of passwords (59%) can be cracked in under one hour.
#cybersecurity #bruteForce #fail #security #internet #problem #hack #crack #software #login #news
#Microsoft Chose #Profit Over #Security and Left U.S. #Government Vulnerable to Russian #Hack, #Whistleblower Says 😱
Source: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
#CyberSecurity #Windows #capitalism #economy #software #exploit #hacker #news #problem #Russia #cyberwar
The secret / illegal bases of the #CIA
Watch: https://www.youtube.com/watch?v=RZs5Hz1klno
#usa #torture #BlackSite #hack #hacker #security #politics #surveillance
#meme #quote #hacker #hack #p2p #quote #wisdom
♲ Digital Angel - 2024-05-27 23:18:27 GMT
“Never underestimate the determination of a kid who is time-rich and cash-poor.” ― Cory Doctorow, Little Brother#hacker #girl #cybersecurity #copyright #security #hack #software #filesharing #p2p #download #warez #entertainment #money #time
Where People Go When They Want to Hack You?
source: https://www.youtube.com/watch?v=TLPHmHPaCiQ
#ZeroDay #Hack #Hacker #Exploit #cybersecurity #software #security #bug #SocialEngineering
BTW, back in the early aughts, I used a GIF image of my email address.
[gopher://hngopher.com/1/live/p1/](gopher://hngopher.com/1/live/p1/) is the Gopher portal to Hacker News
[gopher://hngopher.com/0/live/items/40340642/dump.txt](gopher://hngopher.com/0/live/items/40340642/dump.txt)
https://rouninmedia.github.io/protecting-your-email-address-via-svg-instead-of-js/
protecting-your-email-address-via-svg-instead-of-js
Protecting your email address via SVG instead of JS
For a live demo of this accessible, no-javascript technique, see:
Email addresses published on webpages usually need to be protected
from email-harvesting spambots.
Conventionally, email protection techniques utilise a combination of
HTML, CSS and JS - though each approach is subject to its own pros
and cons.
In general, approaches involving JS tend to be more sophisticated
than alternatives based on HTML and / or CSS.
But the downside is that JS then becomes an unavoidable dependency of
that page.
There is always benefit in considering the school of thought which
advocates that while JS may enhance pages, ideally we should want all
the essential functionality on those pages to work even while
JavaScript is turned off.
The technique detailed on this page utilises an an approach entirely
different from conventional email protection techniques, based on CSS
, JS, CSS + JS etc.
Because this technique is based on SVG.
N.B. This technique - and any other email-protection technique
utilising front-end-technologies - won't protect your published email
address from being harvested by the most determined and sophisticated
spambots. But, as with many JS-based email-protection techniques, it
will protect you nevertheless from a great many unsophisticated
harvesters and keep your email successfully hidden from any simple or
amateurish scripts trawling the web, seeking to copy any unprotected
email addresses they find.
Three advantages of an SVG-based approach to protecting email
addresses
- Works with JavaScript turned off
The main advantage of this SVG-based approach to protecting emails,
is that it involves no JavaScript.
As such, even when a human visitor has their JavaScript turned off,
the email address displayed on the page remains usable, accessible
and protected, while remaining secure and hidden from spambots.
- Permits a standard mailto: link
Unlike other no-JavaScript-required approaches (e.g. obfuscating
email addresses by inserting non-visible HTML Comments or inserting
visible elements and subsequently hiding them via CSS), this
SVG-based approach allows for standard mailto: links. The twist is:
the mailto: link exists inside the external SVG document, not inside
the referring HTML document.
- Conceals content like an image; Copyable like text
A third advantage is that embedded SVGs are image-like but not
images.
As replaced elements embedded within a hypertext document, SVGs may
conceal an email address from spambots nearly as effectively as an
image might.
But, strictly, SVGs are graphics documents rather than actual images.
Consequently, unlike with an image, a human visitor may still copy
the email address by right-clicking on the element in the
embedded SVG.
This would not be possible with a conventional image.
Implementing the Code
In the example below there are two files.
The SVG graphics document is embedded in the HTML hypertext document
via:
<object data="svg-email-protection.svg" type="image/svg+xml" /></object>
Note that the same SVG graphics document may be embedded in hypertext
once - or multiple times.
HTML File
````
<!DOCTYPE html>
SVG Email Protection
.svg-email-protection {
width: 180px;
height: 24px;
vertical-align: middle;
}
This is my email:
SVG File
Email Us!
<![CDATA[
rect {
width: 200px;
height: 24px;
fill: rgb(255, 255, 255);
}
a:focus rect,
rect:hover {
rx: 4px;
ry: 4px;
fill: rgb(0, 0, 255);
}
text {
font-size: 16px;
fill: rgb(0, 0, 255);
pointer-events: none;
}
a:focus text,
rect:hover + text {
fill: rgb(255, 255, 255);
font-weight: 900;
text-shadow: 1px 1px 1px rgba(0, 0, 0, 0.2);
text-decoration: underline 1px solid rgb(255, 255, 255);
text-underline-offset: 5px;
}
]]>
myemail@mydomain.tld
````
Accessibility
As ever, it's important to ensure that this setup remains as
accessible as possible.
