Search
Items tagged with: infosec
🔗 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
#rapidreset #http2 #infosec #ddos #vulnerability #CVE-2023-44487
HTTP/2 Rapid Reset DDoS Attack
HTTP/2 Rapid Reset DDoS Attack. GitHub Gist: instantly share code, notes, and snippets.Gist
Apologies for the brief interruption of service.
I've upgraded #Mastodon to the latest version to fix some security issues.
Thanks @circl for the heads up.
#mastodon #infosec #vulnerability
🔗 https://github.com/mastodon/mastodon/releases/tag/v4.1.8
🔗 https://cvepremium.circl.lu/cve/CVE-2023-42451
🔗 https://cvepremium.circl.lu/cve/CVE-2023-42452
Release v4.1.8 · mastodon/mastodon
⚠️ This release is an important security release fixing major security issues (CVE-2023-42451, CVE-2023-42452). Corresponding security releases are available for the 4.0.x branch and the 3.5.x bran...GitHub
We hope to see you there.
https://2023.hack.lu/
#conference #hacklu #luxembourg #infosec
hack.lu 2023
Hack.lu (and CTI summit) is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society. It’s the 17th edition (16th -> 19th October) of hack.hack.lu (hack.lu 2023)
Tons of Gigabyte motherboards come with a hidden firmware backdoor https://www.pcworld.com/article/1937046/gigabyte-shipped-hundreds-of-motherboard-models-with-a-firmware-backdoor.html
#Gigabyte #Motherboards #Hardware #PC #Firmware #Backdoor #Security #InfoSec #TechNews
Tons of Gigabyte motherboards come with a hidden firmware backdoor
Gigabyte's motherboard backdoor installs software updates from unsecured web servers.Michael Crider (PCWorld)
🤔 What could possibly go wrong?
🤦♂️ Techbros are (still) idiots.
#Gmail #privacy #infosec
https://blog.google/technology/safety-security/updating-our-inactive-account-policies/
Updating our inactive account policies
Starting later this year, we are updating our inactivity policy for Google Accounts to 2 years across our products.Ruth Kricheli (Google)
So nice to see it’s circulating!
(If you want to get in on the fun, you can get all the files to print and modify it yourself here:
https://git.sr.ht/~flber/mx/tree/main/item/public/files/contrachrome )
#Chrome #comics #privacy #Google #comic #webcomic #SurveillanceCapitalism #infosec
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵
#Privacy #Cybersecurity #InfoSec #2FA #Google #Security
#OpenSource #FreeSoftware #privacy #security #infosec
🤡 #1Password becomes #spyware:
https://blog.1password.com/privacy-preserving-app-telemetry/
We're changing how we discover and prioritize improvements | 1Password
Learn about a new, privacy-preserving in-app telemetry system that 1Password is trialing with its employees.1Password
🔗 CfP : https://pretalx.com/hack-lu-2023/
🔗 https://2023.hack.lu/
#callforpapers #hacklu #conference #infosec #luxembourg
hack.lu 2023
Hack.lu (and CTI summit) is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society. It’s the 17th edition (16th -> 19th October) of hack.hack.lu (hack.lu 2023)