The minimum-wage French need to check their privileges.

The French gov decided to raise the minimum wage by 100€/month. No way I'm gonna help finance a raise for people that can't handle a budget.

Thinking about moving out of France.

X_Cli boosted

"We are aware that the RFC Editor website is down.
It appears to be a domain registration issue. We are working on it."
This is perfect.

X_Cli boosted

Timing Analysis of Keystrokes and Timing Attacks on SSH:

people.eecs.berkeley.edu/~daw/ (PDF file)

"[…] several serious security risks in SSH due to two weaknesses of SSH: […] approximate size of the original data [revealed]. […] in interactive mode, every individual keystroke that a user types
is sent to the remote machine in a separate IP packet […]"

#ssh #sidechannel #timing #analysis #security #infosec #cybersecurity

Am I the only one to always have "import os" as the last import statement, because I unconsciously associate the OS with the idea of "low in the stack"?

X_Cli boosted
@jpmens node/JavaScript has no equivalent to stdlib/libc so basic functionality we all take for granted is instead spread out across thousands of npm packages full of one-line functions, often duplicated in subtle but incompatible ways. The popular packages get abandoned for obvious reasons and then this things like this happen.

It's a nightmare. I don't blame this guy. The solution is for someone to write a sane standard library for JavaScript that everyone can rely on.

mnot.net/blog/2018/11/27/heade

Designing Headers for HTTP Compression

My opinion: HPack might be efficient but this is totally unreadable by humans and it reduces reliability of WAF/NIDS. Its implementation can be difficult and my crystal ball tells me many vulnerabilities will (ab)use it.

There is a nice ProtonMail/ProtonVPN black friday (-33% to -50%)

Well, my feedback on my experience with blueproximity is that, sadly, the distance detection of bluetooth devices is not reliable at all, even when tweaking the duration/distance.

It locked the screen on a colleague that was sitting at his desk, with an out-of-range duration of 5 seconds once.
Also it did not lock the screen when we left the room, and went about 20 meters away and back, with a distance of "1" and a duration of 5 seconds.

I received my Yubikey Neo, yesterday. Been using it today. So happy to finally be able to authenticate with U2F (over NFC) on my phone.

More usable. So much more secure.

No app to open. No need to search for the site in the TOTP app list. No risk of screenshot by 3rd-party/copy-paste abuse of my TOTPs. Cannot be phished. Secret cannot be stolen if the phone is compromised.

I mean, the only downside is the $50. Totally worth it.

Quote of the day: "The “trade off” to move the DNS architecture away from residents to privacy is going to get people killed."

Not fun, sadly probable.

This thread about DNS privacy, DNS complexity and corporate network security is excellent: mailarchive.ietf.org/arch/msg/

To people saying "crypto" for cryptocurrencies:

- either cryptocurrencies is a compound word for cryptology-based currencies, in which case, please know that cryptology is a field of science of its own, and please stop thinking so narrowly.

- or the crypto- root is used for its actual meaning (secret, hidden, etc.) and thus cryptocurrencies is a misnomer and it should be hypecurrencies.

I just decided that I will mute all accounts saying "crypto" when talking about "cryptocurrency". Best decision of the day.

Any thoughts/feedback about blueproximity? It's a program that can execute a command (screen lock?) when your bluetooth device (phone?) is out-of-range.

X_Cli boosted

Interesting how is designating a complete service outage as an "intermittent connectivity issue." Also how they claim that offline mode still works, yet their customers state otherwise - the browser extension does not work without the server reliably.

X_Cli boosted

I would like to coin the expression "Application JSON Interface", used to interconnect various WASM modules in JS with JSON structures.

This is an hommage to the ABI... you know, the stuff used by applications doing actual assembly.

X_Cli boosted

@x_cli Funny fact: 3 to 5 attempts are enough if users choose their PIN themselves and the attackers have thousands of card numbers. Even if they test only the three most common PIN numbers, dozens of cards will be using them.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.