Viewers of @NCIIPC web portal are getting security error in certain browsers due to unrecognized root certificate of Root Certifying Authority of India
(#RCAI). Follow user manual for installation of required root certificate to avoid such warning https://t.co/LWGv5ZFttG
New blogpost: extracting unencrypted private SSH keys from Windows 10's new builtin ssh-agent service
Had some fun this weekend playing with the new OpenSSH utilities on Windows 10. Might be useful for pentesters/redteamers :)
https://t.co/Xn47rTfVQc
Law enforcement has argued for legally mandating encryption backdoors into our devices—and justified this saying they can't get in any other way, citing, in particular, 7,775 un-hackable Phones in 2017.
It's time we learned where that number came from. https://t.co/4RndqcAVKp
Long thread. If you want to know the high-level details of the Efail attack, read. Yes, it was embargoed; yes, we were respecting the embargo; but links to the paper are now easy to get, so... here goes. 1/
Efail is a prime example of irresponsible disclosure. There is no responsibility in hyping the story to @EFF and mainstream media and getting an irresponsible recommendation published (disable PGP), ignoring the fact that many (Enigmail, etc) are already patched.
A new security vulnerability has been discovered in PGP (and GPG) that affects a range of email clients and plugins. To protect yourself, EFF highly recommends that for now you uninstall or disable your PGP email plug-in. #efail 1/4 https://t.co/mSpgLbM1ns
We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4