Posts by jssfr@zombofant.net
(DIR) Post #AXaZig5kzsRetNEdNo by jssfr@zombofant.net
2023-07-11T13:27:02Z
0 likes, 1 repeats
#libreoffice I don't even. The only explanation I have for this is that my computer is also dragged down by the weather.Yes, I am only typing simple letters.
(DIR) Post #AaySrcWiMRBQp6R3qq by jssfr@zombofant.net
2023-10-20T15:35:09Z
0 likes, 0 repeats
@ge0rg @mathieui It's not that simple, is it? At least in this scenario.Here, the MitM was placed on the server side. If I'm not missing something, owning a DNSSEC-protected TLSA record is much more effort than sitting on the path to a single (or in this case, pair of) server(s).You need to ensure that *all* DANE-validating clients (either s2s or c2s connections) are getting a result which makes them believe your forged TLSA records are authentic (or absent).For that, you need to either be on the path between the clients and the DNS servers they use or in front (or inside) of all authoritative servers responsible for the domain, *in addition* to being able to forge DS record responses in the parent zone and *in addition* to whatever hoops they had to jump through in this case already.And this type of attack is much easier to detect, because it'll be hard for the attacker to distinguish between traffic attempting to detect an attack (your monitoring comparing TLSA records against expected values via public recursors and/or for instance infrastructure like RIPE Atlas) and the target client traffic.Or am I missing a more simple way which is not immediately obvious to anything monitoring your DNS?
(DIR) Post #Ab8GWi2wFa7d3583CS by jssfr@zombofant.net
2023-10-25T15:13:18Z
0 likes, 0 repeats
@daniel Oh no!! The fact that Conversations didn't do Private DNS saved me once when my Private DNS settings were borked!!!11https://xkcd.com/1172/(jk, good work!)(And also this finally explains why Conversations was unaffected by this, it puzzled me a lot back then.)
(DIR) Post #AcNT4xkSECFF4EJWhE by jssfr@zombofant.net
2023-10-02T09:46:16Z
1 likes, 0 repeats
@joepie91 #kmail #kdepim is massively underrated in my opinion.It is a blazingly fast (copes well with with >10k mails per folder), well-integrated (w/ support for groupware features) mail client. Out-of-the-box support for GPG (using the system GPG implementation) and S/MIME (for whoever needs to suffer that).Except one thing (KDE Bug#373040), which is that it does break long URLs when composing in plaintext mode, something Thunderbird *does* get right. Can't have everything I guess.Before kmail, I used Thunderbird (for more than a decade, but I needed something which worked well with a HiDPI factor of 1.5 in the year 2016) and Evolution (tried it briefly, it broke my inbox by duplicating half my mail, never going to touch that ever again).
(DIR) Post #AcP0m8S5nYkWMVsZvc by jssfr@zombofant.net
2023-12-02T07:58:49Z
0 likes, 1 repeats
Does anyone know whether it is safe or maybe even a good idea to discard/trim micro SD cards for longevity and performance? Answers with vendor sources preferred.Intuitively, the answer should be yes, but I had one single experience where a rather fresh SD card died while running blkdiscard on it which makes me uneasy.Boosts for reach welcome.(P.S.: I know that there are a lot of crappy counterfeits out there, but the one which died quickly was bought from a reputable seller and had the correct SanDisk markings. The seller also exchanged it without making a fuss, but I'd rather not have this happen to me to the SD cards in my camera.)
(DIR) Post #Ad2VamMHF77K6xlJNg by jssfr@zombofant.net
2023-12-21T14:51:48Z
5 likes, 16 repeats
https://www.postfix.org/smtp-smuggling.html"SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.Boosts for awareness welcome.