Infosec Core Competencies

This is an interesting list, and I appreciate that it covers fairly broad areas of knowledge within the IT realm.

I also really appreciate #50. 😉

netmeister.org/blog/infosec-co

You're Probably Not Using the Web's Best Browser

With endless new customization options, like new email clients and a feed reader, Vivaldi 4.0 just got better.

wired.com/story/vivaldi-4-2021

Enjoy your anonymous crypto-investments.

Hunter Horsley, chief executive of cryptocurrency investment company Bitwise Asset Management, said "The public is slowly being shown, in case after case, that Bitcoin is good for law enforcement and bad for crime — the opposite of what many historically believed."

seattletimes.com/business/colo

I stumpled over ventoy.net on lemmy.ml/post/69937 posted by lemmy.ml/u/fittonia
It allows you to create a bootable usb stick with multiple operating systems by just copying the image files to the stick.

~Open Source Security Tool of the Day~

Firefox privacy, security and anti-fingerprinting: a comprehensive user.js template for configuration and hardening.

github.com/arkenfox/user.js/

daily reminder that brave shills are mere privacy larpers

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

alpaca-attack.com/

Employers better get used to a permanent hybrid work model.

It's going to be almost impossible to put the toothpaste back in the tube on this issue.

Work from home or a $30K raise? Employees said it wasn't even close.

bizjournals.com/bizjournals/ne

~Open Source Security Tool of the Day~

page-fetch is a tool for researchers that lets you:

- Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files
- Run arbitrary JavaScript on many web pages and see the returned values

github.com/detectify/page-fetc

Link shorteners: the long and short of why you shouldn't use them

The common misconceptions about link-shortening tools and some of the potential risks associated with using them.

gcs.civilservice.gov.uk/blog/l

@ScottMortimer
cybersecurity is complicated and costs money. lot of dreamers out there wants easy, cheesy, free IT an risks companies existence and also public safety. but people like us are running on their nervs becaue we do not say "yes it is ok what you do" :-) it needs some ceo's or Cio's in jail after something happens, then the others will start to think about it in deep. unsure we will see things working out that way.......

"Internet-exposed VMware vCenter servers"??? Are you f***ing kidding me? 😳

A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability.

bleepingcomputer.com/news/secu

SeKVM: Securing virtual machines in the cloud

"Nieh and Gu’s work is the first to verify a commodity system, specifically the widely-used KVM hypervisor, which is used to run virtual machines by cloud providers such as Amazon. They proved that SeKVM, which is KVM with some small changes, is secure and guarantees that virtual computers are isolated from one another"

helpnetsecurity.com/2021/05/31

A platform that allows you to automatically clean up your old posts from services like Twitter, Reddit, Facebook, Discord and more all in one place.

redact.dev

Windows Package Manager 1.0 | Windows Command Line

We started a journey to build a native package manager for Windows 10 when we announced the Windows Package Manager preview at Microsoft Build 2020. We released the project on GitHub as an open-source collaborative effort and the community engagement has been wonderful to experience!

devblogs.microsoft.com/command

Microsoft Build of OpenJDK

The Microsoft Build of OpenJDK is a new no-cost long-term supported distribution and Microsoft’s new way to collaborate and contribute to the Java ecosystem.

microsoft.com/openjdk

Show older

Scott Mortimer's choices:

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.