vulnerability "that could be exploited by a remote attacker to crash and corrupt any uTorrent instance connected to the internet."

blog.whtaguy.com/2020/09/utorr

TIL publicsuffix.org/learn/

"By knowing where the user-controlled section of the domain name begins and ends, browsers can group cookies and history entries by site in a way that couldn't easily be done before."

What is the piece of software (app) you have used continuously for the longest period of time?

blog.ovalerio.net/archives/202

"The problem is that no one taught us to understand. Instead, we are pushed to simply to memorize. To be educated enough to do well on the test, and then to forget what we were taught, because we never actually learned it."

seths.blog/2020/09/self-direct

Raccoon Attack: A timing vulnerability in the TLS 1.2 specification.

raccoon-attack.com/

– The attack only affects DH-based cipher suites or some DHE-based cipher suites.
– OpenSSL 1.1.1, ECDHE-based cipher suites, and TLS 1.3 aren't affected.
– If exploited, attackers could decrypt all TLS-protected network traffic.

Read more:
infosec-handbook.eu/news/2020-

#TLS #HTTPS #RaccoonAttack #DH #DHE #InfoSec #CyberSecurity #Security

"GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."

nvd.nist.gov/vuln/detail/CVE-2

@stevefoerster What would be nice would be to include the version with high entropy that humans have been demonstrated to actually be able to remember: diceware style passwords (multiple words, eg like xkcd.com/936/ except you want more like 6-7 words these days)

"Starting September 1st, 2020, Apple Safari, Google Chrome and Mozilla Firefox will stop recognizing newly generated certificates with validity period more than 398 days."

medium.com/@0snet/maximum-vali

"it appears medium logs all analytics pings into HTML5 LocalStorage and will keep retrying to send them (and apparently periodically change domains and subdomains to try and send them)"

news.ycombinator.com/item?id=2

There are better solutions for a blog.

Disturbing reports that Google Play is threatening to kick out Mastodon apps. See:

mastodon.social/@Gargron/10476

toot.fedilab.app/@fedilab/1047

App stores have a track record of acting capriciously & are also easy targets for gov't censors (including Trump). This is why alternatives like @fdroidorg are so important for user freedom.

If unfamiliar: F-Droid is a free & open source app you can use to install other Android apps, with focus on free & open source software. Get it here:

f-droid.org/

Show more
Social feed

This is a personal and private instance.