Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Notices by kaveh (kaveh@mblog.kavehmoravej.com)

  1. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Friday, 02-Mar-2018 17:43:18 EST kaveh kaveh
    • infosec
    Trustico's website was vulnerable to a trivial shell command substitution injection, running as uid=0

    https://arstechnica.com/information-technology/2018/03/trustico-website-goes-dark-after-someone-drops-critical-flaw-on-twitter/

    !infosec !security
    In conversation Friday, 02-Mar-2018 17:43:18 EST from mblog.kavehmoravej.com permalink

    Attachments

    1. Invalid filename.
      Trustico website goes dark after someone drops critical flaw on Twitter
      from Ars Technica
      Outage comes a day after CEO admitted emailing private keys for 23k HTTPS certs.
  2. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Tuesday, 27-Feb-2018 16:51:29 EST kaveh kaveh
    • infosec
    Harpoon - a tool to automate threat intelligence and open source intelligence tasks.

    https://www.randhome.io/blog/2018/02/23/harpoon-an-osint-/-threat-intelligence-tool/

    !infosec !security
    In conversation Tuesday, 27-Feb-2018 16:51:29 EST from mblog.kavehmoravej.com permalink

    Attachments

    1. File without filename could not get a thumbnail source.
      Harpoon: an OSINT / Threat Intelligence tool · Tek's blog
      from Tek's blog
  3. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Friday, 23-Feb-2018 07:42:32 EST kaveh kaveh
    • infosec
    Automated Twitter phishing tool.

    https://github.com/omergunal/PoT

    !infosec !security
    In conversation Friday, 23-Feb-2018 07:42:32 EST from mblog.kavehmoravej.com permalink

    Attachments

    1. Invalid filename.
      omergunal/PoT
      from GitHub
      PoT - Phishing on Twitter
  4. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Friday, 23-Feb-2018 07:33:26 EST kaveh kaveh
    • infosec
    PinMe, a novel user-location mechanism that exploits non-sensory/sensory data stored on the smartphone, e.g., the environment's air pressure, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user's location when all location services, e.g., GPS, are turned off.

    https://arxiv.org/abs/1802.01468

    !infosec !security
    In conversation Friday, 23-Feb-2018 07:33:26 EST from mblog.kavehmoravej.com permalink
  5. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Friday, 16-Feb-2018 14:37:43 EST kaveh kaveh
    • infosec
    SSH-Audit, checks your SSH config and suggests improvements.

    https://github.com/arthepsy/ssh-audit

    !infosec !security
    In conversation Friday, 16-Feb-2018 14:37:43 EST from mblog.kavehmoravej.com permalink

    Attachments

    1. Invalid filename.
      arthepsy/ssh-audit
      from GitHub
      ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
  6. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Friday, 16-Feb-2018 14:31:38 EST kaveh kaveh
    • infosec
    What will the warrior-guardian of the future look like?

    !infosec !security https://mblog.kavehmoravej.com/attachment/2821
    In conversation Friday, 16-Feb-2018 14:31:38 EST from mblog.kavehmoravej.com permalink
  7. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Friday, 12-Jan-2018 14:46:28 EST kaveh kaveh
    LinkedIn, a treasure trove of easily accessible personal information and company IT data for targeted attacks:

    "InSpy is a Python-based LinkedIn enumeration tool with two functionalities: TechSpy and EmpSpy. TechSpy crawls LinkedIn job listings for technologies used by the target company. InSpy attempts to identify technologies by matching job descriptions to keywords from a newline-delimited file."

    "EmpSpy crawls LinkedIn for employees working at the provided company. InSpy searches for employees by title and/or department from a newline-delimited file. InSpy may also create emails for the identified employees if the user specifies an email format."

    https://tools.kali.org/information-gathering/inspy
    In conversation Friday, 12-Jan-2018 14:46:28 EST from mblog.kavehmoravej.com permalink
  8. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Saturday, 06-Jan-2018 08:15:29 EST kaveh kaveh
    Bob Metcalfe talking about ARPANET’s security in 1973 — could have been written today:

    “Individual sites, used to physical limitations on machine access, have not yet taken sufficient precautions toward securing their systems against unauthorized remote use. For example, many people still use passwords which are easy to guess: their first names, their initials, their host name spelled backwards, a string of characters which are easy to type in sequence (e.g. ZXCVBNM)...We suspect that the number of dangerous security violations is larger than any of us know is growing. You are advised not to sit ‘in hope that Saint Nicholas would soon be there’.”

    http://www.faqs.org/rfcs/rfc602.html
    In conversation Saturday, 06-Jan-2018 08:15:29 EST from mblog.kavehmoravej.com permalink
  9. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Thursday, 28-Sep-2017 14:40:09 EDT kaveh kaveh
    #Nextcloud Introducing Native Integrated End-to-end Encryption

    https://nextcloud.com/blog/nextcloud-introducing-native-integrated-end-to-end-encryption/
    In conversation Thursday, 28-Sep-2017 14:40:09 EDT from mblog.kavehmoravej.com permalink

    Attachments

    1. Invalid filename.
      Nextcloud Introducing Native Integrated End-to-end Encryption
      from Nextcloud
      Nextcloud Introducing Native Integrated End-to-end Encryption
  10. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Friday, 04-Aug-2017 13:11:33 EDT kaveh kaveh
    • infosec
    306 Million Freely Downloadable Pwned Passwords (SHA1 hashed) and how this data can be employed to do good things:

    https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/

    !security !infosec
    In conversation Friday, 04-Aug-2017 13:11:33 EDT from mblog.kavehmoravej.com permalink

    Attachments

    1. Invalid filename.
      Introducing 306 Million Freely Downloadable Pwned Passwords
      from Troy Hunt
      Edit: The following day, I loaded another set of passwords which has brought this up to 320M. More on why later on. Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the
  11. kaveh (kaveh@mblog.kavehmoravej.com)'s status on Thursday, 03-Aug-2017 16:01:04 EDT kaveh kaveh
    A brief history of GnuPG: vital to online security but free and underfunded:

    http://theconversation.com/a-brief-history-of-gnupg-vital-to-online-security-but-free-and-underfunded-80800

    !crypto
    In conversation Thursday, 03-Aug-2017 16:01:04 EDT from mblog.kavehmoravej.com permalink

    Attachments

    1. Invalid filename.
      A brief history of GnuPG: vital to online security but free and underfunded
      from The Conversation
      Most people have never heard of the software that makes up the machinery of the internet - especially the tools that keep us safe.
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.