On this basis, note the following in the SVG graphics document:
- the entire SVG document is aria-labelledby the SVG document , indicating a call-to-action
- the anchor element () inside the SVG has an aria-label which has the same call-to-action
- the SVG is styled such that when the tab-focus falls on the anchor element (), the child-elements, and the , are both highlighted
To see a live demo of this accessible, no-javascript technique, go
to:
Wer verdient beim Militär nicht genug?
Hacker in Gehaltsdatenbank des britischen Militärs
Das wollten Hacker wohl genauer wissen und sind in das System für Gehaltsabrechnungen des britischen Militärs eingedrungen. Dabei sind die Namen und Bankdaten von gegenwärtigen Angestellten und von Veteranen und Veteraninnen gestohlen worden. Die Regierung ist "not amused", weiß aber angeblich nichts über die Hintergründe.
Ein britischer Nachrichtensender macht China für den Angriff verantwortlich. Die Information, wer im britischen Militär vielleicht mit seinem Gehalt und den Aufstiegschancen nicht so zufrieden sein könnte, kann ein entsprechende KI wahrscheinlich aus den Daten herausfinden.
Mehr dazu bei https://www.heise.de/news/Grossbritannien-Gehaltsabrechnungssystem-des-Militaers-gehackt-wohl-von-China-9710040.html
Kategorie[21]: Unsere Themen in der Presse Short-Link dieser Seite: a-fsa.de/d/3Au
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8771-20240509-wer-verdient-beim-militaer-nicht-genug.html
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8771-20240509-wer-verdient-beim-militaer-nicht-genug.html
Tags: #Großbritannien #China #Militär #Datenbank #Gehaltsabrechnungen #Frieden #Krieg #Hack #Cyberwar #Spionage #Anwerbung
09.05.2024 Wer verdient beim Militär nicht genug?
Hacker in Gehaltsdatenbank des britischen Militärs
Das wollten Hacker wohl genauer wissen und sind in das System für Gehaltsabrechnungen des britischen Militärs eingedrungen. Dabei sind die Namen und Bankdaten von gegenwärtigen Angestellten und von Veteranen und Veteraninnen gestohlen worden. Die Regierung ist "not amused", weiß aber angeblich nichts über die Hintergründe.
Ein britischer Nachrichtensender macht China für den Angriff verantwortlich. Die Information, wer im britischen Militär vielleicht mit seinem Gehalt und den Aufstiegschancen nicht so zufrieden sein könnte, kann ein entsprechende KI wahrscheinlich aus den Daten herausfinden.
Mehr dazu bei https://www.heise.de/news/Grossbritannien-Gehaltsabrechnungssystem-des-Militaers-gehackt-wohl-von-China-9710040.html
Kategorie[21]: Unsere Themen in der Presse Short-Link dieser Seite: a-fsa.de/d/3Au
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8771-20240509-wer-verdient-beim-militaer-nicht-genug.html
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8771-20240509-wer-verdient-beim-militaer-nicht-genug.html
Tags: #Großbritannien #China #Militär #Datenbank #Gehaltsabrechnungen #Frieden #Krieg #Hack #Cyberwar #Spionage #Anwerbung
Hackers claim to have infiltrated #Belarus’ main #security service
Source: https://apnews.com/article/belarus-cyberattack-kgb-dissent-efc7e6acd9dfe8a118e1d2f526c4d6fa
A Belarusian #hacker activist group claims to have infiltrated the network of the country’s main #KGB security agency and accessed personnel files of over 8,600 employees of the organization, which still goes under its Soviet name.
#Windows #vulnerability reported by the #NSA exploited to install Russian #malware
When Microsoft patched the vulnerability in October 2022—at least two years after it came under #attack by the Russian hackers—the company made no mention that it was under active exploitation.
#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker
#CVE-2024-20356: #Jailbreaking a #Cisco appliance to run #DOOM
In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the server’s #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM – if a smart fridge can do it, why not Cisco?
source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker
#LLM Agents can Autonomously #Exploit One-day Vulnerabilities
Source: https://arxiv.org/abs/2404.08144
To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the #CVE description. When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and #Metasploit).
#ai #technology #Software #chatgpt #bug #hack #news #cybersecurity
#hack #security #news #problem
♲ Digital Angel - 2024-04-04 23:15:13 GMT
#IBIS hotel check-in terminal keypad-code leakagesource: https://www.pentagrid.ch/en/blog/ibis-hotel-check-in-terminal-keypad-code-leakage/
However, when entering a '------' as booking ID, the check-in terminal lists other people's bookings and keypad codes.
Neue Bundeswehrstruktur: Cyberabwehr in Uniform
Im digitalen Zeitalter gehört hybride Kriegsführung zum Geschäft. Das kommt nun auch in Deutschlands Armee an.#Bundeswehr #NancyFaeser #BorisPistorius #Hack #Digital #Deutschland #Politik
Neue Bundeswehrstruktur: Cyberabwehr in Uniform
