Moosetodon#infosec
@biffbiffbiff
I feel like a hudge part of the people that follow me are knowledable about #infosec.
Anytime I ask a question, I resieve mostly shortly after multible usefull answers.
people you might like to follow:
@micahflee
@bo@bob@soc.freedombone.net
...ups, I got some trouble remembering names. Most of the people I recognize and remember I'm doing it through their avatar image.
(but at least it's a starting point)
I Was Wrong About Worms Making A Comeback
https://infosec.engineering/i-was-wrong-about-worms-making-a-comeback/
Seven Critical Things To Protect Your Infrastructure and Data
https://infosec.engineering/seven-critical-things-to-protect-your-infrastructure-and-data/
if you identify a box somewhere in the interwebz as a command & control server, is there an acknowledge place to report to the #infosec community to contribute to banlists/defense/research?
@charlyblack on some level "install this app to check if you're vulnerable to a bug that is exploitable via apps and can lead to full root privileges" sounds... fishy.
Not disputing the legitimacy of this site (no idea one way or the other), but boy would that be fun if it were an elaborate attack!
Now this is Social Engineering.
Stuttering John live records his vishing (voice phishing / conning over the phone) of the White House.
He actually gets in touch with President Trump on Airforce One.
#SocEng #SocialEngineering #InfoSec #Phishing #Vishing
http://stutteringjohnpodcast.libsyn.com/the-stuttering-john-podcast-4
#DidYouKnow if you make an #infosec presentation without quotes by Sun Tzu, you probably haven't made an #infosec presentation?
That moment when your conducting a pentest, gain access to a development server but not the production one and then you try ssh user@serverIP and it works... #infosec
Here's a conference talk I gave back in 2013 called "Security: A few terms, a few secrets, and a few hard truths":
The talk is aimed at developers but stays pretty high-level.
It was my second time speaking in front of a large group and I caught the bug. RMS spoke at the same con and I was a little worried he would heckle me. :)
Cc @cwcopa
dark color schemes (read: black or grey) are somehow supposed to be anti-corporate.
unless your brand is #infosec related, a white background is supposed to engender a feeling of comfort and brightness.
:dragnthink:
Defensive Security Podcast Episode 220
https://defensivesecurity.org/defensive-security-podcast-episode-220/
#exploitkit #OPMBreach
#infosec
Self-hacking Internet of Shit camera automatically sends randos the feed from inside your house https://boingboing.net/2018/06/28/nonconsensual-voyeurism.html #internetofshit #security #Gadgets #infosec #swann #Post #cctv #iot
Self-hacking Internet of Shit camera automatically sends randos the feed from inside your house http://feeds.boingboing.net/~r/boingboing/iBag/~3/qfPhcWY8BGc/nonconsensual-voyeurism.html #boingboing #cctv #Gadgets #infosec #internet_of_shit #iot #security #swann
Wanna see what it looks like when an ISP helps enforce government censorship? Tor is being blocked in Venezuela. These tools aren't just for ne'er-do-wells. Ordinary people deserve access to information unfettered by censors or advertisers. #infosec https://www.pcmag.com/news/362104/venezuela-tries-to-stamp-out-access-to-tor-network
a reminder for WordPress administrators with CLI access:
wp-cli
https://wp-cli.org/
if you need to automate mass updating plugins/themes/core WP, this is the tool you want
it can also do things like change/reset passwords for users etc.
it is very powerful, give its docs a read
don't need user input sanitization if you don't have any users though 🤔
user input sanitization vulnerabilities gonna stay fucking us forever though eh
like legit we are gonna be taking down Skynet in the year 2100 with a user input sanitization vulnerability
BTW, the WordPress vulnerability I am talking about is this one:
https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
Post has a temporary patch but I am hesitant to recommend any one hot patch WordPress core files unless they are a high-value target and have PHP developers who can troubleshoot issues arising from that fix. The authors of that post are of the same opinion.