»Argon2 vs. bcrypt vs. scrypt: which hashing algorithm is right for you?«
As far as I know, Argon2 is a current secure solution for storing passwords. In my opinion, too many online services do not use this solution or do not fund it (fast enough) to update their services.
Są tu jacyś entuzjaści technologii Apple? Dziś w Gdańsku odbędzie się MacAdmins Meetup. Zapraszamy tych zaczynających przygodę z zarządzaniem, jak i tych, którzy na systemach Apple pracują od lat.
Spotkanie odbędzie się dzisiaj (15.05) o godzinie 17:30 w "Sztuce Wyboru" przy ul. Juliusza Słowackiego 19.
W programie wystąpienia trzech świetnych ekspertów:
• Miłosz Staszewski zaprezentuje: "Automatyzuj co się da – i najtaniej jak się da!" - Założyciel k7 i certyfikowany trener Apple
• Elmo Kuisma, inżynier Jamfa z UK, poprowadzi sesję anglojęzyczną "What's new in Jamf", gdzie dowiesz się o najnowszych rozwiązaniach z zakresu MDM.
• Dawid Konopnicki przedstawi temat: "Jamf Protect - Detekcje zdarzeń w MacOS", idealny dla specjalistów z dziedziny bezpieczeństwa IT.
Ihr habt den neusten Kinofilm kostenlos online gefunden und schaut gleich rein? Stopp! Mit illegalem #Streaming macht ihr euch strafbar! Im Video erfahrt ihr, von welchen Streaming-Angeboten ihr besser die Finger lasst.
🥳 Celebrate the Nitrokey 3 milestone with us and get Nitrokeys at a reduced price: For one week you will receive a 5% discount on all Nitrokeys!
➡️ Details about the Nitrokey 3 milestone can be found here: https://www.nitrokey.com/.../nitrokey-3-milestone-se050...
We're thrilled to announce a new service: myip.bsd.cafe!
Now live, this tool is your go-to resource for checking your public IP address via Telnet, SSH, and HTTP—also perfect for times when you're on a command-line interface without browser access.
Whether you're an IT professional or a tech enthusiast, this service is built to make your digital life a bit easier. Set up your own instance or use our public service.
Full instructions available on our Brew repository!
Spread the word and let's make network troubleshooting easier for everyone!
Ich würd gern #Pentester werden. Die Suchmaske vom Arbeitsamt ist nicht besonders benutzungsfreundlich, über Instagram-Werbung find ich eher was brauchbares als dort.
Habt Ihr zufällig ne Empfehlung für n Remotekurs (möglichst in Teilzeit absolvierbar), der mehr als nur oberflächlichen Einstieg ermöglicht und mich tatsächlich zum Pentester ausbildet? Muss azav-zertifiziert sein, damit das Arbeitsamt es genehmigt.
Habe gerade Unterstützung beim Einreichen vom Beihilfeanträgen beim #LBVBW geleistet…
…und jetzt möchte ich irgendwas mit Pflanzen oder Holz machen.
Die Tatsache, dass gewisse Zeichen in hochgeladenen Dokumenten nicht erlaubt sind sagt mir, dass diese wohl 1:1 im Filesystem des Zielsystems gespeichert werden.
Der Rest des Prozesses sieht genauso aus, wie man es vermuten könnte.
Wenn ich ehrlich bin, habe ich darüber zu wenig Ahnung. Ist dies so anzuwenden und zu empfehlen oder wie seht ihr dies?
»Systemd-Alternative zu sudo soll Linux sicherer machen:
run0 lässt reguläre Benutzer Programme mit root-Rechten ausführen. Es ähnelt sudo, nutzt aber andere Mechanismen zur Privilegienerhöhung und soll sicherer sein.«
Ich wünsche mir für mein Smartphone ein Feature, das bei einem Anruf von einer Nummer, die nicht im Adressbuch ist, meine Stimme verstellt. Für den Fall eines Phishing-Anrufs kann der Angreifer dann nicht ein Sample meiner Stimme mitschneiden. #itsecurity
I am flattered that I have the opportunity to present my 2-day training "A Beginner's Guide To Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" again at Black Hat USA 2024 and that early bird registration is open and you have two opportunities to take the course!
Day 1 begins with a theory section where we discuss resources and models that can help aid our threat hunting from both an intel and communication perspective. We then move to a section that covers how to extract artifacts from an intel report and how to make those artifacts actionable. Then we create some hypotheses and test them against a set of data to see what we can find.
Day 2 will put all the theory and applications to the test where the students will break into teams, process another intel report, create hypotheses, and hunt again!
Last year was a lot of fun and we receive high ratings, so we hope you can join us again this year for the fun! I hope to see you there, but until then, Happy Hunting!
First screenshot is the real PIN prompt, second one is a JavaScript prompt() with a custom prompt text.
The only differences are:
• PIN dialog is at the top of the window, prompt() centered.
• PIN dialog says "Sign In" on the button, prompt() says "OK" (which is not customizable).
• PIN dialog has "https://", prompt() just the domain.
I'd say that makes it pretty trivial to phish for Passkey PINs … 🤦♂️
For anyone that ever wanted to get some threat hunting experience, feel free to join us on March 20th for our monthly workshop, this time we will be tackling the MITRE ATT&CK Tactic of Initial Access! Hope to see you there!
I saw a parking fare payment device today that had its Internet-facing IPV4 address (maybe for the cellar modem?) displayed on the front panel. It was at the bottom of the screen along with some other stuff.
Is that a security problem? I probably wouldn’t have designed it to show that IP address. But maybe depending on how security is set up that might not be all that useful to an attacker? (Not an IT security export here.)
If you are someone working in #IT or #itsecurity I highly recommend the books by British #SF author #CharlesStross especially his Laundry Files series of novels. Why? Well, he's one of us! No other author I've read actually knows his way around a CLI, has administered computers himself and still cares about #Linux & other geeky IT stuff like Charlie. Ok, the other exception being #nealstephenson who used to be an engineer and famously had one of his protagonists use the #emacs editor in #Cryptonomicon. He's here on Mastodon @cstross and one of the nicest "famous" people to follow since he actually replies to and engages his followers while others just push their latest work and ignore your comments or questions.
❤️ Happy Valentine's Day from your Nitrokey team! We even have a present for you! ❤️
📣 Nitrokey is giving you the privacy screen protetor and the protective case for your NitroPhone 3a in our Valentine's Bundle! Let us give you a present and start your safe smartphone use without any worries. 😍