social.stefan-muenz.de

Search

Items tagged with: infosec

#blog #infosec
Single Point of Failure
 
#blog #infosec
Single Point of Failure
 
Bild/Foto

INFOSEC: FUCK YOUR '"BLACK/WHITE NEUTRALITY"!

By Catalin Cimpanu for Zero Day | July 4, 2020

The information security (infosec) community has angrily reacted today to calls to abandon the use of the 'black hat' and 'white hat' terms, citing that the two, and especially 'black hat,' have nothing to do with racial stereotyping.



Discussions about the topic started late last night after David Kleidermacher, VP of Engineering at Google, and in charge of Android Security and the Google Play Store, withdrew from a scheduled talk he was set to give in August at the Black Hat USA 2020 security conference.

In his withdrawal announcement, Kleidermacher asked the infosec industry to consider replacing terms like black hat, white hat, and man-in-the-middle with neutral alternatives.

These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias. Not everyone agrees which terms to change, but I feel strongly our language needs to (this one in particular).

— David Kleidermacher (@DaveKSecure) July 3, 2020

While Kleidermacher only asked the industry to consider changing these terms, several members mistook his statement as a direct request to the Black Hat conference to change its name.

With Black Hat being the biggest event in cyber-security, online discussions on the topic quickly became widespread among cyber-security experts, dominating the July 4th weekend.

While a part of the infosec community agreed with Kledermacher, the vast majority did not, and called it virtue signaling taken to the extreme.

Most security researchers pointed to the fact that the terms had nothing to do with racism or skin color, and had their origins in classic western movies, where the villain usually wore a black hat, while the good guy wore a white hat.

Others pointed to the dualism between black and white as representing evil and good, concepts that have been around since the dawn of civilizations, long before racial divides even existed between humans.

Right now, the infosec community doesn't seem to be willing to abandon the two terms, which they don't see as a problem when used in infosec-related writings.
MORE COMMENTS: https://www.zdnet.com/article/infosec-community-disagrees-with-changing-black-hat-term-due-to-racial-stereotyping/

#programming #computer #science #software #development #infosec #black hat #resistance #goggle #hackers #internet #censorship #freedom #sexism #social #web #human rights #sanctimony #activism #activist #correctness #meetoo #blacklivesmatter #racism #racist #USA #research #cyber-security #security #privacy
 
Bild/Foto

INFOSEC: FUCK YOUR '"BLACK/WHITE NEUTRALITY"!

By Catalin Cimpanu for Zero Day | July 4, 2020

The information security (infosec) community has angrily reacted today to calls to abandon the use of the 'black hat' and 'white hat' terms, citing that the two, and especially 'black hat,' have nothing to do with racial stereotyping.



Discussions about the topic started late last night after David Kleidermacher, VP of Engineering at Google, and in charge of Android Security and the Google Play Store, withdrew from a scheduled talk he was set to give in August at the Black Hat USA 2020 security conference.

In his withdrawal announcement, Kleidermacher asked the infosec industry to consider replacing terms like black hat, white hat, and man-in-the-middle with neutral alternatives.

These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias. Not everyone agrees which terms to change, but I feel strongly our language needs to (this one in particular).

— David Kleidermacher (@DaveKSecure) July 3, 2020

While Kleidermacher only asked the industry to consider changing these terms, several members mistook his statement as a direct request to the Black Hat conference to change its name.

With Black Hat being the biggest event in cyber-security, online discussions on the topic quickly became widespread among cyber-security experts, dominating the July 4th weekend.

While a part of the infosec community agreed with Kledermacher, the vast majority did not, and called it virtue signaling taken to the extreme.

Most security researchers pointed to the fact that the terms had nothing to do with racism or skin color, and had their origins in classic western movies, where the villain usually wore a black hat, while the good guy wore a white hat.

Others pointed to the dualism between black and white as representing evil and good, concepts that have been around since the dawn of civilizations, long before racial divides even existed between humans.

