~Open Source Security Tool of the Day~

Unfurl takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured.


Keybase now allows users to block spammers and unwanted followers.

However, they don't just stop there.

"As a bonus, their profile pic will get covered in Poo."

Now THAT'S added value, folks.


Nothing more annoying than smarmy iPhone fanboyz slagging on Android. Apple needs to market iSmarm (tm) and sell it in their overpriced boutiques.

Is anyone still using keybase to communicate? I am trying to find out if it is still worth pursuing as a comms platform.

Fox News Is Now a Threat to National Security

The network’s furthering of lies from foreign adversaries and flagrant disregard for the truth have gotten downright dangerous.


Lately I am having a lot of crashes with . Anyone having similar problems?

« Good quantitative analysis of performance of DNS over UDP, DoT, and DoH from @timmboettger et al. Without the overhead of the HTTPs stack, DoT is consistently fastest, though serialization of answers hurts in high-jitter environments.

blog.apnic.net/2019/12/06/is-n »

— Retweet twitter.com/woodyatpch/status/

That being said, having trusted endpoints is a huge area of modern IT that is poorly dealt with at the moment. It's just a whole lot more than this buzz-wordy, vendor-driven article even begins to deal with.

Marketing propaganda vs. Reality.

Even if you secure a communication channel by trusting users and devices and roles, it's still a...

Virtual. Private. Network.

I hate semantic shenanigans


CrackQ: Efficient password cracking for pentesters and red teamers

CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers.


Why is it that the only person I see with a Ring doorbell camera is that sad skinny guy on TV who chases away a couple of actors who look like thieves from some crappy "Home Alone" sequel?

Malicious Python libraries stealing OpenPGP and SSH keys:


– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.

#python #malware #pypi #infosec #security #cybersecurity

Android Ups the Mobile Security Ante with Default TLS Encryption

More than 90 percent of Android apps running on the latest OS encrypt their traffic by default.


~Open Source Security Tool of the Day~

nginx_waf - WAF written in lua for NGINX http server


PSA for frontend devs:
Do not block pasting in password or other input fields!

Everyone that uses a password manager

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.