Notices by x0rz (x0rz@mastodon.social@mastodon.social), page 2

Hey @eff, now that the "FUD-clickbait-embargo" period is over, could you update that? https://ssd.eff.org/en/module/how-use-pgp-windows https://t.co/XitvQpEtKG

I uploaded the slides of the talk about 'Hacking Back' I gave at @EsieaSecEdit https://blog.0day.rocks/current-state-of-hacking-back-76a7bdaa0248

Soooooo... some random internal CIA project was on GitHub and went unnoticed for months. Wow, what else is there to find? #Vault7 #OSINT https://www.thedailybeast.com/exclusive-cia-leaker-josh-schulte-posted-agency-code-onlineand-cia-never-noticed

ProtonMail right now https://t.co/IW5UZAzFKR

The ssh-decorator package from Python pip had an obvious backdoor (sending ip+login+password to ssh-decorate[.]cf in cleartext HTTP) https://www.reddit.com/r/Python/comments/8hvzja/backdoor_in_sshdecorator_package/ https://t.co/X0LsM3krDv

Mikrotik RouterOS 0day via 8291/tcp (Winbox) https://forum.mikrotik.com/viewtopic.php?f=21&t=133533 #mikrotik #vulnerability https://t.co/kycCgoAA7g

Amazon filed a patent to de-anonymize Bitcoin transactions and sell the data to law enforcement 🤔 http://darkcitycrypto.com/index.php/2018/04/19/amazon-filed-a-patent-to-de-anonymize-bitcoin-transactions-and-sell-the-data-to-law-enforcement/ #bitcoin #privacy #cryptocurrencies

Well done ProtonMail #phishing at hxxps://adrninistrator[.]site/ikman/vv/
Email is mocking a ProtonMail error message (same red color when decryption can't work #cf9696) https://pastebin.com/qNLBK2s3 cc @protonmail https://t.co/HVbiqMSbq1

Great write-up of what happens behind the scenes of #malware traffic distribution https://malware.dontneedcoffee.com/hosted/anonymous/kotd.html https://t.co/Ik2wEpxKal

Also, that is why .docx with macros or phishing will be on the rise, relying on the human weaknesses to get access is waaaaay more cost effective today

Amazingly, this book written in 1987 covers all the core concepts of modern #DFIR: network monitoring, traps, honeypots, 0days & espionage. Nothing has fundamentally changed since, except the complexity of it all.
Great read in you’re working in the field. https://t.co/AbhBiQANyt

Stalking random Citymapper users via bruteforcable short IDs http://www.darkport.co.uk/online-stalking-london-paris-new-york/ #privacy #leak https://t.co/WLl8T8zVSR

Dumping sshd and sudo credentials using ptrace (require root) https://github.com/blendin/3snake #linux #redteam #pentest https://t.co/1236pmQu3B

Example of injected #coinhive iframe https://blog.manchestergreyhats.co.uk/posts/the-injected-coinhive-iframe---a-quick-look/ #cryptominer #javascript #malware https://t.co/x2LEnu9wWr

"Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems [part of NSA], will further protect Wi-Fi networks"

Wi-Fi Alliance® introduces security enhancements: WPA3™ https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements

Before and after enabling "Strict site isolation" on Chrome (enable here via chrome://flags, check with http://xlab.tencent.com/special/spectre/spectre_check.html) #Spectre #Meltdown #vulnerability https://t.co/NfG1rr5Qyh