Marcus Jaschen · @mjaschen
587 followers · 356 posts · Server digitalcourage.socialMein #Wochenrückblick, Ausgabe 5 (2023-35). Diesmal mit #Things und #Obisidian, #iOS Accessibility Shortcuts, #Axt gegen Hauklotz, #Amazon #SES und #msmtp, @mailbox_org, #HSTS, #Shimano, natürlich dem #Knoten der Woche und #Techno.
https://www.marcusjaschen.de/blog/2023/2023-35/ https://www.marcusjaschen.de/blog/2023/2023-35/
#techno #knoten #shimano #hsts #msmtp #ses #amazon #axt #ios #obisidian #things #wochenruckblick
Redhotcyber · @redhotcyber
589 followers · 1804 posts · Server mastodon.bida.im
Nessuna Scelta! Microsoft rende la sicurezza in Exchange una priorità
#Microsoft ha recentemente annunciato che #Exchange Server 2016 e 2019 ora dispongono del supporto integrato per #HTTP Strict Transport Security (#HSTS), un meccanismo per #applicare il protocollo #HTTPS sicuro.
Condividi questo post se hai trovato la news interessante.
#redhotcyber #online #it #web #ai #hacking #privacy #cybersecurity #cybercrime #intelligence #intelligenzaartificiale #informationsecurity #ethicalhacking #dataprotection #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #infosecurity
#microsoft #exchange #http #hsts #Applicare #https #redhotcyber #online #it #web #ai #hacking #privacy #cybersecurity #cybercrime #intelligence #intelligenzaartificiale #informationsecurity #ethicalhacking #dataprotection #CyberSecurityAwareness #cybersecuritytraining #CyberSecurityNews #infosecurity
Gonçalo Valério · @dethos
333 followers · 1390 posts · Server s.ovalerio.net
"... I accidently enabled HSTS–on localhost"
https://bartwullems.blogspot.com/2023/07/help-i-accidently-enabled-hstson.html
Ryuno-Ki · @RyunoKi
808 followers · 15974 posts · Server layer8.spaceIt's good to know that #fail2ban actually works.
But does it have to be on #localhost? 🫤
And only because I forgot to comment #HSTS in the provision against the #vagrant VM.
#vagrant #hsts #localhost #fail2ban
chrbre · @chrbre
27 followers · 80 posts · Server ipv6.social
Nicolas Fränkel · @frankel
738 followers · 563 posts · Server mastodon.top
The fascinating world of #HTTP Strict-Transport-Security https://ergomake.dev/blog/hsts-introduction/
Brandon Blackburn · @brandon
13 followers · 18 posts · Server ioc.dev@tracketpacer I’m shocked we haven’t implemented HTCPCPSTS. I would propose that a similar mechanism to #HSTS be added to prevent HTCPCP #TLS session downgrade attacks from brewing tea rather than coffee. As we all know HTCPCPSTS/TLS1.3 is the only thing stopping a world of nothing but tea.
CK's Technology News · @CKsTechNews
1332 followers · 6074 posts · Server cktn.todon.de
Konstantin :C_H: · @kpwn
91 followers · 253 posts · Server infosec.exchange#HSTS - Part 4/4: Practical Observation #3 🧑💻
HSTS requires HTTPS and a valid certificate chain.
#hsts #infosec #cybersecurity #bugbounty #pentesting
Konstantin :C_H: · @kpwn
88 followers · 246 posts · Server infosec.exchange#Firefox just ranked the priority of my integer overflow a P1 - highest priority! :flan_excite:
#firefox #hsts #cybersecurity #infosec #pentesting
Konstantin :C_H: · @kpwn
86 followers · 234 posts · Server infosec.exchange#HSTS - Part 4/4: Practical Observation #2 🧑💻
🚧 The expiry date of Firefox's HSTS headers is prone to an INTEGER OVERFLOW. 🚧
#hsts #infosec #cybersecurity #bugbounty #pentesting
Konstantin :C_H: · @kpwn
80 followers · 230 posts · Server infosec.exchange
POV: You recognize Firefox only stores 1024 #HSTS entries.
#Pentest #InfoSec #CyberSecurity #BugBounty #LastOfUs #MemeMonday
#hsts #pentest #infosec #cybersecurity #bugbounty #lastofus #mememonday
Konstantin :C_H: · @kpwn
71 followers · 227 posts · Server infosec.exchangeThe #HSTS header is ought to make your daily browsing more secure!
However, it is one thing to describe a security measure in theory, but quite another to implement it securely.
On Linux, the file storing HSTS entries can be found here: ~/.mozilla/firefox/{profile}/
Konstantin :C_H: · @kpwn
71 followers · 227 posts · Server infosec.exchangeFirefox stores HSTS headers in a file called SiteSecurityServiceState.txt.
#HSTS - Part 4/4: Practical Observation #1 🧑💻
Now hold on because it's getting rough: Up to the current version (v110) this file is limited to 1024 entries.
#hsts #infosec #cybersecurity #bugbounty #pentesting
Konstantin :C_H: · @kpwn
61 followers · 210 posts · Server infosec.exchangeDid you know the HSTS header can be used as a tracking mechanism?
#HSTS - Part 3/4: Privacy Issues 🔓
Yes, you heard right. The header that ensures you are browsing the web via HTTPS has a privacy issue.
Let's take a look.
#hsts #infosec #cybersecurity #bugbounty #pentesting
Konstantin :C_H: · @kpwn
61 followers · 208 posts · Server infosec.exchangeDid you know the HSTS header can be used as a tracking mechanism?
#HSTS - Part 3/4: Privacy Issues 🔓
Yes, you heard right. The header that ensures you are browsing the web via HTTPS has a privacy issue.
Let's take a look.
#hsts #infosec #cybersecurity #bugbounty #pentesting
Konstantin :C_H: · @kpwn
59 followers · 194 posts · Server infosec.exchangeI am going to tell you all you need to know about the HSTS header in a series of toots.
#HSTS - Part 2/4: History, Support & Parameters 📜
#hsts #infosec #cybersecurity #bugbounty #pentesting
Konstantin :C_H: · @kpwn
55 followers · 182 posts · Server infosec.exchangeI am going to tell you all you need to know about the HSTS header in a series of toots.
#HSTS - Part 1/4: Basics 👶
#hsts #infosec #cybersecurity #bugbounty #pentesting
Konstantin :C_H: · @kpwn
53 followers · 180 posts · Server infosec.exchangeThe #HSTS header is an underrated security mechanism that makes your daily browsing more secure!
Or does it?
Starting this Saturday, I am going to tell you all you need to know about HSTS in a series of toots / tweets.
We are going to discuss:
1. Basics 👶
2. History, Support & Parameters 📜
3. Limitations and Privacy Issues 🔓
4. Practical Observations 🧑💻
Follow me to not miss a bit!
Also boost this toot to spread the message!
#hsts #infosec #cybersecurity #bugbounty #pentesting
Konstantin :C_H: · @kpwn
43 followers · 177 posts · Server infosec.exchange
Some research on HSTS header is going on. Stay tuned!
#pentesting #cybersecurity #infosec #hsts