TPM-FAIL – security vulnerabilities in Trusted Platform Modules: (PDF file)

– Affected are Platform Trust Technology (Intel), and ST33 TPM chip (STMicroelectronics). TPMs from Nuvoton/Infineon aren't affected.
– A remote attacker could retrieve certain private keys (e.g., as used by ECDSA).
– Intel provides a firmware update; vulnerable ST33 chips can't be patched.

#tpm #tpmfail #sidechannel #attack #vulnerability #infosec #security #cybersecurity

"TL;DR: an attacker can mount a RIDL attack despite the in-silicon mitigations/microcode patches published in May 2019 being in place."

"HSTS From Top to Bottom or GTFO"

This is one of the reasons "HTTPS Everywhere" extension is still relevant.

"Roads" by Max Böck

Brilliant satire on modern web development.

:thumbsup: tldr: Do not commit secrets to your code repo. There are some tools available to help detect and avoid when it happens accidentally.

"Samsung: Anyone's thumbprint can unlock Galaxy S10 phone"

"biometrics" 🤷‍♂️

> When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

ECSM 2019 – Tips for your cyber hygiene:

We present about 20 quick actions to keep or improve your level of information security in day-to-day life. Feel free to share your tips.

#ecsm2019 #ecsm #cyberhygiene #security #infosec #cybersecurity

Show more
Social feed

This is a personal and private instance.