Posts by infosechandbook@chaos.social
(DIR) Post #9zxEXeQCPdOp2qhbGa by infosechandbook@chaos.social
2020-10-08T14:20:04Z
0 likes, 2 repeats
"Today, Nobody is Going to Attack You.", post by Johannes B. Ullrich:https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/1) Most attacks do not matter2) Read "Security News" with caution3) Security Tools are There to Confuse You#Security #Myths #InfoSec #CyberSecurity
(DIR) Post #9zxEhKO9kWH5oGMRNo by infosechandbook@chaos.social
2020-10-08T14:22:58Z
0 likes, 1 repeats
"We Hacked Apple for 3 Months: Here’s What We Found" – an article about fixed security vulnerabilities in Apple products/services and their bug bounty program:https://samcurry.net/hacking-apple/"Overall, Apple was very responsive to our reports. The turn around for our more critical reports was only four hours between time of submission and time of remediation."#Security #Apple #BugBounty #InfoSec #CyberSecurity
(DIR) Post #9zxFJBztOe0Smx4DY0 by infosechandbook@chaos.social
2020-10-08T14:29:37Z
0 likes, 1 repeats
New features in Signal clients (currently in beta testing):– New group management (introducing roles and allows you to remove people from groups).– You have 3 hours to delete a message that you accidentally sent to others. It will also be deleted from their chat history.https://community.signalusers.org/t/beta-feedback-for-the-upcoming-android-4-72-release/17019https://community.signalusers.org/t/beta-feedback-for-the-upcoming-android-4-73-release/17319#Signal #Security #InfoSec #CyberSecurity
(DIR) Post #A0A18rPbSHu0Q4YEim by infosechandbook@chaos.social
2020-10-14T18:22:23Z
0 likes, 3 repeats
Tor Browser 10.0.1 released, updates NoScript and fixes several bugs:https://blog.torproject.org/new-release-tor-browser-1001– Based on FF 78.3.0esr.– Updates for NoScript, and Tor Launcher.– Fixes several bugs (e.g., an issue with YouTube on Windows).#Tor #TorBrowser #WebBrowser #Anonymity #Privacy
(DIR) Post #A0C7gqv2mYsEmHlkHI by infosechandbook@chaos.social
2020-10-15T18:18:31Z
0 likes, 1 repeats
InfoSec Handbook – new link to our mirror on codeberg.org:https://infosechandbook.codeberg.page/Since December 2019, we provide a mirror of our blog, hosted by codeberg.org. If infosec-handbook.eu is down, just use this mirror to access our content.#Mirror #Codeberg #InfoSecHandbook #Availability #Blog #InfoSec
(DIR) Post #A0FMV5uTAfYa4BlUaO by infosechandbook@chaos.social
2020-10-17T08:14:38Z
0 likes, 4 repeats
Three npm packages found opening shells on Linux, Windows systems:https://www.zdnet.com/article/three-npm-packages-found-opening-shells-on-linux-windows-systems/The packages are plutov-slack-client, nodetest199, and nodetest1010.npm security team: "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer."#npm #JavaScript #Vulnerability #Backdoor #InfoSec #Security #CyberSecurity
(DIR) Post #A0G0LWQFjtXNZ4cbtg by infosechandbook@chaos.social
2020-10-16T07:17:01Z
0 likes, 1 repeats
CryptPad – Are you looking for an online collaboration tool (e.g. for writing text in small teams or organizing tasks on Kanban boards)?Maybe, @cryptpad fits your use case: https://github.com/xwiki-labs/cryptpadThere are public instances, e.g., https://cryptpad.fr/ or https://pads.c3w.at/We use it for organizing our blog.#CryptPad #Collaboration #Tool
(DIR) Post #A0HEJPBNHNeP30VVlw by infosechandbook@chaos.social
2020-10-18T05:52:08Z
0 likes, 1 repeats
In case you missed it – our 2020 fall survey is still open:https://lamapoll.de/2020_ish_pollFeel free to share your feedback, so that we can improve our content for you. 🙂 There are only 6 questions.You can also comment on this toot. Thank you and stay secure! 👍 #InfoSecHandbook #Blog #Survey #Security #InfoSec #CyberSecurity
(DIR) Post #A0K9ee792ebD8siYmO by infosechandbook@chaos.social
2020-10-19T15:39:55Z
0 likes, 0 repeats
WireGuard VPN – Google adds WireGuard to the Linux Kernel 5.4 of the upcoming Android 12:https://www.xda-developers.com/google-adds-wireguard-vpn-android-12-linux-kernel-5-4/WireGuard is already part of the Linux Kernel 5.6 and newer for Linux desktop distributions.#WireGuard #Android12 #Android #VPN #Security #InfoSec #CyberSecurity
(DIR) Post #A0MWxIWUEDGKwTLzsG by infosechandbook@chaos.social
2020-10-20T18:19:17Z
0 likes, 1 repeats
Tor Browser 10.0.2 released, fixes several security vulnerabilities:https://blog.torproject.org/new-release-tor-browser-1002– Based on FF 78.4.0esr.– Updates for NoScript.– The "Safest" level of JavaScript is now again set by NoScript. This has been changed temporarily due to a bug.#Tor #TorBrowser #WebBrowser #Anonymity #Privacy
(DIR) Post #A0iR3H2f1HW5gDaeqO by infosechandbook@chaos.social
2020-10-31T08:48:50Z
0 likes, 1 repeats
