cybersecurity | pentesting
In infosec, there is a seemingly never ending list of acronyms any cyber professional must be familiar with in order to work efficiently and effectively. One of those is a common vulnerability known as IDOR.
IDOR stands for Insecure Direct Object Reference, and it's a type of vulnerability that can have serious implications for the security of web applications if not properly addressed. But what is it exactly?
Bitwarden is one of the best password managers in the business. It's easy to use, open-source, secure, and cross-platform. Honestly, there are very few downsides to using Bitwarden.
And, as many of you may know, a password manager's best friend is a solid 2FA client. Though Bitwarden supports 2FA passwords from within the password manager as a premium feature, it's always been a better security practice to keep those two things separate.
Now, the team behind Bitwarden are helping up your security game by offering 2FA functionality in a separate app: Bitwarden Authenticator.
In the world of networking, two fundamental models serve as the backbone for communication protocols and standards: the OSI model and the TCP/IP model. Both models are quite similar, providing frameworks for how data is transmitted across networks at various stages of the process.
Understanding these models is crucial for anyone working in IT, cybersecurity, or any related tech field. But what exactly are they?
I am a huge fan of Flatpak applications on Linux. I like how they work. I like how easy they are to install. I like how you can control their permissions with such granularity. Etc.
Well now, I have yet another reason to love Flatpaks: easy installation reproducibility. Let me show you what I mean.
Simple CTF is an easy, beginner-friendly capture the flag exercise on TryHackMe. It features a vulnerable CMS, a weak user password, and misconfigured sudo user privileges that lead to root level access.
Proton's toolbox is ever expanding. From acquiring other companies like SimpleLogin or Standard Notes to building out features like Proton's Security Center, we have come to expect constant improvements from the Swiss-based company. Now, the aforementioned Security Center sees another update in the form up dark web monitoring.
Yesterday, the company announced a new feature that can notify users when Proton's system detects a breach affecting them and offers suggestions of how to mitigate risk. This retroactively includes breaches from up to two years ago and will include as many breaches as possible moving forward.
Have you ever needed to reference a command line tool's capabilities only to find out there is no manual page and that only the -h (—help) option is available?
Normally, this isn't a problem, but -h doesn't let you search for strings the way man does. That means if you are trying to use a tool that is quite extensive, scrolling and sifting through the help option's results manually can be quite cumbersome.
Tailscale touts itself as an affordable, zero-config virtual private network (VPN) that easily connects all of your devices from anywhere in the world. Without going into the nitty-gritty of how it works, Tailscale is built on WireGuard, and it uses a centralized server to make the initial introduction between all of your devices.
I've been using Tailscale for some time now. I first tried it out because I wanted an easy and secure way to access my home media server from anywhere in the world, and I heard Tailscale was a fairly pain-free way to do this.
Not only is that true, but I've actually loved using Tailscale, and I will never go back to using reverse proxies and port forwarding into my local network again. That being said, there are a few things you can do to make your Tailscale experience quite a bit better, and I've compiled a list of three which I believe just might do the trick.
A while ago, I wrote a post about what I believed was the best open-source two-factor authentication application on the market: Ente Auth. And though I still love and use Auth, what I didn't know was that there was already an older kid on the block. Enter 2FAS, another free software 2FA option you should consider.
If you want the most private and secure operating system for your desktop or laptop, GNU/Linux is likely the route to go. Mainstream proprietary offerings like macOS or ChromeOS may have some security benefits over the many Linux distros available, but Linux's strengths far outweigh these potential shortcomings.
That being said, the applications you put on your machine can make or break your privacy and/or security as well, regardless of what operating system you run. That's why I have three Linux desktop apps that you should give a try today that can help improve your digital privacy in one way or another.