Show more

To the Tumblr refugees: welcome!

Having been on the Internet for over thirty years, I have one piece of advice for creative folks working online:

Control Your Platform.

Don't build a business around Facebook, Tumbler, G+, Geocities, MySpace, AltaVista, or any of these other third parties that claim to offer quick and easy results.

They all go away. Every one of them.

Build your own site. Use third parties to steer people to your site.

Third parties are the devil--useful devils, but devils.

The Hinternet 

This is quite an interesting cybercrime campaign.

"The ad fraud scheme that utilizes the Kovter botnet runs a hidden Chromium Embedded Framework (CEF) browser on the infected machine that the user cannot see. A C2 server tells the infected machine to visit counterfeit websites. When the counterfeit webpage is loaded in the hidden browser, requests are made for ads to be placed on these counterfeit pages. The infected machine receives the ads and loads them into the hidden browser."

Holiday Shopping Safety Tips: LastPass 2018 Online Retailer Security List

Keep your information safe this holiday season! LastPass ranks 2018’s top 10 online retailers from most to least secure and shares what to lookout for.

blog.lastpass.com/2018/11/2018

Many free mobile VPN apps are based in China or have Chinese ownership | ZDNet

Chinese affiliation raises a sign of alarm in light of China's recent clampdown of "unauthorized" VPN services.

zdnet.com/article/many-free-mo

Shoutout to #Debian for giving the world an amazing non-corporate community distro.

UNIX loves files. And files love UNIX.

Here are some ways to read files from your filesystem.

Ever heard of tac? No, then have a look ^^

"Command line quick tips: Reading files different ways"

fedoramagazine.org/commandline

#Fedora #Linux #FedoraMagazine

Naming & Shaming Web Polluters: Xiongmai

In late 2016, the world witnessed the sheer disruptive power of Mirai, a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings.

krebsonsecurity.com/2018/10/na

I wonder what kind of bump Mastodon will get now that G+ is shutting down. 🤔

@ScottMortimer

However that is leaving out some key details. For one Qualys does some questionable things, like seemingly rating the "X25519" exchange lower (if enabled) than secp386, despite being better.

It also doesnt test key security elements. Mozillas Observatory ( observatory.mozilla.org/ ) will instantly fail you if your site allows you to connect via http without being redirected to https for example. And it also tests applications themselves, because X-Options are just as important.

Upcoming changes in chrome extensions:
- User controls for host permissions
- Ext. requesting powerful permissions => additional compliance review
- Ext. with obfuscated code no longer allowed
- in 2019 2SV mandatory for dev accounts
blog.chromium.org/2018/10/trus

Achieving a high security score for TLS

I thought Mastodon was already secure?

Well, it depends. You see, a Mastodon instance is just a web server, like any other on the internet. It's only as secure as how the sto...

write.as/runningmastodon/i-tho

States- Rights seem to only be acceptable when they conform to certain political agendas for some in this era. Good on California for asserting protections for their citizens in this time of division.

Calif. enacts net neutrality law—US gov’t immediately sues to block it [Updated]

Justice Department sues California—Ajit Pai called state rules "illegal."

arstechnica.com/tech-policy/20

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.