Jerry Bell is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Jerry Bell boosted

The NSA were able to break VPN encryption on Russian, Iraqi airlines and associated booking systems along with a Qatari media outlet. Unknown whether they outright cracked improperly configured encryption or whether they targeted hardcoded credential setups.
theintercept.com/2018/08/15/ns

Jerry Bell boosted

Sysadmins need a shirt reading: "I survived Patch Tuesday"

Jerry Bell boosted

So I managed to get IPv6 inside an OpenVPN tunnel working. However, I still need to figure out how to make it dynamic, because currently the prefix inside the tunnel is copied manually from the WAN interface. I mean I could use a private prefix and use NAT, but that seems like a poor solution.
Does anyone have a better idea?

Jerry Bell boosted

found something interesting: brow.sh, a console web-browser meant to be run on a server via ssh so that you don9t need to load all those scripts and assets over a slow connection. supports graphics via ansi-art. imo, great idea!

Jerry Bell boosted

Great article by @jerry

"We have to accept that there *will* be electronic voting. We have to accept that our refrigerators, toaster, toilet, and gym shoes *will* be connected to the Internet some day, if not already. We don’t have to like these things"

infosec.engineering/no-true-in

Jerry Bell boosted

oh right Mastodon has statsd support right?

last time I heard about that, there was a file descriptor leak of some sort in the underlying library, is that sorted?

anybody using it?

#mastoadmin | #sysadmin

Jerry Bell boosted

I've complained about systemd before, but this talk gives excellent perspective. Doesn't explain the security complaints, but still good perspective.

youtube.com/watch?v=6AeWu1fZ7b

Jerry Bell boosted

So. My contract with my job came to an end rather unexpectedly. Understandably, I'm seeking out a new job ASAP.

I'd prefer second line support, junior sysadmin, or similar -- but I'm aware I don't necessarily have the right to be picky and as such I'm open to other roles too.

I'm based in Manchester UK, but open to remote.

I'm working on BSc. Computer Science from Open University. Also self-teaching C# and Python && fundamentals of Linux and Networking.

Jerry Bell boosted
Jerry Bell boosted

You know what goes better than a beer with the latest Defensive Serucity podcast?

Two beers.

defensivesecurity.org/defensiv

Jerry Bell boosted

Regarding the Firefox DNS stuff - I recommend you read both Mozilla's blog post[0] as well as the ungleich.ch post criticising it[1], and then come up with your own conclusions.

[0]: blog.nightly.mozilla.org/2018/
[1]: blog.ungleich.ch/en-us/cms/blo

Seeing a lot of questioning of the motives of Mozilla and Cloudflare with the recent DNS over HTTP announcement. I primarily dislike it because it complicates how systems work. Next Chrome will send their DNS queries to google, edge to Azure, Safari to Akamai. I’d rather see a move to DNS over HTTP at the OS level and for broader ISP support for it.

Jerry Bell boosted

Upcoming Firefox release will start sending all your DNS requests to Cloudflare

blog.ungleich.ch/en-us/cms/blo

Looks like this will override local resolvers and therefore break any LAN only domains (as well as sending data to a US company).

Details on how to change this in about:config here blog.nightly.mozilla.org/2018/

Enjoy your Sunday, friends.

Jerry Bell boosted
Jerry Bell boosted

Question for #InfoSec experts (please boost if you know one).

Compared to the #EFAIL panic and hysterism, where a lot of people were debating about the issues of #GPG, nobody seems interested in the fact that a with a trivial attack, anyone can forge PROOFS on people PC.

With the trivial #attack described at bit.ly/2MhGpse anyone can PUT ILLEGAL CONTENTS INTO YOUR PC WITHOUT LEAVING TRACES. Some even through 3rd party sites you trust.

Isn't that a serious #security #vulnerability?

Nearly every account registered recently on infosec.exchange appears to be intended to spam 😕