Show more

Yo le fédiverse,

Je suis à la recherche de candidats pour :

- un CDI dev front pur (/#CSS3/#JS, éventuellement , bases de préférables). Autonome, force de proposition.

- un ou CDD admin sys/architecte sys pour du conseil et de la mise en place d'IAM + journalisation.

Les deux postes sont des créations, sont ouverts dès maintenant.
Localisation : Paris(Etoile)

Chouettes locaux, resto d'entreprise, et défis intéressants !

Merci pour les boosts :hearts:

Friendly reminder: if your life depends on it, don't do it on the Internet.

X_Cli boosted

Excellent project: GoNIDS, a rule parser, linter, formatter and more!

Many thanks to its authors 💜

If you were to watch the recordings of , my top3 talks of day 1 are:

- Suricata Performance Testing Redux — Brad Woodberg
- Pivot like a Pro: Unified Threat Hunting in Network Security Data — Matthias Vallentin
- Empirical Bootstrapping of EVE-JSON Schema Documentation — Sascha Steinbiss, Konstantin Klinger

Woodberg will publish all the data later this week. 😍

ANSSI talk felt sabotaged by lacking the authz to disclose their findings. 😟

X_Cli boosted

Tu veux savoir ce qu'est #QUIC, le protocole de transport qui ambitionne de remplacer TCP ? (Oui, le QUIC que le marketing appelle HTTP/3.) On en parlera à #CapitoleDuLibre en novembre, dans la ville où ils demandent des chocolatines à la boulangerie.

just presented an updated comparison of and , including Snort 3 Beta.

tl;dr is more performant than on all levels, by a significant margin.

Back in ! So good to be back. I love this city 😍

Prepping the . That's gonna be huge! 😊

Come and chat with the team during the coffee breaks!

Friends, I will be at 2019.

If you are ever interested in talking about , , performance and security, just send me a ping on this profile :)

X_Cli boosted

NordVPN breach was worse than I thought.

'TechCrunch took NordVPN to task on the somewhat dismissive tone of its breach disclosure, noting that the company suffered a significant breach that went undetected for more than a year.

Kenneth White, director of the Open Crypto Audit Project, said on Twitter that based on the dumped Pastebin logs detailing the extent of the intrusion, “the attacker had full remote admin on their Finland node containers.” '

X_Cli boosted

Haha, a pam_pyhton 0day by stealh. Including old school greetings. Feels a bit like exploits at end of the 90's 😂

UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS' | ZDNet

UK government and local ISPs are putting the pressure on browsers to drop plans to support DoH protocol.

Who comes up with this kind of ?

`shutil.move(src, dst)`

> If the destination is on the current filesystem, then os.rename() is used. Otherwise, src is copied (using shutil.copy2()) to dst and then removed.

Except that shutil.copy2 does not copy ownership info on some OSes. So depending on your OS and mountpoints, you may end up with a security hole, because of lost ownership info.

TIL: sh, in shutil, stands for shitty. Same applies to shlex.

Why, oh why, would you, , implement so incorrectly?

> PPP over Q-in-Q encapsulation supports configurable outer tag Ethertype. The configurable Ethertype field values are 0x8100 (default), 0x9100, and 0x9200.

Why not use 0x88A8 like everybody else? Why would you not even consider this standard value as an acceptable config?

F*** U, Cisco.

X_Cli boosted

@x_cli Thank you so much for your kind words!

We have recently posted a piece about wanting to stay small (both
for decentralization and to keep the human way we do things), and rationalizing our services over the next 2 years. The english translation is available here ;)

So Cloudflare CTO John Graham-Cumming told me:
"US-based company (Mozilla) is working with US-based company (Cloudflare) on technology to be used by US-based users defending against ISP BS which ISPs have chosen to defend in Congress."

I read "Europeans should develop their own browser". (cc @Framasoft)
I also read that sold us, non-US citizens.
I also read no argument against my accusation of an unfair competitive advantage for .

Announcing release of 5.0.0

Protocol additions, rule lang cleanup, eBPF/#XDP, (experimental) datasets, JA3S and more:

X_Cli boosted

@aidalgol @moritzheiber They've just announced they'll take more money

This is a true coincidence, because today is also the 1st beta release of #Mobilizon

So let's thank MeetUp for giving us even more reasons to free our events from their walled garden :troll: !

X_Cli boosted

Open hardware, open source 48-ports serial port hub:

That project is amazing :)

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.