X_Cli @x_cli@infosec.exchange

Worst feature ever: Netflix’s brutal automatic preview. It’s so against the user that is clearly designed to be that way.

OK. Just saw someone posting "8 Character Passwords are Dead"

To support this they say how a 2080Ti GPU has passed 100 Billion guesses per second and how that means in 2.5 hours they can try every single possible password.

*Except*

That's in the case of NTLM hash. A notoriously bad hash that has *no* *salt*. Even more ridiculous, because the NTLM hash is just as good as having the password. You don't need to crack the hash.

Yes, 8 character passwords should be dead, but this is bogus.

Privilege Escalation in Ubuntu (CVE-2019-7304):

https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html

– there are multiple methods to obtain root
– affects Ubuntu 18.10, 18.04 LTS, 16.04 LTS, 14.04 LTS
– update snapd according to https://usn.ubuntu.com/3887-1/

#snapd #ubuntu #privilegeescalation #linux #root #dirtysock

Did you know that #Fedilab has a feature that allows to don't take care about text length. It will automatically split the message in replies and add mentions in each messages. Thus it also works with private messages.
To enable it, just go in your settings.

Which #infosec books had the biggest impact on you - personally or professionally?

I created a GoFundMe for helping me to buy the computer at https://www.gofundme.com/for-buying-a-new-computer-for-developing-fedilab

It's for a Librem 15 version 4 (Only if I get enough funds otherwise, any other ideas are welcomed). Thanks.

#Fedilab

@bortzmeyer
@x_cli
Unfortunately many use cases require some kind of privileges inside the container, starting with privilege drop itself when running a daemon that requires different levels of privilege for listening on a port, writing to logs or serving requests.

User namespaces offer useful features and can hopefully be combined with fine-tuned caps and seccomp to "safely" offer "root" inside the container.

Les trottinettes Bird sont piratables avec un tournevis et 30 € (et la startup n’aime pas qu’on en parle) - Tech - Numerama

[Enquête Numerama] Détourner une trottinette Bird avec un simple kit à 30 dollars ? C'est possible. Parce qu'elle utilise des véhicules Xiaomi M365 standards très populaires, l'entreprise est plus ciblée que d'autres par des usagers mal intentionnés. Et ça l'empêche de trouver des solutions efficaces pour lutter contre ces pratiques.

https://www.numerama.com/tech/462006-les-trottinettes-bird-sont-piratables-avec-un-tournevis-et-30-e-et-la-startup-naime-pas-quon-en-parle.html

Dear @acebit, using AES-ECB is 𝘯𝘰𝘵 "Best possible encryption" - it's pretty broken encryption actually. Maybe you should change the way you describe #PasswordDepot? For reference: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_(ECB) 1/5

#infosec #cryptofail #passwords

Read an article today about how Windows 10 is going to start making a 7GB reserve file for updates, just stealing 7GB of your storage space

How about using Debian instead, were the updates FREE UP SPACE ON UR HARD DRIVE

@maxeddy
Do you have an entity number for "privacy signal messenger, llc"?

And what exactly is the legal personality of "Open Whisper Systems", which appears on the github repo as the copyright holder for 2013-2017 and to whom (since January 2016) contributors assign copyright according to https://signal.org/cla/?

@maxeddy
What I am pointing out is that the public statements do not square with the facts. Why are they being obtuse as to who is behind it? Open Whisper Systems doesn't exist, as we have seen. It's not even declared as a DBA name for the company that they started earlier this year. Back when you could still see owner information in whois, the domain records for signal.org led to a block of flats in the canary islands, etc.

Too much trust too little verification going on.

@diggity

So I looked up #wire, a messenger that supports video/voice calls.

Sadly, it has built-in tracking and a number of proprietary dependencies, which is why it's not on #fdroid yet. https://gitlab.com/fdroid/rfp/issues/108

That said, the developers seem very frank when talking about their software and open to cooperation and constructive criticism. They deserve credit for that.

@philippemargery @Purism @maxeddy

@diggity @philippemargery @Purism

Just for the record.

* First things first, the #wikipedia advertised “Open Whisper Systems” does not actually exist. Prove me wrong with an official incorporation document.
* The also #wikihyped “Signal Foundation”, AFAICT does not exist either, according to people who should know, namely https://www.irs.gov/charities-non-profits/tax-exempt-organization-search

See next message for what *does* exist…

Mastodon 2.7.0 introduced an opt-in directory per instance, making it easier to find interesting profiles on the instance:

https://mastodon.at/explore

To join, go to "settings" → "edit profile" and check "List this account on the directory".

Help others to find interesting profiles.

#mastodon #directory #infosec #security #cybersecurity