For those who are in and around Waterloo, Ontario (in Canada), we have our CFP live! Even if you're not, feel free to look, we're just not offering travel assistance in our first year.
Two tracks, one business and one technical. If you're interested in speaking, take a look:
Tickets will be available soon for those interested in coming without speaking.
John's Infosec Blog - VulnHub Walkthrough - Kioptrix Level 1.1 (#2):
After decades of suffering through ipchains/iptables syntax, and seeing how easy fw and ufw made common firewall workflows, it's disappointing that the best Debian's iptables replacement can do is:
nft add rule inet filter input tcp dport 22 accept
When syntax for common workflows is complicated, you increase the chance the admin will make a mistake that exposes them to attackers. See S3 bucket permissions for more examples of this. #infosec #devops
The hiatus will be over shortly, just looking to book the next episode (#HackerSummerCamp can make things tricky) so I'm still around! Thanks everyone for your support.
For those interested in the tip jar, you can check out the homepage at (link: https://purplesquadsec.com) purplesquadsec.com (link at the top of the page) and there's a link at the end of the show notes for each episode. A *huge* thanks to everyone who subscribed and enjoy the show! Much appreciated!
Hi everyone! Just a few #podcast updates for those who may care.
1. I have moved off of a self-hosted Wordpress site to
2. I have cancelled my Patreon and refunded by patrons for August.
3. We have a new tip jar for the podcast instead.
The thinking was to streamline things a bit. Pinecast let me submit the show to
as well, so that's exciting! Plus there's a lot of resentment around Patreon, so I'm hoping the tip jar is more "palatable".
Oh! Looks like I can migrate my Podtrac config with my show. So no loss in stats. Sweet. Now I just need to migrate my signup bot to an AWS Lambda and I'll be good. No more servers for me to maintain, etc, and it should make post-production a bit easier (less things to upload in multiple places, etc.)
Started migrating my old podcast to #pinecast. Migration was easy, but the show notes didn't carry over automatically. Did the same with my main show as well, and I'll likely cut over tonight. Should be seamless. I'll be dropping Patreon as well in favour of the tip jar on #pinecast. Rates are much better (unlimited storage, unlimited shows, etc, for $5 / month). Stats look better as well. Pity I'll lose existing stats, but I'll live.
Queue the Spectre theme music, it's back with a vengeance! 👻
CVE-2019-1125 "SWAPGS" Is The Newest Spectre Vulnerability
New #VulnHub walkthrough - Kioptrix Level 1:
If you’re interested in helping out, I pay about $350/year to host infosec.exchange, not including my time. I have about $30/year in donations. You can donate here: https://liberapay.com/Infosec.exchange/
Note: don’t feel bad about not donating. The service will still be here. I am fortunate to be in a position to provide the service. But I get the angry stare from my wife now and then when she asks me about the charges 😂
New blog post: Password Cycling - What did we forget?
Folks it's really simple: I won't use an application that has this sort of backdoor. I won't buy a phone with this sort of backdoor.
You'll also find people like OpenWhisperSystems will simply not ever add it to Signal.
When end-to-end crypto is outlawed, I'll happily become a fugitive.
Everyone should read up on the original cypherpunks, because it looks like a new generation will be fighting the good fight.
Oh, and our CFP is open until August 15th! If you're close to the Waterloo area and want to join in on our inaugural security con, drop us a submission!
Early Bird Ticket Prices for CyberCityConf.io ends tomorrow! Grab your tickets today!
Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage