Skip to main content

Search

Items tagged with: InfoSec

I maintain some notes about HTTP/2 ‘Rapid Reset’ DDoS attack - CVE-2023-44487

🔗 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

#rapidreset #http2 #infosec #ddos #vulnerability #CVE-2023-44487

HTTP/2 Rapid Reset DDoS Attack

HTTP/2 Rapid Reset DDoS Attack. GitHub Gist: instantly share code, notes, and snippets.
Gist
#infosec #ddos #Vulnerability #rapidreset #http2 #cve

Apologies for the brief interruption of service.

I've upgraded #Mastodon to the latest version to fix some security issues.

Thanks @circl for the heads up.

#infosec #OpenSource #Luxembourg

https://social.circl.lu/@circl/111095621466976516

circl

2023-09-20 04:37:33


Don't forget to upgrade your Mastodon sever to the latest version v4.1.8 due to the CVE-2023-42451 and CVE-2023-42452 vulnerabilities.

#mastodon #infosec #vulnerability

🔗 https://github.com/mastodon/mastodon/releases/tag/v4.1.8

🔗 https://cvepremium.circl.lu/cve/CVE-2023-42451
🔗 https://cvepremium.circl.lu/cve/CVE-2023-42452



Release v4.1.8 · mastodon/mastodon

⚠️ This release is an important security release fixing major security issues (CVE-2023-42451, CVE-2023-42452). Corresponding security releases are available for the 4.0.x branch and the 3.5.x bran...
GitHub

#infosec #Luxembourg #Mastodon #opensource @circl

Don't forget to upgrade your Mastodon sever to the latest version v4.1.8 due to the CVE-2023-42451 and CVE-2023-42452 vulnerabilities.

#mastodon #infosec #vulnerability

🔗 https://github.com/mastodon/mastodon/releases/tag/v4.1.8

🔗 https://cvepremium.circl.lu/cve/CVE-2023-42451
🔗 https://cvepremium.circl.lu/cve/CVE-2023-42452

Release v4.1.8 · mastodon/mastodon

⚠️ This release is an important security release fixing major security issues (CVE-2023-42451, CVE-2023-42452). Corresponding security releases are available for the 4.0.x branch and the 3.5.x bran...
GitHub
#infosec #Mastodon #Vulnerability

2023.hack.lu (and CTI summit) is the 17th edition of the infosec conference in Luxembourg. 16th-19th October 2023 in Luxembourg. The call for paper/presentation is now closed and the reviews are ongoing. The agenda and notification will published by the end of this month.

We hope to see you there.

https://2023.hack.lu/

#conference #hacklu #luxembourg #infosec

hack.lu 2023

Hack.lu (and CTI summit) is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society. It’s the 17th edition (16th -> 19th October) of hack.
hack.lu (hack.lu 2023)
#infosec #Luxembourg #conference #hacklu

:google: BREAKING: #Google to start deleting unused #email accounts so other people can use them, because of course impersonation is not a thing.

🤔 What could possibly go wrong?

🤦‍♂️ Techbros are (still) idiots.

#Gmail #privacy #infosec

https://blog.google/technology/safety-security/updating-our-inactive-account-policies/

Updating our inactive account policies

Starting later this year, we are updating our inactivity policy for Google Accounts to 2 years across our products.
Ruth Kricheli (Google)
#privacy #infosec #google #email #GMail

Wow, people are formatting #ContraChrome into little zines and sharing them around their university campuses! 🤩

So nice to see it’s circulating!

(If you want to get in on the fun, you can get all the files to print and modify it yourself here:
https://git.sr.ht/~flber/mx/tree/main/item/public/files/contrachrome )

#Chrome #comics #privacy #Google #comic #webcomic #SurveillanceCapitalism #infosec

~flber/mx: public/files/contrachrome/ - sourcehut git

git.sr.ht
#privacy #infosec #Chrome #Comics #google #comic #Webcomic #contrachrome #surveillancecapitalism

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security
#privacy #infosec #security #cybersecurity #google #2fa

☣️ This is why you should never trust your important information (like passwords!) to proprietary software.

#OpenSource #FreeSoftware #privacy #security #infosec

🤡 #1Password becomes #spyware:

https://blog.1password.com/privacy-preserving-app-telemetry/

We're changing how we discover and prioritize improvements | 1Password

Learn about a new, privacy-preserving in-app telemetry system that 1Password is trialing with its employees.
1Password
#privacy #infosec #opensource #FreeSoftware #security #spyware #1password

hack.lu 2023 - 16-19 October 2023 is back and will take place physically in Luxembourg. The call for papers/presentation is now open and we will be glad to receive your proposals.

🔗 CfP : https://pretalx.com/hack-lu-2023/
🔗 https://2023.hack.lu/

#callforpapers #hacklu #conference #infosec #luxembourg

hack.lu 2023

Hack.lu (and CTI summit) is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society. It’s the 17th edition (16th -> 19th October) of hack.
hack.lu (hack.lu 2023)
#infosec #Luxembourg #conference #callforpapers #hacklu

This website uses cookies to recognize revisiting and logged in users. You accept the usage of these cookies by continue browsing this website.