~Open Source Security Tool of the Day~

Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured.

github.com/obsidianforensics/u

Keybase now allows users to block spammers and unwanted followers.

However, they don't just stop there.

"As a bonus, their profile pic will get covered in Poo."

Now THAT'S added value, folks.

keybase.io/blog/dealing-with-s

Nothing more annoying than smarmy iPhone fanboyz slagging on Android. Apple needs to market iSmarm (tm) and sell it in their overpriced boutiques.

Is anyone still using keybase to communicate? I am trying to find out if it is still worth pursuing as a comms platform.

Fox News Is Now a Threat to National Security

The network’s furthering of lies from foreign adversaries and flagrant disregard for the truth have gotten downright dangerous.

wired.com/story/fox-news-is-no

Lately I am having a lot of crashes with . Anyone having similar problems?

« Good quantitative analysis of performance of DNS over UDP, DoT, and DoH from @timmboettger et al. Without the overhead of the HTTPs stack, DoT is consistently fastest, though serialization of answers hurts in high-jitter environments.

blog.apnic.net/2019/12/06/is-n »

— Retweet twitter.com/woodyatpch/status/

That being said, having trusted endpoints is a huge area of modern IT that is poorly dealt with at the moment. It's just a whole lot more than this buzz-wordy, vendor-driven article even begins to deal with.

Marketing propaganda vs. Reality.

Even if you secure a communication channel by trusting users and devices and roles, it's still a...

Virtual. Private. Network.

I hate semantic shenanigans

networkworld.com/article/34877

CrackQ: Efficient password cracking for pentesters and red teamers

CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers.

helpnetsecurity.com/2019/12/04

Why is it that the only person I see with a Ring doorbell camera is that sad skinny guy on TV who chases away a couple of actors who look like thieves from some crappy "Home Alone" sequel?

Malicious Python libraries stealing OpenPGP and SSH keys:

zdnet.com/article/two-maliciou

– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.

#python #malware #pypi #infosec #security #cybersecurity

Android Ups the Mobile Security Ante with Default TLS Encryption

More than 90 percent of Android apps running on the latest OS encrypt their traffic by default.

threatpost.com/android-mobile-

~Open Source Security Tool of the Day~

nginx_waf - WAF written in lua for NGINX http server

github.com/diego-treitos/nginx

PSA for frontend devs:
Do not block pasting in password or other input fields!

Sincerely,
Everyone that uses a password manager

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.