SOLDIERX.COM Nobody Can Stop Information Insemination

Hello.
In a network (Windows or Linux) How can I understand which computer spread malware in my network?

Thank you

Hello.
With email Tracker programs can a hacker find the IP address of email sender?
For example, Your IP address is 192.168.1.1 and you sent an email via Gmail then receiver can find your IP address via examine the header of email and etc? If I use Tor for open my Gmail and send email then ?

Thank you.

dos anyone have a link to a super sweet anti-virus software??

There is always some kind of mixed reaction on this topic on what should be blocked and what shouldn't be. I have a question though since a lot of you have firewalls eithor on your systems or networks to block certain attacks or traffic. What are you blocked? Besides IP's what kind of rules do you implement on your firewalls?

So my work is looking to modify how we manage our passwords. We've got dozens of passwords for multiple systems and applications currently held in an Excel file inside a Truecrypt archive which can be accessed and updated by ~10 people. That part I think works well enough to keep, the thing that I'd like to see change is how that archive is stored. Right now we've got an SVN set up to control access, but when we have to update passwords, there's a lot of trouble making sure it gets properly checked in because it doesn't recognize any changes in the Truecrypt archive. So human nature what it is, it doesn't always get updated with every new password, or people update and end up removing changes from another person, which has caused some frustration.

So I was wondering if anyone had any suggestions or personal experience for another solution to store the Truecrypt archive other than SVN. Ideally, I'd be looking for something that would be available across our network locally, encrypted, and since I feel like this is a safe place and I can share my dreams, MFA.

I just don't know enough about this subject, and most solutions I've been able to Google are either a safe (which I'd like to avoid), wouldn't allow it to be stored in the Truecrypt archive, or would be available everywhere and wouldn't be stored locally. I don't know if I'm asking for too much, just wondering what other people's experience with this sort of thing is.

I am a new member and found SoliderX though Defcon 22 videos. I figured who else would be better to answer this question than you guys.

I am looking to store some personal files on a Dropbox-like system and knowing Dropbox isn't secure I found Spider Oak. Any Opinions? I don't know want to set up my own ftp server for this purpose and I want drag and drop features of spider oak / Dropbox.

-Peppah

So I've been getting all sorts of dug in deep with Android development and as I've been herp derping along I've noticed a stunning lack of concern for security. Then, I took a mobile security course and realized that security for mobile devices isn't hard, it's just that no one is doing it in any serious manner.

Even if you go to the home of all things open-source Android (XDA-Developers) you'll see that developers are racing along building cool new features and apps without much thought being put into "Is this secure?"

That said, I'm curious to know how many people (if any) within the SX community are interested in mobile security? By mobile security I mean (specifically) Android security. iOS is cool and flashy and popular, but it's also not free in any sense of the word. Windows phone is considerably more accessible but is closed source and not-free. BlackBerry is on it's death throes and thus should really just be ignored.

Android is open-source, free, has lots of development tools, has a huge, active, online development community at XDA-developers and its pretty simple to spin your own ROM.

To get an idea of what I'm thinking of when it comes to Android security:
1. Pentesting ROM like BackTrack but for Android phones that is actually optimized for mobile pentesting (isn't just BackTrack ported to Android).
2. Secure ROM that includes built-in security features and security design to counter a lot of the security issues that might exists in vanilla android.
3. Other Stuff

Again, at this point I'm still doing the whole school thing so my time is minimal, but as I near graduating I think it'd be cool to have some projects dedicated towards closing the security gaps that are out there in Android.

Are others interested as well? Or is it just me?

After searching a few sites and getting some really badly made practice test (some missing answers at all or even the choice of one). I was wondering if anyone here had a good site or book I should pick up to cram for the Security+ test.

http://seclists.org/fulldisclosure/2013/Jul/172

For those who consider this TL;DR I will summarize this. Java added the new Reflection API and has a vulnerability that allows for a decade plus old attack to be used against it. Oracle has talked about security in Java being important, but this recent discovery shows in my mind how truly full of shit they have been about this.

Hi,
are there any guesses on breaking Two Factor Authentication?
The only attack point i considered till now was a csrf changing the second factor device. Btw, are there sms inbox accounts on the net?

Is tfa simply making xss-cookie stealers more complex so that they all have to do an csrf from now?

greetz sf0x