Comments

Source

Comments

Source

Thanks to user Arul, we can get a FAMP stack set up on FreeBSD 10.2, along with Mod Security.         +  FAMP Stack or FreeBSD with Apache, MariaDB and PHP is a group of opensource software to run application based on php to your browser. FAMP similiar with LAMP (Linux Apache MAriaDB/MySQL […]

The post How-To: FAMP Stack + Mod Security on FreeBSD 10.2 appeared first on FreeBSDNews.com.

Source

Comments

Source

Comments

Source

I got hit up on twitter and email about how to get started in security by someone.  The question was pretty generic and since I didn't even receive a thanks back from the guy I'm sharing it with everyone else/archiving it in case I'm asked again in the future.

The question:

I want to become proficient at pentesting on computers and phones. I have a running version of Kali Linux on my computer and am using the "Kali Linux Cookbook" as a reference. What book or online tutorials would you recommend for me to use in order to get better? 

A few things I think you should do to get started.

1. Get rid of Kali. It is a shortcut to learning to have all these tools already there.  You'll learn way more by figuring out what tool you need for a job/task (feel free to use the index of tools in Kali which is readily available) and installing the tool yourself.  Ubuntu is the most supported hacker tool wise but there are other distros. Pick whatever suits you.  Use a VM so you can undo stuff if you break your distro but that's pretty rare these days. Most things apt-get install or  compile from source on ubuntu without issues.


2. You are in luck these days as there are tons and tons of resources available to learn infosec.

-Books I'd start with ( buy or torrent depending on ability)

• The latest Hacking Exposed book. The methodology it teaches is still relevant today and its a 10,000 ft view of different hacking areas
• Pick a basics of pentesting book (or a few)  to start with I've stopped reading the basics books but any of them should wet your appetite.

Some examples (more netsec):

• Penetration Testing: A Hands-On Introduction to Hacking – by Georgia Weidman
• The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy –by Patrick Engebretson
• The Hacker Playbook - By Peter Kim (decent but more of an outline vs teaching)
• Metasploit: The Penetration Tester's Guide - by David Kennedy and Jim O'Gorman

Some examples (webappsec)

• Web Application Security, A Beginner's Guide - by Bryan Sullivan and Vincent Liu (read this, its decent)
• Hacking Exposed Web Applications (current version)
• Web Application Hackers Handbook (more advanced)

Some examples (social engineering)

• Social Engineering: The Art of Human Hacking
• Kevin Mitnicks books
• Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense -by Gavin Watson and Andrew Mason

Some examples (Physsec/redteam)

• Unauthorised Access: Physical Penetration Testing For IT Security Teams - by Wil Allsopp and Kevin Mitnick
• Practical Lock Picking, Second Edition: A Physical Penetration Tester's Training Guide - by Deviant Ollam

Lots more here, the list is a bit dated i'll try to update it this week but it IS sorted by category
http://astore.amazon.com/carnal0wnage-20

Exploit dev

• Tons and tons of books/resources.  Unless you are really really interested in writing exploits I wouldn't start here. Understanding the above will give you more opportunities for jobs in the business, writing exploits and automating tasks will come naturally as you progress

3.  Pick a scripting language to work on

• python is probably most supported/popular
• ruby is what metasploit is written in, so there is value in learning that
• javascipt/node.js will be useful going forward as well

4. Online CTFs

• Pretty good list here: http://captf.com/practice-ctf/
• Vulnhub for downloadable images to try  https://www.vulnhub.com/
• Search for downloadable vulnerable images to hack against herot, metasploitable, owasp broken apps

5. Training
Lots out there, plenty is torrentable or pay for it if you feel like it/can (you should if you can afford it -- those people work hard on it).  With the amount of resources you should be able to learn the basics without paying a dime and seek out mentors or ask questions over email/twitter for topics you are stuck on.


Second Question:

Also, what steps did you initially take to become proficient at computer security?

