Posts by infosechandbook@mastodon.at
 (DIR) Post #9oaYykWRoe7nKQ0lQO by infosechandbook@mastodon.at
       2019-11-03T15:18:59Z
       
       0 likes, 1 repeats
       
       An example of how not to remove personal data in documents. (We removed the name here.)You can easily copy the blackened line, and paste it somewhere else with data that shouldn't be there.If you want to avoid something like this, black out lines, print out the file, and scan it afterwards.#personaldata #fail #privacy
       
 (DIR) Post #9ofsKx7RyiwQSRlTcW by infosechandbook@mastodon.at
       2019-11-06T04:49:27Z
       
       0 likes, 1 repeats
       
       Tor Browser :tor: 9.0.1 released, the first bugfix release in the 9.0 series:https://blog.torproject.org/new-release-tor-browser-901– updates for NoScript, and Tor Launcher– fixes 20 bugs#tor #torbrowser #webbrowser #anonymity #privacy
       
 (DIR) Post #9ofsadJRO24tf6qmG0 by infosechandbook@mastodon.at
       2019-11-06T04:52:19Z
       
       0 likes, 0 repeats
       
       Security Now 739 πŸŽ™οΈ "BlueKeep & DoH" with Steve Gibson:https://twit.cachefly.net/audio/sn/sn0739/sn0739.mp3Shownotes:https://grc.com/sn/SN-739-Notes.pdf#securitynow #stevegibson #SGgrc #infosec #podcast #cybersecurity #security #privacy #extendedmastersecret #ems #chrome78 #microsoftedge #edge #qnap #nas #fordpass #doh #dns #bluekeep #cve20190708
       
 (DIR) Post #9ogvjvdl6l1G8CRD9s by infosechandbook@mastodon.at
       2019-11-06T17:02:20Z
       
       0 likes, 0 repeats
       
       We sometimes read "My blog is super secure since it uses TLS 1.2+/AEAD/PFS/CSP/OCSP/CAA…". At the same time, such blogs use CMS like WordPress (with a large attack surface), and need database servers, PHP etc.However, these features don't protect databases – the valuable thing for bad guys. They don't keep software up-to-date, or configure software properly. They only protect data in transit – if supported by clients.So it is all about self-promotion, not about actual security.#marketing
       
 (DIR) Post #9opzYwwSjuh6cepv3w by infosechandbook@mastodon.at
       2019-11-10T10:06:21Z
       
       0 likes, 0 repeats
       
       Regarding "IP leaks everywhere" posts:IP addresses aren't secrets. IP addresses are essential to route network traffic. Some people/companies write their marketing lingo like you have to hide your IP address from the world. However, there is always another computer/device that learns about your IP address, even if you are using VPNs or Tor. (The same is true for MAC addresses and ports.)
       
 (DIR) Post #9oq0O2g1B3uVB3VWG8 by infosechandbook@mastodon.at
       2019-11-10T08:49:09Z
       
       0 likes, 0 repeats
       
       @phel Thanks for the tip, there is now an article on it: https://infosec-handbook.eu/blog/libreoffice63-redaction/
       
 (DIR) Post #9oq0SgeCVda6Ios8PY by infosechandbook@mastodon.at
       2019-11-10T08:50:06Z
       
       0 likes, 0 repeats
       
       How to redact sensitive information with LibreOffice:https://infosec-handbook.eu/blog/libreoffice63-redaction/#libreoffice #redaction #sanitization #infosec #security #cybersecurity
       
 (DIR) Post #9ouNlVvNTDgf4nXzDU by infosechandbook@mastodon.at
       2019-11-13T04:47:34Z
       
       0 likes, 1 repeats
       
       Security Now 740 πŸŽ™οΈ "Credential Delegation" with Steve Gibson:https://twit.cachefly.net/audio/sn/sn0740/sn0740.mp3Shownotes:https://grc.com/sn/SN-740-Notes.pdf#securitynow #stevegibson #SGgrc #infosec #podcast #cybersecurity #security #privacy #checkm8 #checkra1n #ios #jailbreak #transducer #bluekeep #mozilla #doh #comcast #dns #libarchive #vulnerability #credentials #credentialdelegation
       
 (DIR) Post #9ouOjKRVHwc6qD605g by infosechandbook@mastodon.at
       2019-11-13T04:58:26Z
       
       0 likes, 3 repeats
       
       TPM-FAIL – security vulnerabilities in Trusted Platform Modules:http://tpm.fail/tpmfail.pdf (PDF file)– Affected are Platform Trust Technology (Intel), and ST33 TPM chip (STMicroelectronics). TPMs from Nuvoton/Infineon aren't affected.– A remote attacker could retrieve certain private keys (e.g., as used by ECDSA).– Intel provides a firmware update; vulnerable ST33 chips can't be patched. #tpm #tpmfail #sidechannel #attack #vulnerability #infosec #security #cybersecurity
       
 (DIR) Post #9p2zWnaWrj9t2Rswjo by infosechandbook@mastodon.at
       2019-11-17T08:28:25Z
       
       0 likes, 3 repeats
       
       Some news regarding our blog (infosec-handbook.eu):– We now cryptographically sign all Git commits to codeberg.org using a dedicated key that is linked to the account. So the open padlock is now locked and green for people who like this. πŸ˜‰ – We added information on how to support us: https://infosec-handbook.eu/support-us/. As before, we don't accept financial attributions or sponsoring to remain 100% independent.#infosechandbook #codeberg #infosec #blog #security #support
       
