The road to Hell is paved with somewhat inadequate conceptual foundations because frankly Hell has a flashy but shallow management style and doesn't invest enough in infrastructure.

~Open Source Security Tool of the Day~

Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes

github.com/heroku/terrier

Cloudfare has a nifty tool to check if DoH, DNSSEC, TLS 1.3, and ESNI are working at

cloudflare.com/ssl/encrypted-s

It seems to me, in a pedagogical sense, that the only means normal folks have to protect their digital communications cryptographically are at the Session or Application layers. Everything else is completely at the mercy of some downstream provider who probably can't be trusted.

If you can't trust the the hardware and firmware your hypervisors are running on, you can't trust your virtualized environments, no matter who is providing them.

"Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it."

schneier.com/blog/archives/202

Pay close attention to this MS Patch Tuesday cycle and make sure you update ASAP.

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

krebsonsecurity.com/2020/01/cr

I was very disappointed to see the results of a recent fediverse poll on vim vs emacs. 71% voted for vim, which means that 29% are either trolls are have closed head injuries...

There's a very cool exhibit at the Met right now that includes two 16-17th C encryption devices. The book-like device is surprisingly complex, the second uses a simple substitution system that translates letters into distances.

Shitrix: Hackers target unpatched Citrix systems over weekend.

Follow Citrix’s mitigation recommendations now to prevent the Shitrix from hitting the fan in your organisation.

grahamcluley.com/shitrix-unpat

~Open Source Security Tool of the Day~

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

github.com/threat9/routersploi

Hey Bruv, don't do the crime if you can't do the time.

What OPSEC? Member of “thedarkoverlord” allegedly used his personal details to set up hacking and extortion-related accounts.

databreaches.net/what-opsec-me

~Open Source Security Tool of the Day~

BLAKE3 is a cryptographic hash function that is:

Much faster than MD5, SHA-1, SHA-2, SHA-3, and BLAKE2.

Secure, unlike MD5 and SHA-1. And secure against length extension, unlike SHA-2.

Highly parallelizable across any number of threads and SIMD lanes, because it's a Merkle tree on the inside.

github.com/BLAKE3-team/BLAKE3/

Prince Harry and Meghan are my new privacy heroes for early 2020.

Seeing through the Sea

Why do all the pictures you take underwater look blandly blue-green? The answer has to do with how light travels through water. Derya Akkaynak , an oceangoing engineer, has figured out a way to recover the colorful brilliance of the deep.

scientificamerican.com/video/s

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.