-
http://unaaldia.hispasec.com/2013/04/una-demanda-contra-la-politica-de.html
libro para aprender a trastear cifrado y criptografía con python
http://inventwithpython.com/blog/2013...g-secret-ciphers-with-python-released
si puedes y valoras tu seguridad activa la verificación en dos paso
http://www.error500.net/crackear-cont...rackear-contrasenas-no-es-tan-dificil
However, given the huge number of TLS sessions required, The Register's provocative URL theregister.co.uk/tls_broken might be going a bit far.
Initiating 232 (4 billion), or even 228 (260 million), TLS sessions, and then sniffing and post-processing the results to extract a session cookie is unlikely to be a practicable attack any time soon.
If nothing else, the validity of the session cookie might reasonably be expected to be shorter than the time taken to provoke hundreds of millions of redundant TSL connections.
On the other hand, the advice to avoid RC4 altogether because of its not-so-random PRNG can't be written off as needlessly conservative.
If you can, ditch RC4 from the set of symmetric ciphers your web browser is willing to use, and your web servers to accept.
Go for AES-GCM instead.
http://nakedsecurity.sophos.com/2013/03/16/has-https-finally-been-cracked
ResultSource's principal, Kevin Small, declined requests for an interview. On its website, the company outlines its ambitions: "'We create campaigns that reach a specific goal, like: "On the bestsellers list," or "100,000 copies sold.'"
Precisely how it goes about that is unclear, though, and there is discomfort among some in the publishing industry who worry that preorders are being corralled and bulk purchases are being made to appear like single sales to qualify for inclusion in best-seller lists, which normally wouldn't count such sales.
http://online.wsj.com/article/SB10001...27887323864304578316143623600544.html
el concurso anual de asaltar navegadores usando páginas web ya da sus frutos: firefox y chrome son ya algo más seguros... los usuariosd e ie no han tenido tanta suerte
http://feedproxy.google.com/~r/nakedsecurity/~3/Au2lTCI9nU4
Google Docs is being used for phishing. Oxford University felt that it had to block the service because Google isn't responding to takedown requests quickly enough. Think about this in light of my essay on feudal security. Oxford University has to trust that Google will act in its best interest, and has no other option if it doesn't.
http://www.schneier.com/blog/archives/2013/03/oxford_universi.html
La manera más sencilla de hackearlo (y no es sencillo, claro) es rollo «te robo el Oscar», que una vez tomada una decisión y hubiera un «elegido» saliera el cardenal y dijera el nombre de otro… Imagina el escándalo si tiene que salir otro a desdecir al cardenal. ¿Lo harían? Tengo mis dudas :)
http://lavigilanta.info/wordpress/?p=2262#comment-12276
Por el hecho de que la especificación recomienda pero no fuerza, es posible ocupar todo el disco duro del visitante con LocalStorage
http://nakedsecurity.sophos.com/2013/...f-a-website-grabs-all-your-disk-space
-
http://mbpfernand0.wordpress.com/2012/10/05/falla-el-modelado-de-amenazas
