Unfortunately the combination of weak content management security combined with CoinHive have made it quite easy for attackers to embed cryptocurrency miners into webpages. Using obfuscated code, malware authors are able to insert javascript into pages that evade detection. Browser users can use addons that blacklist access to coinhive javascript libraries and the many duplicates […]
This is not a discussion about detecting if a TorHS website has WordPress installed, but rather about tricking attackers that scan your website into moving along, nothing interesting here. For starters, if you are running multiple onion websites on a single webserver (and my recommendation is that you do not do this, use one website […]
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 Hardware Security: Hard drives are encrypted with unique pass phrases Servers protected by pfSense hardware firewalls Operating Systems: Client OS: TAILS TAILS USBs are destroyed regularly with a grinder and ‘soaked’ Communications Security: All client contacts via encrypted and anomymous platforms ( see https://taipo.github.io/contact/ ) Information Security: Pass phrases […]
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 What is Jackhammer 1.2? Jackhammer 1.2 ( sometimes called Jackhammer 2.0 ) was developed in 2003 by Mike Parniak ( Archon ) from TheBlackHand / Cafe Counterintelligence in response to CCISecurity script he released that blocked attacks from Jackhammer 1.0 Jackhammer is a MS Windows only, layer 7 attack […]
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 If you are a journalist organisation with a central office situated in a country that respects the role of journalists, then you may quite comfortably run a SecureDrop or Globaleaks server within the offices of your organisation and depend on journalistic privilege preventing governments from entering your offices and […]
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 To begin, first read @yawnbox’s excellent piece on this. Choosing which secure source submission platform is right for you. I want to add some additional thoughts on the differences ( while hopefully not regurgitating too much of what has already been covered by @yawnbox ) SecureDrop SecureDrop in my […]
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 What I want to discuss here is the attack on the WhaleOil communications network which resulted in a large cache of emails and attachments becoming the centrepiece of Nicky Hager’s book Dirty Politics. I hope that you the readers, bloggers and users of online services will learn from the mistakes […]
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 Your number one priority in sharing truth is to preserve your anonymity. Highly secure platforms for secure disclosure of information like SecureDrop and GlobaLeaks go as far as technically possible to protect your identity and to protect the transfer and dissemination of your information to the world. However you […]
