Notices tagged with infosec

rozzin

Conversations with kids, about #umwelt, #superpowers, and #infosec:

"Why are they looking at me?"
"Because they heard you fart."
"Whhhhat do you mean?!?!"
"Hearing people can hear farts."
…
https://www.jwz.org/blog/2018/11/tell-them-to-stop-listening-to-my-farts/
!education !parenting #poop !security

moonman

actual article  https://mangoposter.club/attachment/2509489 #Pokemon #CyberSecurity #Infosec #Paninis

mcscx2 infosec , hoergen

@hoergen allerdings: auch sofern ein Ausschaltknopf da ist weiß man trotzdem nicht, ob das Gerät (z. B. iPhone) wirklich aus ist. Zum Beispiel könnte ein Mobiltelefon 1x täglich (unauffällig, ohne Display) hochfahren und schauen, ob es Anweisungen des Herstellers herunterzuladen gibt und sich wieder ausschalten.
Es werden ja schon lange keine die-Stromversorgung-physisch-trennenden Schalter mehr verwendet. !infosec

rysiek

With all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.

I just wanted to stop for a second and appreciate that.

If we're talking about the need to move to something better than Signal, we are in a pretty decent place.

#infosec

rysiek

With all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.

I just wanted to stop for a second and appreciate that.

If we're talking about the need to move to something better than Signal, we are in a pretty decent place.

#infosec

rysiek

Oh boy. https://github.com/signalapp/Signal-Desktop/issues/1635

tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.

Gotta love #Electron. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."

#InfoSec

rysiek

Oh boy. https://github.com/signalapp/Signal-Desktop/issues/1635

tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.

Gotta love #Electron. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."

#InfoSec

thehatter

The office has hundreds of thousands of dollars in computer equipment sitting in open cubes but the extra paper towels and tissue boxes are locked up.

#infosec

thehatter

The office has hundreds of thousands of dollars in computer equipment sitting in open cubes but the extra paper towels and tissue boxes are locked up.

#infosec

aaron

Comodo revoked TLS certificates for some Sci-Hub domains:

https://torrentfreak.com/sci-hub-pirate-bay-for-science-security-certs-revoked-by-comodo-ca-180503/

#science #infosec

aaron

Comodo revoked TLS certificates for some Sci-Hub domains:

https://torrentfreak.com/sci-hub-pirate-bay-for-science-security-certs-revoked-by-comodo-ca-180503/

#science #infosec

aaron

Comodo revoked TLS certificates for some Sci-Hub domains:

https://torrentfreak.com/sci-hub-pirate-bay-for-science-security-certs-revoked-by-comodo-ca-180503/

#science #infosec

jerry

Defensive Security Podcast Episode 216
http://defensivesecurity.org/defensive-security-podcast-episode-216/
#infosec

jerry

Defensive Security Podcast Episode 216
http://defensivesecurity.org/defensive-security-podcast-episode-216/
#infosec

tengu

Long story short:
#easterhegg #infosec

tengu

Long story short:
#easterhegg #infosec

jerry

Defensive Security Podcast Episode 214
http://defensivesecurity.org/defensive-security-podcast-episode-214/
#infosec

jerry

Defensive Security Podcast Episode 214
http://defensivesecurity.org/defensive-security-podcast-episode-214/
#infosec

rysiek

Oh... wow:
https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/

Flight-sim devs say hidden password-dump tool was used to fight pirates
Installer ran a "Chrome Password Dump" tool on copies suspected of piracy.

#InfoSec #WhatThekiwi

rysiek

Oh... wow:
https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/

Flight-sim devs say hidden password-dump tool was used to fight pirates
Installer ran a "Chrome Password Dump" tool on copies suspected of piracy.

#InfoSec #WhatThekiwi

therubackup

this seems neat https://jerrygamblin.com/2017/06/12/quickly-building-a-cloud-virtual-lab/ #infosec

galaxis

Can't find an english language news source for this, but it seems that #Microsoft Defender is flagging files that contain short strings (like "Squeamish Ossifrage" or "malicious_x = %p") from the #Spectre PoC as malware: https://m.heise.de/security/meldung/Microsoft-stuft-das-PoC-Programm-zu-Spectre-als-boesartig-ein-3959995.html

This is obviously useless for actual threat detection, so are they trying to find people who are playing with the PoC code?

#infosec

galaxis

Can't find an english language news source for this, but it seems that #Microsoft Defender is flagging files that contain short strings (like "Squeamish Ossifrage" or "malicious_x = %p") from the #Spectre PoC as malware: https://m.heise.de/security/meldung/Microsoft-stuft-das-PoC-Programm-zu-Spectre-als-boesartig-ein-3959995.html

This is obviously useless for actual threat detection, so are they trying to find people who are playing with the PoC code?

#infosec

rysiek

#Google breaks the embargo on #appleWIT: https://googleprojectzero.blogspot.pt/2018/01/reading-privileged-memory-with-side.html
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Meet #Meltdown and #Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pd

#Infosec #Intel

rysiek

#Google breaks the embargo on #appleWIT: https://googleprojectzero.blogspot.pt/2018/01/reading-privileged-memory-with-side.html
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Meet #Meltdown and #Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pd

#Infosec #Intel

rysiek

#Google breaks the embargo on #appleWIT: https://googleprojectzero.blogspot.pt/2018/01/reading-privileged-memory-with-side.html
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Meet #Meltdown and #Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pd

#Infosec #Intel

munin

Yo #infosec - new malware, "Petya"

It's wcry again, but with the killswitch taken out and some phishing initial delivery.

And by "it's wcry again" I mean it. Same exploit. Same traffic. Same everything. If your org bothered patching or mitigating, then this won't affect you.

munin

Yo #infosec - new malware, "Petya"

It's wcry again, but with the killswitch taken out and some phishing initial delivery.

And by "it's wcry again" I mean it. Same exploit. Same traffic. Same everything. If your org bothered patching or mitigating, then this won't affect you.

rysiek

Apart from ideological arguments (with which I largely agree), are there any concrete reasons/arguments to use #VeraCrypt full disk encryption for #Windows, rather than the integrated #BitLocker?

#InfoSec

rysiek

Apart from ideological arguments (with which I largely agree), are there any concrete reasons/arguments to use #VeraCrypt full disk encryption for #Windows, rather than the integrated #BitLocker?

#InfoSec