Hankoor boosted

~Open Source Security Tool of the Day~

Fully automated offensive security framework for reconnaissance and vulnerability scanning


Hankoor boosted

Are you looking for an individual monospace font for your development activities?
I don't know if this source is new to me alone...
But here is a great collection of monospace fonts:

Hankoor boosted

Just a reminder, you can support infosec.exchange through liberapay: liberapay.com/Infosec.exchange


Release news 8.2:

- Public key signature based on SHA-1 ermoved by default.
- FIDO/U2F Support!
and others...


I'will soon "migrate" to a new house in a village nearby.
Will try to expose a Hotspot, bc. many people can't afford fast internet.

Q to our -Community:

Any recommendation for Hw/Sw to have a reasonable secure and affordable solution?

- Outdoor-WiFi-Router?
(I've got a glass fiber 500 mbit/s for 140€/month 😭)
- Firewall-Hw?
(owning a nearly empty 19" rack - will most likely use pfSense)

(already owning an Ubiquiti Networks EdgeSwitch, 16-Port, 10G, ES-16-XG)

ICYMI (February 4, 2020):
Full disclosure:
0day vulnerability (backdoor) in firmware for HiSilicon-based DVRs, NVRs and IP cameras

To all users or maintainers of the Telekom Router "Digitalisierungsbox (Premium)":

There is a huge security issue when having set a single port forward!
Forwarding of port 80 and 443 will lead to forwarding the ranges of 80-89 and 440-449!
Yes, including SMB!

Get the latest update:

Hankoor boosted

RT @shodanhq@twitter.activitypub.actor
10 years ago @achillean@twitter.activitypub.actor launched the Shodan website! To celebrate a decade of discovery and growth we're going to offer the membership for $1 (marked down from $49) for the next 24 hours (0:00 UTC to 24:00 UTC): shodan.io/store/member

Hello out there!
Without wanting to start a discussion about the sense of use, I have a question.
"In the past", comodo had free S/MIME certificates for private use.
Their ROOT CA was trusted across many operating systems.
Is there still a similar, free alternative for private use today? Ideally with certificates that are valid for 1 year and longer?

"When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to them properly. As a result, security issues may be left unreported. security.txt defines a to help organizations define the process for security researchers to disclose security securely."

Hankoor boosted

This is likely the most comprehensive article on security keys available. Secure Authentication is the security domain that I am most interested in and this piece lights me up like a Christmas tree

How to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys. A look into YubiKeys, TOTP authenticator apps, passwordless and more.


Infosec Exchange

A Mastodon instance for info/cyber security-minded people.