Martin Boller (ツ) @itisiboller@infosec.exchange
Security Curmudgeon & InfoSec Worrier
Hm, apparently #letsencrypt now provides mor than 50% of the web certificates.
On one hand: FUCKING AWESOME.
On the other: Shit. They're getting very powerful and we are centralizing our trust. I think we could reallu use 2-3 new orgs like Letsencrypt, with similar technology and mission statement, but entirely independent.
Are there any out there yet?
Threat Intelligence why this is not only for APT attacks:
https://www.ecrimelabs.dk/blog/2018/4/3/threat-intelligence-why-this-is-not-only-for-identifying-apt-attacks
He concluced his article (titled "Mastodon will never be the next Twitter") with this:
"I suspect thousands of other Tooters (blech!) will soon do the same and Mastodon will lay down beside all other other fossilized social media platforms and fade from existence."
Since then, Mastodon grew to 1,300,000 users and 2,000 servers. This is why people bring him up today.
Has anyone seen this Twitter thread? - T-Mobile Austria stores passwords in plain text, let their employees the the first 4 digits of it and they see nothing bad in it.
i mean, their security seems "amazingly good, but not 100% secure".
RT @taviso@birdsite.link
This is amazing, Windows Defender used the open source unrar code, but changed all the signed ints to unsigned for some reason, breaking the code. @halvarflake noticed and got it fixed. Remote SYSTEM memory corruption https://twitter.com/ProjectZeroBugs/status/981562931178389505
Linux kernel lockdown and UEFI Secure Boot http://www.tuxmachines.org/node/110505
$ ping 127.1
PING 127.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.082 ms
https://news.ycombinator.com/item?id=16728255
oh, yeah and #cloudflare is now happy to track you with their new #dns 1.1.1.1
TIL Chrome is scanning your files, including private folders, in the background as an anti-malware measure
https://twitter.com/swagitda_/status/979477998142476289
There’s currently no “off” switch, but apparently the devs reassure that scans are local and not “cloud” based. But this still has consent and privacy implications
Vibes from recent SCaLE 16x (Southern California Linux Expo).
LinuxChix LA & LinuxGameCast are there goofing about and looks like having awesome time!
"Jill from LinuxChix LA made a wicked-neat video covering some of the rampant insanity".
LGC wholeheartedly approves.
--> https://linuxgamecast.com/2018/03/linuxchix-la-linuxgamecast-scale-16x/
_
#LGC #SCaLE16x #Linux #expo #California #LinuxChix #party
Start them young
Appears less ominous than expected https://twitter.com/bendiken/status/979076199875006465
Sadly, I think that under the new SESTA law that is expected to be signed into law shortly, instance owners like me in the US will have to monitor for for and ban accounts like this, or face civil and criminal penalties: https://switter.at/@omgheatherjana/99761284583779887
Still Error 5xx #CVE-2018-7600 #psa-2+18-001 https://www.drupal.org/psa-2018-001 #InfoSec #Drupalgeddonv2 #drupal #Patch #JustInputValidation?
Why this innovator thinks the car of the future rides on open source http://www.tuxmachines.org/node/110262 #freesw
