X_Cli boosted

Quand on a plusieurs banques, c'est amusant de voir comment celles-ci interprètent la et le besoin de faire de l'authentification en deux étapes.

Boursorama demande un login+mot de passe en étape 1 et un code SMS en étape 2.

La caisse d'épargne demande (attachez vous à votre siège) le login en étape 1 et le mot de passe en étape 2. C'est tout.

Je laisse ça là.

X_Cli boosted

Will you refuse to install an application because of the programming language it was written with?

- Yes
- Conditionally (Yes, but only if there is no binary available and I have to install the language's build tools)
- No
- Other conditions: please specify

Boosts appreciated, because I find the "boosts appreciated" trick working for other people and I figured I'd try once

X_Cli boosted

brow.sh is a text-based browser supporting HTML5, CSS3, JS, video and WebGL brow.sh (FreeBSD: freshports.org/www/browsh/)

X_Cli boosted

Patch your OpenSMTPD mailservers now. Exploiting critical RCE vulnerability CVE-2020-7247 is as simple as using this SMTP command:

MAIL FROM:<;for i in 0 1 2 3 4 5 6 7 8 9 a b c d;do read r;done;sh;exit 0;>


X_Cli boosted

Another year, another #Intel vulnerability. This time called #Cacheout. It leaks Data on Intel CPUs via Cache Evictions.


Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.


X_Cli boosted

Pour les techniciens web et autres sysadmins et graphistes végans, #L214 recrute sur quatre postes !

(CVE-2020-0601) - PoC


"CVE-2020-0601, or commonly referred to as CurveBall, is a vulnerability in which the signature of certificates using elliptic curve cryptography (ECC) is not correctly verified...."

X_Cli boosted
X_Cli boosted
X_Cli boosted

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.


X_Cli boosted

On cherche un·e Administrateur·ice Système dans le centre-ville de Marseille (centre-ville).

Connaissance et compétences requises:
- Unix / Linux
- Mail
- Debian
- Python et/ou Ruby
- Nginx
- etc.

C'est mieux si vous connaissez des outils de gestion de configuration comee SaltStack puppet ou ansible.

Cerise sur le gateau si vous vous y connaissez en CISCO

Boost appréciés

X_Cli boosted
X_Cli boosted

Holy shit, Samsung Smart TVs straight up send "snippets" of things that you watch back home to "to provide you with customized Smart TV experiences".


Search that page for the text: "Your Smart TV transfers video snippets or TV tuner information in order to determine the programs watched."


X_Cli boosted

@bortzmeyer @jpmens

"As a side-note: we already deny RFC1918-addresses from DNS-over-HTTPS
responses so in that regard, using TRR will save you from these DNS attacks!"


So, I was wrong. DoH-to-Cloudflare-by-default is not an issue, as far as DNS rebinding is concerned. Sorry 😶😥

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.