Search

Items tagged with: infosec

Dallin Crump
7 hours ago
Remote code execution vulnerability in VLC remains unpatched
https://www.zdnet.com/article/remote-code-execution-vulnerability-in-vlc-remains-unpatched/

The vulnerability is known to exist in the latest version of VLC on Windows, Linux, and Unix machines, but it is possible the bug is also present in past builds.

#privacy #security #vlc #vulnerability #infosec #unpatched #windows #linux #unix
Dallin Crump
9 hours ago
Windows 10 Privacy Warning As Edge Browser Data Issue Is Confirmed
https://www.forbes.com/sites/daveywinder/2019/07/23/windows-10-privacy-warning-as-edge-browser-data-issue-is-confirmed/

TL;DR - Edge tracks and sends full URLs, user IDs, and other private info to Microsoft. Don’t use it.

#privacy #security #infosec #Microsoft #browsers #tracking #surveillance #edgebrowser
thot crime
11 hours ago
I think #infosec is really important. I use #linux instead of #windows, I dumped #facebook years ago, I have a #yubikey to use for everything. The kind of #technology we have to keep us safe and secure now are immense.
That reminds me, I should get #alexa to order me another yubikey
A Cyber Expert
24 hours ago
Pretty sure that MitM stands for “Mary in the Middle”.

Mary … meddling with my messages.
---
RT @yawnbox@twitter.com
let’s change #infosec culture a little bit:

☑️ blacklist > block list
☑️ whitelist > allow list
☑️ Man in the Middle > Person in the Middle (see RFC 7858, it works)
https://twitter.com/yawnbox/status/1153406999301742592
Alexander Bochmann
1 day ago
Woah, #PaloAlto: Silently fixed a pre-authentication remote code execution vulnerability in their VPN portal a year ago, and did not notify their customer. Anyone who didn't update their PanOS during the past year is still vulnerable (CVE-2019-1579).

http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html

#infosec
Much like Twitter, I have changed my blog's look! Unlike Twitter, I think this one looks better! :-) But seriously, WTF Twitter?! I liked the old web interface a lot more. Oh well, I like the Fediverse much more in general, so they're just helping re-enforce that with me.

https://infosecjohn.blog/posts/a_new_look/

#infosec #blog #vanitypost #feedbackwelcome
infosec-handbook.eu
5 days ago
Reports about some ISPs of Kazakhstan forcing people to install root certificates, resulting in MITM attacks:

https://bugzilla.mozilla.org/show_bug.cgi?id=1567114

https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ

– people get SMS informing them about the need to install government-issued root certificates

#mozilla #kazakhstan #mitm #root #certificate #security #infosec #cybersecurity
Alien (A23P)
6 days ago


When 90%+ of both active enterprise and consumer computing products suffer single point failure vulnerabilities on a chipset level, vulnerabilities that grant the exploiter access to full system resources, security is rendered a joke.
We live in a joke security age.
The question isn't if systems are secure, the question is merely to what degree does a large adversary want to reveal their hand of penetration? The questions for the consumer public are simply to what degree are they aware of the existence of their exploiter and to what degree do they view them as a benign dictator.

The Internet Of Things is it's own governance and economic system in and of itself.
Old State Governments and Corporate Enterprise but facsimiles to it's New Order.
Voting publics need not apply.
Gig economy singin "Serfin USA" on global scale.
"In The Algos We Trust"
Image/photo

#Intel #ME #AMD #PSP #Chipset #IC #IOT #SurveillanceState #BehaviouralAnalytics #BehaviouralModification #AI #AreYouNotEntertained #Government #Security #NetSec #ITSec #InfoSec #Hacking #Anonymous #Psychology #NoMagic #KnowMagick #Fiat #Economics #Blockchain #Bitcoin #Ethereum #Bancor #BAKKT #Tezos #Libra #GMAFIA #GFAAM #Google #Facebook #WeChat #Alibaba #CorporateBonds #GovernmentBonds #UnderstandingArchitecture #DoNotObey #EMP #SinglePointFailure
Nono
6 days ago
Tiens tiens tiens, (enfin?) un malware qui cible les Desktop sous linux (Gnome). https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/ Intezer - EvilGnome: Rare Malware Spying on Desktop Users #infosec
Less than 30 days until the CFP closes! Have you submitted a talk yet?

https://www.cybercityconf.io/call-for-papers

#cybercitycon #infosec #cfp
infosec-handbook.eu
1 week ago
Due to feedback of our readers, we just published part 0 of our web server security series:

https://infosec-handbook.eu/blog/wss0-how-to-start/

This part covers important considerations before actually setting up your new server.

