lvl boosted

...Oh, I can't believe this.

DuckDuckGo uses Amazon cloud.

lvl boosted
lvl boosted

I remember hearing about this a few months ago, so why is this news? Also, this reminds me of what happened with Lenovo a year or two ago. #dell #DellSupportAssist #security

threatpost.com/millions-of-del

lvl boosted

SACK Panic – CVE-2019-11477 – Multiple TCP-based remote denial of service issues - openwall.com/lists/oss-securit

lvl boosted
lvl boosted

Recycling some papers from my folks place and found an old RadioShack flyer with a Linksys wireless page.

lvl boosted
lvl boosted

I find it ironic that one of the main functions of the malware was to insert or replace ads in pages and mobile browsers, which is also a main function of Google services.

arstechnica.com/information-te

Exim 4.87 to 4.91 RCE lwn.net/Articles/790553/

"...a local attacker can simply send a mail to
"${run{...}}@localhost" (where "localhost" is one of Exim's
local_domains) and execute arbitrary commands, as root
(deliver_drop_privilege is false, by default)"

"To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes)".

lvl boosted

The best sorting algorithm is jimsort

jimsort() {
system("/usr/bin/sendmail", "jim@business.company", "Jim, have this list sorted by 3 PM", attachments=to_sort)
}

lvl boosted
lvl boosted
lvl boosted
lvl boosted

Russian military goes for Linux. Astra Linux, a Debian fork, has been certified safe enough to handle Russian military secrets.
Do svidaniya Windows:)

zdnet.com/article/russian-mili

lvl boosted
lvl boosted
lvl boosted

The Shenanigans Behind a Stealthy Apple Keychain Attack An 18-year-old security researcher made headlines earlier this year with KeySteal, a macOS hack. Now he's showing the world how it worked. wired.com/story/keysteal-apple #Security/CyberattacksandHacks #cybersecurity #Passwords #Security #apple #macos #hacks

lvl boosted

Modern credential management – security tokens, password managers, and a simple spreadsheet:

infosec-handbook.eu/blog/moder

– there are no "secure" or "insecure" credentials as long as you don't define your own threat model
– use password managers to actually manage (not only store) passwords
– use a spreadsheet to keep track of the rest (SSH keys, GPG keys)

#credentials #password #management #infosec #security #cybersecurity #2fa #u2f #webauthn

lvl boosted
Show more
Fosstodon

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.