X_Cli boosted

Another year, another #Intel vulnerability. This time called #Cacheout. It leaks Data on Intel CPUs via Cache Evictions.


Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.


X_Cli boosted

Pour les techniciens web et autres sysadmins et graphistes végans, #L214 recrute sur quatre postes !

(CVE-2020-0601) - PoC


"CVE-2020-0601, or commonly referred to as CurveBall, is a vulnerability in which the signature of certificates using elliptic curve cryptography (ECC) is not correctly verified...."

X_Cli boosted
X_Cli boosted
X_Cli boosted

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.


X_Cli boosted

On cherche un·e Administrateur·ice Système dans le centre-ville de Marseille (centre-ville).

Connaissance et compétences requises:
- Unix / Linux
- Mail
- Debian
- Python et/ou Ruby
- Nginx
- etc.

C'est mieux si vous connaissez des outils de gestion de configuration comee SaltStack puppet ou ansible.

Cerise sur le gateau si vous vous y connaissez en CISCO

Boost appréciés

X_Cli boosted
X_Cli boosted

Holy shit, Samsung Smart TVs straight up send "snippets" of things that you watch back home to "to provide you with customized Smart TV experiences".


Search that page for the text: "Your Smart TV transfers video snippets or TV tuner information in order to determine the programs watched."


X_Cli boosted

@bortzmeyer @jpmens

"As a side-note: we already deny RFC1918-addresses from DNS-over-HTTPS
responses so in that regard, using TRR will save you from these DNS attacks!"


So, I was wrong. DoH-to-Cloudflare-by-default is not an issue, as far as DNS rebinding is concerned. Sorry 😶😥

X_Cli boosted

For those using Medium to write blog posts: STOP

Here is a free and open alternative:

X_Cli boosted

Toujours à la recherche d'un pur, en CDI, à Paris (Étoile). Besoin de reprendre en main l'UI des équipements de sécurité que l'on produit. Framework libre.

Également, toujours à la recherche d'un ingé sys/archi sys, en , au même endroit, pour mettre en œuvre de l', et le maintenir, et m'assister sur les aspects système de nos produits de .

Merci pour les boosts (😘) et encore plus pour les CVs (😍).

X_Cli boosted

Let's make a prediction: there will be a huge number of rebinding attacks on users who have activated DNS over because their information system rely on the local resolver to secure against this web browser .

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.