Skip to main content

Search

Items tagged with: infosec


 
systemd service sandboxing and security hardening 101:

https://www.ctrl.blog/entry/systemd-service-hardening.html

– systemd is used as the default init system of many Linux distributions.
– This guide uses systemd-analyze.

#systemd #systemdanalyze #hardening #infosec #security #cybersecurity

 

 
Anyway - it is fun, that this meme use questionable nazi mythes for promote your science of previous millennium.

Although, on the other hand, it's no surprise. Nazis cannot spread directly their propaganda (because allegedly Nazism has been defeated)... That is why progressive Western "anti-Nazi" activists are now promoting Nazi hoaxes.

https://www.telegraph.co.uk/news/worldnews/southamerica/brazil/4307262/Nazi-angel-of-death-Josef-Mengele-created-twin-town-in-Brazil.html
The Nazi doctor Josef Mengele is responsible for the astonishing number of twins in a small Brazilian town, an Argentine historian has claimed.
https://historynewsnetwork.org/article/1796
The Horrifying American Roots of Nazi Eugenics
https://newprairiepress.org/cgi/viewcontent.cgi?article=1017&context=sttcl
Nasty Nazis and Extreme Americans: Cloning, Eugenics, and the Exchange of National Signifiers in Contemporary Science Fiction Exchange of National Signifiers in Contemporary Science Fiction
https://www.nationalgeographic.com.au/history/nasas-secret-nazis.aspx
NASA’s Secret Nazis
Bild/Fotoivan zlax wrote the following post Fri, 27 Sep 2019 16:46:25 +0300

https://twitter.com/FactorOk/status/1177131421678362629
The Russian Orthodox priest is blessing astronaut Jessica Meir from USA by holy water before the journey to the #ISS

“I suspect we will have to pass Russian customs when we finally reach the moon”
#christianity #documents #hoax #holywater #infosec #nasa #orthodoxy #property #religion #revision #ritual #space #technology #timespace
In 1952, a German scientist predicted the name “Elon” would be associated with the colonization of Mars
https://www.thevintagenews.com/2017/06/13/in-1952-a-german-scientist-predicted-the-name-elon-would-be-associated-with-the-colonization-of-mars

 
Reminder – Python 2 support ends next week (Jan 1, 2020):

https://www.python.org/dev/peps/pep-0373/#maintenance-releases

– There won't be any security updates afterwards.
– The final version will be 2.7.18 in mid-April 2020.
– If possible, remove Python 2 and switch to Python 3.

#python #python2 #eol #infosec #security #cybersecurity

 
3 Don'ts of penetration testing and security assessments:

https://infosec-handbook.eu/blog/donts-penetration-testing/

– Don't test anything without permission.
– Don't be a script kiddie.
– Don't report something without verifying it.

#pentesting #security #infosec #cybersecurity

 
#Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking - ProPublica

https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking

"The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct."

#FuckGoogle #DropGoogle #infosec #surveillance #SurveillanceCapitalism

 
Awesome, just configured the Firefox addon "Temporary Containers" to open every non "always open in"-tab as temporary tab.

This prevents a lot of CSRF attacks, even when websites themselves didn't implement proper measures.

To implement it I use those two addons:

https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

and:

https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/

#firefox #containers #infosec #security
Bild/Foto

 
Malicious Python libraries stealing OpenPGP and SSH keys:

https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.

#python #malware #pypi #infosec #security #cybersecurity

 
@WeirdWolf**
Hey Ivan, do you know the nazis never disappeared but were evacuated by sovietic flying saucers and now live on the other side of the flat earth?
Most part of the Nazies was evacuated by CIA to California according to official documents:
https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol-58-no-3/operation-paperclip-the-secret-intelligence-program-to-bring-nazi-scientists-to-america.html
https://en.wikipedia.org/wiki/Operation_Paperclip
Some of Nazies was hidden in South America (like famous nazi "scientist" Mengele) according to declassified documents:
https://vault.fbi.gov/adolf-hitler/adolf-hitler-part-01-of-04/view
https://vault.fbi.gov/adolf-hitler/adolf-hitler-part-02-of-04/view
https://vault.fbi.gov/adolf-hitler/adolf-hitler-part-03-of-04/view
https://vault.fbi.gov/adolf-hitler/adolf-hitler-part-04-of-04/view
https://www.cia.gov/library/readingroom/docs/HITLER%2C%20ADOLF_0003.pdf
All this stuff about aliens and flying saucers was designed to hide the little-known book about Nazi-Zionist collaboration, that was published 1981cc:
Bild/Fotoivan zlax wrote the following post Sat, 19 Oct 2019 09:00:33 +0300

oblast 51 tajné spisy
https://en.wikipedia.org/wiki/World_War_II_casualties
Belarus 2,290,000 25.3%
Poland 6,000,000 17.22%
Ukraine 6,850,000 16.3%
Russia 13,950,000 12.7%
Greece 807,000 11.17%
Yugoslavia 1,700,000 10.97%
Germany 7,400,000 8.86%
Паспрабуйце знайсці 51 дакумента:



