Skip to main content


Items tagged with: infosec

systemd service sandboxing and security hardening 101:

– systemd is used as the default init system of many Linux distributions.
– This guide uses systemd-analyze.

#systemd #systemdanalyze #hardening #infosec #security #cybersecurity


Anyway - it is fun, that this meme use questionable nazi mythes for promote your science of previous millennium.

Although, on the other hand, it's no surprise. Nazis cannot spread directly their propaganda (because allegedly Nazism has been defeated)... That is why progressive Western "anti-Nazi" activists are now promoting Nazi hoaxes.
The Nazi doctor Josef Mengele is responsible for the astonishing number of twins in a small Brazilian town, an Argentine historian has claimed.
The Horrifying American Roots of Nazi Eugenics
Nasty Nazis and Extreme Americans: Cloning, Eugenics, and the Exchange of National Signifiers in Contemporary Science Fiction Exchange of National Signifiers in Contemporary Science Fiction
NASA’s Secret Nazis
Bild/Fotoivan zlax wrote the following post Fri, 27 Sep 2019 16:46:25 +0300
The Russian Orthodox priest is blessing astronaut Jessica Meir from USA by holy water before the journey to the #ISS

“I suspect we will have to pass Russian customs when we finally reach the moon”
#christianity #documents #hoax #holywater #infosec #nasa #orthodoxy #property #religion #revision #ritual #space #technology #timespace
In 1952, a German scientist predicted the name “Elon” would be associated with the colonization of Mars

Reminder – Python 2 support ends next week (Jan 1, 2020):

– There won't be any security updates afterwards.
– The final version will be 2.7.18 in mid-April 2020.
– If possible, remove Python 2 and switch to Python 3.

#python #python2 #eol #infosec #security #cybersecurity

3 Don'ts of penetration testing and security assessments:

– Don't test anything without permission.
– Don't be a script kiddie.
– Don't report something without verifying it.

#pentesting #security #infosec #cybersecurity

#Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking - ProPublica

"The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct."

#FuckGoogle #DropGoogle #infosec #surveillance #SurveillanceCapitalism

Awesome, just configured the Firefox addon "Temporary Containers" to open every non "always open in"-tab as temporary tab.

This prevents a lot of CSRF attacks, even when websites themselves didn't implement proper measures.

To implement it I use those two addons:


#firefox #containers #infosec #security

Malicious Python libraries stealing OpenPGP and SSH keys:

– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.

#python #malware #pypi #infosec #security #cybersecurity

Hey Ivan, do you know the nazis never disappeared but were evacuated by sovietic flying saucers and now live on the other side of the flat earth?
Most part of the Nazies was evacuated by CIA to California according to official documents:
Some of Nazies was hidden in South America (like famous nazi "scientist" Mengele) according to declassified documents:
All this stuff about aliens and flying saucers was designed to hide the little-known book about Nazi-Zionist collaboration, that was published 1981cc:
Bild/Fotoivan zlax wrote the following post Sat, 19 Oct 2019 09:00:33 +0300

oblast 51 tajné spisy
Belarus 2,290,000 25.3%
Poland 6,000,000 17.22%
Ukraine 6,850,000 16.3%
Russia 13,950,000 12.7%
Greece 807,000 11.17%
Yugoslavia 1,700,000 10.97%
Germany 7,400,000 8.86%
Паспрабуйце знайсці 51 дакумента:

Spróbuj znaleźć 51 dokumentów:

Προσπαθήστε να βρείτε 51 έγγραφα:

Versuchen Sie, 51 Dokumente zu finden:

Каб выйсці з сакрэтнай зоны ЗША, неабходна задаць пытанне на англійскай мове.
Aby opuścić tajną strefę USA, musisz zadać pytanie w języku angielskim.
Για να φύγετε από τη μυστική ζώνη των ΗΠΑ, πρέπει να κάνετε μια ερώτηση στα αγγλικά.
Um den geheimen Bereich der USA zu verlassen, müssen Sie eine Frage auf Englisch stellen.

United States 419,400 0.32%

ODD# I(e)/3,v;73Brc3185

#documents #europe #erisian #holiday #hoax #infosec #metaprogramming #kabbalah #nazi #nazism #odd #past #revision #timespace #ufo #usa #war #zion #zionism
Consumers of Hollywood mass products believes in all this UFO-alien stuff.

@nipos @wishlephant @sandzwerg @switchingsoftware @edi

The desire to protect user #privacy seems to be there by Wishlephant, Niklas.

Yet, trackers and platforms undermine that goal, Wishlephant.