-I was a computer science major in college so I came out knowing some of the basics. My job in the military was communications and I ended up doing a lot of layer 2/layer 3 stuff along with MCSE type tasks.  Its going to be important for you to learn, if you don't already know, A+ type material and Network+/basic CCNA type materials.  Hacking is all about exploiting the mistakes someone made setting things up, abusing protocols, but a lot of finding/identifying/exploiting misconfigurations. This is a lot easier if you understand how to do these basic configurations.

Aside from that, start practicing, reading blogs/twitter, watching talks that interest you. I'd start with a basic ones but also stuff advanced/over your head. Getting your mind blown occasionally helps let you know there really is no limit to the stuff you can do, what you can learn, etc.  http://www.securitytube.net/ has pretty much everything and more content than you will ever be able to consume plus lots of free courses.


That's what I have for starters as you asked a pretty generic question, so hope that helps

Chris

Source

The security audit of the TrueCrypt code has been completed (see here for the first phase of the audit), and the results are good. Some issues were found, but nothing major.

From Matthew Green, who is leading the project:

The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

That doesn't mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to.

Nothing that would make me not use the program, though.

Slashdot thread.

Source

Comments

Source

Getting prepared for the chaos that is coming to America in the years ahead is not that complicated.  Help is out there – if you know where to look.  And it doesn’t have to be expensive either.  In this article, I have put together a list of 122 of the best prepper websites on the Internet that will teach you how to prep for free.  The great thing about the prepper community is that there are always highly skilled people that are willing to freely share their knowledge and experience with the general public.  As the publisher of The Economic Collapse Blog, I am constantly being asked about what people need to do in order to get prepared for the hard times that are coming to this country.  And when I am asked, I do my best to encourage people to build up their emergency funds, to store food and supplies, to put together bug out bags and to do everything that they can to become more independent of the system.  But sometimes people need a lot more than that.  Sometimes people need to have someone give them some real hands on practical advice about things like canning food or setting up home defense systems.  So in this article my goal is to connect you with some of the top experts from all over the nation for free.  I think that this list is going to be a great resource for people that they can reference again and again, so don’t forget to bookmark it.

And sadly, the truth of the matter is that most Americans are not prepared for much of anything at this point.  The following statistics come from a survey conducted by the Adelphi Center for Health Innovation.  As you can see, a substantial portion of the population is not even prepared for a basic emergency that would last for just a few days…

• 44 percent don’t have first-aid kits
• 48 percent lack emergency supplies
• 53 percent do not have a minimum three-day supply of nonperishable food and water at home
• 55 percent believe local authorities will come to their rescue if disaster strikes
• 52 percent have not designated a family meeting place if they are separated during an emergency
• 42 percent do not know the phone numbers of all of their immediate family members
• 21 percent don’t know if their workplace has an emergency preparedness plan
• 37 percent do not have a list of the drugs they are taking
• 52 percent do not have copies of health insurance documents

So needless to say, there is a great need to educate the general population about preparedness.

Before we get to the list, I want to explain a few things about it.

First of all, this is a list of sites that offer practical advice about prepping.  So I kept most websites that focus on the news off of it.  Perhaps in the future I will do a list of my favorite alternative news websites.  Some of my favorites include Infowars, Zero Hedge, WND, SteveQuayle.com, TruNews, and Raiders News Update.

I have also not included my websites The Economic Collapse Blog, End Of The American Dream and The Most Important News.

In addition, I have only included websites that offer information for free.  There are a lot of great companies out there that sell some really cool survival supplies, but the goal of this list is to help people find useful information that they can access without cost.

Finally, I want to make it clear that these websites are listed in no particular order.  Some of the best known prepper websites are toward the front of the list, and some of the newer ones are toward the end, but I do not want anyone to get offended if they are not as “high on the list” as they think they should be.  In this list, I have not attempted to assign a value to each site.  All of these sites have excellent information, and in fact some of the ones toward the end have some of the best hands on practical advice.