Spróbuj znaleźć 51 dokumentów:



Προσπαθήστε να βρείτε 51 έγγραφα:



Versuchen Sie, 51 Dokumente zu finden:



Каб выйсці з сакрэтнай зоны ЗША, неабходна задаць пытанне на англійскай мове.
Aby opuścić tajną strefę USA, musisz zadać pytanie w języku angielskim.
Για να φύγετε από τη μυστική ζώνη των ΗΠΑ, πρέπει να κάνετε μια ερώτηση στα αγγλικά.
Um den geheimen Bereich der USA zu verlassen, müssen Sie eine Frage auf Englisch stellen.


United States 419,400 0.32%






https://archive.org/details/51DocumentsZionistCollaborationWithTheNazisLENNIBRENNER1983

ODD# I(e)/3,v;73Brc3185

#documents #europe #erisian #holiday #hoax #infosec #metaprogramming #kabbalah #nazi #nazism #odd #past #revision #timespace #ufo #usa #war #zion #zionism
Consumers of Hollywood mass products believes in all this UFO-alien stuff.

 
@nipos @wishlephant @sandzwerg @switchingsoftware @edi

The desire to protect user #privacy seems to be there by Wishlephant, Niklas.

Yet, trackers and platforms undermine that goal, Wishlephant.

Maybe there can be some practical guidance by the community to help find alternatives to tracking pixels and platforms that may not respect privacy?

The hope is that the polarity of these comments can be bridged to develop better practices which mitigate #privacy and #infosec risk.

 
@Christoph S
Ah yes the Ivan Zalax troll
It is you are the troll. I am not.

I ready to answer for any of my words. I do not hide my real identity. Why you are called me troll?

Because you are the collaborator of this guys regarding vaccination?



Or because you try to promote Western neocolonialism regarding Kyoto Protocol promotion?
Bild/Fotoivan zlax wrote the following post Wed, 14 Aug 2019 18:29:31 +0300

Earlier, the West used this colonial manipulation immediately after the collapse of the USSR:
https://en.wikipedia.org/wiki/Kyoto_Protocol
The consequences of this treaty: Western Europe has outsourced its harmful and environmentally unfriendly production to the East.
http://www.bloha.info/view/articles/1011642/
After the report on the state and environmental protection of the Russian Federation, Yasnaya Polyana was included in the list of settlements most affected by air pollution with various harmful substances.
Shchekinoazot, which is known to produce urea-formaldehyde concentrate, was concerned about pollution data that appeared in the media.
According to some reports, the degree of air pollution with formaldehyde in Yasnaya Polyana has exceeded 20 times the limit of its maximum permissible concentration.
Yasnaya Polyana is the place where i was born. This example from my personal experience.
The USA advertised this Kyoto protocol most of all and was its initiator, but as a result the USA declined ratification of it, because the US scientists demonstrated to public that there are no scientific justifications for this:
http://www.petitionproject.org/


The next year, this treaty expires, the term of the Western artificial limitation of the industrial development of developing countries under the guise of "caring for nature" ends (i hope my example about farmaldehyde in Yasnaya Polyana clearly showed how the West takes care of its ecology). It seems that the next stage of this neocolonial undertaking is being prepared.
https://www.scmp.com/news/china/article/1100990/kyoto-protocol-extended-2020-fight-climate-change
Kyoto Protocol extended to 2020 to fight climate change
Published: 12:00am, 9 Dec, 2012
Bild/Foto
According to independent researchers, the Rockefeller family took a major part in lobbying the Kyoto Protocol:
https://www.globalresearch.ca/rockefeller-familys-covert-climate-change-plan/5678775
What is important, however, is to acknowledge the role of the Rockefeller family –which historically was the architect of “Big Oil”– in supporting the Climate Change debate as well as the funding of scientists, environmentalists and NGOs involved in grassroots activism against “Big Oil” and the fossil fuel industry.
Apparently, many Western youth environmental initiatives, widely covered by the media, are also not without the support of the Rockefeller charitable organizations, since their activities began to be covered just before the deadline for the Kyoto Protocol. The materials of independent researchers confirm this:
http://www.wrongkindofgreen.org/2019/01/17/the-manufacturing-of-greta-thunberg-for-consent-the-political-economy-of-the-non-profit-industrial-complex/
https://reason.com/2015/10/30/why-third-world-countries-wont-agree-to
http://www.wrongkindofgreen.org/2019/05/06/extinction-rebellion-training-or-how-to-control-radical-resistance-from-the-obstructive-left/