 (DIR) Post #9p3K0tpUDucOAMVnjk by infosechandbook@mastodon.at
       2019-11-17T12:17:54Z
       
       0 likes, 0 repeats
       
       The maker of Magic: The Gathering leaks 450,000 data sets of players:https://techcrunch.com/2019/11/16/magic-the-gathering-wizards-data-exposure/– Source of the leak was a publicly-accessible database backup file.– The file contains user names, date and time of account creation and last access, e-mail addresses, and hashed+salted passwords.– This leak again shows that you need more than only some HTTPS and HTTP headers for security.#leak #magicthegathering #security #infosec
       
 (DIR) Post #9p5cdZFCsZmF6i3AoK by infosechandbook@mastodon.at
       2019-11-18T14:56:02Z
       
       0 likes, 1 repeats
       
       146 Android Firmware Vulnerabilities:https://www.kryptowire.com/android-firmware-2019/– "found using automatic tools, and it is extremely likely that many of the vulnerabilities are not exploitable"– "since they're firmware bugs, in many cases there is no ability to patch them"– Comment by B. Schneier: https://www.schneier.com/blog/archives/2019/11/security_vulner_20.html#android #firmware #vulnerability #infosec #security #cybersecurity
       
 (DIR) Post #9p8sl1tWwC7sjUN4MK by infosechandbook@mastodon.at
       2019-11-20T04:40:47Z
       
       0 likes, 0 repeats
       
       Security Now 741 πŸŽ™οΈ "TPM-FAIL" with Steve Gibson:https://twit.cachefly.net/audio/sn/sn0741/sn0741.mp3Shownotes:https://grc.com/sn/SN-741-Notes.pdf#securitynow #stevegibson #SGgrc #infosec #podcast #cybersecurity #security #privacy #microsoft #patchday #0day #internetexplorer #eol #windows7 #checkm8 #checkra1n #ios #jailbreak #github #securitylab #whatsapp #vulnerability #zombieload2 #intel #bytecode #tpmfail #tpm
       
 (DIR) Post #9pE6wZvR7fFKbxSnMu by infosechandbook@mastodon.at
       2019-11-22T17:13:14Z
       
       1 likes, 3 repeats
       
       Data leak that affects 1.2 billion people:https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/– Many data sets contain lots of personal data.– Sources of the leak are likely People Data Labs, and OxyData, so-called data enrichment companies.– Data was hosted on an unprotected Elasticsearch server, accessible by everyone.#dataleak #leak #privacy #peopledatalabs #oxydata #elasticsearch
       
 (DIR) Post #9pEFPE0QUso2ezy5AG by infosechandbook@mastodon.at
       2019-11-22T18:48:10Z
       
       0 likes, 1 repeats
       
       "Why do we see Elasticsearch leaks all the time?":The problem are internal services unknowingly exposed to the internet. This isn't unique to Elasticsearch. Other examples are exposed IP cameras, PLCs in industrial environments, and office printers.Regularly scan your own IP address ranges to detect open ports and services, and apply common security practices. Never just assume something is configured – actually check and document it.#elasticsearch #infosec #security #goodpractice
       
 (DIR) Post #9pFHMoqdSNqL7bKSIa by infosechandbook@mastodon.at
       2019-11-23T06:44:51Z
       
       0 likes, 2 repeats
       
       37 security vulnerabilities found in VNC software:https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/– VNC (Virtual Network Computing) is used to remotely access computers.– Several vulnerabilities could lead to RCE, and many had a very long lifetime.– We wrote about UltraVNC's bad state of website security in https://infosec-handbook.eu/blog/uvnc-vulnerabilities/.#vnc #vulnerability #turbovnc #ultravnc #tightvnc #libvnc #rfb #remote #infosec #security
       
 (DIR) Post #9pFtFar6sVSHxLX4iW by infosechandbook@mastodon.at
       2019-11-23T13:49:21Z
       
       0 likes, 0 repeats
       
       Some fun – GitHub repository listing "dumb password rules":https://github.com/dumb-password-rules/dumb-password-rules#ish#password #rules #infosec #security #cybersecurity
       
 (DIR) Post #9pG4MoXnTwc5vv92Iq by infosechandbook@mastodon.at
       2019-11-23T15:53:55Z
       
       0 likes, 3 repeats
       
       ⚠️ Instance migration announcement ⚠️ Today, the admin of mastodon.at notified all users that mastodon.at will be shut down in 3 months (February 2020).Due to this, we currently evaluate a new reliable Mastodon instance. Since Mastodon 3.0.0 allows us to move all readers from one account to another, there shouldn't be any inconveniences for you.Thanks @pfigel for hosting mastodon.at. πŸ‘
       
 (DIR) Post #9pG8VhwzlXJXuGQYIi by infosechandbook@mastodon.at
       2019-11-23T16:40:20Z
       
       0 likes, 0 repeats
       
       @peter @pfigel Via @Support
       
 (DIR) Post #9sNCMhwNvV8eARx19s by infosechandbook@mastodon.at
       2018-10-01T18:09:18Z
       
       0 likes, 0 repeats
       
       Mastodon :mastodon: security:864 out of 2050 Mastodon instances (which report their version according to instances.social) are still running vulnerable Mastodon server software (< 2.4.4).See also:https://mastodon.at/@infosechandbook/100597698990522530#mastodon #security #vulnerability #infosec #security #cybersecurity