Mast Security @mastsec@noc.social
Infosec, Networking and Hacking stuff - on Mastodon.
Joined Aug 2020
Mast Security
boosted
We are sharing jndi (log4j) attack logs here:
https://reputation.noc.org/jndi-attack-logs/
Might be useful to find variation of attacks and IPs abusing it.
Mast Security
boosted
We need less of Google, less Facebook, less Twitter, less Apple and more decentralization.
https://wptavern.com/amp-has-irreparably-damaged-publishers-trust-in-google-led-initiatives
Mast Security
boosted
They're called "Meta" because their business is selling your metadata.
Mast Security
boosted
You may have noticed some sites that immediately redirect you to another page or site if you have JS disabled, prompting you to enable it
This is done with a <meta> refresh inside <noscript>
This #DarkPattern can be circumvented in uMatrix by turning off "Spoof <noscript> tags"
Mast Security
boosted
Do you know the difference between a Registrar, a Registry, a Recursive DNS and an authoritative DNS?
https://noc.org/2021/03/17/registries-registrars-and-authoritative-dns/
After you are done reading, you will know. 😂
Good article by @tony
Mast Security
boosted
Trying to do my part:
$ curl -sD - https://dcid.me | grep 'permissions-policy'
permissions-policy: interest-cohort=()
Have you blocked FLoC yet? If you are using NOC, you can disable it with 1-click here:
https://my.noc.org/dashboard?page=cdn
More details on how to do it yourself:
https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
Create an empty 8G file to save you in case your disk gets full:
https://brianschrader.com/archive/why-all-my-servers-have-an-8gb-empty-file/
Not sure I like this technique, but I have to agree that is pretty difficult to troubleshoot a server when the disks gets full.
That little file can save you a lot of hours.
Mast Security
boosted
One thing I love about the https://noc.org DNS is the visibility it provides - including regions and resolvers.
If you want to move away from big tech and give a small provider a chance, you may like it :)
Mast Security
boosted
Been saying that SMS is a bad 2FA for years....
Post from 2013: https://dcid.me/notes/2013-apr-19
And new report from Krebs:
https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/
Mast Security
boosted
#Tusky has been removed from the PlayStore by Google
Mast Security
boosted
The Mastodon account search is back online (and running a lot faster):
Sorry for the downtime and sluggish performance it was having.
Quoting Chris Krebs:
"This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03. Check for 8 character aspx files in C:\\inetpub\wwwroot\aspnet_client\system_web\. If you get a hit on that search, you’re now in incident response mode."
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
"The only way to force companies to provide safety and security features for customers and users is with government intervention.
They routinely legislate safety — pollution standards, automobile seat belts, lead-free gasoline, food service regulations.
We need to do the same with cybersecurity: the federal government should set minimum security standards for software and software development."
https://www.schneier.com/blog/archives/2021/03/national-security-risks-of-late-stage-capitalism.html
Agree?
Before buying a NYT subscription, here's what it will take you to cancel it.
I was expecting them to require a snail mail or a fax, but still a pain to have it cancelled.
Until they fix it, might be better not to subscribe to the NYT.
Mast Security
boosted
One of the many reasons why I am looking for Google alternatives:
"The YouTube account of Spinks' game dev company, Re-Logic, was hit with some kind of terms-of-service violation, resulting in Google banning Spinks' *entire Google account*, greatly disrupting his company's ability to do business. ". Including his 15 yo gmail account.
Mast Security
boosted
Something I love about #mathematics is it has problems simple enough for a child to understand, but to which nobody knows the solution. I recall having fun setting this problem to students : given four houses at vertices of a square, what is the shortest length of road needed to connect them all? Before spoiling the answer, look at this very simple related problem - no one has been able to identify and prove the optimal answer:
Barcode Scanner app on Google Play infects 10 million users with one update
Do you have this Barcode scanner app on your Android?
In August and September 2020, Verisign quantified that upwards of 45.80% of total DNS traffic to the root servers was, at the time, the result of Chromium intranet redirection detection tests...
https://blog.apnic.net/2021/02/04/how-chromium-reduces-root-dns-traffic/
After a code change, Chrome was able to reduce this number significantly...
Mast Security
boosted
We are still urgently looking for some more volunteers for the hosting task, If you intend to watch a specific talk and the Q&A you can help out!
https://fosdem.org/2021/news/2021-01-28-call-for-volunteers/
If you had email issues lately....
Spamcop let their domain expire:
Causing false positives to anyone using them.
Infosec, Networking and Hacking stuff - on Mastodon.
Joined Aug 2020
