Apple, Google, Microsoft, and Mozilla today jointly announced a timeline for the removal of TLS 1.0 and 1.1 from their respective browsers. https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/ https://security.googleblog.com/2018/10/modernizing-transport-security.html https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/ https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
Oracle are fixing 302 vulnerabilities tomorrow, many with a CVSS score of 10 or 9.8... Order you coffee and pizzas now. https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Crypto(graphy) developer nerds, libsodium is still the recommended way to do API encryption/signing/etc right? #infosec
This should alarm kiwis too, the amount of apps / could providers that store data in Australia or transit data via Australia, weakening security in Australia has flow on effects to NZ too. https://twitter.com/juhasaarinen/status/1051207112854884352
Maybe if people patched their shit, we wouldn't need someone to do it for them.. #infosec
A mysterious grey-hat is patching people's outdated MikroTik routers.
Internet vigilante claims he patched over 100,000 MikroTik routers already.
By the way next time someone asks why anyone would need HTTPS on a page without any secrets and passwords: Ask them if they want a cryptominer injected on their webpage from a compromised device at their ISP. https://badpackets.net/200000-mikrotik-routers-worldwide-have-been-compromised-to-inject-cryptojacking-malware/
It's #FF (Friday Firewall), your Friday reminder that enabling host-based firewalls on all workstations with default deny rules breaks many attack methods and forces attackers to adjust tradecraft. https://twitter.com/jepayneMSFT/status/1011644500702199808
Reposting this again for anyone who may have missed it yesterday.
We've released our waterline theory document.
Hopefully it helps folks!
"Spottycat, atheist, discordian, geek, beer snob, queer/pan, poly, cis, he/him, hacker, weirdo, misanthrope, iconoclast, infosec, furry."
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!