Show more
Jerry Bell boosted

Another crazy "increased vigilance" recommendation from a vendor: "Set policies to alert on new hosts joining the network. To reduce the possibility of ‘rogue’ devices on your network, increase visibility and have key security personnel notified when new hosts attempt to join the network." :blobshock:

Jerry Bell boosted

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.

sha-mbles.github.io/

Jerry Bell boosted

Any must-watch talks from last years congress?

Jerry Bell boosted

I just did a very simple API to query the threat actors from the @MISPProject galaxy. There is a public API and the server is also open source. You can find threat actors name, synonyms and all meta-data with a simple curl query. #ThreatIntel

github.com/MISP/threat-actor-i …pic.twitter.com/NNjdapbomt

Jerry Bell boosted

Strange event on my house WiFi. A new station joins (associations goes up by 1. Someone opened a macbook air's lid) then all WiFi traffic goes to 0 (sev1 ticket: "daaaaad! The WiFi is broken!") Not sure what the deal is. OpenWRT is usually pretty robust, but this is not the first time I've seen this behaviour, but it's the first time I've captured it in the graph and gotten some data.

Jerry Bell boosted

Company held hostage by ransomware shuts down, tells 300 employees to find new jobs.

A ransomware attack should never be enough to kill off your company.

grahamcluley.com/ransomware-sh

Jerry Bell boosted

Anyone in the Dallas, TX are who has expertise in Cyber insurance? Got a friend of a friend who's looking for a speaker.

Jerry Bell boosted

Anyone got experience with a and challenge-response via NFC under Android?

Jerry Bell boosted

awesome-mobile-security: An effort to build a single place for all useful android and iOS security related stuff.
github.com/vaib25vicky/awesome

Jerry Bell boosted

Just remember: you are wanted, you are valued, you are necessary here. Take care of yourself, because we need you—not for anything you DO. We need you to just exist, my friend.

I have to say that I’ve been pretty impressed at the iPhone 11 Pro Max’s battery life so far.

Jerry Bell boosted

Active Directory Security Fundamentals

A lot of (targeted) ransomware attacks have been leveraging through Active Directory and it has made the headlines. Most organizations are struggling to secure their AD, because it is complex. It r…

identityaccess.management/2019

New iPhone came today. The wide angle camera on the iPhone 11 Pro Max is the main reason I wanted to upgrade from the XS Max. Other than the camera, there’s no noticeable difference I’ve found yet.

@peveritt apologies for the delay in approving your account

Jerry Bell boosted

Anyone else seeing errors of this form in sidekiq: "Av::CommandError: error while running command ffmpeg -ss 0 -i "/tmp/57f1270d6b0fc8769a20aa178bbee8a520200101-722-84121j.mp4" -f image2 -vframes 1 -loglevel fatal -vf scale='min(400\, iw):min(400\, ih)'..."

I'm seeing quite a few of them.

And we’re back. Upgraded Postgres from 10 to 12.1. Went pretty smooth.

infosec.exchange is going down for a few minutes for maintenance. See you soon!

Just booked a trip to NYC in mid January for a one hour face to face meeting. Why couldn’t the financial capital of the world be in Miami?

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.