X_Cli @x_cli@infosec.exchange
I am a RNG (Random Network-security Guy): do not expect better toots than those produced by an infinite number of monkeys. Welfarist Vegan & Antispeciesist
That moment when you cannot use your TOTP because the network time of your cell operator drifts...
Ok, OpenBSD experts: I'm seeing this when I plug in (what I assume is a serial device) to an OpenBSD 6.3 box:
ugen2 at uhub3 port 2 "Prolific Technology Inc. USB-Serial Controller" rev 1.10/3.10 addr 4
Shouldn't I be seeing an additional line in dmesg telling me which ucom device it is? I'm stabbing around with `cu -s 9600 -l /dev/cuaU3' but keep getting
cu: open("/dev/cuaU3"): Device not configured
(cuaU0 -- U2 respond from a built-in modem)
How do I solve this?
Possibly better for not unnecessarily destroying precious computer parts?
#DNS Single Point of Failure Detection using Transitive Availability Dependency Analysis
https://www.sstic.org/media/SSTIC2018/SSTIC-actes/transdep/SSTIC2018-Article-transdep-maury.pdf
Recommendation: use glued delegations or diversify your delegations and check your dependencies with https://github.com/X-Cli/transdep
Demonstration of #Tempest attack (at 10 meters) using TempestSDR by @ANSSI_FR during #SSTIC. It works well for textual content (not so much for pictures). https://t.co/gnVHk5f3Gx
the gitea alternative is literally less that 2 minutes away to working on your box just the way it is.
https://docs.gitea.io/en-us/install-from-binary/
wget -O gitea https://dl.gitea.io/gitea/1.4.2/gitea-1.4.2-linux-amd64
chmod +x gitea
./gitea web
OR
WAIT A SECOND
Microsoft acquiring GitHub means they are acquiring Electron, too.
We are all triple fucked.
The person who wrote Debian's apache2 postinst script is a criminal. The enable_default_module function is the offense.
We take security seriously. Proof? I forgot to lock my screen friday, for 5 minutes. Result: 52 vegan muffins.
Reminder: domain-validated (DV) certificates are the proof that someone you don't know nor explicitely trust may have observed, some day in the last X years, from an unspecified vantage point, data that is not required to be cryptographically verifiable.
HTML e-mail the culprit somehow?
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
I came across this and think it's an interesting thought game:
https://twitter.com/chrissanders88/status/994622318067503104?s=19
Assume you've been hired as the 1st CISO of a 1000 employee org that has no dedicated sec team.
You can hire 5 people your first year. What roles do you fill?
Choose wisely, because you don't know if/when you'll ever get to hire anyone else.
Reader choice on org type.
Yesterday, I played the Photosynthesis #boardgame. It is excellent. You might feel, looking at the box that this is a game for the whole family, but it is not. It is a game for game specialists, with a very small rulebook but a lot of strategies and depth.
I need a hug :(
Let’s play a game: what is the deadly bug here?
This short php code contains a critical vulnerability. In this video I will explain in detail what I think while analysing it. Original source of challenge: ...
CNIL, the data protection regulator in France, released a guide for protecting data (just in time for GDPR, I guess) and it's pretty good... Kind of neophyte-level stuff, but the basics are important. https://www.cnil.fr/sites/default/files/atoms/files/cnil_guide_securite_personnelle_gb_web.pdf #infosec #security