Right now, the infosec community doesn't seem to be willing to abandon the two terms, which they don't see as a problem when used in infosec-related writings.
MORE COMMENTS: https://www.zdnet.com/article/infosec-community-disagrees-with-changing-black-hat-term-due-to-racial-stereotyping/

#programming #computer #science #software #development #infosec #black hat #resistance #goggle #hackers #internet #censorship #freedom #sexism #social #web #human rights #sanctimony #activism #activist #correctness #meetoo #blacklivesmatter #racism #racist #USA #research #cyber-security #security #privacy
 
[bookmark=https://twitter.com/TheHackersNews/status/1277549883856007168]e-Commerce site hackers are now hiding malicious web-skimming code inside image metadata to covertly steal credit card information entered by visitors.

Read details — thehackernews.com/2020/06/image-…

#infosec #cybersecurity #cyberattack

[/bookmark]
 
[bookmark=https://twitter.com/kim_crawley/status/1277588560321880066]If your Windows system isn't using RDP... Close it! Close it! Close it!

Ugh! I've analyzed way more cyber attacks that exploit RDP than those that exploit zero days.

CLOSE RDP UNLESS ABSOLUTELY NECESSARY!

This is your PSA from me.

#Windows #infosec[/bookmark]
 
Tweet von John Opdenakker (@j_opdenakker) um 16. Juni, 20:18 The CIA has 34 Terabytes (!) of data exfiltrated and they only learned it after it has been published on wikileaks. The CIA takes security seriously seriously. https://t.co/hwM1ZoMlBR

#Infosec #databreach

https://twitter.com/j_opdenakker/status/1272956782944665601
US Intelligence Agencies Are Failing on Basic Cybersecurity Measures, Warns Senator

Computer Business Review: US Intelligence Agencies Are Failing on Basic Cybersecurity Measures, Warns Senator (Ed Targett)

 
Tweet von Manuel Atug (@HonkHase) um 8. Juni, 01:10 How to show that #SocialEngineering works everywhere + asking for balls of steel award in one tweet. Kudos!
#infosec #ethics https://t.co/HG6xzeJMNI

https://twitter.com/HonkHase/status/1269768752029151234
 
Tweet von Manuel Atug (@HonkHase) um 8. Juni, 01:10 How to show that #SocialEngineering works everywhere + asking for balls of steel award in one tweet. Kudos!
#infosec #ethics https://t.co/HG6xzeJMNI

https://twitter.com/HonkHase/status/1269768752029151234
 
Tweet von Manuel Atug (@HonkHase) um 8. Juni, 01:10 How to show that #SocialEngineering works everywhere + asking for balls of steel award in one tweet. Kudos!
#infosec #ethics https://t.co/HG6xzeJMNI

https://twitter.com/HonkHase/status/1269768752029151234
 
Bild/Fotoivan zlax wrote the following post Sun, 29 Mar 2020 21:39:43 +0300

The LockStep scenario was launched just because Greta wasn't good at her target.


Сценарий LockStep был запущен только потому, что Грета плохо справлялась со своей задачей.

Note that the pandemic was planned 8 years ago in this report by the Rockefeller Foundation and GBN 10 years ago:


https://archive.org/details/pdfy-tNG7MjZUicS-wiJb/mode/2up
Обратите внимание, что пандемия была запланирована 8 лет назад в этом докладе фонда Рокфеллера и GBN 10-летней давности.

Exactly in the year of the ending of Kyoto protocol:
https://www.scmp.com/news/china/article/1100990/kyoto-protocol-extended-2020-fight-climate-change
*Kyoto Protocol extended to 2020 to fight climate change
Published: 12:00am, 9 Dec, 2012*
But that year, newagers diverted humanity's attention to the "time wave zero 2012", and globalists quietly extended this neocolonial agreement for 8 years. During a year of active tour Greta clearly showed that the extension of the Kyoto Protocol in this year will not be possible, mankind has become a little wiser over the years, and therefore was launched a delayed scenario, prepared for the year of previous end of the Kyoto Protocol.
It is likely that if most of humanity were to abandon planned global vaccination (already tested under project ID2020 in Bangladesh) after a demonstrative global pandemic, other scenarios, such as "major natural disasters", would be triggered to extend the neocolonial order before the end of the year.

