X_Cli boosted

Quand on a plusieurs banques, c'est amusant de voir comment celles-ci interprètent la et le besoin de faire de l'authentification en deux étapes.

Boursorama demande un login+mot de passe en étape 1 et un code SMS en étape 2.

La caisse d'épargne demande (attachez vous à votre siège) le login en étape 1 et le mot de passe en étape 2. C'est tout.

Je laisse ça là.

X_Cli boosted

Will you refuse to install an application because of the programming language it was written with?

- Yes
- Conditionally (Yes, but only if there is no binary available and I have to install the language's build tools)
- No
- Other conditions: please specify

Boosts appreciated, because I find the "boosts appreciated" trick working for other people and I figured I'd try once

X_Cli boosted

brow.sh is a text-based browser supporting HTML5, CSS3, JS, video and WebGL brow.sh (FreeBSD: freshports.org/www/browsh/)

X_Cli boosted

Patch your OpenSMTPD mailservers now. Exploiting critical RCE vulnerability CVE-2020-7247 is as simple as using this SMTP command:

MAIL FROM:<;for i in 0 1 2 3 4 5 6 7 8 9 a b c d;do read r;done;sh;exit 0;>

qualys.com/2020/01/28/cve-2020

X_Cli boosted

Another year, another #Intel vulnerability. This time called #Cacheout. It leaks Data on Intel CPUs via Cache Evictions.

cacheoutattack.com/

Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.

threatpost.com/cisco-webex-fla

X_Cli boosted

Pour les techniciens web et autres sysadmins et graphistes végans, #L214 recrute sur quatre postes !
l214.com/offres-demploi
#véganisme

(CVE-2020-0601) - PoC

github.com/ollypwn/CVE-2020-06

"CVE-2020-0601, or commonly referred to as CurveBall, is a vulnerability in which the signature of certificates using elliptic curve cryptography (ECC) is not correctly verified...."

X_Cli boosted
X_Cli boosted
X_Cli boosted

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.

sha-mbles.github.io/

X_Cli boosted

#JeRecrute
On cherche un·e Administrateur·ice Système dans le centre-ville de Marseille (centre-ville).

Connaissance et compétences requises:
- Unix / Linux
- DNS
- Mail
- Debian
- Python et/ou Ruby
- Nginx
- KVM
- etc.

C'est mieux si vous connaissez des outils de gestion de configuration comee SaltStack puppet ou ansible.

Cerise sur le gateau si vous vous y connaissez en CISCO

#JeChercheUnJob
Boost appréciés

X_Cli boosted
X_Cli boosted

Holy shit, Samsung Smart TVs straight up send "snippets" of things that you watch back home to "to provide you with customized Smart TV experiences".

samsung.com/us/account/privacy

Search that page for the text: "Your Smart TV transfers video snippets or TV tuner information in order to determine the programs watched."

#infosec

X_Cli boosted

@bortzmeyer @jpmens

"As a side-note: we already deny RFC1918-addresses from DNS-over-HTTPS
responses so in that regard, using TRR will save you from these DNS attacks!"

groups.google.com/forum/m/#!to

So, I was wrong. DoH-to-Cloudflare-by-default is not an issue, as far as DNS rebinding is concerned. Sorry 😶😥

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.