X_Cli  

Mon nouvel article dans le numéro hors-série n°21 de : "Back to basics" / les indispensables. Pas de gros prérequis pour la lecture dans ce numero ! À mettre entre toutes les mains d'informaticiens !

infosec.exchange/media/lFLgDMN

0
X_Cli boosted
Yellow Flag at 🏠  

This is a fascinating read. Let this sink in: law enforcement compromised the network of a secure chat solution and pushed malware to all endpoints in order to read all the messages. All that on the premise that the majority of the users were criminals, even though some weren't.

vice.com/en_us/article/3aza95/

1+
X_Cli boosted
🍵 holly 🇪🇺  

Please enjoy this ad that has apparently been banned in France. I kind of love it. youtu.be/kMpqVfnuyII

1+
X_Cli  

Camping, vacation 

Myself, lighting a fire with a camp knife (Mora companion), a firesteel, and a paper handkerchief

infosec.exchange/media/amNdHSL

Show thread
0
X_Cli  

Camping, vacation 

Funny how I wake up to tremendous back pain in my $700 mattress and I wake up unscathe after a night in a hammock at a camp fire 😅 I think I should move 😂

infosec.exchange/media/PvVz9fy

1
X_Cli boosted
Mobilizon  

Nous publions aujourd'hui une nouvelle version bêta de #Mobilizon, à la fois pour montrer les avancées depuis la reprise du développement, mais aussi pour commencer les tests, notamment avec les personnes qui sauraient l'installer sur leur serveur.
➡️ joinmobilizon.org/fr/news/#20-

1+
X_Cli  

Vacation 

The simple pleasure of life: lighting a pocket wood stove on the beach and boiling a hot tea, with your significant other at sun down❤️

infosec.exchange/media/wL9Ln4s

infosec.exchange/media/wTiep7Q

1
X_Cli boosted
Carsten Strotmann  

New BIND 9 versions out, fixing two security issues:

CVE-2020-8619: An asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.

CVE-2020-8618: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer

A summary of changes in the new releases can be found in their release notes:

9.11.20 - downloads.isc.org/isc/bind9/9.

9.16.4 - downloads.isc.org/isc/bind9/9.

0
X_Cli  

Linux kernel lockdown, integrity, and confidentiality

mjg59.dreamwidth.org/55105.htm

0
X_Cli  

Je aussi une en à , pour un groupe constitué d'une boite qui développe une solution de sécurité, et d'une boite de prestation de services informatiques (y compris pentests). Suivi de carrière, recrutement, tout le toutim. Je suis pas bien placé pour en parler ; je suis ingé sécu, mais si vous connaissez des gens intéressés, je forward volontiers :)

Show thread
0
X_Cli  

Je , en CDI, en interne (pas de presta), création de postes, à :
* un et réseau, principalement et , mais un peu de aussi. Bonus si compétence en sécurité.
* un développeur sénior, Py/#Go/#Rust avec appétance pour le bas-niveau (lire du de Linux ou autre, écrire du code système et réseau)
* un testeur ( principalement), env /#k8s,
* un chef d'équipe d'intégration (relation client, déploiement, tests, docu, formation).

1
X_Cli boosted
Klemens Nanni  

re: job 

So in case anyone is looking for a solid "techie" in the broader Frankfurt am Main area that tries to do things right from start to end, with expertise ranging from firmware/OS hacking in C over network/infrastructure design to high level automation: I'm looking around to put my skills at proper use.

Feel free to boost this, drop me a message or point to general directions.

Show thread
0
X_Cli boosted
slh  

-2020-13777: 1.3 session resumption works without master key, allowing


gitlab.com/gnutls/gnutls/-/iss

0
X_Cli  

You can list a directory containing 8 million files! But not with ls.

be-n.com/spw/you-can-list-a-mi

0
X_Cli boosted
slh  

c'est fini !

Vidéos/slides/articles depuis le programme : sstic.org/2020/programme/

et les actes en PDF : actes.sstic.org/SSTIC20/sstic-

Merci à l'équipe organisatrice de cet évènement et à tous les speakers !

1
X_Cli  

@jpmens Hey there :) I hope you are doing well. Long time since I read a toot from you :)
I have been putting to practice one of your advice recently and I am struggling a bit. I tried to do what you explain in this post: jpmens.net/2020/01/16/creating

Unfortunately, it seems that pip is doing a POST / query, for instance when running pip search smth, and that nginx is refusing to serve POST requests on autoindex. You are citing nginx as a possible web server for this. Did you experience smth similar?

0
X_Cli  

Tool of the day: man7.org/linux/man-pages/man8/

Packet mirroring/stealing with TC

TC is really an amazing tool 😲

1
X_Cli  

Does someone know why IPIP tunnel interfaces are visible in all network namespaces? I created one in my "default namespace" and it is present in all (children?) namespaces. Are they inherited for some reason? Why? Can I disable this?

0
X_Cli boosted
Scott Mortimer  

~Open Source Security Tool of the Day~

Whilst I prefer hardening systems manually, this is a very effective way for automating Linux hardening for those who are new to the concept and learning from the experience.

github.com/x08d/lockdown.sh/bl

1
X_Cli boosted
Scott Mortimer  

The latest in DNS Amplification DDoS

New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor.

zdnet.com/article/nxnsattack-t

0
Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.

Resources

Developers

What is Mastodon?

infosec.exchange

More…