Именно в год окончания действия Киотского протокола:
https://www.scmp.com/news/china/article/1100990/kyoto-protocol-extended-2020-fight-climate-change
*Киотский протокол, продлен до 2020 года для борьбы с изменением климата
Опубликовано: 12:00 утра, 9 декабря 2012 г.*
Но в том году нюэйджеры отвлекли внимание человечества на "временную волну нуля 2012", а глобалисты незаметно продлили этот неоколониальный договор на 8 лет. За год активных гастролей Грета наглядно показала, что продление Киотского протокола в этом году будет невозможно, человечество с годами стало немного мудрее, и поэтому был запущен отложенный сценарий, уже подготовленный к году предыдущего окончания действия Киотского протокола.
Вероятно, если большая часть человечества откажется от запланированной глобальной вакцинации (уже протестированной в рамках проекта ID2020 в Бангладеш) после демонстративной глобальной пандемии, то для продления неоколониального порядка до конца года будут инициированы другие сценарии, например, "масштабные стихийные бедствия".

#climatechange #cryptocolonialism #globalism #greta #id2020 #infosec #kyotoprotocol #lasociétéduspectacle #metaprogramming #neocolonialism #pandamic #revision #time #timespace #timewavezero

Bild/FotoCanek wrote the following post Sun, 29 Mar 2020 08:25:13 +0300

Bild/Foto

#Greta #Covid19
 
Regarding Jitsi Meet servers:
There is a recent trend to use Jitsi Meet, a JavaScript WebRTC application, for videoconferencing.

Please note that these video conferences aren't end-to-end encrypted. This means server-side parties can monitor your activity. If you want to use Jitsi hosted by others, look for a comprehensive privacy policy as always.

There could be additional legal requirements if you want to use third-party Jitsi servers for school or work.

#jitsi #privacy #security #infosec
 
Hardening DNS in a corporate environment, performed this morning:

BEGIN

Block egress DNS except for our trusted DNS servers.

Disable DoH for Firefox users.

END

Now let's see who has misconfigured DNS clients or is using third-party DNS providers like 8.8.8.8.

#BOFH #infosec
 
OMG. Just… no.

#InternetOfShit #IoT #TroyHunt #Security #InfoSec #RemoteControlDetonator
 
OMG. Just… no.

#InternetOfShit #IoT #TroyHunt #Security #InfoSec #RemoteControlDetonator
 
systemd service sandboxing and security hardening 101:

https://www.ctrl.blog/entry/systemd-service-hardening.html

– systemd is used as the default init system of many Linux distributions.
– This guide uses systemd-analyze.

#systemd #systemdanalyze #hardening #infosec #security #cybersecurity
 
 
Anyway - it is fun, that this meme use questionable nazi mythes for promote your science of previous millennium.

Although, on the other hand, it's no surprise. Nazis cannot spread directly their propaganda (because allegedly Nazism has been defeated)... That is why progressive Western "anti-Nazi" activists are now promoting Nazi hoaxes.

https://www.telegraph.co.uk/news/worldnews/southamerica/brazil/4307262/Nazi-angel-of-death-Josef-Mengele-created-twin-town-in-Brazil.html
The Nazi doctor Josef Mengele is responsible for the astonishing number of twins in a small Brazilian town, an Argentine historian has claimed.
https://historynewsnetwork.org/article/1796
The Horrifying American Roots of Nazi Eugenics
https://newprairiepress.org/cgi/viewcontent.cgi?article=1017&context=sttcl
Nasty Nazis and Extreme Americans: Cloning, Eugenics, and the Exchange of National Signifiers in Contemporary Science Fiction Exchange of National Signifiers in Contemporary Science Fiction
https://www.nationalgeographic.com.au/history/nasas-secret-nazis.aspx
NASA’s Secret Nazis
Bild/Fotoivan zlax wrote the following post Fri, 27 Sep 2019 16:46:25 +0300

https://twitter.com/FactorOk/status/1177131421678362629
The Russian Orthodox priest is blessing astronaut Jessica Meir from USA by holy water before the journey to the #ISS

“I suspect we will have to pass Russian customs when we finally reach the moon”
#christianity #documents #hoax #holywater #infosec #nasa #orthodoxy #property #religion #revision #ritual #space #technology #timespace
In 1952, a German scientist predicted the name “Elon” would be associated with the colonization of Mars
https://www.thevintagenews.com/2017/06/13/in-1952-a-german-scientist-predicted-the-name-elon-would-be-associated-with-the-colonization-of-mars
 
Reminder – Python 2 support ends next week (Jan 1, 2020):

https://www.python.org/dev/peps/pep-0373/#maintenance-releases

– There won't be any security updates afterwards.
– The final version will be 2.7.18 in mid-April 2020.
– If possible, remove Python 2 and switch to Python 3.

