Coucou,
Je un expérimenté ou , préférablement sur région parisienne, ou rennaise, mais on peut imaginer du full remote.

Recrutement pour nous, pas pour des missions. Refonte de la WebUI de nos appliances, passage en SPA. On est une boite de développement de solutions de sécurité.

Contraintes : CSP requis, sans unsafe-*... je préfère prévenir 😅

Poste à pourvoir ASAP :)

Merci pour les boosts ❤️
Prenez soin de vous !

CoViD-19, Lang: fr, Off-topic 

X_Cli boosted

Quand on a plusieurs banques, c'est amusant de voir comment celles-ci interprètent la et le besoin de faire de l'authentification en deux étapes.

Boursorama demande un login+mot de passe en étape 1 et un code SMS en étape 2.

La caisse d'épargne demande (attachez vous à votre siège) le login en étape 1 et le mot de passe en étape 2. C'est tout.

Je laisse ça là.

X_Cli boosted

Will you refuse to install an application because of the programming language it was written with?

- Yes
- Conditionally (Yes, but only if there is no binary available and I have to install the language's build tools)
- No
- Other conditions: please specify

Boosts appreciated, because I find the "boosts appreciated" trick working for other people and I figured I'd try once

X_Cli boosted

brow.sh is a text-based browser supporting HTML5, CSS3, JS, video and WebGL brow.sh (FreeBSD: freshports.org/www/browsh/)

X_Cli boosted

Patch your OpenSMTPD mailservers now. Exploiting critical RCE vulnerability CVE-2020-7247 is as simple as using this SMTP command:

MAIL FROM:<;for i in 0 1 2 3 4 5 6 7 8 9 a b c d;do read r;done;sh;exit 0;>

qualys.com/2020/01/28/cve-2020

X_Cli boosted

Another year, another #Intel vulnerability. This time called #Cacheout. It leaks Data on Intel CPUs via Cache Evictions.

cacheoutattack.com/

Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.

threatpost.com/cisco-webex-fla

X_Cli boosted

Pour les techniciens web et autres sysadmins et graphistes végans, #L214 recrute sur quatre postes !
l214.com/offres-demploi
#véganisme

(CVE-2020-0601) - PoC

github.com/ollypwn/CVE-2020-06

"CVE-2020-0601, or commonly referred to as CurveBall, is a vulnerability in which the signature of certificates using elliptic curve cryptography (ECC) is not correctly verified...."

X_Cli boosted
X_Cli boosted
X_Cli boosted

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.

sha-mbles.github.io/

X_Cli boosted

#JeRecrute
On cherche un·e Administrateur·ice Système dans le centre-ville de Marseille (centre-ville).

Connaissance et compétences requises:
- Unix / Linux
- DNS
- Mail
- Debian
- Python et/ou Ruby
- Nginx
- KVM
- etc.

C'est mieux si vous connaissez des outils de gestion de configuration comee SaltStack puppet ou ansible.

Cerise sur le gateau si vous vous y connaissez en CISCO

#JeChercheUnJob
Boost appréciés

X_Cli boosted
X_Cli boosted

Holy shit, Samsung Smart TVs straight up send "snippets" of things that you watch back home to "to provide you with customized Smart TV experiences".

samsung.com/us/account/privacy

Search that page for the text: "Your Smart TV transfers video snippets or TV tuner information in order to determine the programs watched."

#infosec

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.