LastPass releases update for security vulnerability:

bugs.chromium.org/p/project-ze

– The vulnerability allowed extracting credentials of previously-visited websites.
– Tavis Ormandy: "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs."
– fixed in v4.33.0/v4.33.

#lastpass #security #vulnerability #tavisormandy #projectzero #infosec #cybersecurity

On using certificate authentication with SSH:

smallstep.com/blog/use-ssh-cer

An good and open source tool to help you with this is Hashicorps Vault.

ProtonMail adds support for Web Key Directory (WKD), DANE, and MTA-STS:

protonmail.com/blog/security-u

– WKD is also available for external keys now
– DANE is also available for custom domains
– Besides, they added HTTP headers (Expect-CT, Public-Key-Pins-Report-Only), DNS CAA, and monitoring (e.g., TLSRPT)
– There will be an independent security audit of all Proton apps

#protonmail #gpg #infosec #security #cybersecurity #openpgp #wkd #wks #dane #mtasts

> A lot of Chromebook and Chromebox users don't realize this, but all ChromeOS devices have an expiration date.

arstechnica.com/gadgets/2019/0

🤦‍♂️ put linux on it or don't buy this kind of stuff.

Mysterious iOS Attack Changes Everything We Know About iPhone Hacking. For two years, a handful of websites have indiscriminately hacked thousands of iPhones.
wired.com/story/ios-attack-wat

Fun fact: wizzair.com let's you set a long password, but behind the scenes it truncates it to 16 characters (because obviously every byte is precious these days, I guess?).

When you try to log-in with your long long password, it fails. You have to *know* to truncate it yourself to 16 chars.

This is a major airline in 2019.

#InfoSec #WizzAir

What happens when you launch your browser for the first time:

news.ycombinator.com/item?id=2

Interesting read. I was kind of disappointed to learn that:

"The mozilla.org tab discussing the importance of Privacy loads in the background, bringing along with it the Google Tag Manager and Google Analytics. Hello, Google."

Hey #cccamp19, you know everything you buy from Decathlon has a long-range UHF RFID tag on it, and I have a reader with 10m range?

145 unique tags scanned from a quick walk around the Milliways area.

To avoid confusion, here's a step-by-step guide to putting your #Wordpress blog on the #Fediverse:

1. Log into your Wordpress site

2. Go to "Plugins", "Add New", search for "ActivityPub" plugin, install and activate it.

3. Go to "Users", then "Your Profile". Scroll down, and right at the bottom there's a new section called "Fediverse" with the blog's Fediverse address.

4. Share this address on #Mastodon etc, people will be able to follow it by pasting it into the search box and following it!

"The entropy of Bluetooth session keys is negotiated in an unauthenticated protocol between the participants. The attacker can manipulate this to the lowest entropy allowed, 1 byte. The resulting session key can then easily be brute forced."

knobattack.com/

Yikes. "The fingerprints of over 1 million people, as well as facial recognition information... was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks." theguardian.com/technology/201

"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."

googleprojectzero.blogspot.com

Show more
Social feed

This is a personal and private instance.