#python #python2 #eol #infosec #security #cybersecurity
 
3 Don'ts of penetration testing and security assessments:

https://infosec-handbook.eu/blog/donts-penetration-testing/

– Don't test anything without permission.
– Don't be a script kiddie.
– Don't report something without verifying it.

#pentesting #security #infosec #cybersecurity
 
#Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking - ProPublica

https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking

"The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct."

#FuckGoogle #DropGoogle #infosec #surveillance #SurveillanceCapitalism
 
Awesome, just configured the Firefox addon "Temporary Containers" to open every non "always open in"-tab as temporary tab.

This prevents a lot of CSRF attacks, even when websites themselves didn't implement proper measures.

To implement it I use those two addons:

https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

and:

https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/

#firefox #containers #infosec #security
Bild/Foto
 
Malicious Python libraries stealing OpenPGP and SSH keys:

https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.

#python #malware #pypi #infosec #security #cybersecurity
 
@WeirdWolf**
Hey Ivan, do you know the nazis never disappeared but were evacuated by sovietic flying saucers and now live on the other side of the flat earth?
Most part of the Nazies was evacuated by CIA to California according to official documents:
https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol-58-no-3/operation-paperclip-the-secret-intelligence-program-to-bring-nazi-scientists-to-america.html
https://en.wikipedia.org/wiki/Operation_Paperclip
Some of Nazies was hidden in South America (like famous nazi "scientist" Mengele) according to declassified documents:
https://vault.fbi.gov/adolf-hitler/adolf-hitler-part-01-of-04/view
https://vault.fbi.gov/adolf-hitler/adolf-hitler-part-02-of-04/view
https://vault.fbi.gov/adolf-hitler/adolf-hitler-part-03-of-04/view
https://vault.fbi.gov/adolf-hitler/adolf-hitler-part-04-of-04/view
https://www.cia.gov/library/readingroom/docs/HITLER%2C%20ADOLF_0003.pdf
All this stuff about aliens and flying saucers was designed to hide the little-known book about Nazi-Zionist collaboration, that was published 1981cc:
Bild/Fotoivan zlax wrote the following post Sat, 19 Oct 2019 09:00:33 +0300

oblast 51 tajné spisy
https://en.wikipedia.org/wiki/World_War_II_casualties
Belarus 2,290,000 25.3%
Poland 6,000,000 17.22%
Ukraine 6,850,000 16.3%
Russia 13,950,000 12.7%
Greece 807,000 11.17%
Yugoslavia 1,700,000 10.97%
Germany 7,400,000 8.86%
Паспрабуйце знайсці 51 дакумента:



Spróbuj znaleźć 51 dokumentów:



Προσπαθήστε να βρείτε 51 έγγραφα:



Versuchen Sie, 51 Dokumente zu finden:



Каб выйсці з сакрэтнай зоны ЗША, неабходна задаць пытанне на англійскай мове.
Aby opuścić tajną strefę USA, musisz zadać pytanie w języku angielskim.
Για να φύγετε από τη μυστική ζώνη των ΗΠΑ, πρέπει να κάνετε μια ερώτηση στα αγγλικά.
Um den geheimen Bereich der USA zu verlassen, müssen Sie eine Frage auf Englisch stellen.


United States 419,400 0.32%






https://archive.org/details/51DocumentsZionistCollaborationWithTheNazisLENNIBRENNER1983

ODD# I(e)/3,v;73Brc3185

#documents #europe #erisian #holiday #hoax #infosec #metaprogramming #kabbalah #nazi #nazism #odd #past #revision #timespace #ufo #usa #war #zion #zionism
Consumers of Hollywood mass products believes in all this UFO-alien stuff.
 
@nipos @wishlephant @sandzwerg @switchingsoftware @edi

The desire to protect user #privacy seems to be there by Wishlephant, Niklas.

Yet, trackers and platforms undermine that goal, Wishlephant.

