Pinned toot

@U039b

As I committed myself since May 2018, I publish each first of the month a new technical article about anonymity, privacy and digital autonomy. (today is the 10th I know ...)

For the month of November 2018, it is an article about OpenVPN. It explains in detail how to setup a very highly secure configuration with Elliptic curve, certificate verification and other security improvements.

blog.mirabellette.eu/index.php

Pinned toot


I published as I committed an article the tenth of each two months. It is about the blog itself and what I did for the community during this period.

Especially:
* What I achieved during this period
* What I accomplished for the community
* How are the blog and services popular
* Balance sheet of the period
* Some words about what I think for the next period

Today, it is about the months of July and August.

blog.mirabellette.eu/index.php

Downgrade attack on TLS 1.3 and vulnerabilities in major TLS libraries:

nccgroup.trust/us/about-us/new

– the attack leverages a side-channel leak via cache access timings (in OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS)
– it affects all TLS versions, including TLS 1.3
– one requirement for the attack are RSA key exchanges

#tls #rsa #key #exchange #tls13 #downgrade #encryption #https #crypto #infosec #cybersecurity #security

Security vulnerability in apt (Advanced Package Tool) affects Debian, Ubuntu, and other apt-based Linux derivates:

debian.org/security/2019/dsa-4
usn.ubuntu.com/3863-1/
usn.ubuntu.com/3863-2/

– vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicous content in the HTTP connection
– fixed in apt version 1.4.9

#apt #debian #ubuntu #vulnerability #package #linux #mitm #infosec #cybersecurity #security

L'application Exodus a été mise à jour, avec l'ajout de couleurs dépendantes du nombre de pisteurs et permissions, la mise à jour de l'Allemand et l'ajout de l'Arabe (merci @ButterflyOfFire !) ! Un grand merci à toutes les personnes qui ont contribué et bien entendu à @Schoumi qui développe l'appli et a plein d'autres projets. Soutenez-le financièrement ici : liberapay.com/Schoumi ou fr.tipeee.com/schoumi

Bonjour tout le monde,

Comment est-ce que vous faites pour rendre plus compliquer la copie d'un texte présent dans un PDF ? Oui c'est bien l'équivalent d'un DRM.

Je ne peux pas utiliser un Layer par dessus car le texte doit rester afficher.

A part ajouté un tag dans le fichier qui indique au lecteur de désactiver la copy et transformer en image puis pdf (ce qui alourdit le fichier) je vois pas :s

Des idées ?

@aeris @thuban peut-être ?

Petit article intéressant sur @nos_oignons et ses hébergeurs :
nos-oignons.net/Actualit%C3%A9

Au passage, il y a un nouveau nœud de sortie, hébergé par @Aquilenet \o/

Mozilla a publié ses comptes 2017 (et les documents pour le fisc US) :

mozilla.org/en-US/foundation/a

Les PDFs sont en bas. Le premier truc que je constate comparé à 2016, c'est le salaire de Mitchell Baker qui passe de 1 à 2,3 millions de dollars.

=> Je vais demander une augmentation de 130% à mon patron moi 🤔

@ LineageOS users: Some readers asked why they get daily updates for their LOS system.

Most likely, the build server is configured to create "nightly builds" regardless of whether there are any actual changes. This results in daily updates that only update the creation string.

Go to download.lineageos.org/ and check the changelog of your device to see if something was changed. Updating once per month is mostly sufficient.

#lineageos #los #android #update

Don't believe everything you read online about #ProtonMail - reddit.com/r/ProtonMail/commen

> As many of you may be aware, earlier today, criminals attempted to extort ProtonMail by alleging a data breach, with zero evidence. An internal investigation turned up two messages from the criminals involved, which again repeated the allegations with zero evidence, and demanded payment. We have no indications of any breach from our internal infrastructure monitoring.

#infosec

Ou pourquoi faire des trucs « sécurisés » en JS, c’est la merde…
Mais là, version XXXXXXXXXL… 😱
pastebin.com/bwvqHhbA

@U039b

As I committed myself since May 2018, I publish each first of the month a new technical article about anonymity, privacy and digital autonomy. (today is the 10th I know ...)

For the month of November 2018, it is an article about OpenVPN. It explains in detail how to setup a very highly secure configuration with Elliptic curve, certificate verification and other security improvements.

blog.mirabellette.eu/index.php

C'est vachement pas con l'outil de vérification de compte de Mastodon. Du coup je viens de certifier que mon blog est bien à moi !

New post about: Malicious code and abandoned websites

What happens when a website service disappears and a malicious user comes along and takes over the endpoint? That's what happened with "New Share Counts" recently.

How do we make this better?

ryandaniels.ca/blog/malicious-

#privacy #security

X.Org X server vulnerability affects CentOS, Debian, Ubuntu, Fedora and other Linux operating systems:

zdnet.com/article/new-security

– CVE-2018-14665
– attackers can elevate privileges and/or overwrite any files on the local system, even crucial OS data
– update to X.Org Server 1.20.3

#xorg #xserver #vulnerability #flaw #linux #debian #ubuntu #fedora #centos #infosec #cybersecurity #security

Recap: XMPP – admin-in-the-middle.

infosec-handbook.eu/blog/xmpp-

XMPP admins can transparently:

– see and arbitrarily modify all of your contacts, MUC memberships/affiliations and vCard data
– monitor your activity and devices
– log and read your password in cleartext
– log and read cleartext messages and other file types
– impersonate your contacts
– delete messages
– …

In our opinion, the only way to privately and securely use XMPP is hosting your own server.

#xmpp #privacy #security #infosec

Denmark is the first country to require businesses to encrypt emails containing sensitive personal information end-to-end, starting January 1, 2019.

tutanota.com/blog/posts/denmar

Hello everyone,
I made some update of the blog: blog.mirabellette.eu/

Could you please give me some feedback about it?

Do you find it clear? Easy to read?

How do you think I could improve it?

Thank you very much for your help :)

Show more
La Quadrature du Net - Mastodon - Media Fédéré

Bienvenue dans le media fédéré de la Quadrature du Net association de défense des libertés. Les inscriptions sont ouvertes et libres.
Tout compte créé ici pourra a priori discuter avec l'ensemble des autres instances de Mastodon de la fédération, et sera visible sur les autres instances.
Nous maintiendrons cette instance sur le long terme.