The US Congress deprived the Rockefeller family of profits from oil production. Therefore, they acquired deposits of rare earth elements in the Western colonies. Rare earth elements are necessary for the functioning of renewable energy sources, for which this environmental campaign was started. Most of the resources needed for renewable energy are concentrated in Africa. Often, child slave labor is used in mines, so that progressive Western consumers can refuse coal and oil in favor of "clean" energy.

https://grist.org/article/report-going-100-renewable-power-means-a-lot-of-dirty-mining/
http://theconversation.com/fairtrade-renewable-energy-shedding-light-on-clean-energys-dirty-secrets-100263
https://www.theverge.com/2019/2/15/18226210/energy-renewables-materials-mining-environment-neodymium-copper-lithium-cobalt
Last year, 70 percent of the world’s cobalt came from the DRC, a country that has been a target of widespread criticism for its labor practices, such as using children as young as six to work in cobalt mines.


#fridaysforfuture #climatechange #wemustact #bethechange #vegan #janegoodall #cleanenergy #earth #care #futuregenerations #whatsyourexcuse #dontwait #cowspiracy #worktogether #actnow #thegreenhousesparetreat
#capitalism #climatecrisis #climatechange #climatestrike #europe #fridaysforfuture #ecology #environment #greta #gretathunberg #hoax #infosec #metaprogramming #colonialism #cryptocolonialism #neocolonialism #2020cc

Please explain if you are responsible for your words.

 
Falsehoods Computer Science Students (Still) Believe Upon Graduating:

https://www.netmeister.org/blog/cs-falsehoods.html

Security-related myths:

– Open Source means it has fewer bugs and is more secure.
– 'Privacy' and 'Confidentiality' are synonymous.
– 'Encryption' and 'Security' are synonymous.

(And no, most CS students neither are good programmers nor security specialists upon graduating.)

#falsehoods #myths #infosec #cybersecurity #security

 
Gestern ist ja die kleine Lücke bzgl. #Nginx #Nextcloud und #PHP7 bekanntgeworden.

Für die Leute die, die Paketquellen von deb.sury.org verwenden stehen bereits der Fix bzw. die Updates auf die PHP7.3.11 bereit in denen die Lücke bereits geschlossen wurde.

Wer also entweder seine Config noch nicht umgebaut hat/te oder noch nicht aktiv wurde kann jetzt fix einfach mal updaten.

#boost #infosec

@mase @DecaTec

 
Some "lessons learned" from the whole #NordVPN disaster:

1. Revoke keys when you notice the private key was compromised
2. Use HSMs to prevent private keys from getting compromised
3. Inform your customers about breaches
4. Do proper audit logging of your systems' user accounts
5. Use your own OS images, when installing machines
6. Run an IDS to get informed when your production systems act unusual
7. Spend more money on infrastructure security, less on marketing it

#infosec

 

 

 
Tweet von Steffen Christensen (@Wikisteff) um 26. Aug., 04:48 Holy shit.
You can pronounce #hex numbers, people!
#hexadecimal #math
/c @hexadecim8 #Infosec #devops https://t.co/HtDmvXD9Pr

https://twitter.com/Wikisteff/status/1165818361097392128

Twitter: Liz Henry on Twitter (Liz Henry)


 
Tweet von Steffen Christensen (@Wikisteff) um 26. Aug., 04:48 Holy shit.
You can pronounce #hex numbers, people!
#hexadecimal #math
/c @hexadecim8 #Infosec #devops https://t.co/HtDmvXD9Pr

https://twitter.com/Wikisteff/status/1165818361097392128

Twitter: Liz Henry on Twitter (Liz Henry)


 
Firefox for Android 68 :firefox: introduces support for the Web Authentication API (WebAuthn):

https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/

– supports built-in biometrics scanners, or security tokens (NFC, Bluetooth etc.)
– Firefox for Android doesn't support legacy U2F, and won't support in future

#firefox #mozilla #android #webauthn #fido2 #infosec #cybersecurity #security

 
Holy what!

