Show more

LastPass releases update for security vulnerability:

bugs.chromium.org/p/project-ze

– The vulnerability allowed extracting credentials of previously-visited websites.
– Tavis Ormandy: "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs."
– fixed in v4.33.0/v4.33.

#lastpass #security #vulnerability #tavisormandy #projectzero #infosec #cybersecurity

On using certificate authentication with SSH:

smallstep.com/blog/use-ssh-cer

An good and open source tool to help you with this is Hashicorps Vault.

ProtonMail adds support for Web Key Directory (WKD), DANE, and MTA-STS:

protonmail.com/blog/security-u

– WKD is also available for external keys now
– DANE is also available for custom domains
– Besides, they added HTTP headers (Expect-CT, Public-Key-Pins-Report-Only), DNS CAA, and monitoring (e.g., TLSRPT)
– There will be an independent security audit of all Proton apps

#protonmail #gpg #infosec #security #cybersecurity #openpgp #wkd #wks #dane #mtasts

> A lot of Chromebook and Chromebox users don't realize this, but all ChromeOS devices have an expiration date.

arstechnica.com/gadgets/2019/0

🤦‍♂️ put linux on it or don't buy this kind of stuff.

Mysterious iOS Attack Changes Everything We Know About iPhone Hacking. For two years, a handful of websites have indiscriminately hacked thousands of iPhones.
wired.com/story/ios-attack-wat

Fun fact: wizzair.com let's you set a long password, but behind the scenes it truncates it to 16 characters (because obviously every byte is precious these days, I guess?).

When you try to log-in with your long long password, it fails. You have to *know* to truncate it yourself to 16 chars.

This is a major airline in 2019.

#InfoSec #WizzAir

What happens when you launch your browser for the first time:

news.ycombinator.com/item?id=2

Interesting read. I was kind of disappointed to learn that:

"The mozilla.org tab discussing the importance of Privacy loads in the background, bringing along with it the Google Tag Manager and Google Analytics. Hello, Google."

Hey #cccamp19, you know everything you buy from Decathlon has a long-range UHF RFID tag on it, and I have a reader with 10m range?

145 unique tags scanned from a quick walk around the Milliways area.

"The entropy of Bluetooth session keys is negotiated in an unauthenticated protocol between the participants. The attacker can manipulate this to the lowest entropy allowed, 1 byte. The resulting session key can then easily be brute forced."

knobattack.com/

Yikes. "The fingerprints of over 1 million people, as well as facial recognition information... was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks." theguardian.com/technology/201

"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."

googleprojectzero.blogspot.com

Show more
Social feed

This is a personal and private instance.