Show more

WPA3 – two new vulnerabilities were discovered:

– CVE-2019-13377: Brainpool curves introduce a second class of side-channel leaks in the Dragonfly handshake of WPA3
– CVE-2019-13456: information leak in FreeRADIUS' EAP-pwd due to aborting when needing more than 10 iterations
– according to @vanhoefm (Twitter), "Wi-Fi standard is now being updated with proper defenses, which might lead to WPA3.1"

#wpa3 #wifi #wlan #security #infosec #cybersecurity

3 reasons for a false sense of security:

– reason 1: Legacy configuration and outdated security tips
– reason 2: No threat model
– reason 3: No checks and no monitoring

Don’t just assume security; actually check it.

#security #infosec #cybersecurity #falsesense #assumption #configuration #monitoring

I discovered my first hidden camera at an AirBnB last week in Yerevan, Armenia. Always scan the wifi when you get to a new place!! #surveillance #nmap #privacy #dystopia #security #badposture

So the government of Kazakhstan is MITM'ing all SSL'ed traffic

The way they are doing this is by adding a Certificate Authority (CA) that allows them to snoop all traffic.

This is, by the way, why SSL is criticized as being "only as secure as the weakest CA in your system". Here it's deliberate, but that's a problem in general.

NEWS: A New Stable Version of FreedomBox

We are pleased to announce that a new stable version of the #FreedomBox software system has been released! 🎉 🎉 🎉

The new stable version of FreedomBox is a big improvement over the previous stable version. It features a redesigned user interface, many more applications and features, and a streamlined user experience.

Please download and test it out!

Details here:

In fact that justification for the "commands based on image size" was a little strange.

Super Small Summary:
* Zoom for Mac lets any website force your client to join a call
* With the camera turned on
* Installs a web-server that is not deleted when you remove the app
* That web-server can be used to remotely reinstall the zoom app and do some sort of DOS on your machine.


(Not patched yet)

Show more
Social feed

This is a personal and private instance.