Scott Mortimer @ScottMortimer@infosec.exchange
- Keybase
- scottmortimer
- All About Me
- https://scott.mortimer.name
- Keyoxide PGP
- https://keyoxide.org/hkp/scott@scott.mortimer.name
- OpenPGP
- D5F60E19BFD8298FFE6292B8E1F31C6DF4DF8F0E
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
WSL2 + Kali Linux + Win-KeX = Full Kali desktop in RDP session.
Android users can now disable 2G to block Stingray attacks
Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators.
Moxie Marlinspike's 2 cents on web3. It's a good read and very informative.
~Open Source Security Tool of the Day~
log4jscanner
A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
Email was, and still is today, the most federated, open, and critically important communication system on the Internet.
https://utcc.utoronto.ca/~cks/space/blog/tech/EmailCriticalInfrastructure
Let's Encrypt and Certbot making the web a safer place. Now if we could just do something about end-users....
In 2010, EFF launched its campaign to encrypt the entire web—that is, move all websites from non-secure HTTP to the more secure HTTPS protocol. Over 10 years later, 2021 has brought us even closer to achieving that goal. With various measurement sources reporting over 90% of web traffic encrypted,...
https://www.eff.org/deeplinks/2021/12/we-encrypted-web-2021-year-review
Scott Mortimer
boosted
Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of log4j-scanner, a scanner that helps organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
With everything going on lately, it's refreshing to see secure open source software at its best.
How to build large-scale end-to-end encrypted group video calls
Signal released end-to-end encrypted group calls a year ago, and since then we’ve scaled from support for 5 participants all the way to 40. There is no off the shelf software that would allow us to support calls of that size while ensuring that all communication is end-to-end encrypted, so we bui...
This tool allows you to run a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046.
The Log4Shell 0-day, four days on: What is it, and how bad is it really?
If max-severity 0-day hasn't already dampened your Xmas spirit, it likely soon will.
I give @kev one...no, wait, it's almost the holidays...two months before he's back to WordPress. Come back Kev, we miss you. 🤠
Goodbye WordPress, I’ve Switched To Jekyll (Again)
I’ve decided to leave WordPress behind and switch to Jekyll…for a second time. This post explains why…
Build distroless images with apk!
Witchery is a collection of tools which can be composed to build distroless images. It is intended to be portable for use with any package management tooling, but is primarily focused on apk-based distributions at the moment, such as Alpine.
It is also designed to be easy to use with any other third-party tooling in a fully composable fashion, e.g. with Docker.
This is from same developer of Nimbus Notes, a dodgy clone of Evernote
Mozilla has banned the FVD Speed Dial extension and removed it from Firefox - gHacks Tech News
Mozilla has banned the FVD Speed Dial extension from the AMO. It has also been removed from Firefox installs, and users aren't happy.
https://www.ghacks.net/2021/11/24/mozilla-bans-the-fvd-speed-dial-extension-from-firefox/
Building a secure remote access setup using Tailscale - Jussi Roine
https://jussiroine.com/2021/11/building-a-secure-remote-access-setup-using-tailscale/
I have to agree with Kev on this point. Tech elitism only does a disservice to the Linux community.
This Is What’s Wrong With The Linux Community
I was recently listening to a Linux podcast and it was the perfect example of what’s wrong with the Linux community
Simple SSH Security
Within a couple of minutes you can improve your SSH security significantly. Here's how.
I guess that's how Emacs tries to win over VIM
GitHub - qdot/deldo: Deldo is a sex toy control and teledildonics mode for Emacs
Deldo is a sex toy control and teledildonics mode for Emacs - GitHub - qdot/deldo: Deldo is a sex toy control and teledildonics mode for Emacs
I personally use Vivaldi on Android, but Firefox is another great alternative.
It's time to dump Chrome as your default browser on Android
Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. He also shows you how.
https://www.techrepublic.com/article/its-time-you-dump-chrome-as-your-default-browser-on-android/
- Keybase
- scottmortimer
- All About Me
- https://scott.mortimer.name
- Keyoxide PGP
- https://keyoxide.org/hkp/scott@scott.mortimer.name
- OpenPGP
- D5F60E19BFD8298FFE6292B8E1F31C6DF4DF8F0E
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
Scott Mortimer's choices:
