Scott Mortimer @ScottMortimer@infosec.exchange

#CyberIrony

"Codecov said in a statement hackers began tampering with its software - which is used across the tech industry to help test code for mistakes and vulnerabilities"

https://www.reuters.com/technology/us-investigators-probing-breach-san-francisco-code-testing-company-firm-2021-04-16/

Online tracking is a digital malignancy that can only be treated by shining some sunlight on the blight. 🌞

https://vivaldi.com/blog/no-google-vivaldi-users-will-not-get-floced/

~Open Source Security Tool of the Day~

#osstotd

urlhaus-filter

A blocklist of malicious websites that are being used for malware distribution, based on the **Database dump (CSV)** of Abuse.ch. Blocklist is updated twice a day.

https://gitlab.com/curben/urlhaus-filter

Just another example of when the "perfect is the enemy of good".

https://www.npr.org/2021/04/12/986408031/germany-is-expected-to-centralize-its-covid-19-response-some-fear-it-may-be-too?t=1618289641412

~Open Source Security Tool of the Day~

#osstotd

`dnspeep` lets you spy on the DNS queries your computer is making.
It uses `libpcap` to capture packets on port 53, and then matches up DNS request and response packets so that it can show the request and response together on the same line.

https://github.com/jvns/dnspeep

TL;DR: disable third-party cookies...and use an ad-blocker...and NextDNS/Pi-Hole/equivalent. Privacy guards come in layers.

https://www.eff.org/deeplinks/2021/03/google-testing-its-controversial-new-ad-targeting-tech-millions-browsers-heres

Alex has produced a fantastic compilation of what works and what doesn't for gaming groups. There is much wisdom here.

https://alexschroeder.ch/wiki/2021-04-05_The_things_I_learned

The Consumer Authentication Strength Maturity Model (CASMM) v5

Fantastic advice how to prepare for an RPG Hexcrawl.

http://beyondtheblackgate.blogspot.com/2009/12/how-i-hexcrawl.html?m=1

An update on a hacking campaign targeting security researchers.

https://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/

"The Brave browser is a fork of Chromium with a built-in adblocker and some other neat privacy-friendly features. From a quick glance, it looks amazing, right? Chrome but pro-privacy! Sadly, you'd be wrong. Brave's history is full of controversies, many of which are deal-breakers for people."

https://aspenuwu.me/blog/dont-use-brave/

~Open Source Security Tool of the Day~

#osstotd

The nzyme project uses WiFi adapters in monitor mode to scan the frequencies for suspicious behavior, specifically rogue access points and known WiFi attack platforms. Each recorded wireless frame is parsed and optionally sent to a [Graylog](https://www.graylog.org/) log management system for long-term storage that allows you to perform forensics and incident response.

https://github.com/lennartkoopmann/nzyme

What really happened.

An interesting article about the early days of computer gaming.

1982: The Hobbit

Veronika Megler just wanted a part-time job while she finished her college degree. She didn't realize it would end with her writing one of the first computer game blockbusters.

https://if50.substack.com/p/1982-the-hobbit

I am looking to simplify my digital life this year. Here are some good ideas for a minimalist digital existence.

How to Declutter Your Digital Life & Reclaim Your Attention

https://blog.doist.com/digital-declutter/