"We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China."

Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings - The Citizen Lab


All this drama around Zoom is getting annoying.

Yes, there are some real vulnerabilities and Zoom actually handled them timely and well.

Half of the things people complain about are just glamour infosec theatre.

Most other options suck as bad as Zoom, but compared to them it’s usable.

No, your fully distributed, Erlang based, webrtc bullshit is not an alternative. Ask anyone in your company who just needs to get their job done if they are open to go through those 40 easy steps to get started

Ran some simulations for the path picking optimiser i wrote over the weekend. Looks like performance and results are exactly what we want, now to adding tests and some refactoring.

If you're a secops person out of work and interested in some Security Ops contract work, I may be able to help. DM me

100% remote work, full time

If not, please boost for visibility!

Bei der Uniklinik Heidelberg werden wohl dringend Menschen die sich mit 3D Druckern auskennen (Ulimaker 1+2) sowie CAD modellieren können (ich hab Kontaktdaten) - die brauchen hilfe vor Ort

So far the mouse support in iPadOS 13.4 is amazing, but a few things stuck out as worth mentioning if you consider giving it a shot.

- on a Mac you might prefer a touch pad for gestures - on the iPad you want one
- scrolling in code-server broke :( This will likely be true for other web apps as well
- non-native apps like Slack do not support the „snap to element“ feature making it harder to interact with them

just published “Managing state in models” talking about state machines and making sure state transitions happen in a way that won’t result in unknown state breaking the rest of the app timo-zimmermann.de/2020/03/man

I had conversations with questionable sales reps / account managers in the past, but no one could match JumpCloud.

just blogged “working from home - things no one talks about” with a few tips to hopefully improve the forced WFH time timo-zimmermann.de/2020/03/wor

Guess that’s it for my trip to SF end of month :(

I am preparing a demo on how to add TOTP based MFA to a app and briefly considered making it a package.

But considering all the various settings, preferences and small details of individual auth systems I don’t see how a package would be helpful :/

You would likely spent more time customizing the package than following the tutorial to add MFA „manually“.

I’ve been using WordPress a bit more than a year and came to the point that I will likely migrate to something else. The editing experience is horrible enough that I would consider writing posts in vim on a laggy ssh connection an upgrade. And don’t get me started on the rest.

Just blogged „What is better than one HomePod?“ ranting a bit about stereo HomePods and if they make any sense timo-zimmermann.de/2020/03/wha

Took the train for my Leipzig trip. The question why people usually drive or fly has been answered again. This whole thing is a shit show.

Published “Security 101: OWASP” - a short introduction to a resource I wish more people would be leveraging :) timo-zimmermann.de/2020/03/sec

Coming up with short but meaningful enough code examples is still the hardest part for me when writing blog posts.

Currently working on „adding a finite state machine to Django models to control transitions“

So in summary: someone wrote a bot which forces me to do something for the bot to leave me alone.

How polite.

I just checked my taxes and I am paying roughly 2900€ for software each year.

All which allows me to do my job {better|faster|more convenient}. I used the trials to make sure they meet my needs.

Nearly all of those vendors could double pricing and I wouldn’t care. The need is still there, real alternatives don’t exist and it keeps the business running.

Pricing would only become a problem if there are alternatives or if perceived value would change drastically.

I am actually considering getting a second Homepod for stereo in my office. While I would not put them in my living room they feel like a super decent alternative for quality stereo considering the space and setup investment

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.