"Amazon's home security company Ring has enlisted local police departments around the country to advertise its surveillance cameras in exchange for free Ring products and a “portal” that allows police to request footage from these cameras, a secret agreement obtained by Motherboard shows."

https://www.vice.com/en_us/article/mb88za/amazon-requires-police-to-shill-surveillance-cameras-in-secret-agreement

#infosec

 
Nach aber reichlich debugging konnten wir diese ausfindig machen und manuell einpflegen um den Betrieb fortzusetzen.

Wir wünschen euch noch eine schöne Nacht oder einen Guten Morgen je nachdem wann euch unsere Nachricht erreicht.

#Anoxinon #Fediverse #Statuspost #Upgrade #Security #InfoSec

 
You thought you know IPv4 addresses? Let me tell you something:

YOU PROBABLY DON'T!

RT @0xInfection@twitter.com

I learnt today that IP addresses can be shortened by dropping the zeroes.
Examples:
http://1.0.0.1http://1.1
http://192.168.0.1http://192.168.1
This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
#infosec #bugbounty #bugbountytip

🐦🔗: https://twitter.com/0xInfection/status/1148267196306427904
Bild/Foto

 
GnuPG — "SKS Keyserver Network Under Attack":

https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

"If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation."

"High-risk users should stop using the keyserver network immediately."

#gnupg #gpg #keyserver #infosec #security #cybersecurity

 
https://infosec-handbook.eu/ is a website styled blog that everyone should read at least once if you are interested in anything which can relate to security. It is a place where you find security pros writing blog posts about anything security. This is the starting point for any hobbyist online who wants to actually stay secure online or secure their server.

They also have an account on here as well if you want to follow them here: @infosechandbook
#privacy #infosec

 
More intel CPU vulnerabilities from the same people who found #spectre and #meltdown on the way… 😣
#ZombieLoad and #Store-to-Leak
https://zombieloadattack.com/
Mitigation might cost 30-50% performance! 😭
#infosec

 
Job!

RT @AbirGhattas@twitter.com

Our #InfoSec team @HRW@twitter.com is growing! We are looking for an Information Security Technologist 👩‍💻👨‍💻!! APPLY! https://recruiting.ultipro.com/HUM1004HRW/JobBoard/1f3f0ff9-99fb-4df2-8d3b-d832e12107eb/OpportunityDetail?opportunityId=64bbe4ff-4c50-4464-8550-4a2990921c9c

🐦🔗: https://twitter.com/AbirGhattas/status/1126499921505411073

 
Hm. Actually Let's Encrypt should not be the only CA of that kind.

As we should avoid single points of failure, I hope there will be another CA like that, soon.

#infosec #certificates #tls

 
Matrix.org publishes timeline after security breach:

https://matrix.org/blog/2019/04/11/security-incident/

– the attacker exploited vulnerabilities in Jenkins
– the attacker had full database access, including access to unencrypted content like private messages, passwords hashes, access tokens
– Matrix.org recommends changing your password (including NickServ password)

#matrix #breach #infosec #cybersecurity #security

 
Guten Morgen #anoxianer,

wir möchten euch etwas kurzfristig darüber informieren das unsere Technik Abteilung heute Abend gegen 18 Uhr Wartungsarbeiten an unserem #XMPP :xmpp: Server vornehmen wird. Hierbei wird der Server geupgradet von der #Prosody Version v0.10 auf 0v.11.X.

Leider war das #Upgrade aufgrund von mangelnder Zeit bisher noch nicht vorher möglich.

Solltest du dich berufen fühlen uns zu Unterstützen dann melde dich doch auf eine unserer Stellen: https://anoxinon.de/stellenboerse/

#InfoSec

 
Found in #IRC:

"apparently people are getting around Chrome and Firefox telling everyone that non-HTTPS password fields are 'not secure' by just using regular text fields. they change the font on the text field to 'text-security-disc', which is apparently a font that exists of all bullets and looks just like traditional password fields."

How about instead of investing time and effort into schemes like these, you just ROLL OUT #HTTPS FOR FSCK'S SAKE!

#InfoSec #DevOps #SysAdmin

 
WordPress 5.1–critical exploit chain that enables an unauthenticated attacker to gain remote code execution on any WordPress installation:

https://blog.ripstech.com/2019/wordpress-csrf-to-rce/

– exploit is possible due to a CSRF vulnerability in comment forms
– fixed in WordPress 5.1.1

#wordpress #rce #csrf #wordpress5 #infosec #cybersecurity #security