We also updated some other parts of this series to address the release of Debian 10 and current security recommendations. The series consists of 8 parts at the moment: https://infosec-handbook.eu/as-wss/

#webserversecurity #infosec #security #serversecurity
markush
2 weeks ago
You thought you know IPv4 addresses? Let me tell you something:

YOU PROBABLY DON'T!

RT @0xInfection@twitter.com

I learnt today that IP addresses can be shortened by dropping the zeroes.
Examples:
http://1.0.0.1http://1.1
http://192.168.0.1http://192.168.1
This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
#infosec #bugbounty #bugbountytip

🐦🔗: https://twitter.com/0xInfection/status/1148267196306427904
Image/photo
Garrett
2 weeks ago
Time for my #introduction I guess!

I’m a #gamedev and game designer working on a platform called It’s My Chance where we host weekly and monthly tournaments for real prizes like gift cards and game accessories and we gave away a TV last month and some hammocks. You can check it out at https://garrettmickley.com/imc

I talk about game design and development and marketing over at my website https://garrettmickley.com.

And my hobbies include #infosec, #privacy, and #music production.
Shawn Webb
2 weeks ago
Has anyone looked at replicating fingerprints based on stills from high quality streamed video, like that from Netflix?

#infosec #opsec
Shawn Webb
2 weeks ago
The UAF trigger was simple to develop, the research to find a way to exploit the vulnerability needed more effort. Reason for this seems to be the reasonable good engineering of the kernel code and [few]write-ups for #FreeBSD vulnerabilities.

https://secfault-security.com/blog/FreeBSD-SA-1902.fd.html

#infosec

(Some paraphrasing above)
I may as well quit my job because the most perfect #infosec video has already been made. https://www.youtube.com/watch?v=ToEiHXS2CmY
Shawn Webb
3 weeks ago
"Even if you mean well and have the best of intentions, they eat you
alive."

#FreeBSD #security #infosec

https://lists.freebsd.org/pipermail/freebsd-security/2019-July/010026.html
Christian Haselbach
3 weeks ago
Security is important to us, so we now require our employees to use a fifth auth factor, which is an interpretive dance of your choosing, to be changed every two months. #infosec #twofactorauth
Aussie Rockman
3 weeks ago
Combating Hackers With Free Password Managers. A guide to setting up a password manager to secure your life! https://link.medium.com/Vg02ZzGY2X
#infosec #security #hacker #password #pc #computersecurity
Shawn Webb
3 weeks ago
This time next month, you'll be able to `pkg install ghidra` on #HardenedBSD.

#Ghidra #infosec
Aussie Rockman
3 weeks ago
Uh oh. Yubico enterprise level keys vulnerable due to less-than-ideal randomness on first power up. #infosec #security
https://www.yubico.com/support/security-advisories/ysa-2019-02/
infosec-handbook.eu
3 weeks ago
GnuPG — "SKS Keyserver Network Under Attack":

https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

"If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation."

"High-risk users should stop using the keyserver network immediately."

#gnupg #gpg #keyserver #infosec #security #cybersecurity
Aussie Rockman
3 weeks ago
Obtaining and cracking Microsoft Windows login passwords (NTLMv2 hashes) has never been easier. https://link.medium.com/WbPXZJz3VX
#infosec #Computers #security #password #microsoft #windows #Hacker
Aussie Rockman
4 weeks ago
When you get your PC back from customs after shipping it to China 😂 #infosec
Image/photo
Tinker
4 weeks ago
For your commute:

Spoke at @Layer8Conf about breaking into a building & a server room all w/out using lockpicks or badge cloners.

Gave takeaways for attackers & defenders.

Audio is complete, don’t need to view the slides. Can listen to like a podcast.

