Scott Mortimer @ScottMortimer@infosec.exchange
- Keybase
- scottmortimer
- All About Me
- https://scott.mortimer.name
- Keybase
- https://keybase.io/scottmortimer
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
OWASP Cheat Sheet Series
~Open Source Security Tool of the Day~
Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured.
Keybase now allows users to block spammers and unwanted followers.
However, they don't just stop there.
"As a bonus, their profile pic will get covered in Poo."
Now THAT'S added value, folks.
Nothing more annoying than smarmy iPhone fanboyz slagging on Android. Apple needs to market iSmarm (tm) and sell it in their overpriced boutiques.
Is anyone still using keybase to communicate? I am trying to find out if it is still worth pursuing as a comms platform.
Open Reference Architecture for Security and Privacy
https://security-and-privacy-reference-architecture.readthedocs.io/en/latest/
Fox News Is Now a Threat to National Security
The network’s furthering of lies from foreign adversaries and flagrant disregard for the truth have gotten downright dangerous.
https://www.wired.com/story/fox-news-is-now-a-threat-to-national-security/
Lately I am having a lot of crashes with #fedilab. Anyone having similar problems?
Scott Mortimer
boosted
« Good quantitative analysis of performance of DNS over UDP, DoT, and DoH from @timmboettger et al. Without the overhead of the HTTPs stack, DoT is consistently fastest, though serialization of answers hurts in high-jitter environments.
https://blog.apnic.net/2019/12/06/is-new-always-better-udp-vs-doh/ »
— Retweet https://twitter.com/woodyatpch/status/1202722685773664256
That being said, having trusted endpoints is a huge area of modern IT that is poorly dealt with at the moment. It's just a whole lot more than this buzz-wordy, vendor-driven article even begins to deal with.
Marketing propaganda vs. Reality.
Even if you secure a communication channel by trusting users and devices and roles, it's still a...
Virtual. Private. Network.
I hate semantic shenanigans
https://www.networkworld.com/article/3487720/the-vpn-is-dying-long-live-zero-trust.html
CrackQ: Efficient password cracking for pentesters and red teamers
CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers.
https://www.helpnetsecurity.com/2019/12/04/password-cracking-pentesters/
Why is it that the only person I see with a Ring doorbell camera is that sad skinny guy on TV who chases away a couple of actors who look like thieves from some crappy "Home Alone" sequel?
Scott Mortimer
boosted
Malicious Python libraries stealing OpenPGP and SSH keys:
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.
Android Ups the Mobile Security Ante with Default TLS Encryption
More than 90 percent of Android apps running on the latest OS encrypt their traffic by default.
https://threatpost.com/android-mobile-security-tls-encryption/150760/
~Open Source Security Tool of the Day~
nginx_waf - WAF written in lua for NGINX http server
The AWS Incident Response Guide
Scott Mortimer
boosted
PSA for frontend devs:
Do not block pasting in password or other input fields!
Sincerely,
Everyone that uses a password manager
- Keybase
- scottmortimer
- All About Me
- https://scott.mortimer.name
- Keybase
- https://keybase.io/scottmortimer
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
