TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ "The Medieval Origins of Mass Surveillance"

Reverse Engineering schneier.com

This interesting article by medieval historian Amanda Power traces our culture's relationship with the concept of mass surveillance from the medieval characterization of the Christian god and how piety was policed by the church: What is all this but a fundamental trust in the experience of being watched? One must wonder about the subtle, unspoken fear of the consequences of......


Kompletten Artikel lesen (externe Quelle: https://www.schneier.com/blog/archives/2015/12/the_medieval_or.html)

Zur Startseite

Kommentiere zu "The Medieval Origins of Mass Surveillance"






➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

RedWarden - Flexible CobaltStrike Malleable Redirector

vom 726.49 Punkte
RedWarden - Flexible CobaltStrike Malleable Redirector(previously known as proxy2's malleable_redirector plugin) Let's raise the bar in C2 redirectors IR resiliency, shall we? Red Teaming business has seen several different great ideas on how to combat incident responders and misdirect them while offering resistant C2 redirectors network at the same time. Thi

Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config

vom 565.05 Punkte
MotivationThere are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure. But nobody likes checking configs manually. So let the compute

Automattic: [intensedebate.com] SQL Injection Time Based On /js/commentAction/

vom 513.68 Punkte
[intensedebate.com] SQLi Time Based On /js/commentAction/ Summary: Hello, I have found a SQLI Injection Time Based on /js/commentAction/. When a user want to submit/reply to a comment, a JSON payload was send by a GET request. GET /js/commentAction/?data

HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted

vom 480.66 Punkte
Hi team, I don't know your policy about pentesters(about their visibility on the platform), But I couldn't find any other pentesters before. 1) For example: GraphQL has the h1_pentester attribute that would explicitly point us to th

h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mårten Mickos pay poor hackers

vom 366.92 Punkte
Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped Mårten Mickos pay the poor hackers who had been waiting so long fo

Keybase: SOP bypass using browser cache

vom 344.9 Punkte
Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker'

NordVPN: Disclosure of User Information

vom 300.87 Punkte
Hi Team, We can get information about the users registered (such as: id, name, login name, etc.) and employees of NordVPN without authentication on https://www.nordvpn.com Vulnerable URL: https://nordvpn.com/wp-json/wp/v2/users/ Vulnerable URL: https://nordvpn.com/?rest

Apple presents the best of 2018

vom 293.53 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is

Apple presents the best of 2018

vom 293.53 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is

CS Money: ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)

vom 286.19 Punkte
Summary: The endpoint /graphql has a vulnerable query operation named &quot;search&quot;, that can I send a Regex malformed parameter, in order to trick the original regular expression to a regex bomb expression. Payload with a &quot;com

Agoric: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS

vom 282.53 Punkte
Summary: Improper Input Validation allows an attacker to &quot;double spend&quot; or &quot;respend&quot;, violating the integrity of the message command history or causing DoS Steps To Reproduce: I was curling random integers and found

HackerOne: Unauthorized user can obtain `report_sources` attribute through Team GraphQL object

vom 271.52 Punkte
Summary: Hi team. And Happy New Year! Description: If I am not mistaken, then through this parameter we can define private programs with an external link. If this parameter is not empty, then the program is private. - [&quot;HackerOne Platform&qu