Skip to main content

Search

Items tagged with: infosec


 


 
Preserving feudalism in the age of information requires significant and regular sacrifices.
Bild/FotoAtlas Freeman wrote the following post Mon, 22 Apr 2019 01:26:01 +0300

Bild/Foto

#BigBrother
https://www.thetimes.co.uk/article/police-arresting-nine-people-a-day-in-fi... show more


 
If you've been following the melodrama on #infosec about Marcus Hutchins (of #WannaCry fame) and all the soul-searching that's going on, I wrote a blog about it.


 
News from the world of successful proprietary Linux distributions:
https://seclists.org/fulldisclosure/2019/Apr/24
Новости из мира успешных проприетарных дистрибутивов Linux:
http://seclists.org/fulldisclosure/2019/Apr/29
Just found an issue in Redhat/CentOS which according to RedHat security team is not an issue. I don't know, sounds weird to me.
If, for whatever reason, a user is able to write an ifcf- script to /etc/sysconfig/network-scripts or it can adjust an existing one, then your system in pwned.

Только что обнаруже
... show more


 

Mail leaks, WEX and Ukrainian elections.

If informed voters can fairly easily spot social media posts that distort the facts, other information is more difficult to parse.

In the last week, at least two entities have published information suggesting that the #Zelenskiy campaign is tied to or receiving financing from #Russia.

On April 2, Christo Grozev, an entrepreneur and researcher who works with the #Bellingcat online investigations website, wrote on Twitter that a 2014 mass leak of files from Russia’s right-wing Liberal Democratic Party included a document outlining a plan to insert a “comedy candidate” into Ukrainian elections. The plan aimed to “splinter the mainstream vote,” alienate youth f
... show more


 

The Mathematics of (Hacking) Passwords - Scientific American


A very long read, but one that everyone who uses passwords on any device should read, study, and understand.





#security #passwords #encrypt #decrypt #hacking #mathematics #infosec


 


 
Bild/Fotofridaysforfuture, but everyday wrote the following post Fri, 12 Apr 2019 10:01:20 +0200

hacker of matrix.org is giving a lesson on #infosec, through github issues at #matrix repo.
(thought server is compromised not the software)

I hoped they warned them befor doing.
If they did, and #matrix kept ignoring it, that's definatly a way to teach someone a lesson.

read here:
https://github.com/matrix-org/matrix.org/issues


 

We have discovered and addressed a security breach - Matrix


https://matrix.org/blog/2019/04/11/security-incident/

If you have ever had an account on the matrix.org server, please reset the password and also any other sites passwords if you used the same password elsewhere.

More details by the team to follow.

#security #infosec #matrix


 

We have discovered and addressed a security breach - Matrix


https://matrix.org/blog/2019/04/11/security-incident/

If you have ever had an account on the matrix.org server, please reset the password and also any other sites passwords if you used the same password elsewhere.

More details by the team to follow.

#security #infosec #matrix


 
https://twitter.com/matrixdotorg/status/1116304867683905537
The developers of the platform for decentralized messaging Matrix have announced an emergency shutdown of the servers Matrix.org and Riot.im (the main client of the Matrix) in connection with the hacking of the project infrastructure. The first shutdown took place last night, after which the servers were restored, and the applications were reassembled from the source code. But later the servers were compromised a second time.
Bild/FotoOpenNews.opennet.ru: Общая лента новостей wrote the following... show more


 

We have discovered and addressed a security breach - Matrix


https://matrix.org/blog/2019/04/11/security-incident/

If you have ever had an account on the matrix.org server, please reset the password and also any other sites passwords if you used the same password elsewhere.

More details by the team to follow.

#security #infosec #matrix


 
fridaysforfuture, but everyday - 2019-04-11 22:42:30 GMT
'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix


 
Matrix.org publishes timeline after security breach:

https://matrix.org/blog/2019/04/11/security-incident/

– the attacker exploited vulnerabilities in Jenkins
– the attacker had full database access, including access to unencrypted content like private messages, passwords hashes, access tokens
– Matrix.org recommends changing your password (including NickServ password)

#matrix #breach #infosec #cybersecurity #security


 
https://todon.nl/@paulfree14/101909957892477960

'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix


 
'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix


 
As always my general advice for WordPress users:

- Keep WordPress, plugins and themes up to date. These days, core WordPress can update itself.

- Keep plugin usage to only the ones you strictly need. Disable/remove plugins you no longer need. Vulnerable plugins are probably the biggest cause of WordPress compromises.

- Keep regularly cycled backups. Site files and the MySQL database.

#infosec


 
the way I figured this out was to just use `curl` on the website, the raw HTML output makes it very obvious that the siteurl value had been modified by malware

#infosec


 
just helped a coworker with a compromised WordPress site, the malware had modified the siteurl and home values in the wp_options database table to redirect to some malware payload

even if as part of the malware cleanup process you disable plugins, the infection persists since it modified values that are part of core WP

simple, yet fairly effective, would be difficult for non-technical users to figure out and clean up

#infosec


 
Turns out that there was a successful compromise of the Matrix infrastructure happening.

Details from Matrix on Twitter: https://twitter.com/matrixdotorg/status/1116388572922302466

You may ask how that could happen, but more important: It didn't stay unnoticed and that's a good sign.

#Matrix #Riot #matrixDown #infosec


 
Facebook–security team spots 146GB dataset containing 540 million records of Facebook users:

https://www.upguard.com/breaches/facebook-user-data-leak

– dataset includes comments, likes, reactions, account names, Facebook IDs, and more
– origin of the leak is the Mexico-based media company Cultura Colectiva that develops third-party apps
– a second dataset contains 22,000 cleartext passwords from 2014

#facebook #leak #culturacolectiva #privacy #infosec #cybersecurity #security


 
Ça y est, je reçois le phising à la webcam… en allemand maintenant.

C’est fou ce que news@, root@, owner-<une-liste>@ font quand on ne les surveille pas.

#connards #InfoSec


 
Fans of Western European hegemony often resort to history (especially of ancient Rome) to justify their privileged position in relation to their colonies. Allegedly, all the fruits of civilization are their merit, and all other people for many years should be grateful to them for teaching all the others to count, write, take loans and fill out tax returns.
But the fact is that modern Western European history is falsified. First of all, extra 1000 years have been added to the efforts of Catholic party people from Goa to Western European history.

Поклонники Западно Европейской гегемонии часто прибегают к истории (особе... show more


 
Settings are already there (in the regular proxy settings) and a tutorial to host it yourself is on its way.

If you want to have a first look:

https://octo.sh/container-library/dns-over-https

#DoH #DNS #DNSoverHTTPS #infosec
Bild/Foto


 
From @TheHackersNews! Our amazing engineer @chrisccoulson found issues in LibSSH2 :"Chris Coulson of Canonical Ltd. was credited for discovering all the nine security vulnerabilities and responsibly disclosing them to the Libssh developers." @Canonical @ubuntu #infosec tweeted by @ubuntu_sec


 
Hey everyone, I’m #newhere. I’m interested in #infosec, #philosophy, #softwaredevelopment, and #wine.
Not new to Diaspora*, just trying out a different pod