Scott Mortimer @ScottMortimer@infosec.exchange
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
https://scott.mortimer.name
Joined May 2017
Scott Mortimer
boosted
Here is my new #ubuntu animal illustration :). Inspired by Ubuntu release 18.10. https://www.deviantart.com/sylviaritter/art/Cosmic-Cuttlefish-766515479 #art #illustration #mastoart
Scott Mortimer
boosted
Every Byte of a TLS Connection Explained and Reproduced
https://news.ycombinator.com/item?id=18200749
#hackernews #tech
Scott Mortimer
boosted
UNIX loves files. And files love UNIX.
Here are some ways to read files from your filesystem.
Ever heard of tac? No, then have a look ^^
"Command line quick tips: Reading files different ways"
https://fedoramagazine.org/commandline-quick-tips-reading-files-different-ways/
Naming & Shaming Web Polluters: Xiongmai
In late 2016, the world witnessed the sheer disruptive power of Mirai, a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings.
https://krebsonsecurity.com/2018/10/naming-shaming-web-polluters-xiongmai/
I wonder what kind of bump Mastodon will get now that G+ is shutting down. 🤔
Draw.io for threat modeling | michenriksen.com
Scott Mortimer
boosted
However that is leaving out some key details. For one Qualys does some questionable things, like seemingly rating the "X25519" exchange lower (if enabled) than secp386, despite being better.
It also doesnt test key security elements. Mozillas Observatory ( https://observatory.mozilla.org/ ) will instantly fail you if your site allows you to connect via http without being redirected to https for example. And it also tests applications themselves, because X-Options are just as important.
Scott Mortimer
boosted
Upcoming changes in chrome extensions:
- User controls for host permissions
- Ext. requesting powerful permissions => additional compliance review
- Ext. with obfuscated code no longer allowed
- in 2019 2SV mandatory for dev accounts
https://blog.chromium.org/2018/10/trustworthy-chrome-extensions-by-default.html
#Infosec #Security
Achieving a high security score for TLS
I thought Mastodon was already secure?
Well, it depends. You see, a Mastodon instance is just a web server, like any other on the internet. It's only as secure as how the sto...
https://write.as/runningmastodon/i-thought-mastodon-was-already-secure
States- Rights seem to only be acceptable when they conform to certain political agendas for some in this era. Good on California for asserting protections for their citizens in this time of division.
Calif. enacts net neutrality law—US gov’t immediately sues to block it [Updated]
Justice Department sues California—Ajit Pai called state rules "illegal."
https://arstechnica.com/tech-policy/2018/09/california-governor-signs-net-neutrality-rules-into-law/
Scott Mortimer
boosted
"NIST SP 800-190, Container Security Guidance"
Attackers Take Over 50 Million Accounts in Facebook Breach
Attackers exploited vulnerabilities in Facebook’s code to gain access to at least 50 million Facebook user accounts. Those accounts could have been used for information gathering campaigns, as attackers had full access to the user’s profile, friends list, and usage history.
Attackers Take Over 50 Million Accounts in Facebook Breach https://duo.com/decipher/attackers-take-over-50-million-accounts-in-facebook-breach
Google actually listens to users, hands back cookies and rethinks Chrome auto sign-in
https://www.theregister.co.uk/2018/09/26/google_backtrack_chrome/
Getting Closer to a Surveillance-Free Internet
Cloudflare has been working with the likes of Google, Mozilla, Fastly and Apple to make it harder for ISPs and other network operators from being able to see what sites users are visiting. Cloudflare has rolled out ESNI on its systems to see how well the experimental technical specification works to hide user activity online.
https://duo.com/decipher/getting-closer-to-a-surveillance-free-internet
Tor Browser Bundle 8.0 Sends OS+kernel+TOTAL_PING_COUNT in Update Queries to Mozilla
Tor Browser Bundle 8.0 Sends OS+kernel+TOTAL_PING_COUNT in Update Queries to Mozilla https://soylentnews.org/article.pl?sid=18/09/25/2257233&from=rss
French Government Open Sources Secure Operating System - Security Boulevard
The French government's national cybersecurity agency has released an operating system built using open source components internally over the course of The French government's national cybersecurity agency has released an open source operating system built internally over more than 10 years.
https://securityboulevard.com/2018/09/french-government-open-sources-secure-operating-system/
Introducing the Librem Key – Purism
Cloudflare Makes InterPlanetary File System Globally Accessible
Cloudflare has released a gateway and browser extension to make the distributed IPFS network easily and securely accessible.
https://duo.com/decipher/cloudlfare-makes-interplanetary-file-system-globally-accessible
Scott Mortimer
boosted
Disclaimer, this is an opinion piece. Exerts claims that #China are likely building a highly detailed #database of intelligence on any individual they can get their hands on. #OPM breach data, #OSINT data. You name it. It's China's social media intelligence database. #infosec
http://thehill.com/opinion/national-security/406849-china-may-be-copying-facebook-to-build-an-intelligence-weapon
Scott Mortimer
boosted
Gentle reminder that Russia's cyber acts of late are an actual threat to the world. Although the attacks to date may not have been a direct focus on your country, it would nonetheless act as practice shooting. #infosec
https://www.motherjones.com/kevin-drum/2018/09/russian-cyberwarfare-is-much-worse-than-you-think-donald-trumps-indifference-to-it-is-much-more-criminal-than-you-think/
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
https://scott.mortimer.name
Joined May 2017
