X_Cli @x_cli@infosec.exchange

Secure email service Tutanota is being blocked by AT&T in parts of the United States.

https://www.grahamcluley.com/tutanota-email-blocked/

Will you refuse to install an application because of the programming language it was written with?

- Yes
- Conditionally (Yes, but only if there is no binary available and I have to install the language's build tools)
- No
- Other conditions: please specify

Boosts appreciated, because I find the "boosts appreciated" trick working for other people and I figured I'd try once

brow.sh is a text-based browser supporting HTML5, CSS3, JS, video and WebGL https://www.brow.sh (FreeBSD: https://www.freshports.org/www/browsh/)

Patch your OpenSMTPD mailservers now. Exploiting critical RCE vulnerability CVE-2020-7247 is as simple as using this SMTP command:

MAIL FROM:<;for i in 0 1 2 3 4 5 6 7 8 9 a b c d;do read r;done;sh;exit 0;>

https://www.qualys.com/2020/01/28/cve-2020-7247/lpe-rce-opensmtpd.txt

Another year, another #Intel vulnerability. This time called #Cacheout. It leaks Data on Intel CPUs via Cache Evictions.

https://cacheoutattack.com/

Pour les techniciens web et autres sysadmins et graphistes végans, #L214 recrute sur quatre postes !
https://www.l214.com/offres-demploi
#véganisme

Creating a simple Python pip repository https://jpmens.net/2020/01/16/creating-a-simple-python-pip-repository/

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!

https://thehackernews.com/2020/01/firefox-cyberattack.html

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.

https://sha-mbles.github.io/

#JeRecrute
On cherche un·e Administrateur·ice Système dans le centre-ville de Marseille (centre-ville).

Connaissance et compétences requises:
- Unix / Linux
- DNS
- Mail
- Debian
- Python et/ou Ruby
- Nginx
- KVM
- etc.

C'est mieux si vous connaissez des outils de gestion de configuration comee SaltStack puppet ou ansible.

Cerise sur le gateau si vous vous y connaissez en CISCO

#JeChercheUnJob
Boost appréciés

If you started to use #Fedilab, you can have a look to its wiki: https://fedilab.app/wiki/features/

Also to its Peertube videos: https://peertube.fedilab.app/videos/local

Holy shit, Samsung Smart TVs straight up send "snippets" of things that you watch back home to "to provide you with customized Smart TV experiences".

https://www.samsung.com/us/account/privacy-policy/

Search that page for the text: "Your Smart TV transfers video snippets or TV tuner information in order to determine the programs watched."

#infosec

@bortzmeyer @jpmens

"As a side-note: we already deny RFC1918-addresses from DNS-over-HTTPS
responses so in that regard, using TRR will save you from these DNS attacks!"

https://groups.google.com/forum/m/#!topic/mozilla.dev.platform/bfbblcydBgo

So, I was wrong. DoH-to-Cloudflare-by-default is not an issue, as far as DNS rebinding is concerned. Sorry 😶😥