kravietz 🦇 @kravietz@social.privacytools.io

Experimenting with cool #systemd #linux #security #hardening features and "systemd analyze security" tool https://viewer.scuttlebot.io/%25WNfDjCz6ku1W32nh%2Ff08UAybVq2Sdl2ZwSTlvplwEXE%3D.sha256

Just had an interesting question from a colleague who has a #linux notebook and works remotely from random places:

> I've got full-disk #encryption (FDE), what else I can do for #security ?

My "DevOps guide to the galaxy of self-defending applications" video from Devoxx UA 2019
https://scitech.video/videos/watch/1ef92301-ba0e-49de-bc32-881c8cee7e53 #devops #DevSecOps #docker #Security

Video of my "Top DevOps Security Failures" (DevOps Stage Ukraine 2019)
https://scitech.video/videos/watch/2a754571-5c72-42e6-8fe0-4b71de70674f #devops #security #docker #jenkins

"15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet." https://www.aisec.fraunhofer.de/en/stackoverflow.html #security #privacy

That's a simple but clever one!
https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html #security

Web servers using nginx and PHP-FPM are vulnerable to this flaw under certain conditions. https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx #php #security #exploit

This exploit is beautiful in every aspect CVE-2019-7609. Upgrade your Kibana. https://www.tenable.com/blog/cve-2019-7609-exploit-script-available-for-kibana-remote-code-execution-vulnerability #kibana #security #javascript #nodejs

#python2 going out of support from January 2020 https://www.python.org/doc/sunset-python-2/ #security #python

I re-uploaded the "Unicode: The hero or villain? Input Validation of free-form Unicode text in Web Applications " https://scitech.video/videos/watch/38bc6082-c97a-4422-bbb5-5a96d94f8603 as the previous one hiccuped, perhaps due to broken MP4 #owasp #security #unicode

There's a nice #linux tool:

systemd-analyze security SERVICE

It looks at #security and confinement features used by systemd services as documented here https://www.freedesktop.org/software/systemd/man/systemd.exec.html

An example for my radvd.service

Just posted my OWASP 2018 presentation on #peertube: Unicode: The hero or villain? Input Validation of free-form Unicode text in Web Applications https://scitech.video/videos/watch/82f2fd2d-d661-41b9-8352-f0bddfa70b0e #unicode #security

Learn why things break so you can build systems that don’t https://postmortems.info #security #safety #engineering

All these hardening features are why I love #systemd https://www.freedesktop.org/software/systemd/man/systemd.exec.html #linux #security

If you follow the discussion about Conversations.im registering with Roscomnadzor you should be probably also aware that Threema.ch did that already in 2017... https://reestr.rublacklist.net/distributor/109474 #security #privacy #russia

Someone from 240e:00f7:c::22 (Chinatelecom) is slowly port scanning my /64 subnet. At the current rate it will take them 116'988'483'471 years to complete but they will reach the first allocated IP in only 80'429'582'386 years. #IPv6 RFC 4941 is your friend. #security #privacy

Conversations.im has just registered with Russian Roscomnadzor which means it has now obligation to provide user details FSB https://roskomsvoboda.org/48119/ https://reestr.rublacklist.net/distributor/109589 #xmpp #privacy #security #russia

Getting #security #multifactor #authentication right in 2019 https://blog.trailofbits.com/2019/06/20/getting-2fa-right-in-2019/

The new keybase.openpgp.org has a pretty good usage instructions for Enigmail, OpenKeychain, GnuPG etc https://keys.openpgp.org/about/usage #pgp #security

Someone is actively DoSing GnuPG by adding thousands of signatures through keyserver network. Disable keyservers or switch do keys.openpgp.org #security #pgp https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f