"How many TOTP secrets can be stored on YubiKeys and Nitrokeys?":
– Nitrokeys: up to 16
– YubiKeys: up to 32
(Values may differ due to different firmware, or hardware variants.)
In both cases, you need additional software to use TOTP since these tokens don't come with their own internal clock. A clock would require an energy source, but these tokens don't contain batteries.
[Appel à la communauté]
On a besoin d'aide pour faire connaître notre projet #Mobilizon. En gros, si vous trouvez que ce n'est pas génial d'utiliser Facebook ou Meetup pour vous rassembler, vous organiser et vous mobiliser, aidez-nous à faire connaître ce projet.
Vous connaissez des personnes susceptibles d'être intéressées (manifestant⋅es, militant⋅es, activistes, etc.) ??? Partagez auprès d'elles ces informations ! On vous remercie beaucoup fort ❤️
De Raadt: "It is such an amazing business-friendly but risk-ignorant pattern to simply restart software that has failed."
When infosec people fail to get that running software is the only satisfying type of software. It is not risk-ignorant. It is called risk management.
In what world is this answer acceptable: "Oh yeah, the website has been down for 3 weeks because we/they are searching the root cause of a crash of the web server."?
So npm Inc is a private entity in control of our commons, and we are not. Does that make it evil? No. It doesn’t. It doesn’t make it good, either.
The question of its benevolence is the wrong question to ask.
npm is not a benevolent institution. It CANNOT be one.
The possibility of it being that ended the day its owner took VC funding instead of putting it into a foundation or some other form of community ownership. That decision turned npm into a financial instrument.
Eleven effing years after RFC5280, it will require a PKI specialist spending many hours with the Openssl CLI to make some indirect CRLs. WTF! #DeathByX.509
Excellent article. A must read, I would say.
Errata Security: Your threat model is wrong
Only nitpicking I can do is that most 2FA mechanisms won't save you from phishing.
#Snapchat Employees Abused Data Access to Spy on Users.
Multiple sources and emails also describe #SnapLion, an internal tool used by various departments to access Snapchat user data.
"WhatsApp was hacked and attackers installed spyware on people’s phones" - https://www.businessinsider.com/whatsapp-hacked-attackers-installed-spyware-2019-5 #Privacy #Security #WhatsApp
Tchap n'est pas la messagerie «sécurisée» que vante le gouvernement ➡via @firstname.lastname@example.org https://korii.slate.fr/tech/couacs-failles-deboires-tchap-messagerie-securisee-gouvernement-francais-telegram-riot-cybersecurite?utm_medium=Social&utm_source=Twitter#Echobox=1557205833
The Tragedy of systemd
La France est arrivée à la première place de l’édition 2019 du plus grand exercice international de cyberdéfense en situation réelle, Locked Shields, organisé par le NATO Cooperative Cyber Defence Centre of Excellence de Tallinn. La République tchèque et la Suède complètent le podium.
DHT, Kademlia, caching impact
I wonder what is the impact of caching on mutable values in #Kademlia-like #DHT.
I mean, the caching algorithm is perfectly sound for constant values, but mutable values are not mutated on all peers having stored that value. So, if my understanding is correct, this results in view fragmentation.
I suppose that the re-publish algorithm could solve this with a smart merge strategy depending on the nature of the published data, but that sounds fragile.
My post on implementing search and comments in a blog built by a static site generator is up. #Hugo
You can add your WordPress site to the Fediverse by installing an ActivityPub plugin.
This lets anyone on Mastodon etc follow your site, comment on posts and share them on the Fediverse.
There are two WordPress ActivityPub plugins available right now:
An example of a WordPress site using Pterotype is WeDistribute: