Shout out to @jerry for the great help and support on this server!! Thank you so much for your professional and user-oriented approach!!

@jerry What is the day when infosec.exchange was born? Shouldn't we celebrate it in some way?))

Advanced malware discovered (by
CheckPoint Security) that can target on-premises and cloud-based servers. Also able to infect MacOS devices. At the moment it serves XMRig miners to infected servers but bigger threat most likely in the making
threatpost.com/speakup-linux-b

@elementary

Guys, you are doing a great job.

This is what a Linux for consumers should look like.

Thank you so much for the efforts.

@FlyingLawyer

Hi, would u be so kind to advise on a strange question?

I assume you are in US, and it's a BCM related question:

Is it MANDATORY by law in US (or a common thing to be mandatory by employment contracts) for employee to provide emergency contacts to employer?

Is it possible that you communicate with HR only by email from the very beginning, and never provide your phone or address to the company you work for?

I have a bunch of free passes to the webinar I'm giving on Wednesday and won't be using all of them. My topics will include a (very broad) overview of cybersecurity frameworks, and then some recent legal trends that pertain to . Shoot me a private message if interested.

Is there a way to see in federated timeline only toots from specific instance?

If I'm in this instance but I want to see all public toots from specific one - what do I do?

Ok, let's discuss and build ideal

🖥SERVER FOR HOME-USE NEXTCLOUD🖥

1) OS choice?
2) Server Hardening and Privacy - exact steps
3) MySQL or MariaDB?
4) Encryption options?
5) VPS vs Dedicated vs PC at home?
6) Other considerations?

Point of view on vulnerabilities:

'if attackers really aren’t finding, exploiting, or even caring about these vulnerabilities as we can infer from the supplied data — the value in discovering them in the first place becomes questionable'

blog.jeremiahgrossman.com/2018

Any open source cross platform self-hosted option to store and sync up contacts?

NPR article posted today (May 1st) mentions Mastodon! They link to joinmastodon.org (not mastodon.social) which is great!

“As Facebook Shows Its Flaws, What Might A Better Social Network Look Like?”

npr.org/sections/thetwo-way/20

A high risk client wants to use . I may be ultimately responsible.

I believe I can handle doing things correctly at the LAM but the P concerns me. How to harden WP? My first thoughts are lock down the users table and move wp-config.php out of the web root. Change control on core and I handle updates.

How else to harden wp? Jokes welcome but bonus points for actual suggestions.

Reminder - never book a flight through Frankfurt with a connection less than 1.5 hours...

Reminder that donators count as *trusted third parties* because by their definition they *assist (Mastodon, aka Gargron and the official development team) in operating (the) site, conducting (their) business, or servicing you* through of course donations.

This includes Pixiv and Tootdon.

While the former is known for running a heavily customized fork of the Mastodon FE the latter is well known to collect unencrypted user data from the app's user account and accounts the user interacts with.

What bothers me is that people all went crazy about Tootdon, then they started making Facebook memes, despite living on a service that legally binds you to accept that some specific services (Tootdon, in this case) can collect your data without the legal need to sign a secondary ToS acceptance policy with the third party service itself.

Facebook didn't do this. Facebook had the decency to force you to sign third party ToS and data collection policies every time you used one of those services.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.