Downgrade attack on TLS 1.3 and vulnerabilities in major TLS libraries:
– the attack leverages a side-channel leak via cache access timings (in OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS)
– it affects all TLS versions, including TLS 1.3
– one requirement for the attack are RSA key exchanges
The hardest part of using PGP, key management, doesn't scale well in large organizations. We solved this problem at First Look Media (where there are over 200 PGP users) with GPG Sync. We maintain a keylist, and everyone subscribes to it, so everyone has the latest public key for everyone else.
I'm excited to announce that we've submitted a draft RFC that will turn GPG Sync into an internet standard!
Check this out: https://tech.firstlook.media/keylist-rfc-explainer
Former #Diaspora user. Hopefuly this thing wont be shut down and lost like the last Diaspora pod I had an account in.
I' m a #Linux user and #OpenSource software fun. I run #Debian on my computers and servers, #GNOME is my DE of choice.
I play #FlightGear #FlightSimulator #Minetest #OpenWorld #VoxelGame and visit #OSGrid #OpenSim OpenSource #SecondLife
How are you today!?
I've recently seen plenty of Linux gamers get excited about DXVK and it is an interesting technology. However, you should remember that buying Windows games to play with it doesn't really help Linux gaming. "No Tux No Bux" is still the most reliable way to support the platform and make sure it develops on all levels.
Pro tip: it's okay to cut toxic assholes out of your project.
No one in the world is so uniquely skilled that someone else can't do the same work, and "but they're working for free" isn't a meaningful argument when there are people desperate to get into open-source coding who'd gladly do the same.
Tinkering around with some #malware at a client's today. Something they've been battling with for a while. I was thinking of doing a talk at @dallas_hackers but I think somebody covered almost exactly the same thing last night. PowerShell running PowerShell decoding base64 encoded DLLs and injecting into memory. #infosec
Absolute Scrub & Perpetual Noob
A Mastodon instance for info/cyber security-minded people.