Notices tagged with infosec
-
Conversations with kids, about #umwelt, #superpowers, and #infosec:
"Why are they looking at me?"
"Because they heard you fart."
"Whhhhat do you mean?!?!"
"Hearing people can hear farts."
…
https://www.jwz.org/blog/2018/11/tell-them-to-stop-listening-to-my-farts/
!education !parenting #poop !security -
actual article https://mangoposter.club/attachment/2509489 #Pokemon #CyberSecurity #Infosec #Paninis
-
@hoergen allerdings: auch sofern ein Ausschaltknopf da ist weiß man trotzdem nicht, ob das Gerät (z. B. iPhone) wirklich aus ist. Zum Beispiel könnte ein Mobiltelefon 1x täglich (unauffällig, ohne Display) hochfahren und schauen, ob es Anweisungen des Herstellers herunterzuladen gibt und sich wieder ausschalten.
Es werden ja schon lange keine die-Stromversorgung-physisch-trennenden Schalter mehr verwendet. !infosec -
With all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.
I just wanted to stop for a second and appreciate that.
If we're talking about the need to move to something better than Signal, we are in a pretty decent place.
-
With all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.
I just wanted to stop for a second and appreciate that.
If we're talking about the need to move to something better than Signal, we are in a pretty decent place.
-
Oh boy. https://github.com/signalapp/Signal-Desktop/issues/1635
tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.
Gotta love #Electron. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."
-
Oh boy. https://github.com/signalapp/Signal-Desktop/issues/1635
tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.
Gotta love #Electron. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."
-
The office has hundreds of thousands of dollars in computer equipment sitting in open cubes but the extra paper towels and tissue boxes are locked up.
-
The office has hundreds of thousands of dollars in computer equipment sitting in open cubes but the extra paper towels and tissue boxes are locked up.
-
Comodo revoked TLS certificates for some Sci-Hub domains:
https://torrentfreak.com/sci-hub-pirate-bay-for-science-security-certs-revoked-by-comodo-ca-180503/
-
Comodo revoked TLS certificates for some Sci-Hub domains:
https://torrentfreak.com/sci-hub-pirate-bay-for-science-security-certs-revoked-by-comodo-ca-180503/
-
Comodo revoked TLS certificates for some Sci-Hub domains:
https://torrentfreak.com/sci-hub-pirate-bay-for-science-security-certs-revoked-by-comodo-ca-180503/
-
Defensive Security Podcast Episode 216
http://defensivesecurity.org/defensive-security-podcast-episode-216/
#infosec -
Defensive Security Podcast Episode 216
http://defensivesecurity.org/defensive-security-podcast-episode-216/
#infosec -
Long story short:
#easterhegg #infosec -
Long story short:
#easterhegg #infosec -
Defensive Security Podcast Episode 214
http://defensivesecurity.org/defensive-security-podcast-episode-214/
#infosec -
Defensive Security Podcast Episode 214
http://defensivesecurity.org/defensive-security-podcast-episode-214/
#infosec -
Flight-sim devs say hidden password-dump tool was used to fight pirates
Installer ran a "Chrome Password Dump" tool on copies suspected of piracy. -
Flight-sim devs say hidden password-dump tool was used to fight pirates
Installer ran a "Chrome Password Dump" tool on copies suspected of piracy. -
Can't find an english language news source for this, but it seems that #Microsoft Defender is flagging files that contain short strings (like "Squeamish Ossifrage" or "malicious_x = %p") from the #Spectre PoC as malware: https://m.heise.de/security/meldung/Microsoft-stuft-das-PoC-Programm-zu-Spectre-als-boesartig-ein-3959995.html
This is obviously useless for actual threat detection, so are they trying to find people who are playing with the PoC code?
#infosec -
Can't find an english language news source for this, but it seems that #Microsoft Defender is flagging files that contain short strings (like "Squeamish Ossifrage" or "malicious_x = %p") from the #Spectre PoC as malware: https://m.heise.de/security/meldung/Microsoft-stuft-das-PoC-Programm-zu-Spectre-als-boesartig-ein-3959995.html
This is obviously useless for actual threat detection, so are they trying to find people who are playing with the PoC code?
#infosec -
#Google breaks the embargo on #appleWIT: https://googleprojectzero.blogspot.pt/2018/01/reading-privileged-memory-with-side.html
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlMeet #Meltdown and #Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pd -
#Google breaks the embargo on #appleWIT: https://googleprojectzero.blogspot.pt/2018/01/reading-privileged-memory-with-side.html
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlMeet #Meltdown and #Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pd -
#Google breaks the embargo on #appleWIT: https://googleprojectzero.blogspot.pt/2018/01/reading-privileged-memory-with-side.html
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlMeet #Meltdown and #Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pd -
Yo #infosec - new malware, "Petya"
It's wcry again, but with the killswitch taken out and some phishing initial delivery.
And by "it's wcry again" I mean it. Same exploit. Same traffic. Same everything. If your org bothered patching or mitigating, then this won't affect you.
-
Yo #infosec - new malware, "Petya"
It's wcry again, but with the killswitch taken out and some phishing initial delivery.
And by "it's wcry again" I mean it. Same exploit. Same traffic. Same everything. If your org bothered patching or mitigating, then this won't affect you.
-
Apart from ideological arguments (with which I largely agree), are there any concrete reasons/arguments to use #VeraCrypt full disk encryption for #Windows, rather than the integrated #BitLocker?
-
Apart from ideological arguments (with which I largely agree), are there any concrete reasons/arguments to use #VeraCrypt full disk encryption for #Windows, rather than the integrated #BitLocker?
