wireguard – yet another open source vpn

wireguard – yet another open source vpn

• https://www.wireguard.com/
• https://git.zx2c4.com/WireGuard/

WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers’ public keys, and then you send packets across it. All issues of key distribution and pushed configurations are out of scope of WireGuard; these are issues much better left for other layers, lest we end up with the bloat of IKE or OpenVPN. In contrast, it more mimics the model of SSH and Mosh; both parties have each other’s public keys, and then they’re simply able to begin exchanging packets through the interface.

YOU can help rewire the internet so it’s faster, freer, safer and more accessible for all by using @TAILS and @MYSTERIUM #blockchain #netadmin #privacy #security #vpn

YOU can help rewire the internet so it’s faster, safer and more accessible for all by using TAILS and MYSTERIUM

Run TAILS BETA

• https://tails.boum.org/news/test_4.0-beta1/

Run a MYSTERIUM ALPHA BLOCKCHAIN VPN node

• https://mysterium.network/
• https://docs.google.com/document/d/1oZtiSfjOSvz5bJSKIcw1onQurlVF4WG5JFwtUE3pW6k
• https://mysterium.network/whitepaper.pdf
• https://testnet.mysterium.network/

wow @snyk now automatically creates PRs to fix your @github projects

wow @snyk now automatically creates branches and PRs to fix your @github projects

just connect your @github account to @snyk and they will automatically create PRs to remove vulnerabilities in your code !

pom.xml

       <dependency>
        <dependency>
            <groupId>io.fabric8</groupId>
            <groupId>io.fabric8</groupId>
            <artifactId>openshift-client</artifactId>
            <artifactId>openshift-client</artifactId>
            <version>1.4.10</version>
            <version>4.3.1</version>
        </dependency>
        </dependency>

top 100 security tools

top 100 security tools

• http://sectools.org/

node electron apps

node electron apps on github

• https://github.com/microsoft/AttackSurfaceAnalyzer
• https://github.com/oscartbeaumont/ElectronPlayer

tips

# npm install -g electron
# npm install -g electron-packager

then

$ NODE_PATH=/usr/local/lib/node_modules make release

then

an easy to search #vulnerability db with detailed information and remediation guidance from @snyksec

an easy to search vulnerability db with detailed information and remediation guidance from @snyksec

• https://snyk.io/vuln

example search for zip vulnerabilities

• https://snyk.io/vuln/search?q=zip&type=any

Software Composition Analysis (SCA) apps from @synksec and @whitesourcesoftware

Software Composition Analysis (SCA) apps from @synksec and @whitesourcesoftware

• https://snyk.io/
• https://www.whitesourcesoftware.com/

If you want to detect vulnerable dependencies in your GitHub project with snyk you will need to make sure your project has a manifest file so snyk can decide what frameworks you are including.

• https://app.snyk.io/login
• https://support.snyk.io/getting-started/languages-support

To get proper test results and create Snyk projects, at least one of the relevant manifest files must be present in the tested folder (CLI), repository (SCM) or app (serverless).

You get a great report showing you issues in your projects

• https://app.snyk.io/org/osde8info/projects/

You can also connect Snyk to BitBucket, Docker and GitLab

• https://app.snyk.io/org/osde8info/integrations

 

 

the latest IBM Red Hat RHEL 8 gnu/linux distro will have crypto hardening #syadmin #security

https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8#

starting with Red Hat Enterprise Linux 8 you may be able to defend against these attacks with our newly introduced system-wide crypto policy. This policy is included with the release of Red Hat Enterprise Linux 8.0 beta.

see also

• https://bettercrypto.org/static/applied-crypto-hardening.pdf

last nights @linuxinginldn #linuxinginldn #linuxinginlondon #devsecops talks from @skillsmatter on @vimeo

last nights @linuxinginldn #linuxinginldn #linuxinginlondon #devsecops talks from @skillsmatter on @vimeo

• https://skillsmatter.com/meetups/11707-linuxing-in-london

here are the videos

• https://skillsmatter.com/skillscasts/13533-the-easy-way-to-microcontrollers
• https://skillsmatter.com/skillscasts/13565-smart-metering-it-s-a-gas
• https://skillsmatter.com/skillscasts/13534-how-to-break-into-your-application-a-live-hack-with-simon-maple-part-1
• https://skillsmatter.com/skillscasts/13564-how-to-break-into-your-application-a-live-hack-with-simon-maple-part-2

more talks by these speakers

• https://skillsmatter.com/legacy_profile/carl-peto#skillscasts
• https://skillsmatter.com/legacy_profile/ross-cruickshank#skillscasts
• https://skillsmatter.com/legacy_profile/simon-maple#skillscasts

 

Windows Subsystem for Linux (WSL) now supports KALI Linux

Windows Subsystem for Linux (WSL) (aka Bash on Ubuntu on Windows) now supports KALI Linux

http://www.itpro.co.uk/penetration-testing/30697/kali-linux-comes-to-windows-10-handing-hacking-tools-to-pen-testers