Project Fission – The upcoming site isolation in Firefox:https://infosec-handbook.eu/news/2020-10-31-firefox-project-fission/– Project Fission is “Mozilla’s implementation of Site Isolation in Firefox.”– Firefox achieves isolation by running websites and frames in isolated processes.– You can enable it in Firefox Nightly.#Firefox #SiteIsolation #Sandboxing #ProjectFission #Security #CyberSecurity #InfoSec
(DIR) Post #A0ieeAtO944qj5BAtk by infosechandbook@chaos.social
2020-10-31T09:38:42Z
0 likes, 1 repeats
Certificate Transparency – a step-by-step overview:https://certificate.transparency.dev/howctworks/Certificate Transparency is a system of public logs for monitoring and auditing digital certificates.#CertificateTransparency #TLS #HTTPS #InfoSec #Security #CyberSecurity
(DIR) Post #A0pPgd7i11ZfekJGe8 by infosechandbook@chaos.social
2020-11-03T16:45:03Z
0 likes, 1 repeats
chrony 4.0 is already available for some Linux distributions. chrony is an implementation of the Network Time Protocol (NTP). Version 4.0 introduced support for Network Time Security (NTS; RFC 8915):https://chrony.tuxfamily.org/news.html#_7_oct_2020_chrony_4_0_releasedSimilar to our NTPSec guide (https://infosec-handbook.eu/blog/nts-securing-ntp/), you can enable NTS by adding the "nts" option to "server" lines in your chrony.conf file. Use "chronyc -N authdata" to verify NTS authenticity.#NTS #NTP #Chrony #Security #InfoSec #CyberSecurity
(DIR) Post #A1103u7k6mW2JhjNY0 by infosechandbook@chaos.social
2020-11-09T06:10:22Z
0 likes, 2 repeats
Next year, "33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let’s Encrypt certificate" since they run Android < 7.1:https://letsencrypt.org/2020/11/06/own-two-feet.htmlLet's Encrypt recommends installing Firefox on affected Android devices; however, these devices are likely outdated and insecure.#Android #LetsEncrypt #Certificate #InfoSec #Security #CyberSecurity
(DIR) Post #A153vyNvULgKzSwtSC by infosechandbook@chaos.social
2020-11-11T06:21:36Z
0 likes, 1 repeats
Security Now 792 🎙️ "'Slipstream' NAT Firewall Bypass" with Steve Gibson:https://twit.tv/shows/security-now/episodes/792MP3 file: https://twit.cachefly.net/audio/sn/sn0792/sn0792.mp3Shownotes (PDF): https://grc.com/sn/SN-792-Notes.pdf#SecurityNow #SteveGibson #SGgrc #InfoSec #Podcast #CyberSecurity #Security #Privacy #LetsEncrypt #Certificate #Android #Chrome #0Day #Ransomware #Apple #iOS #TianfuCup #SlipStream #NAT
(DIR) Post #A1C70OTGJNAIdYL6O0 by infosechandbook@chaos.social
2020-11-14T14:44:40Z
1 likes, 0 repeats
A Wi-Fi phishing myth:When you connect to a wrong or evil Wi-Fi access point, you don't leak your pre-shared key (PSK) that is configured for this SSID. Neither the (evil) access point nor your device send the PSK.However, an evil access point could still monitor any unencrypted network traffic that your client sends while being connected.#WiFi #WLAN #Phishing #PSK #Myth #InfoSec #CyberSecurity #Security
(DIR) Post #A1CgbQ3es2F0fYko4m by infosechandbook@chaos.social
2020-11-14T18:12:49Z
0 likes, 1 repeats
"What breach?" – After a breach occurred, many people neither change their password nor read about the breach:https://infosec-handbook.eu/news/2020-11-14-passwords-and-breaches/#DataBreach #Password #Awareness #InfoSec #CyberSecurity #Security
(DIR) Post #A1DajE2J2uqV8NQ8Ia by infosechandbook@chaos.social
2020-11-15T08:47:48Z
0 likes, 2 repeats
Regarding "Apple macOS Big Sur spies on you!!1!":Some people obviously don't understand the purpose or mechanism of the Online Certificate Status Protocol (OCSP). A report wrote, macOS sends an "application hash" each time you run the app. This "hash" is the encoded, already-known certificate that is sent to the OCSP server for the validity check. The same happens when you go to a website that supports OCSP and use Firefox …See also https://blog.jacopo.io/en/post/apple-ocsp/#Apple #OCSP #BigSur #Privacy
(DIR) Post #A1DamUHt53KmPCGQd6 by infosechandbook@chaos.social
2020-11-15T09:33:41Z
0 likes, 1 repeats
A universal tip regarding news sources:If you only read posts and articles that tell the same narrative, then you should broaden your view by adding some sources telling the opposite.It is vital always to hear both sides.This is true for politics and economics, but also for information security and privacy.#News #Sources #InfoSec #Privacy #Security #CyberSecurity
(DIR) Post #A1KVeEe3IrhaPPrA6S by infosechandbook@chaos.social
2020-11-18T17:32:44Z
0 likes, 1 repeats
Tails 4.13 (Tor-focussed operating system) released:https://tails.boum.org/news/version_4.13/index.en.html– Updates for Tor Browser (10.0.5), and Thunderbird (78.4.2).– Bug fixes and minor changes.#Tails #Tor #TorBrowser #Privacy #Anonymity