With that being said, the following are 122 of the best prepper websites on the Internet…

1. Survival Blog

2. American Preppers Network

3. SHTFPlan.com

4. The Survival Mom

5. Urban Survival

6. Natural News

7. Off Grid Survival

8. The Organic Prepper

9. Survival 4 Christians

10. Backdoor Survival

11. Preparedness Mama

12. The Prepper Journal

13. The Suburban Prepper

14. Modern Survival Online

15. Food Storage Moms

16. Off The Grid News

17. The Survivalist Blog

18. Prepper Website

19. AllOutdoor.com

20. Doom And Bloom

21. Prepared Christian

22. SHTFblog.com

23. Graywolf Survival

24. Provident Living Today

25. Home Ready Home

26. Survival Cache

27. Modern Survival Blog

28. Prepared Housewives

29. Rural Revolution

30. Preparedness Advice Blog

31. Food Storage And Survival

32. The Survival Podcast

33. Prep-Blog.com

34. Mom Prepares

35. Survival And Prosperity

36. Prepared For Survival

37. TEOTWAWKI Blog

38. The Apartment Prepper

39. Ask A Prepper

40. Preparing For SHTF

41. The Home For Survival

42. Mainstream Preppers

43. My Family Survival Plan

44. Prepography

45. Survival Life

46. Prepper Dashboard

47. SHTF School

48. The Survival Doctor

49. Canadian Preppers Network

50. Expert Prepper

51. Maximum Survival

52. Survivor Jane

53. More Than Just Surviving

54. LastOneAlive

55. SGTReport

56. On Point Preparedness

57. SHTF Wiki

58. Food Storage Made Easy

59. Prepper Forums

60. Survivalist Boards

61. Ready Nutrition

62. Tactical Intelligence

63. Family Survival Planning

64. The Prepared Ninja

65. Ed That Matters

66. Seasoned Citizen Prepper

67. The Neighbor Network

68. Mom With A Prep

69. Survival At Home

70. Patriot Rising

71. The Berkey Guy Blog

72. Your Preparedness Story

73. Survival Sherpa

74. Prepper Recon

75. Homestead Dreamer

76. The Doomsday Moose

77. All About Preppers

78. The Deliberate Agrarian

79. The Homestead Survival

80. Preparedness Advice Blog

81. The Daily Prep

82. Prepared Bloggers

83. Active Response Training

84. Survivalist Prepper

85. Mama Kautz

86. Happy Preppers

87. Tin Hat Ranch

88. Living Prepared

89. The Prepper Pages

90. Resilience

91. The Herbal Survivalist

92. The Preppers Life

93. Survive Hive

94. Prepper Resources

95. Omega Tactical And Survival

96. Freedom Preppers

97. Essential Survival

98. Prepared For That

99. Survivopedia

100. A Matter Of Preparedness

101. Practical Tactical

102. SHTF Dad

103. Prepper Ideas

104. Geek Prepper

105. The Poor Man’s Survival Blog

106. Prepper Chimp

107. FloridaHillbilly.com

108. Survival Prepper Joe

109. The Survival Place Blog

110. Rational Preparedness

111. Code Green Prep

112. Preppers Survive

113. Stealth Survival

114. Totally Ready

115. Preparedness Pro

116. The 7 P’s Blog

117. Preparing With Dave

118. Disaster Mom

119. Destiny Survival

120. Underground Medic

121. An American Homestead

122. Vigil Prudence

So what do you think?

Are there any other great prepper websites or blogs that were left off of this list?

Are there some sites on the list that you feel should not have made it?

Please feel free to share your thoughts by posting a comment below…

Source

If the catastrophe in Ukraine had not happened some other grounds would have been found to step up the policy of “containment” of our country. Washington forestalled the emergence in Western Europe of an autonomous grouping of states that could have competed with the United States. It should be recalled that the territory of the United States itself, which essentially established unilateral military control over the allies, is not included in NATO’s zone of responsibility.

Source