security links

Devel
«For a long time I’ve wanted an ssh-agent setup that would ask me before every use, so I could slightly more comfortably forward authentication over SSH without worrying that my session might get hijacked somewhere at the remote end (I often find myself wanting to pull authenticated git repos on remote hosts). I’m at DebConf this week, which is an ideal time to dig further into these things, so I did so today. As is often the case it turns out this is already possible, if you know how.»
A coloring book to help folks understand how SELinux works. - mairin/selinux-coloring-book
Prevasio, a cybersecurity startup, has announced that it has completed the scanning of 4 million container images at Docker Hub. Nearly 51% of the images have critical vulnerabilities, and nearly 6,500 of them can be considered malicious.
A recent analysis of around 4 million Docker Hub images by cyber security firm Prevasio found that 51% of the images had exploitable vulnerabilities. A large number of these were cryptocurrency miners, both open and hidden, and 6,432 of the images had malware.
The systemd-analyze security command gives your systemd service units an automated security rating. This is a good starting point for security hardening.
Security
«Operation Tamarisk was a Cold War-era operation run by the military intelligence services of the U.S., U.K., and France through their military liaison missions in East Germany, that gathered discarded paper, letters, and garbage from Soviet trash bins and military maneuvers, including used toilet paper.»
«This post describes my fruitless effort to convince Microsoft employees that Their service is vulnerable, and the humiliation one has to go through should One’s account be blocked by a hacker. This is a story of ignorance, pain and Despair.»
The EURion constellation (also known as Omron rings[1] or doughnuts[2]) is a pattern of symbols incorporated into a number of banknote designs worldwide since about 1996. It is added to help imaging software detect the presence of a banknote in a digital image. Such software can then block the user from reproducing banknotes to prevent counterfeiting using colour photocopiers. According to research from 2004, the EURion constellation is used for colour photocopiers but probably not used in computer software.[3] It has been reported that Adobe Photoshop will not allow editing of an image of a banknote, but in some versions this is believed to be due to a different, unknown digital watermark rather than the EURion constellation.[4][3]
Subscribe in a reader Subscribe by Email
For decades, aspiring bomb makers — including ISIS — have desperately tried to get their hands on a lethal substance called red mercury. There’s a reason that they never have.
Confidence tricks and scams are difficult to classify, because they change often and often contain elements of more than one type. Throughout this list, the perpetrator of the confidence trick is called the "con artist" or simply "artist", and the intended victim is the "mark". Particular scams are mainly directed toward elderly people, as they may be credulous and sometimes inexperienced or insecure, especially when the scam involves modern technology such as computers and the internet. This list should not be considered complete but covers the most common examples.