@r000t @x_cli Only if it's actually a string :)

object of type 'NoneType' has no len()

bcl boosted

@x_cli By hilarity I mean users learning what "NoneType has no attribute foo" means when they run the program with unexpected input. One of my primary complaints about is the lack of sane defaults for values.

@x_cli 'if value:' is the python way :) You really don't want to compare to "", if it's set to None hilarity will ensue.

bcl boosted

An improperly secured server exposed thousands of faxed medical records techcrunch.com/2019/03/17/medi Faxes, even at their best, are outdated & unreliable. ProtonMail is easy to use, #HIPAA compliant, and can protect medical records with end-to-end encryption protonmail.com/blog/hipaa-comp

bcl boosted

Just a reminder, you can support infosec.exchange through liberapay: liberapay.com/Infosec.exchange

Thanks!

bcl boosted

Some more research, once again proving that locally encrypted passwords don't necessarily result in data being safe/private on their server. Issue reported November last year, supposedly fixed (I have my doubts).

palant.de/2019/03/18/should-yo

@varx Maybe it's an attempt at RF shielding?

@varx sounds like a marketing scam disguised as a tech talk

The debug logs make way more sense when your before action log text and your after action log text are different :/

bcl boosted

Not the conclusion I expected: "The point should no longer be that we want the right to use the web anonymously to remain. We should rather fight to get this right back, because at some point somewhere along the way we lost it and nobody noticed." This post is the more explicit version of my thread here yesterday.

palant.de/2019/03/12/how-much-

bcl boosted

dnscrypt-proxy 2.0.20 released

"Cloaking can now do load-balancing between sets of IPv4 and IPv6 addresses, and startup time has been drastically reduced when using many DoH servers."

github.com/jedisct1/dnscrypt-p

bcl boosted

"How To Get Started on Mastodon and Leave Twitter Behind" by Max Eddy pcmag.com/article/364850/how-t

Pinafore got a shout-out in PCMag! Maybe I should offer a plastic-wrapped Pinafore CD-ROM in their next issue

bcl boosted

i'm not even saying "ugh security is hard" i'm saying the attack surface for ssh has been understood for Quite Awhile and we should have decent defaults to make it SAFE to use. Which means:

1. Deny root login
2. Deny password authentication
3. Require public-key authentication
4. Close off any deprecated key exchange methods
5. Auto-ban brute force attempts

That's like. A minimum best effort. Really.

Really.

@jerry Create an infosec capture-the-flag challenge for new accounts ;)

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.