~Open Source Security Tool of the Day~

A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy can use this data to intelligently find vulnerable instances of XSS, especially with web applications that use lots of JavaScript.

github.com/nccgroup/tracy

Hey there everyone...we're back from the Oversubscribed Cloud Limbo


(it's dorky, but the best that I can come up with on a Thursday)

Ouch

Baltimore students told to ditch Windows PCs after ransomware attack

Baltimore County Public Schools (BCPS) urged students and staff to stop using their school-issued Windows computers and only use Chromebooks and Google accounts following a ransomware attack that hit the district's network last Wednesday.

bleepingcomputer.com/news/secu

"Perfect forward secrecy is useless, it's important to note, if users don't delete their messages periodically. If someone's phone is seized or stolen with all their messages still intact, they'll be just as visible to whoever has the phone in hand as they were to the original owner."

Show thread

It's all about the Perfect Forward Secrecy.

What Is the Signal Encryption Protocol?

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

wired.com/story/signal-encrypt

kmcquade/awesome-azure-security

A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources. - kmcquade/awesome-azure-security

github.com/kmcquade/awesome-az

Very cool -- teddit.net is a new privacy-friendly Reddit frontend, similar to Invidious / YouTube, Bibliogram / Instagram, and Nitter / Twitter.

Source code: codeberg.org/teddit/teddit

- No JavaScript or ads
- All requests go through the backend, client never talks to Reddit
- Prevents Reddit from tracking your IP or JavaScript fingerprint
- Lightweight (teddit frontpage: ~30 HTTP requests with ~270 KB of data downloaded vs. Reddit frontpage: ~190 requests with ~24 MB)

#Privacy

I don't want to get into a divisive political discussion, but what you see happening in the U.S. right now could be what's happening in your nation soon. Stay Vigilant .

schneier.com/blog/archives/202

"Apple may run Linux in their cloud, but their laptops don't ;("

Linus Torvalds would like to use an M1 Mac for Linux, but....

Yes, Torvalds said he'd love to have one of the new M1-powered Apple laptops, but it won't run Linux and, in an exclusive interview he explains why getting Linux to run well on it isn't worth the trouble.

zdnet.com/article/linus-torval

New browser; old problems

Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn

Edge users take to social media to report their Web searches are being hijacked.

arstechnica.com/gadgets/2020/1

Introducing another free CA as an alternative to Let's Encrypt

Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation for a long time, but I'm glad to say that the ecosystem is changing. It's always a good idea to have another

scotthelme.co.uk/introducing-a

Want to Encrypt All The Things? Firefox has you covered with HTTPS-Only Mode!

We are currently powering towards an encrypted Web and in recent years we've made tremendous progress on that journey. In the latest version of Firefox, a browser that's been at the forefront of the drive towards more encryption, we get a new "HTTPS-Only Mode" Goodbye plaintext trafficIf you're a security

scotthelme.co.uk/firefox-https

Odd. I am suddenly getting follow requests from AltRight accounts. Is their a vaccine to prevent that? 🤔

If you use 3rd party network filters (like VPN clients or firewalls) on macOS, hold off on Big Sur. Pretty big hole that Apple's apps use and malware can use to bypass such tools using the new network filter system.

thenextweb.com/plugged/2020/11

HT @lrvick & @TheGibson

Show more

Scott Mortimer's choices:

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.