shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

278
active users

#networksecurity

2 posts2 participants0 posts today

When can we declare IP Geo location / country code blocking practically dead as a mitigation strategy?

Sure it is still useful blocking script kiddies from Iran and other low hanging fruit, but do any serious APT crews actually launch attacks from their home country anymore?

With the use of zero trust, distributed attack and delivery networks (looking at you Cloudflare), and VPN usage country blocking feels less useful than in the past.

Continued thread

For some odd reason people consider it to be normal to be very very violated when it comes down to their personal privacy.

* No one should point the camera at your face without your permission.
* No one should sell you a device which has a camera pointed at your face 24 hours a day and you just accept it
* No one should sell you a device with a battery permanently sealed in it but that's another story and another storyline
* No one should ever sell you the snake oil telling you that it's normal to have a camera pointed at your face 24/7

It's not 🚫 normal!

Now go and protect your identity cover that lens!

When was the last time you've properly used the camera on your Android?

No I'm not talking about the camera which points at the scenery, I'm talking about the camera which points straight to your face 24 hours a day every time you pick your Android up.

¿Well? I'm waiting.

About 990 out of 1000 people will answer this wrong.

The only proper way of using that camera is making sure that it can only record images of your face when you absolutely want to

That means that you need to put a piece of electrical isolation tape in front of the lens of the camera and it should be like that for most of the day.

Any other manner means that you do not know anything about securing yourself and about protecting your identity.

Do you consider it normal to have a barrel of a firearm pointed at your face 24 hours a day?

The question is rhetorical

Now please follow suit and do like I have done it for decades;

The only time when the camera is pointed at me, is when I want to; if I don't I either cover it, or shove the person who puts the camera in my face in such a manner that they drop it immediately, or else!

Replied in thread

@w7voa

#AmericanAirlines also had all of its flights completely grounded recently. They are blaming it on a "vendor software issue," but my Network Engineer husband and I are both assuming it was a hushed-up #cyberattack .

I find it to be more than coincidental that #JapanAirlines was hit by a #cyberattack around the same time, with similar results.

#NetworkSecurity #Cybercrimes #Hackers #IT #AirTravel #HolidayTravel #OHareAirport #JAL #Cyberattacks

wgntv.com/news/traffic/america

Replied in thread

@Privacymatters @jasonkoebler @josephcox How well can a full-stack MVNO truly segregate their customers' traffic / metadata from the logical and physical network layers they rest on? Especially when the underlying MNO contracts with other carriers for roaming coverage? I.e., Cape will use UScellular's IoT network. UScellular contracts with AT&T for roaming coverage. (And now T-Mobile is trying to buy most of UScellular...)

I do like how one of Cape's FAQs is "Is this a honeypot for law enforcement?"

Long toot, but TL;DR I’m looking for advice from fellow IT and network managers/maintainers.

Planning a network overhaul for my ~20 person employer for a few months from now. Likely going Unifi for as much as possible for the tight integration and simple management for this poor solo IT guy. I’m not looking for input on that decision at this time, unless you have a really good reason.

Unfortunately, everyone is used to a BYOD system when it comes to WFH. They download the NetExtender VPN on their personal machine and RDP into their workstation in the office. I am trying to figure out how best to lock this down without pissing everyone off (yet).

Obvious measures already in effect include MFA for VPN access and geo-based IP blocking. I’d love to lock it down further though, and for that I am looking into an RDP gateway in combination with VPN.

For off-site company-owned devices, those would use the Unifi VPN authenticated via AD and MFA. Connections would be based on an allowlist of known safe workstations and they would be allowed normal network access.

For personal devices, I’m considering an RDP gateway (with MFA?) to monitor and limit connections from personal devices to employee workstations only (I.e. no server access). I _could_ expose that publicly and ensure it’s locked down with MFA and give the host server minimal permissions and access. However, I’m wondering if it would make sense to place that behind the VPN as well.

Untrusted VPN connections could go to their own VLAN, only allowed access to the RDP gateway and nothing else. Both would authenticate with the same LDAP credentials, so not much benefit there. My main consideration is 0 days and other vulns. A 2 layered approach would ensure that a vulnerability in one system is still mitigated by the other.

I could see this creating unnecessary overhead for employees to connect though, and may not be worth the perceived extra security.

Anyone have any input? I’d love some advice here!

ssldump v1.9 released with bug fixes, enhancements and improvements Latest

Enhancements

  • Original PCAP Timestamps: Added support for original PCAP timestamps, replacing timeofday-generated timestamps for improved accuracy.
  • TLS 1.3 Handling: Introduced handling for TLS version 1.3.
  • RAW IP Capture Support: Implemented support for "raw IP" captures, allowing capture of packets without Layer 2 headers.
  • Connection Tracker Enhancements: Improved connection tracking with live list and purge functionality.

#ssldump #ssl #tls #networksecurity #network #infosec #dfir #opensource

🔗 Release notes github.com/adulau/ssldump/rele
🔗 :github: github.com/adulau/ssldump

GitHubRelease ssldump v1.9 released with bug fixes, enhancements and improvements · adulau/ssldumpRelease Notes for v1.9 (2024-11-03) Enhancements Original PCAP Timestamps: Added support for original PCAP timestamps, replacing timeofday-generated timestamps for improved accuracy. TLS 1.3 Handl...

The Cyble sensor intelligence report is always my favorite one to write up because I never know what’s going to be hidden in all that data. Attacks on VNC, IoT/OT devices and LightSpeed Cache and GutenKit WordPress plugins are some of the highlights this week.
#Cyberattacks #ThreatIntelligence #Cybersecurity #Security #WordPress #IoT #OT #NetworkSecurity #Vulnerabilities #Linux #PHP #Java #Python

cyble.com/blog/cyble-sensors-d

Cyble · Cyble Sensors Detect New Attacks On LightSpeed, GutenKit WordPress Plugins - CybleBy Paul Shread