Maybe there can be some practical guidance by the community to help find alternatives to tracking pixels and platforms that may not respect privacy?

The hope is that the polarity of these comments can be bridged to develop better practices which mitigate #privacy and #infosec risk.

@Christoph S
Ah yes the Ivan Zalax troll
It is you are the troll. I am not.

I ready to answer for any of my words. I do not hide my real identity. Why you are called me troll?

Because you are the collaborator of this guys regarding vaccination?

Or because you try to promote Western neocolonialism regarding Kyoto Protocol promotion?
Bild/Fotoivan zlax wrote the following post Wed, 14 Aug 2019 18:29:31 +0300

Earlier, the West used this colonial manipulation immediately after the collapse of the USSR:
The consequences of this treaty: Western Europe has outsourced its harmful and environmentally unfriendly production to the East.
After the report on the state and environmental protection of the Russian Federation, Yasnaya Polyana was included in the list of settlements most affected by air pollution with various harmful substances.
Shchekinoazot, which is known to produce urea-formaldehyde concentrate, was concerned about pollution data that appeared in the media.
According to some reports, the degree of air pollution with formaldehyde in Yasnaya Polyana has exceeded 20 times the limit of its maximum permissible concentration.
Yasnaya Polyana is the place where i was born. This example from my personal experience.
The USA advertised this Kyoto protocol most of all and was its initiator, but as a result the USA declined ratification of it, because the US scientists demonstrated to public that there are no scientific justifications for this:

The next year, this treaty expires, the term of the Western artificial limitation of the industrial development of developing countries under the guise of "caring for nature" ends (i hope my example about farmaldehyde in Yasnaya Polyana clearly showed how the West takes care of its ecology). It seems that the next stage of this neocolonial undertaking is being prepared.
Kyoto Protocol extended to 2020 to fight climate change
Published: 12:00am, 9 Dec, 2012
According to independent researchers, the Rockefeller family took a major part in lobbying the Kyoto Protocol:
What is important, however, is to acknowledge the role of the Rockefeller family –which historically was the architect of “Big Oil”– in supporting the Climate Change debate as well as the funding of scientists, environmentalists and NGOs involved in grassroots activism against “Big Oil” and the fossil fuel industry.
Apparently, many Western youth environmental initiatives, widely covered by the media, are also not without the support of the Rockefeller charitable organizations, since their activities began to be covered just before the deadline for the Kyoto Protocol. The materials of independent researchers confirm this:

The US Congress deprived the Rockefeller family of profits from oil production. Therefore, they acquired deposits of rare earth elements in the Western colonies. Rare earth elements are necessary for the functioning of renewable energy sources, for which this environmental campaign was started. Most of the resources needed for renewable energy are concentrated in Africa. Often, child slave labor is used in mines, so that progressive Western consumers can refuse coal and oil in favor of "clean" energy.
Last year, 70 percent of the world’s cobalt came from the DRC, a country that has been a target of widespread criticism for its labor practices, such as using children as young as six to work in cobalt mines.

#fridaysforfuture #climatechange #wemustact #bethechange #vegan #janegoodall #cleanenergy #earth #care #futuregenerations #whatsyourexcuse #dontwait #cowspiracy #worktogether #actnow #thegreenhousesparetreat
#capitalism #climatecrisis #climatechange #climatestrike #europe #fridaysforfuture #ecology #environment #greta #gretathunberg #hoax #infosec #metaprogramming #colonialism #cryptocolonialism #neocolonialism #2020cc

Please explain if you are responsible for your words.

Falsehoods Computer Science Students (Still) Believe Upon Graduating:

Security-related myths:

– Open Source means it has fewer bugs and is more secure.
– 'Privacy' and 'Confidentiality' are synonymous.
– 'Encryption' and 'Security' are synonymous.

(And no, most CS students neither are good programmers nor security specialists upon graduating.)

#falsehoods #myths #infosec #cybersecurity #security

Gestern ist ja die kleine Lücke bzgl. #Nginx #Nextcloud und #PHP7 bekanntgeworden.

Für die Leute die, die Paketquellen von verwenden stehen bereits der Fix bzw. die Updates auf die PHP7.3.11 bereit in denen die Lücke bereits geschlossen wurde.

Wer also entweder seine Config noch nicht umgebaut hat/te oder noch nicht aktiv wurde kann jetzt fix einfach mal updaten.