Maybe there can be some practical guidance by the community to help find alternatives to tracking pixels and platforms that may not respect privacy?

The hope is that the polarity of these comments can be bridged to develop better practices which mitigate #privacy and #infosec risk.
 
Falsehoods Computer Science Students (Still) Believe Upon Graduating:

https://www.netmeister.org/blog/cs-falsehoods.html

Security-related myths:

– Open Source means it has fewer bugs and is more secure.
– 'Privacy' and 'Confidentiality' are synonymous.
– 'Encryption' and 'Security' are synonymous.

(And no, most CS students neither are good programmers nor security specialists upon graduating.)

#falsehoods #myths #infosec #cybersecurity #security
 
Gestern ist ja die kleine Lücke bzgl. #Nginx #Nextcloud und #PHP7 bekanntgeworden.

Für die Leute die, die Paketquellen von deb.sury.org verwenden stehen bereits der Fix bzw. die Updates auf die PHP7.3.11 bereit in denen die Lücke bereits geschlossen wurde.

Wer also entweder seine Config noch nicht umgebaut hat/te oder noch nicht aktiv wurde kann jetzt fix einfach mal updaten.

#boost #infosec

@mase @DecaTec
 
Some "lessons learned" from the whole #NordVPN disaster:

1. Revoke keys when you notice the private key was compromised
2. Use HSMs to prevent private keys from getting compromised
3. Inform your customers about breaches
4. Do proper audit logging of your systems' user accounts
5. Use your own OS images, when installing machines
6. Run an IDS to get informed when your production systems act unusual
7. Spend more money on infrastructure security, less on marketing it

#infosec
 
 
 
Tweet von Steffen Christensen (@Wikisteff) um 26. Aug., 04:48 Holy shit.
You can pronounce #hex numbers, people!
#hexadecimal #math
/c @hexadecim8 #Infosec #devops https://t.co/HtDmvXD9Pr

https://twitter.com/Wikisteff/status/1165818361097392128

Twitter: Liz Henry on Twitter (Liz Henry)

 
Tweet von Steffen Christensen (@Wikisteff) um 26. Aug., 04:48 Holy shit.
You can pronounce #hex numbers, people!
#hexadecimal #math
/c @hexadecim8 #Infosec #devops https://t.co/HtDmvXD9Pr

https://twitter.com/Wikisteff/status/1165818361097392128

Twitter: Liz Henry on Twitter (Liz Henry)

 
Firefox for Android 68 :firefox: introduces support for the Web Authentication API (WebAuthn):

https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/

– supports built-in biometrics scanners, or security tokens (NFC, Bluetooth etc.)
– Firefox for Android doesn't support legacy U2F, and won't support in future

#firefox #mozilla #android #webauthn #fido2 #infosec #cybersecurity #security
 
Holy what!

"Amazon's home security company Ring has enlisted local police departments around the country to advertise its surveillance cameras in exchange for free Ring products and a “portal” that allows police to request footage from these cameras, a secret agreement obtained by Motherboard shows."

https://www.vice.com/en_us/article/mb88za/amazon-requires-police-to-shill-surveillance-cameras-in-secret-agreement

#infosec
 
Nach aber reichlich debugging konnten wir diese ausfindig machen und manuell einpflegen um den Betrieb fortzusetzen.

Wir wünschen euch noch eine schöne Nacht oder einen Guten Morgen je nachdem wann euch unsere Nachricht erreicht.

#Anoxinon #Fediverse #Statuspost #Upgrade #Security #InfoSec
 
You thought you know IPv4 addresses? Let me tell you something:

YOU PROBABLY DON'T!

RT @0xInfection@twitter.com

I learnt today that IP addresses can be shortened by dropping the zeroes.
Examples:
http://1.0.0.1http://1.1
http://192.168.0.1http://192.168.1
This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
#infosec #bugbounty #bugbountytip

🐦🔗: https://twitter.com/0xInfection/status/1148267196306427904
Bild/Foto
 
GnuPG — "SKS Keyserver Network Under Attack":

https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

"If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation."

"High-risk users should stop using the keyserver network immediately."

#gnupg #gpg #keyserver #infosec #security #cybersecurity
 
Later posts Earlier posts