Scott Mortimer @ScottMortimer@infosec.exchange
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
Google wants Android to use regular Linux kernel, potentially improving updates and security
Android is built on top of the Linux kernel, but it has always used a heavily-modified version with changes from OEMs, chip manufacturers like Qualcomm
DuckDuckGo Will Automatically Encrypt More Sites You Visit
If a site offers HTTPS, DuckDuckGo's Smarter Encryption will take you there.
A collection of various awesome lists for hackers, pentesters and security researchers - Hack-with-Github/Awesome-Hacking
https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md
Automatically updated, moderated and optimized lists for blocking ads, trackers and other online garbage - notracking/hosts-blocklists
https://github.com/notracking/hosts-blocklists/blob/master/README.md
GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet
Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.
https://www.zdnet.com/article/github-launches-security-lab-to-help-secure-open-source-ecosystem/
I think I will stick with Mastodon. Free, intelligent and federated. I appreciate what Jimmy Wales is trying to do, but there are better alternatives now.
Would you pay to join a social network? Wikipedia co-founder Jimmy Wales thinks up to 500 million people could.
PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS
Cybercriminals have developed ransomware that can be ported to all major operating systems and is currently used in targeted attacks against production servers.
PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS https://www.bleepingcomputer.com/news/security/purelocker-ransomware-can-lock-files-on-windows-linux-and-macos/
The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, hobbyists, and Information Security profession...
Ha. We still have mouth-breathers who believe the Earth is flat...good luck getting them to believe the Universe is round.
What Shape Is the Universe — Closed or Flat? | Quanta Magazine
https://www.quantamagazine.org/what-shape-is-the-universe-closed-or-flat-20191104/
Looking forward to getting my fingers on one of these.
At Microsoft Ignite, Yubico previews the first-ever and long-awaited YubiKey Bio. It is the first YubiKey that will support fingerprint recognition for secure and seamless passwordless logins.
https://www.yubico.com/2019/11/yubico-reveals-first-biometric-yubikey-at-microsoft-ignite/
HTTP Security Headers - A Complete Guide
A description of each security header, why it is important, and how to configure your website in a secure way.
https://nullsweep.com/http-security-headers-a-complete-guide/
I Got Access to My Secret Consumer Score. Now You Can Get Yours, Too.
Little-known companies are amassing your data — like food orders and Airbnb messages — and selling the analysis to clients. Here’s how to get a copy of what they have on you.
https://www.nytimes.com/2019/11/04/business/secret-consumer-score-access.html
Just in time for Halloween and my re-watching of the '80s classic horror film, "Re-Animator".
Is Death Reversible?
An experiment that partially revived slaughterhouse pig brains raises questions about the precise end point of life
https://www.scientificamerican.com/article/is-death-reversible/
There is the smell of desperation in the air this season.
Another Chinese browser keepin' it real.
Major Chinese browser ‘Maxthon’ has a bug that allows anyone admin access
One of China‘s most popular browsers, Maxthon, has a bug in its Windows version that can allow a hacker to take admin control and install malware. A report by security firm SafeBreach notes it reported the vulnerability in September. The anomaly lets a hacker install a program into a service that is run by the “NT AUTHORITYSYSTEM,” …
Chinese browser company is at it again.
The highly popular UC Browser and UC Browser Mini Android apps, with a total of over 600 million Play Store installs, exposed their users to MiTM attacks by downloading an Android Package Kit (APK) from a third party server over unprotected channels.
500+ Million UC Browser Android Users Exposed to MiTM Attacks. Again. https://www.bleepingcomputer.com/news/security/500-million-uc-browser-android-users-exposed-to-mitm-attacks-again/
This is likely the most comprehensive article on security keys available. Secure Authentication is the security domain that I am most interested in and this piece lights me up like a Christmas tree
How to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys. A look into YubiKeys, TOTP authenticator apps, passwordless and more.
https://paulstamatiou.com/getting-started-with-security-keys/
You may have had a few extra Teams connecting to your TeamViewer. 👯♂️👯♂️
FireEye: "APT41 compromised company behind TeamViewer - which enabled them to access *any* system with TeamViewer installed" • InfoTech News
The constant deluge of media articles supportive of 5G network technology has been making me nervous for the past year (as if national and world politics wasn't bad enough) due to the fact that certain large companies stand to make trillions of $currency by rolling out potentially dangerous technology for human health.
We Have No Reason to Believe 5G Is Safe
The technology is coming, but contrary to what some people say , there could be health risks
https://blogs.scientificamerican.com/observations/we-have-no-reason-to-believe-5g-is-safe/
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
Joined May 2017
