One line DNSSEC configuration in BIND 9.16 (coming out later in February 2020):

zone "example.com" {
type master;
file "example.com";
dnssec-policy default;
};

See talk by Evan Hunt (ISC) from DNS-OARC last weekend about this and other changes coming in the new BIND 9 version:

invidio.us/watch?v=5math9Oy97s

"The only beneficiaries from the resulting wrong-think will be shareholders and employees of the garbage-spewing security vendor, and of course, the bad guys"

circleid.com/posts/20150420_in

I'm running a (hopefully) fortnightly newsletter on Substack called The Dork Web. First issue is out on the 30th of Jan, featuring the <$200 Pinebook Pro, a Z80 SBC for running CP/M, China's social credit system in the west and more. Sign up here: thedorkweb.substack.com

’s for -2020-0601 introduces a call to in when a faked certificate is detected.
Didier Stevens wrote a script that will write a Windows event entry in the Application event log.

blog.didierstevens.com/2020/01

😪

Try this
nmap --script=ssl-cert.nse 10.10.10.0/24 | grep -i Issuer | grep -i 'IOS-Self-Signed-Certificate'

If the above returns any results (adjust subnets accordingly) then you might want to read this:
cisco.com/c/en/us/support/docs

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.