X_Cli @x_cli@infosec.exchange

Another year, another #Intel vulnerability. This time called #Cacheout. It leaks Data on Intel CPUs via Cache Evictions.

https://cacheoutattack.com/

Pour les techniciens web et autres sysadmins et graphistes végans, #L214 recrute sur quatre postes !
https://www.l214.com/offres-demploi
#véganisme

Creating a simple Python pip repository https://jpmens.net/2020/01/16/creating-a-simple-python-pip-repository/

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!

https://thehackernews.com/2020/01/firefox-cyberattack.html

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.

https://sha-mbles.github.io/

#JeRecrute
On cherche un·e Administrateur·ice Système dans le centre-ville de Marseille (centre-ville).

Connaissance et compétences requises:
- Unix / Linux
- DNS
- Mail
- Debian
- Python et/ou Ruby
- Nginx
- KVM
- etc.

C'est mieux si vous connaissez des outils de gestion de configuration comee SaltStack puppet ou ansible.

Cerise sur le gateau si vous vous y connaissez en CISCO

#JeChercheUnJob
Boost appréciés

If you started to use #Fedilab, you can have a look to its wiki: https://fedilab.app/wiki/features/

Also to its Peertube videos: https://peertube.fedilab.app/videos/local

Holy shit, Samsung Smart TVs straight up send "snippets" of things that you watch back home to "to provide you with customized Smart TV experiences".

https://www.samsung.com/us/account/privacy-policy/

Search that page for the text: "Your Smart TV transfers video snippets or TV tuner information in order to determine the programs watched."

#infosec

@bortzmeyer @jpmens

"As a side-note: we already deny RFC1918-addresses from DNS-over-HTTPS
responses so in that regard, using TRR will save you from these DNS attacks!"

https://groups.google.com/forum/m/#!topic/mozilla.dev.platform/bfbblcydBgo

So, I was wrong. DoH-to-Cloudflare-by-default is not an issue, as far as DNS rebinding is concerned. Sorry 😶😥

For those using Medium to write blog posts: STOP

Here is a free and open alternative:
https://writefreely.org

What's Behind the Secure DNS Controversy and What Should You Do About It?

http://www.circleid.com/posts/20191212_whats_behind_the_secure_dns_controversy_doh/

@amdg2 @dada