Scott Mortimer @ScottMortimer@infosec.exchange
- Keybase
- scottmortimer
- All About Me
- https://scott.mortimer.name
- Keyoxide PGP
- https://keyoxide.org/hkp/scott@scott.mortimer.name
- OpenPGP
- D5F60E19BFD8298FFE6292B8E1F31C6DF4DF8F0E
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
Infosec Core Competencies
This is an interesting list, and I appreciate that it covers fairly broad areas of knowledge within the IT realm.
I also really appreciate #50. 😉
You're Probably Not Using the Web's Best Browser
With endless new customization options, like new email clients and a feed reader, Vivaldi 4.0 just got better.
Enjoy your anonymous crypto-investments.
Hunter Horsley, chief executive of cryptocurrency investment company Bitwise Asset Management, said "The public is slowly being shown, in case after case, that Bitcoin is good for law enforcement and bad for crime — the opposite of what many historically believed."
Scott Mortimer
boosted
I stumpled over https://www.ventoy.net on https://lemmy.ml/post/69937 posted by https://lemmy.ml/u/fittonia
It allows you to create a bootable usb stick with multiple operating systems by just copying the image files to the stick.
~Open Source Security Tool of the Day~
Firefox privacy, security and anti-fingerprinting: a comprehensive user.js template for configuration and hardening.
Scott Mortimer
boosted
Scott Mortimer
boosted
daily reminder that brave shills are mere privacy larpers
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
Employers better get used to a permanent hybrid work model.
It's going to be almost impossible to put the toothpaste back in the tube on this issue.
Work from home or a $30K raise? Employees said it wasn't even close.
~Open Source Security Tool of the Day~
page-fetch is a tool for researchers that lets you:
- Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files
- Run arbitrary JavaScript on many web pages and see the returned values
Link shorteners: the long and short of why you shouldn't use them
The common misconceptions about link-shortening tools and some of the potential risks associated with using them.
Scott Mortimer
boosted
@ScottMortimer
cybersecurity is complicated and costs money. lot of dreamers out there wants easy, cheesy, free IT an risks companies existence and also public safety. but people like us are running on their nervs becaue we do not say "yes it is ok what you do" :-) it needs some ceo's or Cio's in jail after something happens, then the others will start to think about it in deep. unsure we will see things working out that way.......
HTTP/3 needs us (and other people) to make firewall changes
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/HTTP3AndOurFirewalls
"Internet-exposed VMware vCenter servers"??? Are you f***ing kidding me? 😳
A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability.
SeKVM: Securing virtual machines in the cloud
"Nieh and Gu’s work is the first to verify a commodity system, specifically the widely-used KVM hypervisor, which is used to run virtual machines by cloud providers such as Amazon. They proved that SeKVM, which is KVM with some small changes, is secure and guarantees that virtual computers are isolated from one another"
https://www.helpnetsecurity.com/2021/05/31/sekvm-securing-virtual-machines/
A platform that allows you to automatically clean up your old posts from services like Twitter, Reddit, Facebook, Discord and more all in one place.
List of Cybersecurity Subreddits
Mindmaps for bug bounty hunters, pentesters, and security professionals
Windows Package Manager 1.0 | Windows Command Line
We started a journey to build a native package manager for Windows 10 when we announced the Windows Package Manager preview at Microsoft Build 2020. We released the project on GitHub as an open-source collaborative effort and the community engagement has been wonderful to experience!
Microsoft Build of OpenJDK
The Microsoft Build of OpenJDK is a new no-cost long-term supported distribution and Microsoft’s new way to collaborate and contribute to the Java ecosystem.
- Keybase
- scottmortimer
- All About Me
- https://scott.mortimer.name
- Keyoxide PGP
- https://keyoxide.org/hkp/scott@scott.mortimer.name
- OpenPGP
- D5F60E19BFD8298FFE6292B8E1F31C6DF4DF8F0E
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
Scott Mortimer's choices:
