Scott Mortimer @ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

#osstotd

A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy can use this data to intelligently find vulnerable instances of XSS, especially with web applications that use lots of JavaScript.

https://github.com/nccgroup/tracy

Hey there everyone...we're back from the Oversubscribed Cloud Limbo

#OCL
(it's dorky, but the best that I can come up with on a Thursday)

My personal hero for 2020

Christopher Krebs: Correcting Trump's Fraud Claims The 'Right Thing To Do' : NPR

https://www.npr.org/2020/12/01/940133163/fired-official-says-correcting-trumps-fraud-claims-the-right-thing-to-do

Ouch

Baltimore students told to ditch Windows PCs after ransomware attack

Baltimore County Public Schools (BCPS) urged students and staff to stop using their school-issued Windows computers and only use Chromebooks and Google accounts following a ransomware attack that hit the district's network last Wednesday.

https://www.bleepingcomputer.com/news/security/baltimore-students-told-to-ditch-windows-pcs-after-ransomware-attack/

Bloggers

"Perfect forward secrecy is useless, it's important to note, if users don't delete their messages periodically. If someone's phone is seized or stolen with all their messages still intact, they'll be just as visible to whoever has the phone in hand as they were to the original owner."

It's all about the Perfect Forward Secrecy.

What Is the Signal Encryption Protocol?

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

https://www.wired.com/story/signal-encryption-protocol-hacker-lexicon/

kmcquade/awesome-azure-security

A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources. - kmcquade/awesome-azure-security

https://github.com/kmcquade/awesome-azure-security

I don't want to get into a divisive political discussion, but what you see happening in the U.S. right now could be what's happening in your nation soon. Stay Vigilant .

https://www.schneier.com/blog/archives/2020/11/undermining-democracy.html

"Apple may run Linux in their cloud, but their laptops don't ;("

Linus Torvalds would like to use an M1 Mac for Linux, but....

Yes, Torvalds said he'd love to have one of the new M1-powered Apple laptops, but it won't run Linux and, in an exclusive interview he explains why getting Linux to run well on it isn't worth the trouble.

https://www.zdnet.com/article/linus-torvalds-would-like-to-use-an-m1-mac-for-linux-but/

New browser; old problems

Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn

Edge users take to social media to report their Web searches are being hijacked.

https://arstechnica.com/gadgets/2020/11/fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store/

Introducing another free CA as an alternative to Let's Encrypt

Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation for a long time, but I'm glad to say that the ecosystem is changing. It's always a good idea to have another

https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/

OpenVAS/GVM: An Open Source Vulnerability Scanning and Management System

https://securitytrails.com/blog/openvas-vulnerability-scanner

Want to Encrypt All The Things? Firefox has you covered with HTTPS-Only Mode!

We are currently powering towards an encrypted Web and in recent years we've made tremendous progress on that journey. In the latest version of Firefox, a browser that's been at the forefront of the drive towards more encryption, we get a new "HTTPS-Only Mode" Goodbye plaintext trafficIf you're a security

https://scotthelme.co.uk/firefox-https-only-mode/

Odd. I am suddenly getting follow requests from AltRight accounts. Is their a vaccine to prevent that? 🤔

https://linuxcommandlibrary.com/basic/oneliners.html

Read Fake News
Speak Hate Freely

#parler

2020: SARS-CoV-2

2021: Planet of the Apes

https://interestingengineering.com/scientists-grow-bigger-monkey-brains-using-human-genes-replicating-evolution