Show more
bcl boosted

Son, now that you're 6, it's time I taught you about SSH. This is how you ssh into the computer upstairs and play a loud sound on it to scare your sister.

bcl boosted

After Matrix has restored its major services, they noticed that the GPG keys used for signing packages where compromised.

The key IDs are:

AD0592FE47F0DF61 (synapse)
E019645248E8F4A1 (Riot/Web)

Please make sure to no longer use those keys.

#matrix #Riot #infosec #security

bcl boosted
bcl boosted

And so we enter the #fediverse. Support for all instances is coming soon. We're just waiting on more of the Keybase community to update to the latest versions so all of these new proof options will look good in the UI. Thanks for your excitement!

bcl boosted

*BOOSTS NEEDED*

A friend of mine was recently involved in a motorcycle accident. Bike totaled, wrist broken, surgery for torn ligaments needed. He has no health insurance. Anything you can give would help gofundme.com/shaun039s-ouchie-

Well that was easy.

Ubiquiti EdgeRouter X SFP can mirror ports: Go to Config Tree->Interfaces->Ethernet->eth0 and put the destination port into the 'mirror field'.

Plug in a laptop, disable dhcp on the nic, and run: `sudo tcpdump -i ethf00 -n -X` and presto, packets!

Reportedly this is a software copy so router CPU usage will increase, but I don't see it going over 30% right now.

Solved it. 50' of CAT5e is easier to setup and way more reliable.

I never learn. Yet again I have wasted HOURS trying to get DDWRT's client bridge mode working. It doesn't. I guess I should just buy another NanoStation.

bcl boosted

web server bug grants root access on shared hosting environments.
Companies using Apache on private, non-shared servers are also at risk, but to a lesser degree.
zdnet.com/google-amp/article/a

bcl boosted

secarch.dev/posts/2fa-is-still

"2FA is Still Too Complicated for Most People"

I wrote something that might be unexpected.

tl;dr: use and recommend password managers first, then 2FA

#infosec

Remember the days when you had to rebuild half your system in order to move your passwords into /etc/shadow?

tldp.org/HOWTO/Shadow-Password

Take a moment to remember one of the guys who helped make sure we never have to do that again. Mike's been gone 16 years now, but I like to think that his legacy is that the HOWTO convinced everyone that it'd be a hell of a lot easier if the distributions would do it for us :)

Today's PSA to future self. Remember to delete the DNS entry when you destroy the Droplet. There are people actively looking for neglected subdomains to exploit. Like this place - http://138.197.164.85/sitemap.xml

bcl boosted
bcl boosted

An improperly secured server exposed thousands of faxed medical records techcrunch.com/2019/03/17/medi Faxes, even at their best, are outdated & unreliable. ProtonMail is easy to use, #HIPAA compliant, and can protect medical records with end-to-end encryption protonmail.com/blog/hipaa-comp

bcl boosted

Just a reminder, you can support infosec.exchange through liberapay: liberapay.com/Infosec.exchange

Thanks!

bcl boosted

Some more research, once again proving that locally encrypted passwords don't necessarily result in data being safe/private on their server. Issue reported November last year, supposedly fixed (I have my doubts).

palant.de/2019/03/18/should-yo

The debug logs make way more sense when your before action log text and your after action log text are different :/

bcl boosted

Not the conclusion I expected: "The point should no longer be that we want the right to use the web anonymously to remain. We should rather fight to get this right back, because at some point somewhere along the way we lost it and nobody noticed." This post is the more explicit version of my thread here yesterday.

palant.de/2019/03/12/how-much-

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.