TPM-FAIL – security vulnerabilities in Trusted Platform Modules:

tpm.fail/tpmfail.pdf (PDF file)

– Affected are Platform Trust Technology (Intel), and ST33 TPM chip (STMicroelectronics). TPMs from Nuvoton/Infineon aren't affected.
– A remote attacker could retrieve certain private keys (e.g., as used by ECDSA).
– Intel provides a firmware update; vulnerable ST33 chips can't be patched.

#tpm #tpmfail #sidechannel #attack #vulnerability #infosec #security #cybersecurity

"TL;DR: an attacker can mount a RIDL attack despite the in-silicon mitigations/microcode patches published in May 2019 being in place."

mdsattacks.com/#ridl-ng

"HSTS From Top to Bottom or GTFO"

troyhunt.com/hsts-from-top-to-

This is one of the reasons "HTTPS Everywhere" extension is still relevant.

"Roads" by Max Böck mxb.dev/blog/roads/

Brilliant satire on modern web development.

darkport.co.uk/blog/ahh-shhgit

:thumbsup: tldr: Do not commit secrets to your code repo. There are some tools available to help detect and avoid when it happens accidentally.

"Samsung: Anyone's thumbprint can unlock Galaxy S10 phone"

bbc.com/news/technology-500805

"biometrics" 🤷‍♂️

> When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

sudo.ws/alerts/minus_1_uid.htm

ECSM 2019 – Tips for your cyber hygiene:

infosec-handbook.eu/blog/ecsm2

We present about 20 quick actions to keep or improve your level of information security in day-to-day life. Feel free to share your tips.

#ecsm2019 #ecsm #cyberhygiene #security #infosec #cybersecurity

Show more
Social feed

This is a personal and private instance.