F. Maury ⏚

F. Maury ⏚'s avatar
F. Maury ⏚
🛡️ x_cli@infosec-exchange.mostr.pub
npub1xtlv...7jkp
Network and Protocol Security Specialist. I am currently freelancing on missions in the following domains: system, network, software and security engineering. I have a strong interest for applied cryptography, and I am used to give trainings and to write press articles and blog posts. I am an antispeciesist, and member of L214, a French NGO fighting for animal rights. I also fight for LGBTQIA+ rights. I am a RNG (Random Network Guy/Girl): do not expect better posts than those produced by an infinite number of monkeys. #infosec #cybersecurity #network #crypto #linux #antispeciesism #author #privacy #podcast #devops #secdevops #devsecops #lgbt #fedi22 searchable
Donc #Indy a déployé le support des passkeys... et ils ont codé un mécanisme de détection du support du navigateur pour "améliorer l'UX afin de ne pas afficher des options pouvant rendre confus l'utilisateur non-technique". L'idée est intéressante. Sauf quand on a codé une détection défectueuse qui exclut des navigateurs parfaitement compatibles avec l'usage des passkeys ! En l'occurrence, ils excluent tous les utilisateurs de Linux... Voilà. Et quand je remonte le problème, après quelques échanges infructueux avec l'équipe technique, le support coupe la conversation. The fuck. #infosec #passkeys
Many #Terraform providers using SSH do not check the SSH host key... they just run with ssh.InsecureIgnoreHostKey... And to be honest, it is partly the fault of the SSH standard library which makes it super easy to ignore the host key and does not provide any useful builtin key verification function. People are lazy. ssh.FixedHostKey is niche. So I implemented a small library to verify SSH host keys. It builds a verification function using your known_hosts file, another one of your choice, known_hosts entries or SSHFP records queried over classic DNS, DNS over TLS or DNS over HTTPS.
Codeberg.org
sshhostkey
Provides a SSH HostKeyCallback builder to check keys with known_hosts files, entries or SSHFP (over classic DNS, DoT and DoH)
 Cheers! 🥳 #infosec #ssh #terraform #opentofu #iac
@npub1dl7j...976j Hey, it is me again 😅 Just to let you know that I receive some 400 Bad Request errors from some DoH servers (dns.quad9.net and ns0.fdn.fr for instance) while some others accept my queries (dns.google and Cloudflare 1.1.1.1). I am not sure yet if the error is on my use of the library or within the library itself. Here is the code to run the query:
Cookie monster!
 I'll continue to investigate.
Of course, actions/checkout does not support Git repositories with a SHA-256 object format and it fails with a non-obvious error message about not finding your commit. fatal: couldn't find remote ref 93dc253dbf61c4006943cff76f522904fa2a6fc5a96060b9aa963cce990a2d0b Fuck that shit.
@npub1dl7j...976j This is me again 😅 Using DoH, I get a weird EOF error during the dnshttp.Response conversion of the HTTP response. The response was sent using the dnshttp.ResponseWriter implementation. Digging into implementation of the ResponseWriter, I see that you truncate the two leading bytes (response size) of TCP answers:
Cookie monster!
 However, you also send that the content-length is the length without the "minus 2" operation. I was able to confirm that my HTTP response body is 128 bytes long and the content-length is said to be 130 bytes. Have you been able to use this successfully in the past or am I missing something? The response was generated using a handler that was successful over DoT and "classic" DNS, but my error could be in my HTTP handler.