Anyone in North- or South-America reading this: would you be willing to help the #openstreetmap project by hosting a server?
The project needs additional "tile delivery servers" in the region to cope with the load, more details on the requirements here:
https://wiki.openstreetmap.org/wiki/Servers/Tile_CDN#Tile_delivery_CDN_node
Boosts appreciated!
Privilege Escalation in Ubuntu Linux (dirty_sock exploit) https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
Update for runC available. Users running a privileged runC container are vulnerable to an attack where a specially crafted image can replace a binary on the system allow root access. More info: https://t.co/hMXUM5eJiX tweeted by @ubuntu_sec
We've update our post on 'How to leave Google' to include lots of @fdroidorg apps. What other #GoogleAlternatives would you like us to add? 😃💪 https://tutanota.com/blog/posts/how-to-leave-google-gmail
Downgrade attack on TLS 1.3 and vulnerabilities in major TLS libraries:
– the attack leverages a side-channel leak via cache access timings (in OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS)
– it affects all TLS versions, including TLS 1.3
– one requirement for the attack are RSA key exchanges
#tls #rsa #key #exchange #tls13 #downgrade #encryption #https #crypto #infosec #cybersecurity #security
Who didn't expect this?
"Article 13 is back on – and it got worse, not better"
Interesting view on how to chose was you should read.
"An Incremental Architecture Approach to Building Systems", where/when does the monolith and microservices make sense.
https://www.infoq.com/news/2019/01/rearchitecture-system-success
Just in case anyone is interested in showing up:
How 2FA could have been used to maintain persistence of a stolen account, even after a password change, on major websites
Nice tutorial and explanation on using Vault to manage the SSH access to your machines:
https://blog.octo.com/en/gardez-les-cles-de-votre-infrastructure-a-labri-avec-vault/
Nice presentation about Rust, operating systems and programming languages, with a good chunk of time dedicated to some historical context. 👍
Remote Code Execution in apt/apt-get
How sloppy OPSEC gave researchers an inside look at the exploit industry
https://www.cyberscoop.com/mobile-zero-days-lookout-shmoocon-2019-android-barracuda-ios-stonefish/
“Those government developers were testing out the WhatsApp malware on their own devices, and it was storing their discussions on the program’s servers.
The nation-state essentially had hacked itself and accidentally dumped highly sensitive information on the open internet—including details of its interactions with the secretive vendors who sell spyware to governments.”
HT @lorenzofb@twitter.com
Bit by bit...
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast. https://ovalerio.net