X_Cli boosted

The contribution to @mobilizon is amazing! They need 8k€ for the last step and 25 days remain. I do trust this project and thanks to @Framasoft for moving edges for our privacy!

If you want to contribute:

X_Cli boosted

"How many TOTP secrets can be stored on YubiKeys and Nitrokeys?":

– Nitrokeys: up to 16
– YubiKeys: up to 32

(Values may differ due to different firmware, or hardware variants.)

In both cases, you need additional software to use TOTP since these tokens don't come with their own internal clock. A clock would require an energy source, but these tokens don't contain batteries.

#securitytoken #yubikey #nitrokey #gpg #pgp

X_Cli boosted

Just to remind my IT affine bubble:

Plan for your death; what passwords should be able to be accessed after your death, which mustn't?
Share a database with the current ones and maybe a splitted password with the right people .

Make contact lists, if your phone is locked

X_Cli boosted

[Appel à la communauté]
On a besoin d'aide pour faire connaître notre projet #Mobilizon. En gros, si vous trouvez que ce n'est pas génial d'utiliser Facebook ou Meetup pour vous rassembler, vous organiser et vous mobiliser, aidez-nous à faire connaître ce projet.

Vous connaissez des personnes susceptibles d'être intéressées (manifestant⋅es, militant⋅es, activistes, etc.) ??? Partagez auprès d'elles ces informations ! On vous remercie beaucoup fort ❤️

➡️ joinmobilizon.org/fr/

De Raadt: "It is such an amazing business-friendly but risk-ignorant pattern to simply restart software that has failed."

When infosec people fail to get that running software is the only satisfying type of software. It is not risk-ignorant. It is called risk management.

In what world is this answer acceptable: "Oh yeah, the website has been down for 3 weeks because we/they are searching the root cause of a crash of the web server."?


X_Cli boosted

So npm Inc is a private entity in control of our commons, and we are not. Does that make it evil? No. It doesn’t. It doesn’t make it good, either.

The question of its benevolence is the wrong question to ask.

npm is not a benevolent institution. It CANNOT be one.

The possibility of it being that ended the day its owner took VC funding instead of putting it into a foundation or some other form of community ownership. That decision turned npm into a financial instrument.

I think Daniel is trying to make a point: 9 email thread titled "Multiple vulnerabilities in [plugins]" in 4 months, on -security. Each time something new.

Eleven effing years after RFC5280, it will require a PKI specialist spending many hours with the Openssl CLI to make some indirect CRLs. WTF! .509

Excellent article. A must read, I would say.

Errata Security: Your threat model is wrong


Only nitpicking I can do is that most 2FA mechanisms won't save you from phishing.

X_Cli boosted

Employees Abused Data Access to Spy on Users.
Multiple sources and emails also describe , an internal tool used by various departments to access Snapchat user data.

X_Cli boosted
X_Cli boosted
X_Cli boosted


I wonder if the BSD clowns understand that the web will move forward without them. WASM generated from safe languages is the new thing and Javascript hours are counted.

X_Cli boosted

La France est arrivée à la première place de l’édition 2019 du plus grand exercice international de cyberdéfense en situation réelle, Locked Shields, organisé par le NATO Cooperative Cyber Defence Centre of Excellence de Tallinn. La République tchèque et la Suède complètent le podium.

DHT, Kademlia, caching impact 

X_Cli boosted
X_Cli boosted

You can add your WordPress site to the Fediverse by installing an ActivityPub plugin.

This lets anyone on Mastodon etc follow your site, comment on posts and share them on the Fediverse.

There are two WordPress ActivityPub plugins available right now:


AP for WordPress

An example of a WordPress site using Pterotype is WeDistribute:

#Fediverse #ActivityPub #Blogs

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.