Business asks for the right to personal data of users

Business asks for the right to personal data of users  
 
Representatives of business, IT companies, banks and telecom operators proposed amendments to the law "On Personal Data". If adopted, companies will gain more control over user data. About this write "Vedomosti", who familiarized themselves with the text of the amendments.
 
discussed the future of data processing . As Leonid Tkachenko of MTS said:
 
 
We have three strategies:
 
 
A complete accumulation of all the customer data at all, even if we do not understand how to use it. Storage technology is cheap enough to store everything.
 
Open the data to the savants access to the data and ...
+ 0 -

6. Check Point to the maximum. IPS. Part 2

6. Check Point to the maximum. IPS. Part 2  
 
Welcome to the 6th lesson and we continue the IPS theme. Previous lesson was completely devoted to delusions on the IPS account, and we also briefly reviewed the history of the formation of intrusion prevention systems. Strongly recommend to see 5th lesson , before starting this one. This will allow us to penetrate more deeply into the problems of the question. This lesson is already fully devoted to the practical part. For various attacks, we will use the distribution. Kali-Linux with tools such as OpenVAS , Metasploit and Social Engineering ...
+ 0 -

How we implemented the DLP-system in one international oil and gas holding company

At the dawn of my work in the field of information security, I happened to be able to participate in one very interesting project. It began with the fact that the security service of one of the largest private producers and suppliers of natural gas and oil in the CIS within the framework of an integrated approach to information security, it was decided to implement the DLP-system. Now this holding subordinates to the general tendencies of the Russian market has dissolved in the bowels of several state corporations, and I can tell you this story.
 
 
[h2] The purpose and objectives of the project ...[/h]
+ 0 -

Specter and Meltdown are no longer the most dangerous attacks on the Intel CPU. The researchers reported the vulnerability of Foreshadow

Specter and Meltdown are no longer the most dangerous attacks on the Intel CPU. The researchers reported the vulnerability of Foreshadow  
 
Earlier this year, the information space shocked the news about Specter and Meltdown - two vulnerabilities using speculative code execution to gain access to memory ( articles and translations on this topic on Habré: .3 , .1 , 3r3r???r3r3116., .3 , .4 , .5 , .6 , .7 , .8 And in search you can find a dozen other ). At about the same time...
+ 0 -

Attackers hacked thousands of D-link routers and redirected their owners to malicious resources

Attackers hacked thousands of D-link routers and redirected their owners to malicious resources A group of intruders for a long time exploited the vulnerability in a number of models of Dlink's routers. The found hole allows you to remotely change the settings of the DNS server of the router, in order to redirect the user of the device to a resource that was created by the attackers themselves. The further depends on the choice of cybercriminals themselves - they can kidnap victim accounts or offer services that look like a completely "white" service from the bank.
 
 
The vulnerability is relevant for such models as DLink DSL-2740R, DSL-2640B, DSL-2780B, DSL-2730B and DSL-526B. They rarely update...
+ 0 -

Show everything that is hidden: the fourth series and backstage IT sitcom from Cloud4Y

The fourth series of mini-sitcom about the struggle of the administrator, the IT manager, the general director on the battlefields with the world's cataclysms, checking bodies, razdolbaystvom and self-pride.
 
 

 
 
Exclusively for Habr users, we are laying out a backstage in which director Boris Kazantsev tells us about the process of filming.
 
 
The fourth series of mini-sitcom about the struggle of the administrator, the IT manager, the general director on the battlefields with the world's cataclysms, checking bodies, razdolbaystvom and self-pride.     Exclusively for Habr users, we are laying out a backstage in which director Boris Kazantsev tells us about the process of filming.   ...
+ 0 -

Asymmetric cryptography with a one-time secret key: description of the idea and possible application

Asymmetric cryptography with a one-time secret key: description of the idea and possible application  
(to understand what is said in this article, it is necessary and sufficient at least in general terms to imagine what is asymmetric cryptography and how the electronic signature works)
 
 
The script for using a one-time secret key is:
 
 
 
A key pair consisting of a secret key (secret key, SK) and an open (public key, PK) key is created.
 
A number of operations are performed using the secret key. The first of these, the creation of a public key, has already been completed in the first step.
 
At first glance, an antilogical action is performed - the secret key is destroyed without the possibility ...
+ 0 -

Security Week 30: Five paragraphs about Black Hat

Security Week 30: Five paragraphs about Black Hat Black Hat is a conference on information security, performed in the traditional for the industry genre "questions without answers." Every year in Las Vegas, experts are going to share their latest achievements, which cause insomnia and hand tremors in hardware manufacturers and software developers. And not that it was bad. On the contrary, to sharpen the art of finding problems, while being on the "bright side" - it's wonderful!
 
 
But there is still some internal conflict on Black Hat. It is impossible to repeat indefinitely that "everything is bad, bad, bad with security," without offering anything in return...
+ 0 -

The art of picking up other people's passwords

In the cult film of the beginning of the two thousandth Fish Sword, a talented hacker needs to pick up a password within one minute. In this he is helped by a friend who carefully keeps the gun at his temple and a temperamental blonde hiding under the table. What to do if there are no such friends nearby, and the password should be chosen? For example, during penetration testing
 
The art of picking up other people's passwords  
A small but important warning: if the approach proposed in the article is not used in the framework of security testing projects, then your actions can easily fall under Article 272 of the Criminal Code of the Russian Federation ...
+ 0 -

Bluetooth security by NIST

Currently, Bluetooth is experiencing a revival. This is facilitated by the development of IoT, the lack of an output for headphones in modern smartphones, as well as popular bluetooth speakers, wireless mice /keyboards, headsets and stuff. We decided to see what safety recommendations are presented in the NIST standard for Bluetooth.
 
 
Bluetooth security by NIST  
Why the "blue tooth"? The name Bluetooth came from the nickname of the King of the Vikings, Harald I of the Blue-tooth, who ruled in the 10th century by Denmark and part of Norway. During his reign, he united the hostile Danish tribes into a single kingdom. By analogy...
+ 0 -