Scott Mortimer @ScottMortimer@infosec.exchange
- Keybase
- scottmortimer
- All About Me
- https://scott.mortimer.name
- Keybase
- https://keybase.io/scottmortimer
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
ShellCheck finds bugs in your shell scripts
Scott Mortimer
boosted
The road to Hell is paved with somewhat inadequate conceptual foundations because frankly Hell has a flashy but shallow management style and doesn't invest enough in infrastructure.
~Open Source Security Tool of the Day~
Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes
Cloudfare has a nifty tool to check if DoH, DNSSEC, TLS 1.3, and ESNI are working at
It seems to me, in a pedagogical sense, that the only means normal folks have to protect their digital communications cryptographically are at the Session or Application layers. Everything else is completely at the mercy of some downstream provider who probably can't be trusted.
If you can't trust the the hardware and firmware your hypervisors are running on, you can't trust your virtualized environments, no matter who is providing them.
"Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it."
https://www.schneier.com/blog/archives/2020/01/china_isnt_the_.html
Pay close attention to this MS Patch Tuesday cycle and make sure you update ASAP.
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
NoPasswordLogin | The First Passwordless As A Service (PWAAS)
Scott Mortimer
boosted
I was very disappointed to see the results of a recent fediverse poll on vim vs emacs. 71% voted for vim, which means that 29% are either trolls are have closed head injuries...
Scott Mortimer
boosted
Scott Mortimer
boosted
Shitrix: Hackers target unpatched Citrix systems over weekend.
Follow Citrix’s mitigation recommendations now to prevent the Shitrix from hitting the fan in your organisation.
https://www.grahamcluley.com/shitrix-unpatched-citrix-vulnerability/
~Open Source Security Tool of the Day~
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.
https://github.com/threat9/routersploit/blob/master/README.md
Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers
Is SMS 2FA Secure? NO!
Hey Bruv, don't do the crime if you can't do the time.
What OPSEC? Member of “thedarkoverlord” allegedly used his personal details to set up hacking and extortion-related accounts.
~Open Source Security Tool of the Day~
BLAKE3 is a cryptographic hash function that is:
Much faster than MD5, SHA-1, SHA-2, SHA-3, and BLAKE2.
Secure, unlike MD5 and SHA-1. And secure against length extension, unlike SHA-2.
Highly parallelizable across any number of threads and SIMD lanes, because it's a Merkle tree on the inside.
Prince Harry and Meghan are my new privacy heroes for early 2020. #screwthemediamachine
Scott Mortimer
boosted
Seeing through the Sea
Why do all the pictures you take underwater look blandly blue-green? The answer has to do with how light travels through water. Derya Akkaynak , an oceangoing engineer, has figured out a way to recover the colorful brilliance of the deep.
https://www.scientificamerican.com/video/seeing-through-the-sea/
- Keybase
- scottmortimer
- All About Me
- https://scott.mortimer.name
- Keybase
- https://keybase.io/scottmortimer
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
