Securely Access Your Desktop By NOT VPN’ing.

I have been thinking lately on how I can access my home desktop (don’t ask me why I wan’t to do this) or my router/firewall config (which is not directly accessible to internet.

On this article, let’s explore some ideas on how we can accomplish this without running a VPN server or subscribing to any third-party remote access services.

… stay tuned

 

ISC StormCast for Monday, January 16th 2017

By Johannes B. Ullrich, Ph.D. Backup Files Are Good if They are Outside Your Web Servers Document Root
https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/
Exploiting Apache Server Status
http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html
WhatsApp “Backdoor” Controversy
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Hardening Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
Injecting JavaScript Into PDFs
http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
More Here      

ISC StormCast for Friday, January 13th 2017

By Johannes B. Ullrich, Ph.D. System Resources Utilization Monitor #SRUM
https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/
Docker Fixes Privilege Escalation Vulnerability
http://seclists.org/fulldisclosure/2017/Jan/21
Taking Over Expired Name Servers
https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/
Updated Certificate Revocation Data
https://isc.sans.edu/crls.html
Shadow Broker Releasing More Tools and Going “Dark”
https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/
Extracting Fingerprints from Selfies
http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/
More Here      

ISC StormCast for Thursday, January 12th 2017

By Johannes B. Ullrich, Ph.D. Hancitor/Pny/Vawtrak installed by Malicious Word Document in Fake Parking Ticket E-Mail
https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/
Godaddy Revokes > 6,000 SSL Certs After Validation Bug
https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/
DVR Master Password List Leaked
https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/
Autofill Enables Information Leakage
https://github.com/anttiviljami/browser-autofill-phishing
More Here      

ISC StormCast for Wednesday, January 11th 2017

By Johannes B. Ullrich, Ph.D. Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/
Adobe Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/
Port 37777 “MapTable” Requests
https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/
CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit
http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
More Here      

ISC StormCast for Tuesday, January 10th 2017

By Johannes B. Ullrich, Ph.D. Damn Vulnerable Web Sockets (DVWS) Demonstrates WebSocket Vulnerabilities
https://github.com/interference-security/DVWS
St. Jude Medical Patches Vulnerable Cardiac Devices
https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/
Cracking Hashes of Passwords 12 Characters and Longer
http://www.netmux.com/blog/cracking-12-character-above-passwords
VNC Library Update
https://www.debian.org/security/2017/dsa-3753
More Here