Oh, I am not a happy boy....

'Hell is coming': week-long heatwave begins across Europe

Temperatures could hit 40C from Spain to Switzerland, with authorities urging children and older people to stay indoors

theguardian.com/world/2019/jun

Pro tip: Monitor your LE certificates using Atom feeds:

Just subscribe to: crt.sh/atom?q=<domain you want to watch goes here>

And get all issued certificates for that domain right to your feed reader. Great and useful service with interesting results.

By the way, it might also be a good point to start using the `expect-ct` header:

scotthelme.co.uk/a-new-securit

#CertificateTransparency #infosec #monitoring #CA #certificates

Holy crap, this is a poorly written article! Why is so much of the information security journalism online of such low quality?
-
Confirmed: Nasa Has Been Hacked
news.ycombinator.com/item?id=2

Raspberry PI 4 Released - Complete specs and pricing - nixCraft

Raspberry Pi 4 released. It is a comprehensive upgrade to provide a PC-like performance with 4 core CPU+4GB ram running on forthcoming Debian Linux 10.

cyberciti.biz/linux-news/raspb

~Open Source Security Tool of the Day~

Easy files and payloads delivery over DNS

github.com/no0be/DNSlivery

Awesome YARA

A curated list of awesome YARA rules, tools, and resources. Inspired by awesome-python and awesome-php.

github.com/InQuest/awesome-yar

~Open Source Security Tool of the Day~

SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other.

spiderfoot.net

People who stop using @fedilab in favor of @Tusky because it can be used by "nazis", do you know Firefox can be use by them too? Or Ubuntu? Or anything else? 😱

This is becoming ridiculous.

@0xmrtn @jerry Yes, the same one. They currently have a test instance on develop(.)gab(.)com.

Fediverse ain't taking it. Tusky (a mobile client) now Rick-rolls people that try entering Gab as the instance name, Mastodon just released v2.9.1 which makes it possible to block all subdomains of a domain at once, and Pleroma devs try to keep everyone's heads cool in order to reach a better long term solution.

That's about all that's worth mentioning at the moment.

Termshark is a simple terminal user-interface for tshark. termshark.io/

@lx Same reason I stopped using Amaroq -- clients should be neutral, leave it up to the instance owners to block other instances.

I finally released : Pain-free Passwords 2.2.0! Get it here: pfp.works/

This is a major one, lots improvements here. The most noticeable one is the user interface, the tab strip on the left should make it much easier to navigate.

~Open Source Security Tool of the Day~

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will.

Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

Our toolkit can be used for network development and analysis, debugging, auditing or network reconnaissance.

netsniff-ng.org

facebook monopoly money 

~Open Source Security Tool of the Day~

mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols.

mitmproxy.org

Freaked out by hyperbolic "Security" media reports of the great SACK DoS Apocalypse?

Keep Calm and Ignore the Clickbait

But if you can't, simply:

Disable SACK processing (/proc/sys/net/ipv4/tcp_sack set to 0).

~Open Source Security Tool of the Day~

Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.

firejail.wordpress.com

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.