#boost #infosec

@mase @DecaTec

Some "lessons learned" from the whole #NordVPN disaster:

1. Revoke keys when you notice the private key was compromised
2. Use HSMs to prevent private keys from getting compromised
3. Inform your customers about breaches
4. Do proper audit logging of your systems' user accounts
5. Use your own OS images, when installing machines
6. Run an IDS to get informed when your production systems act unusual
7. Spend more money on infrastructure security, less on marketing it




Tweet von Steffen Christensen (@Wikisteff) um 26. Aug., 04:48 Holy shit.
You can pronounce #hex numbers, people!
#hexadecimal #math
/c @hexadecim8 #Infosec #devops

Twitter: Liz Henry on Twitter (Liz Henry)

Tweet von Steffen Christensen (@Wikisteff) um 26. Aug., 04:48 Holy shit.
You can pronounce #hex numbers, people!
#hexadecimal #math
/c @hexadecim8 #Infosec #devops

Twitter: Liz Henry on Twitter (Liz Henry)

Firefox for Android 68 :firefox: introduces support for the Web Authentication API (WebAuthn):

– supports built-in biometrics scanners, or security tokens (NFC, Bluetooth etc.)
– Firefox for Android doesn't support legacy U2F, and won't support in future

#firefox #mozilla #android #webauthn #fido2 #infosec #cybersecurity #security

Holy what!

"Amazon's home security company Ring has enlisted local police departments around the country to advertise its surveillance cameras in exchange for free Ring products and a “portal” that allows police to request footage from these cameras, a secret agreement obtained by Motherboard shows."


Nach aber reichlich debugging konnten wir diese ausfindig machen und manuell einpflegen um den Betrieb fortzusetzen.

Wir wünschen euch noch eine schöne Nacht oder einen Guten Morgen je nachdem wann euch unsere Nachricht erreicht.

#Anoxinon #Fediverse #Statuspost #Upgrade #Security #InfoSec

You thought you know IPv4 addresses? Let me tell you something:



I learnt today that IP addresses can be shortened by dropping the zeroes.
This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
#infosec #bugbounty #bugbountytip


GnuPG — "SKS Keyserver Network Under Attack":

"If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation."

"High-risk users should stop using the keyserver network immediately."

#gnupg #gpg #keyserver #infosec #security #cybersecurity is a website styled blog that everyone should read at least once if you are interested in anything which can relate to security. It is a place where you find security pros writing blog posts about anything security. This is the starting point for any hobbyist online who wants to actually stay secure online or secure their server.

They also have an account on here as well if you want to follow them here: @infosechandbook
#privacy #infosec

More intel CPU vulnerabilities from the same people who found #spectre and #meltdown on the way… 😣
#ZombieLoad and #Store-to-Leak
Mitigation might cost 30-50% performance! 😭



Our #InfoSec team is growing! We are looking for an Information Security Technologist 👩‍💻👨‍💻!! APPLY!


Hm. Actually Let's Encrypt should not be the only CA of that kind.

As we should avoid single points of failure, I hope there will be another CA like that, soon.

#infosec #certificates #tls publishes timeline after security breach:

– the attacker exploited vulnerabilities in Jenkins
– the attacker had full database access, including access to unencrypted content like private messages, passwords hashes, access tokens
– recommends changing your password (including NickServ password)

#matrix #breach #infosec #cybersecurity #security

Guten Morgen #anoxianer,

wir möchten euch etwas kurzfristig darüber informieren das unsere Technik Abteilung heute Abend gegen 18 Uhr Wartungsarbeiten an unserem #XMPP :xmpp: Server vornehmen wird. Hierbei wird der Server geupgradet von der #Prosody Version v0.10 auf 0v.11.X.

Leider war das #Upgrade aufgrund von mangelnder Zeit bisher noch nicht vorher möglich.

Solltest du dich berufen fühlen uns zu Unterstützen dann melde dich doch auf eine unserer Stellen:


Found in #IRC:

"apparently people are getting around Chrome and Firefox telling everyone that non-HTTPS password fields are 'not secure' by just using regular text fields. they change the font on the text field to 'text-security-disc', which is apparently a font that exists of all bullets and looks just like traditional password fields."

How about instead of investing time and effort into schemes like these, you just ROLL OUT #HTTPS FOR FSCK'S SAKE!

#InfoSec #DevOps #SysAdmin

WordPress 5.1–critical exploit chain that enables an unauthenticated attacker to gain remote code execution on any WordPress installation:

– exploit is possible due to a CSRF vulnerability in comment forms
– fixed in WordPress 5.1.1

#wordpress #rce #csrf #wordpress5 #infosec #cybersecurity #security