@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).
(Apart from those, both serving endpoint AND client MUST be trustworthy).
🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.
🚨 Furthermore, "legitimate" MitM's * break 2️⃣.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.
😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
IPCola: A Tangled Mess
IPCola, a new proxy service, claims to have millions of active IPs sourced from IoT, Desktop, and Mobile devices. Investigation reveals connections to Gaganode, a decentralized bandwidth monetization service with features resembling a botnet. Gaganode's SDK includes remote code execution capabilities, posing significant security risks. The service is widely distributed through various applications, including Chinese TV boxes and free software. IPCola is linked to InstaIP and NuoChen Technology, suggesting a complex network of proxy providers. The investigation exposes the intricate relationships between proxy providers and SDKs, highlighting the methods used to acquire unique IP pools.
Pulse ID: 692f568ace05763e9b6d44a7
Pulse Link: https://otx.alienvault.com/pulse/692f568ace05763e9b6d44a7
Pulse Author: AlienVault
Created: 2025-12-02 21:13:46
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Chinese #CyberSecurity #InfoSec #IoT #OTX #OpenThreatExchange #Proxy #RCE #RemoteCodeExecution #bot #botnet #AlienVault
A couple of simple bones makes posing items much easier! Here I do not have to readjust the hydraulics when altering the cannons angle.
#3dprinting #warhammer #40k #warhammer40k #proxy #scifi #blender
https://remind-warranty-folks-promptly.trycloudflare.com/
new proxy service up on an @upcloud.com vps
purposefully not putting on a real domain, since the school blocks mine, i hope it's not blocked
RE: https://bsky.app/profile/did:plc:q7suwaz53ztc4mbiqyygbn43/post/3m6yfctdwrk23
Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.
Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.
We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.
Here is a short blog about the campaign and actor, including involved domains and IPs.
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login
Vous utilisez Nginx Proxy Manager ? Ma page d'erreur personnalisée pour les hôtes inconnus est maintenant plus complète ! Nouvelle section sur le Wiki : comment intégrer un logo cliquable qui flotte en :
Bas à Gauche (left: 15px;)
Bas à Droite (right: 15px;)
Le guide complet et les codes (base et versions logo) sont là : 📚 https://wiki.blablalinux.be/fr/page-erreur-npm-hote-inconnu
Method references in Java 8 will allow us to build much nicer APIs for interacting with databases. For example when you combine method references with features we already had in Java it’s possible to create clean, typesafe queries without needing code generation. Full examples and implementation available on github. Here’s an example of what’s possible... Read more »
Je voulais mettre ma signature sur ma stack self-hosted ! ✨
Alors, je vous montre comment ajouter un logo flottant cliquable sur tous vos services via NPM, de la manière la plus propre (et la plus fiable) qui soit. Bas à droite ? Bas à gauche ? C'est vous qui décidez !
Le tutoriel simple (mais détaillé) est juste ici : 👇
https://wiki.blablalinux.be/fr/injection-logo-flottant-nginx-npm
linkdrop
📎🐸ZhSigma@332ppm≅Σx,x∈S={🌱💚🇪🇺λP(θ|y)⁂}learn-languages-world-life
Erik van Straten
OTX Bot
Mystic Pigeon Gaming
jack
Infoblox Threat Intel
Blabla Linux
Nicolas Delsaux