#SocEng #PhysSec #InfoSec #Burglaring

https://www.youtube.com/watch?v=aPUKznP9FkA
Shawn Webb
4 weeks ago
It's always an honor to converse with the #EmeraldOnion folks. Intelligent people accomplishing incredible goals and milestones efficiently and with an eye towards a single goal: enhance and secure critical human rights infrastructure.

#infosec #privacy #tor #HumanRights
packetcat
4 weeks ago
WireGuard on Windows early preview by Jim Salter

"WireGuard for Windows is still in pre-alpha, but it's looking very good."

https://arstechnica.com/information-technology/2019/06/taking-a-spin-on-wireguards-windows-pre-alpha/

👀

#infosec
Shawn Webb
4 weeks ago
"The Ethernet controller on the main SoC is connected to an external Broadcom PHY over a dedicated RGMII link, providing full throughput."

^ A Raspberry Pi (RPI4) worthy of #OPNsense.

https://www.raspberrypi.org/blog/raspberry-pi-4-on-sale-now-from-35/

#networking #infosec
1 month ago
The fine folks over at the Cybersec Lounge uploaded the AMA where I interview @thegibson.

Lots of great knowledge and wisdom from an #Infosec professional.

https://open.spotify.com/episode/2rWYR8jS7ZcF43UaWWxVmN?si=t_J0eBtCRUihKGpZIbiQyQ
Chris M
1 month ago
I suppose I am due for #introductions. Thanks to the undisputable lord mayor of this instance @thegibson for allowing me in this lovely instance. I am an #IT #informationTechnology professional who has a hankering for #infosec (would love to work in it some day.) Decentralization and federation like mastodon and the greater fediverse offer is incredibly intriguing to me and I look forward to being a part of it moving forward. Cheers!
The_Gibson
1 month ago
Audio AMA with THE_Gibson on Discord starts in 5 minutes.

Interview by @ryen

My advice for N00bs and old guys.

https://discord.gg/9ZyZK8

#infosec
Shawn Webb
1 month ago
Chilling at Unallocated Space, a #hackerspace in the greater Baltimore area, fixing a merge conflict in #HardenedBSD 13-CURRENT (the PROT_MAX change from upstream #FreeBSD) while watching some dude present on #DFIR.

#infosec
infosec-handbook.eu
1 month ago
Mozilla releases emergency update for critical security vulnerability in Firefox :firefox: :

https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/

– Firefox and Firefox ESR are affected by an exploitable crash
– update to FF 67.0.3 and/or FF ESR 60.7.1
– attackers are already exploiting the vulnerability, known as CVE-2019-11707

#firefox #firefoxesr #mozilla #vulnerability #update #security #infosec #cybersecurity
Tarik
1 month ago
Researcher leaked over 7k transactions scraped from Venmo public APISecurity Affairs https://securityaffairs.co/wordpress/87259/digital-id/venmo-privacy-transactions.html #infosec
Shawn Webb
1 month ago
Has anyone looked into automatically and programmatically attempting to identify sensitive information within a #Google #StreetMaps image?

For example, look for computer equipment, terminals, personnel, etc. even within buildings with one-sided windows.

#Privacy #OSINT #OPSEC #infosec
Image/photo
Inn of the Last Home
silverwizard
1 month ago from ZoobopDeDoDop!
Key to this is that it was a subcontractor that was storing sensitive gov't data on their own servers—which they weren't supposed to be doing.

https://www.pcmag.com/news/368904/hackers-hit-us-customs-to-steal-travelers-photos-license-i
#infosec
By the gods it happened again! Many thanks to @tinker for joining me for another set of stories! Oh, and I finally got to hear how he managed to get that DC that we were all curious about. ;-) #infosec #podcast #tinkerunchained
Gonçalo Valério
2 months ago
"Disclosing TOR users' real IP address through 301 HTTP Redirect Cache Poisoning"

https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/

🤔

#security #tor #infosec
🍅 Craig
2 months ago
Just watched a video about how to fingerprint SSH clients and servers, even when they lie!

It seems most software has a particular way listing its negotiated parameters

#infosec

https://youtu.be/vgxWMXyaMQI
Tarik
2 months ago
In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - The New York Times https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html #infosec
Later posts Earlier posts