SSH Agent Explained
https://smallstep.com/blog/ssh-agent-explained/, posted 2020 by peter in communication howto networking reference security
The SSH agent is a central part of OpenSSH. In this post, I'll explain what the agent is, how to use it, and how it works to keep your keys safe. I'll also describe agent forwarding and how it works. I'll help you reduce your risk when using agent forwarding, and I'll share an alternative to agent forwarding that you can use when accessing your internal hosts through bastions.
Dangerzone: Working With Suspicious Documents Without Getting Hacked
https://tech.firstlook.media/dangerzone-working-with-suspicious-documents-without-getting-hacked, posted 2020 by peter in email free pdf security software
Dangerzone, a new open source tool that First Look Media just released at the Nullcon 2020 hacker conference in Goa, India, aims to solve this problem. You can install dangerzone on your Mac, Windows, or Linux computer, and then use it to open a variety of types of documents: PDFs, Microsoft Office or LibreOffice documents, or images. Even if the original document is dangerous and would normally hack your computer, dangerzone will convert it into a safe PDF that you can open and read.
When dangerzone starts containers, it disables networking, and the only file it mounts is the suspicious document itself. So if a malicious document hacks the container, it doesn’t have access to your data and it can’t use the internet, so there’s not much it could do.
Does Linux Need Antivirus? â€“ Sudoedit.com!
https://sudoedit.com/does-linux-need-antivirus/, posted 2020 by peter in linux security
A lot of the information that gets passed around the Linux community is really good, however, sometimes the information surrounding this topic specifically is not always of the highest quality and it can be difficult to decipher fact from fiction.
In light of the fact that I stand by my previous article, and under the realization that I’m really just some guy on the internet; I thought it would be best to reach out to a few experts and see what they say regarding antivirus software on Linux. I thought it was important that the information I passed on was coming from trusted and well-known vendors in both the Operating System space, as well as the perspective of the antivirus makers, and in that regard I will keep my own commentary to a minimum and let the experts speak for themselves.
Spoiler: For Linux itself, no. For the protection of Windows machines, yes, maybe.
Surgeon General Urges the Public to Stop Buying Face Masks - The New York Times
https://www.nytimes.com/2020/02/29/health/coronavirus-n95-face-masks.html, posted 2020 by peter in health science security
“Seriously people — STOP BUYING MASKS!” the surgeon general, Jerome M. Adams, said in a tweet on Saturday morning. “They are NOT effective in preventing general public from catching #Coronavirus, but if health care providers can’t get them to care for sick patients, it puts them and our communities at risk!”
Setting up a signed private apt repository with HTTPS access
tomthegreat.com/2018/02/21/setting-up-a-signed-private-apt-repository-with-lan-access/, posted 2019 by peter in deployment howto linux security toread
This is a guide on setting up private apt repository that is accessible over a local network via HTTPS and is signed to avoid having to use –allow-unauthenticated to install packages.
For my use case I have two distributions of packages, they are production and test distributions. The packages in each distribution varies based on what I have approved to be used in a live/production environment versus a test environment. This is so that I can separate out packages that I am using for normal everyday use versus ones I am currently testing with and not ready to go live with. If you are only using one distribution modify the instructions accordingly.
/bin/bash based SSL/TLS tester: testssl.sh
https://testssl.sh/, posted 2019 by peter in free networking security shell software testing
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Privacy Tools - Encryption Against Global Mass Surveillance
https://www.privacytools.io/, posted 2019 by peter in free list privacy security software
You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides services, tools and knowledge to protect your privacy against global mass surveillance.
WhatsApp voice calls used to inject Israeli spyware on phones | Financial Times
archive.is/kDz13#selection-1922.0-1956.1, posted 2019 by peter in android apple fascism messaging mobile privacy security
WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function.
The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, said the spyware dealer, who was recently briefed on the WhatsApp hack.
NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data.
NSO advertises its products to Middle Eastern and Western intelligence agencies, and says Pegasus is intended for governments to fight terrorism and crime.
But mostly to spy on people said governments don't particularly like, of course.
Cops hate encryption but the NSA loves it when you use PGP â€¢ The Register
https://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/, posted 2018 by peter in communication email privacy security
"To be honest, the spooks love PGP," Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. "It's really chatty and it gives them a lot of metadata and communication records. PGP is the NSA's friend."
www.guardicore.com/infectionmonkey/, posted 2018 by peter in free opensource security software testing
The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.
|< First < Previous 11–20 (221) Next > Last >|