Shout out to @jerry for the great help and support on this server!! Thank you so much for your professional and user-oriented approach!!
#AWS penetration testing policy:
@jerry What is the day when infosec.exchange was born? Shouldn't we celebrate it in some way?))
#Downgrade Attack on #TLS 1.3 and Vulnerabilities in Major TLS Libraries https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/
Advanced #Linux malware discovered (by
CheckPoint Security) that can target on-premises and cloud-based servers. Also able to infect MacOS devices. At the moment it serves XMRig miners to infected servers but bigger threat most likely in the making
Guys, you are doing a great job.
This is what a Linux for consumers should look like.
Thank you so much for the efforts.
Hi, would u be so kind to advise on a strange question?
I assume you are in US, and it's a BCM related question:
Is it MANDATORY by law in US (or a common thing to be mandatory by employment contracts) for employee to provide emergency contacts to employer?
Is it possible that you communicate with HR only by email from the very beginning, and never provide your phone or address to the company you work for?
I have a bunch of free passes to the webinar I'm giving on Wednesday and won't be using all of them. My topics will include a (very broad) overview of cybersecurity frameworks, and then some recent legal trends that pertain to #infosec. Shoot me a private message if interested.
Point of view on vulnerabilities:
'if attackers really aren’t finding, exploiting, or even caring about these vulnerabilities as we can infer from the supplied data — the value in discovering them in the first place becomes questionable'
NPR article posted today (May 1st) mentions Mastodon! They link to joinmastodon.org (not mastodon.social) which is great!
“As Facebook Shows Its Flaws, What Might A Better Social Network Look Like?”
A high risk client wants to use #WordPress. I may be ultimately responsible.
I believe I can handle doing things correctly at the LAM but the P concerns me. How to harden WP? My first thoughts are lock down the users table and move wp-config.php out of the web root. Change control on core and I handle updates.
How else to harden wp? Jokes welcome but bonus points for actual suggestions.
Quote of the day from the greatest series of all time:
Reminder that donators count as *trusted third parties* because by their definition they *assist (Mastodon, aka Gargron and the official development team) in operating (the) site, conducting (their) business, or servicing you* through of course donations.
This includes Pixiv and Tootdon.
While the former is known for running a heavily customized fork of the Mastodon FE the latter is well known to collect unencrypted user data from the app's user account and accounts the user interacts with.
What bothers me is that people all went crazy about Tootdon, then they started making Facebook memes, despite living on a service that legally binds you to accept that some specific services (Tootdon, in this case) can collect your data without the legal need to sign a secondary ToS acceptance policy with the third party service itself.
Facebook didn't do this. Facebook had the decency to force you to sign third party ToS and data collection policies every time you used one of those services.
Information Security Executive, opinions are my own
A Mastodon instance for info/cyber security-minded people.