Leonid Bayakhchev @awesome_leonid@infosec.exchange
Information Security Executive, opinions are my own
I have a bunch of free passes to the webinar I'm giving on Wednesday and won't be using all of them. My topics will include a (very broad) overview of cybersecurity frameworks, and then some recent legal trends that pertain to #infosec. Shoot me a private message if interested.
Is there a way to see in federated timeline only toots from specific instance?
If I'm in this instance but I want to see all public toots from specific one - what do I do?
Ok, let's discuss and build ideal
🖥SERVER FOR HOME-USE NEXTCLOUD🖥
1) OS choice?
2) Server Hardening and Privacy - exact steps
3) MySQL or MariaDB?
4) Encryption options?
5) VPS vs Dedicated vs PC at home?
6) Other considerations?
Point of view on vulnerabilities:
'if attackers really aren’t finding, exploiting, or even caring about these vulnerabilities as we can infer from the supplied data — the value in discovering them in the first place becomes questionable'
http://blog.jeremiahgrossman.com/2018/05/all-these-vulnerabilities-rarely-matter.html
Any open source cross platform self-hosted option to store and sync up contacts?
Wesnoth 1.14 is out!!
NPR article posted today (May 1st) mentions Mastodon! They link to joinmastodon.org (not mastodon.social) which is great!
“As Facebook Shows Its Flaws, What Might A Better Social Network Look Like?”
A high risk client wants to use #WordPress. I may be ultimately responsible.
I believe I can handle doing things correctly at the LAM but the P concerns me. How to harden WP? My first thoughts are lock down the users table and move wp-config.php out of the web root. Change control on core and I handle updates.
How else to harden wp? Jokes welcome but bonus points for actual suggestions.
Reminder - never book a flight through Frankfurt with a connection less than 1.5 hours...
Quote of the day from the greatest series of all time:
Reminder that donators count as *trusted third parties* because by their definition they *assist (Mastodon, aka Gargron and the official development team) in operating (the) site, conducting (their) business, or servicing you* through of course donations.
This includes Pixiv and Tootdon.
While the former is known for running a heavily customized fork of the Mastodon FE the latter is well known to collect unencrypted user data from the app's user account and accounts the user interacts with.
What bothers me is that people all went crazy about Tootdon, then they started making Facebook memes, despite living on a service that legally binds you to accept that some specific services (Tootdon, in this case) can collect your data without the legal need to sign a secondary ToS acceptance policy with the third party service itself.
Facebook didn't do this. Facebook had the decency to force you to sign third party ToS and data collection policies every time you used one of those services.
Defensive Security Podcast Episode 216
http://defensivesecurity.org/defensive-security-podcast-episode-216/
#infosec
This is close to what I was looking. Its still not detailed enough for the complete beginner, advise is a little bit extreme without good explanation why, but its close.
'Jenkins Cycle' by John L. Monk is awesome, recommended
https://www.amazon.com/Jenkins-Cycle-Boxed-Set-Binge-ebook/dp/B014K1PHX4
Lol, 3 areas suddenly became 4 :D
Does somebody know good examples of guides/how-tos on the personal data security and privacy?
I'm not talking about 'use VPN' type of articles, but more like a 'how to configure own secure email server for grandmothers' type of stuff.
I'm particularly interested in 3 areas:
1) email
2) photos
3) files other rhan photos
4) communication - chat and video/audio
"Instead of informing an attacker that a particular port is in a CLOSED
or FILTERED state a system running Portspoof will return SYN+ACK for
every connection attempt, spoof all ports open.
Result: As a result it is impractical to use stealth (SYN, ACK, etc.)
port scanning against your system, since all ports are always reported
as OPEN. With this approach it is really difficult to determine if a
valid software is listening on a particular port."
https://www.darknet.org.uk/2018/04/portspoof-spoof-all-ports-open-emulate-valid-services/
