Our company is remote only, and I think this site is a good point of reference for anyone interested in how that works: remoteonly.org

Great days, happy to be involved in some new projects! It will involve, amongst many things, a lot of work with various products. Hope you are all having a nice day and week yourselves.

and enthusiasts in there is a meetup of interest: At La Paillasse on 27th of September from 7 pm. More details on their account at twitter.com/DC11331

I attended the last one which featured talk on car hacking including gear. See infosec.exchange/@superruserr/ and attached photo of an RF Explorer

Co-op idea:
IT security for NGO, reporters, human rights, political and marginalized groups. Ask a fair price for the ones who can pay, free for the ones who can't. Develop procedures, trainings and software.
Is there something like this already?
Would it make sense to start one?

work Show more

re: Bad words in programming, now with Redis Show more

I just launched my website! BountyGraph helps secure free and open source software through crowdfunded bug bounties and security audits. I hope you'll check it out!


Blog post: justi.cz/bountygraph/2018/08/0

In particular, I think it is a security anti-pattern to have application build pipelines pull fresh downloads of packages from upstream servers on every build if the packages are not expected to change. If for some reason you have to do this, you should pin dependencies using a cryptographically secure hash function.



@derekcaelin Welcome!
Do you have any resources / advice for those getting started on security training?

I wrote a 'security wiki' for the company manual at my work, but we are remote workers so it was a bit tricky with the remote work setup, different devices used, etc.

Hi Folks. πŸ‘‹ I train global activists and civil society organizations on how to use tech for social good. I also volunteer for RagTag, and next week I'll be conducting security training. (How to set up 2FA, etc.) It'll be my first time training on security. I'm glad to join this community and expand my knowledge of infosec.

@alkahest @craigmaloney I -think- if memory serves me correctly you can buy the related car parts/firmwares only from a car shop and play around with these. See opengarages.org/handbook/

@ed1conf @florian It's greatly reduced, but not completely eliminated on x86. I'm not an expert though. πŸ˜…

Todd Mortimer has made significant headway toward reducing the amount of useful ROP gadgets on x86 too. But made especially difficult by polymorphic instructions, x86 being a variable length ISA. ARM64, by comparison, being fixed-length.

I'd highly recommend reading his mailing list post, and commit messages. He's also giving a talk at #EuroBSDCon 2018!


I wonder if there would be any interest in an Infosec/Hacker "fall camp" that was actually camping, in the spirit of the old "Linuxbierwanderung"

A few days of camping and hiking combined with an unconference and an emphasis on making…

Now working on the #decentralized internet & #privacy #devroom proposal for #FOSDEM 2019 edition.


Anyone interested in participating in the organization is invited to join the dedicated forum:


@collectible1 @coolpowers The deleted toot was in response to a question from someone I follow:


I replied that it was possible. I didn't say that I was doing it, or that I had plans to do it. If you read the parent toot, it's obvious it wasn't a nefarious conversation.

It is indisputable fact that it's possible to scrape public accounts and toots. You should lock your account and hide posts from the public timeline if that's a concern.

waxing nostalgic for the near future by way of the near past - 2000 chars, involves feels Show more

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.