Software security scanner market today is now mature enough to have its own jargon, built largely by vendor marketing teams. As such, it's primarily designed to help you get rid of your infosec budget rather than help you design a reasonable security assurance architecture. This is first part of series that looks at SAST and DAST advantages and limitations. krvtz.net/posts/making-sense-o

How Slack's STUN/TURN servers running Coturn were abused and how to fix it?

Important for anyone running with their own STUN/TURN servers

rtcsec.com/2020/04/01-slack-we

Just had an interesting question from a colleague who has a notebook and works remotely from random places:

> I've got full-disk (FDE), what else I can do for ?

"15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet." aisec.fraunhofer.de/en/stackov

I re-uploaded the "Unicode: The hero or villain? Input Validation of free-form Unicode text in Web Applications " scitech.video/videos/watch/38b as the previous one hiccuped, perhaps due to broken MP4

There's a nice tool:

systemd-analyze security SERVICE

It looks at and confinement features used by systemd services as documented here freedesktop.org/software/syste

An example for my radvd.service

Just posted my OWASP 2018 presentation on : Unicode: The hero or villain? Input Validation of free-form Unicode text in Web Applications scitech.video/videos/watch/82f

If you follow the discussion about Conversations.im registering with Roscomnadzor you should be probably also aware that Threema.ch did that already in 2017... reestr.rublacklist.net/distrib

Someone from 240e:00f7:c::22 (Chinatelecom) is slowly port scanning my /64 subnet. At the current rate it will take them 116'988'483'471 years to complete but they will reach the first allocated IP in only 80'429'582'386 years. RFC 4941 is your friend.

Conversations.im has just registered with Russian Roscomnadzor which means it has now obligation to provide user details FSB roskomsvoboda.org/48119/ reestr.rublacklist.net/distrib

Show more
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!