Scott Mortimer :mastodon:
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
NOTE: I don't accept follow requests from accounts that are likely to be bots/trolls.
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
NOTE: I don't accept follow requests from accounts that are likely to be bots/trolls.
Consider swiching to KeyPassXC if you are concerned about this vulnerability.
KeePass Password Manager Vulnerability: Is Your Data at Risk? - gHacks Tech News https://www.ghacks.net/2023/02/01/keepass-password-manager-vulnerability-what-you-need-to-know/
>A disputed KeePass vulnerability was disclosed recently. It allows attackers with write access to export the entire password database.,
~Open Source Security Tool of the Day~
reconFTW
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.
Daily Disinfo Update
In the world of conspiracy nutters, there is a slide away from QAnon to the old NESARA/GESARA financial conspiracy. Bellingcat has an interesting article about all the online nuttery.
No thanks, I will wait for Fourma.
Messenger billed as better than Signal is riddled with vulnerabilities | Ars Technica
Threema comes with unusually strong claims. They crumble under new research findings.
~Open Source Security Tool of the Day~
uncover
Quickly discover exposed hosts on the internet using multiple search engines.
uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools.
Folks, let me introduce you to the next Segue...(in other words tech invention that will achieve nothing except becoming a meme to ridicule).
Shift Moonwalkers | The World's Fastest Shoes – Shift Robotics
Introducing the first ever wearable mobility device. With an instinctive AI drivetrain, you’re able to walk faster without having to change a thing.
If you're still using this service, it past time you move on.
LastPass users: Your info and password vault data are now in hackers’ hands
Password manager says breach it disclosed in August was much worse than thought.
~Open Source Security Tool of the Day~
OSV-Scanner
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:
- Each advisory comes from an open and authoritative source (e.g. the RustSec Advisory Database.
- Anyone can suggest improvements to advisories, resulting in a very high quality database
- The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages
~Open Source Security Tool of the Day~
Nosey Parker: Find secrets in textual data
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing.
**Key features:**
- It supports scanning files, directories, and the entire history of Git repositories
- It uses regular expression matching with a set of 60 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
- It groups matches together that share the same secret, further emphasizing signal over noise
- It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 5 minutes on an older MacBook Pro
I just created the latest in mycological currency.
** Non-Fungible Fungi **
Invest now before the market gets too hot.
