Scott Mortimer @ScottMortimer@infosec.exchange

Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI | ZDNet

Amendment to IT law would make it illegal to use encryption protocols that fully hide the traffic's destination.

https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/

😳

New Windows exploit lets you instantly become admin. Have you patched?

Zerologon lets anyone with a network toehold obtain domain-controller password.

https://arstechnica.com/information-technology/2020/09/new-windows-exploit-lets-you-instantly-become-admin-have-you-patched/

Azure Seas....

"The team is speculating that the greater reliability may be connected to the fact that there were no humans on board, and that nitrogen rather than oxygen was pumped into the capsule."

Microsoft's underwater data centre resurfaces after two years

https://www.bbc.com/news/technology-54146718

Privatezilla integrates the most important Windows 10 privacy settings and allows you to quickly perform a privacy check against these settings. It allows you to fine-tune Windows 10's many settings and configure your privacy without navigating through a hundred different menus.

https://www.builtbybel.com/ms-apps/privatezilla

Lessons Learned from SSH Credential Honeypots - System Overlord

For the past few months, I’ve been running a handful of SSH Honeypots on some cloud providers, including Google Cloud, DigitalOcean, and NameCheap. As opposed to more complicated honeypots looking at attacker behavior, I decided to do something simple and was only interested in where they were coming from, what...

https://systemoverlord.com/2020/09/04/lessons-learned-from-ssh-credential-honeypots.html

For those of you who (like me) would like to get started experimenting with RISC-V and Linux, your chance has almost arrived.

PicoRio Linux RISC-V SBC is an Open Source Alternative to Raspberry Pi Board

PicoRio upcoming open-source hardware, Linux capable RISC-V SBC that targets Raspberry Pi price, and is designed for battery-powered devices.

https://www.cnx-software.com/2020/09/04/picorio-linux-risc-v-sbc-is-an-open-source-alternative-to-raspberry-pi-board/

#2020

Deepfakes are here. Hopefully, a public armed with knowledge, and a healthy dose of critical thinking, will be able to defend themselves against it.

Spot the Deepfake

Spotting deepfakes isn’t as easy as you might think. Learn more about it at spotdeepfakes.org

https://www.spotdeepfakes.org/en-US

Easily and securely send things from one computer to another

croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is the only CLI file-transfer tool does all of the following:

allows any two computers to transfer data (using a relay)

provides end-to-end encryption (using PAKE)

enables easy cross-platform transfers (Windows, Linux, Mac)

allows multiple file transfers

https://github.com/schollz/croc

Bottlerocket, an open source Linux distribution built to run containers

https://aws.amazon.com/blogs/opensource/announcing-the-general-availability-of-bottlerocket-an-open-source-linux-distribution-purpose-built-to-run-containers/

Comparing SSH encryption algorithms: RSA, DSA, ECDSA, or EdDSA?

This article compares the widely adopted asymmetric crypto algorithms. In the PKI world they are RSA, DSA, ECDSA, and EdDSA. Which SSH crypto algorithm is the best?

https://gravitational.com/blog/comparing-ssh-keys/

Heyyyyy, join now!!!!!!!!

Heyyyyyyyyyyyy.com | email with *nuance*

Heyyyyyyyyyyyy.com is the email address for your most critical DM-sliding needs, at just $1,200/yr.

https://heyyyyyyyyyyyy.com/

At least the Dark Theme looks nice. 🙈

If you think Mozilla pushed a broken Firefox Android build, good news: It didn't. Bad news: It's working as intended

Netizens up in arms over unexpected UI change, missing add-ons support

https://www.theregister.com/2020/08/25/firefox_android_update/

Linux Incident Response Cheatsheet

https://www.hackingarticles.in/incident-response-linux-cheatsheet/

Interesting project.

‘DiceKeys’ Creates a Master Password for Life With One Roll

A new kit leaves your cryptographic destiny up to 25 cubes in a plastic box.

https://www.wired.com/story/dicekeys-cryptography/

Lucifer’s Spawn

Lucifer, a cryptojacking and distributed denial of service (DDoS) bot, originally found to exploit and run on Windows based systems and first reported by Palo Alto Networks’ Unit42 on June 24, 2020, now includes additional tools and a port to the Linux operating system.

https://www.netscout.com/blog/asert/lucifers-spawn

Dungeon Map Doodler

Free to use drawing tool for creating RPG maps

https://dungeonmapdoodler.com/

Windows 10 features that boost your computer's security

Your Windows 10 computer has a treasure trove of hidden security features and you need to manually enable them by tweaking the system settings. In this article, we've highlighted the best security features that you should try on Windows 10.

https://www.bleepingcomputer.com/news/microsoft/windows-10-features-that-boost-your-computers-security/