A pretty comprehensive introduction into what end-to-end encryption *actually* means in the context of instant messengers (mostly): what data specifically is encrypted where, and what popular misconceptions in this field are routinely used for marketing purposes.


Fortunately, spread of trojanized packages is limited to newly built applications only because nobody updates NPM libs anyway ๐Ÿคทโ€โ™‚๏ธ

So as long everyone sticks to the tried strategy of "lets hold and wait if others get infected" we don't need any package signatures etc


One of my favourite features of Wazuh is command monitoring which, combined with rules, allows creating sophisticated sanity checks on critical infrastructure services. krvtz.net/posts/checking-for-c

Software security scanner market today is now mature enough to have its own jargon, built largely by vendor marketing teams. As such, it's primarily designed to help you get rid of your infosec budget rather than help you design a reasonable security assurance architecture. This is first part of series that looks at SAST and DAST advantages and limitations. krvtz.net/posts/making-sense-o

How Slack's STUN/TURN servers running Coturn were abused and how to fix it?

Important for anyone running with their own STUN/TURN servers


Just had an interesting question from a colleague who has a notebook and works remotely from random places:

> I've got full-disk (FDE), what else I can do for ?

"15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet." aisec.fraunhofer.de/en/stackov

I re-uploaded the "Unicode: The hero or villain? Input Validation of free-form Unicode text in Web Applications " scitech.video/videos/watch/38b as the previous one hiccuped, perhaps due to broken MP4

There's a nice tool:

systemd-analyze security SERVICE

It looks at and confinement features used by systemd services as documented here freedesktop.org/software/syste

An example for my radvd.service

Just posted my OWASP 2018 presentation on : Unicode: The hero or villain? Input Validation of free-form Unicode text in Web Applications scitech.video/videos/watch/82f

Show more

kravietz ๐Ÿฆ‡'s choices:

Mastodon ๐Ÿ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!