TLS via SMTP is opportunistic which makes connections vulnerable to man-in-the-middle-attacks. In order to prevent mitm-attacks, DANE could be used. The sender-server will first check the domain-records if dnssec is in use(and valid) and if a TLSA-record is published(and valid). If a TLSA-record is valid and matches with the certificate of the recipient-server the connection could be encrypted and the encryption is verified.
DNS is one of the oldest but also one of the most important network protocols we have and actively use. Dan Kaminsky discovered 2008 some serious flaws in DNS which is very well explained on this site. DNSsec is supposed to solve those problems.
I am very surprised that statx-fun got one of my most popular git repositories. Arkadiusz Miśkiewicz even created a PLD-Linux-package for it. I didn't expect that.
Every time I replace an old hard disk by a newer or bigger one I think that I'll wipe it later. Now I have a big amount of hard disks to wipe. Since wiping takes ages, I don't want to use my personal computer for that. I would prefer a small device with low energy consumption just for wiping. That's why I am going to build a "Nukestation". Basically it's just a Raspberry Pi with nwipe on it and a udev-rule for automatically wipe attached hard disks. But some extras would be nice...
Darkik's Boot and Nuke(DBAN) is an open-source programm for securely wipe hard drives but reached it's end of life. There is a fork called nwipe. On Debian it can be easily installed by calling "apt-get install nwipe" and works almost the same like dban.
Impact: Code-Execution. The impact for this vulnerability is considered as low because an attacker could exploit this for code execution only if the configuration-file is not protected properly.
The list of possible sources for suricata-update is downloaded from "https://www.openinfosecfoundation.or
I wish you a merry Christmas, beautiful holidays and a happy new year.
