OWASP Cheat Sheet Series
~Open Source Security Tool of the Day~
Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured.
Keybase now allows users to block spammers and unwanted followers.
However, they don't just stop there.
"As a bonus, their profile pic will get covered in Poo."
Now THAT'S added value, folks.
Open Reference Architecture for Security and Privacy
https://security-and-privacy-reference-architecture.readthedocs.io/en/latest/
Fox News Is Now a Threat to National Security
The network’s furthering of lies from foreign adversaries and flagrant disregard for the truth have gotten downright dangerous.
https://www.wired.com/story/fox-news-is-now-a-threat-to-national-security/
Lately I am having a lot of crashes with #fedilab. Anyone having similar problems?
Don't use super cheap VPS providers.
« Good quantitative analysis of performance of DNS over UDP, DoT, and DoH from @timmboettger et al. Without the overhead of the HTTPs stack, DoT is consistently fastest, though serialization of answers hurts in high-jitter environments.
https://blog.apnic.net/2019/12/06/is-new-always-better-udp-vs-doh/ »
— Retweet https://twitter.com/woodyatpch/status/1202722685773664256
Marketing propaganda vs. Reality.
Even if you secure a communication channel by trusting users and devices and roles, it's still a...
Virtual. Private. Network.
I hate semantic shenanigans
https://www.networkworld.com/article/3487720/the-vpn-is-dying-long-live-zero-trust.html
CrackQ: Efficient password cracking for pentesters and red teamers
CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers.
https://www.helpnetsecurity.com/2019/12/04/password-cracking-pentesters/
Malicious Python libraries stealing OpenPGP and SSH keys:
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.
Android Ups the Mobile Security Ante with Default TLS Encryption
More than 90 percent of Android apps running on the latest OS encrypt their traffic by default.
https://threatpost.com/android-mobile-security-tls-encryption/150760/
~Open Source Security Tool of the Day~
nginx_waf - WAF written in lua for NGINX http server
The AWS Incident Response Guide
Information Security geek, Old School RPG nerd, and wannabe fiction writer.