Scott Mortimer :mastodon:​

Information Security geek, Old School RPG nerd, and wannabe fiction writer.

NOTE: I don't accept follow requests from accounts that are likely to be bots/trolls.

Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Consider swiching to KeyPassXC if you are concerned about this vulnerability.

KeePass Password Manager Vulnerability: Is Your Data at Risk? - gHacks Tech News ghacks.net/2023/02/01/keepass-
>A disputed KeePass vulnerability was disclosed recently. It allows attackers with write access to export the entire password database.,

4 days ago
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

offsec.tools

A vast collection of security tools

offsec.tools

4 days ago
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

reconFTW

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.

github.com/six2dez/reconftw

January 30, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

The Space Karen

January 16, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Daily Disinfo Update

In the world of conspiracy nutters, there is a slide away from QAnon to the old NESARA/GESARA financial conspiracy. Bellingcat has an interesting article about all the online nuttery.

bellingcat.com/news/2022/12/21

January 16, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

No thanks, I will wait for Fourma.

Messenger billed as better than Signal is riddled with vulnerabilities | Ars Technica

Threema comes with unusually strong claims. They crumble under new research findings.

arstechnica.com/information-te

January 11, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

uncover

Quickly discover exposed hosts on the internet using multiple search engines.

uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools.

github.com/projectdiscovery/un

January 06, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Folks, let me introduce you to the next Segue...(in other words tech invention that will achieve nothing except becoming a meme to ridicule).

Shift Moonwalkers | The World's Fastest Shoes – Shift Robotics

Introducing the first ever wearable mobility device. With an instinctive AI drivetrain, you’re able to walk faster without having to change a thing.

shiftrobotics.io/

January 05, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

If you're still using this service, it past time you move on.

LastPass users: Your info and password vault data are now in hackers’ hands

Password manager says breach it disclosed in August was much worse than thought.

arstechnica.com/?p=1906575

December 23, 2022
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

OSV-Scanner

Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.

OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:

- Each advisory comes from an open and authoritative source (e.g. the RustSec Advisory Database.
- Anyone can suggest improvements to advisories, resulting in a very high quality database
- The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages

github.com/google/osv-scanner

December 23, 2022
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

Nosey Parker: Find secrets in textual data

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing.

**Key features:**

- It supports scanning files, directories, and the entire history of Git repositories
- It uses regular expression matching with a set of 60 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
- It groups matches together that share the same secret, further emphasizing signal over noise
- It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 5 minutes on an older MacBook Pro

github.com/praetorian-inc/nose

December 15, 2022
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

I just created the latest in mycological currency.

** Non-Fungible Fungi **

Invest now before the market gets too hot.

December 10, 2022