Mastodon for JamesMWright.com
#infosec

💾 It's time! Install this latest Apple update for your devices. Includes feature that calls emergency services while disabling biometric authentication and lots more!
mastodon.jamesmwright.com/medi

Thought of the day:

Using "user+something@example.org" as your e-mail used for signing-into services not only helps track down who leaked it if you start receiving spam, but is also a moderate boon to security - *if* your credentials leak, potential attackers will have to actually figure out the "+something" part for all other services.

#InfoSec #ShowerThoughts

A recent version of CCleaner for 32bit Windows systems had been compromised in unidentified ways and sent at least some information about the system it was used on to an unknown third party: piriform.com/news/release-anno

#infosec #windows

I notice that #infosec doesn't seem like a widely used hashtag (or no one on here talks much about IT security topics).
Are there any accepted alternatives? (Don't try to make me use anything that has a "cyber" element though...)

This just came along over on G++: badbytes.blogspot.de/2015/10/t

I wasn't aware that the RSA algorithm allows for multiple private keys that can be used to decrypt a message (is that kind of a "key collision" then?)...

#infosec #cryptography

Ehh, #Ubuntu seems less and less stable with time -- more and more weird crashes and hangups. Ubuntu, you used to be cool!

Anyway, looking for a rock-solid, stable, but not ancient (yes, we do use Debian... on the servers) #GNU / #Linux distribution for non-techies.

Suggestions welcome!

#InfoSec #FAIF

ummm question for #infosec fediverse??? my friend just woke up to his computer being remote controlled by some russian nazi buying playstation gift cards on amazon for resale, trying to get into his coinbase, etc.

he pulled the network cable and investigated, found a remote control program configured to point to port 1488 of a domain registered to someone with a moscow address.

what, if anything, is the appropriate thing to report the details to? FBI? 🤔

Apropos named vulnerabilities, that Bluetooth thing (BlueBorne) looks pretty bad, for Android and Linux particularly: RCE in the lower layers of the Bluetooth stack, no authentication reqired...

armis.com/blueborne/

access.redhat.com/security/vul

threatpost.com/wireless-bluebo

#infosec

Brian Krebs has spent some time on the background of the MalwareTech guy, and found him wearing quite a few black hats in the past...

krebsonsecurity.com/2017/09/wh

#itsec #infosec

Hi, yes, it's me, the girl who d̶i̶s̶c̶u̶s̶s̶e̶s̶ argues #InfoSec with her Brother-in-law while visiting him in the hospital. 🙋

#Infosec: universal #Facebook #Messenger virus spreading. If you see a message looking like "Some Video :O", flag the sender immediately without reading it.

thehackernews.com/2017/08/face

RCE and authentication bypass in HPE iLO4 firmware. No details on the exploit vector yet.

I trust no one has their iLO ports accessible from the Internet?

h20564.www2.hpe.com/hpsc/doc/p

#infosec

Dear #InfoSec, what do you think about #Authy? authy.com/

This seems good-ish:
authy.com/blog/how-the-authy-t

Still, doesn't seem to be FLOSS, which means we would have to take their word for this. Or am I missing something?

Oh come on, i a tech-savvy group of people talking about cybersecurity, can we *PLEASE* stop using the words "hack", "hacked", and "hacker" to mean "compromise", "broken-into", "cybercriminal"?

It conflates government-paid professional malicious actors with a kid in a basement somewhere building a digital clock. Doesn't seem fair to the kid.

Pretty please?

#InfoSec

It turns out it's possible to encode computer malware in DNA and use it to attack vulnerabilities on the computer that analyzes the sequence of that DNA.
arstechnica.com/?p=1145961
#infosec #hacking