securitytxt.org
portmaster
securitytxt.org | portmaster | |
---|---|---|
42 | 202 | |
61 | 8,574 | |
- | 1.8% | |
3.8 | 9.5 | |
18 days ago | 2 days ago | |
HTML | Go | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
securitytxt.org
-
How to respond to unsolicited vulnerability report from users of public sites?
You might consider setting up security.txt notifications, per RFC 9116, to funnel people into the right notification paths. Otherwise, they might try spamming random emails they find or can guess at. I've had external researchers contact our CTO and CEO directly, creating a new problem for me.
-
How to make a bounty bug request
Check if they have a security.txt, if they do not, check their /security. If both come up empty, use any contact form that they have available.
- A qui dénoncer une brèche?
-
Anywhere I can advertise a bounty for my site?
In addition to the Bug bounty programs already posted in the comments, I'd suggest you create a security.txt with a dedicated security contact.
-
need advice please
Does the website have a responsible disclosure page or a security.txt?
-
Whats the policy on posting open government or international government directories?
there's technically https://securitytxt.org as well; but sadly it's not in super duper wide deployment (some big places have it, though!)
-
Implementation of RFC 9116 (security.txt) as well as possibility for encrypted contact
Especially in the area you guys are operating in, I think it would be great if you could implement RFC 9116 (https://securitytxt.org/). If someone finds a vulnerability on your website, the client or even the SPN, this would make communication or a responsible disclosure process much easier. Furthermore, it would be great if the possibility for secure communication with your staff (e.g. using GPG) would be possible.
- I found a security issue on a website, came on a different sub to ask how to monetise this, gave the owners one week to give me a job, then when they didn't, made a tiktok about it to say how knowledgeable in IT I am. Why are they threatening me?
-
Infosys leaked FullAdminAccess AWS keys on PyPI for over a year
When do companies finally start adopting the `security.txt` proposal (see https://securitytxt.org).
Would have made a big difference!
- security.txt
portmaster
- Portmaster is a privacy suite for your Windows and Linux desktop
-
I pwned half of America's fast food chains, simultaneously
There's a very good relatively new open-source GUI firewall app like this called Portmaster:
https://safing.io/
It's available for Windows and Linux
-
Port forwarding done by university network admin, they opened every port past 1024???
You can get your own firewall app. Portmaster by safing.io lets you open and close what ever ports you want on your windows system
- A recommendation for adblock
-
Zen: Ad-blocker and privacy guard for Windows, MacOS and Linux
amazing work OP! what's the difference between zen and portmaster? :) i would like to compare options to see which one fits my needs the best way
- Portmaster open-source application firewall
-
Portmaster Application Firewall v1.4
For Context: Technical Introduction from https://github.com/safing/portmaster#technical-introduction
Portmaster is a privacy suite for your Windows and Linux desktop.
Base Technology
- Portmaster integrates into network stack using nfqueue on Linux and a kernel driver (WFP) on Windows.
- Packets are intercepted at the raw packet level - every packet is seen and can be stopped.
- Ownership of connections is found using eBPF and `/proc` on Linux and a kernel driver and the IP Helper API (`iphlpapi.dll`) on Windows.
- Most settings can be defined per app, which can be matched in different ways.
- Support for special processes with weird or concealed paths/actors:
--- Snap, AppImage and Script support on Linux
--- Windows Store apps and svchost.exe system services support on Windows
- Everything is 100% local on your device. (except the SPN, naturally)
--- Updates are fully signed and downloaded automatically.
--- Intelligence data (block lists, geoip) is downloaded and applied automatically.
- The Portmaster Core Service runs as a system service, the UI elements (App, Notifier) run in user context.
- The main UI still uses electron as a wrapper :/ - but this will change in the future. You can also open the UI in the browser
Feature: Secure DNS
- Portmaster intercepts "astray" DNS queries and reroutes them to itself for seamless integration.
- DNS queries are resolved by the default or configured DoT/DoH resolvers.
- Full support for split horizon and horizon validation to defend against rebinding attacks.
Feature: Privacy Filter
- Define allowed network scopes: Localhost, LAN, Internet, P2P, Inbound.
- Easy rules based on Internet entities: Domain, IP, Country and more.
- Filter Lists block common malware, ad, tracker domains etc.
Feature: Network History ($)
- Record connections and their details in a local database and search all of it later
- Auto-delete old history or delete on demand
Feature: Bandwidth Visibility ($)
- Monitor bandwidth usage per connection and app
Feature: SPN - Safing Privacy Network ($)
- A Privacy Network aimed at use cases "between" VPN and Tor.
- Uses onion encryption over multiple hops just like Tor.
- Routes are chosen to cover most distance within the network to increase privacy.
- Exits are chosen near the destination server. This automatically geo-unblocks in many cases.
- Exclude apps and domains/entities from using SPN.
- Change routing algorithm and focus per app.
- Nodes are hosted by Safing (company behind Portmaster) and the community.
- Speeds are pretty decent (>100MBit/s).
- PSA: Intel Graphics Drivers Now Collect Telemetry by Default
-
Thoughts on safing.io
Portmaster itself is open source (https://github.com/safing/portmaster)
-
Count me out on next releases
Then install https://safing.io/ (Portmaster); it's free.
What are some alternatives?
security.txt
simplewall - Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
countwords - Playing with counting word frequencies (and performance) in various languages.
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
hipaa-compliance-developers-guide - A developers guide to HIPAA compliance and application development.
audacity - Audio Editor
wyhash - The FASTEST QUALITY hash function, random number generators (PRNG) and hash map.
spn - Safing Privacy Network
irssi - The client of the future
LuLu - LuLu is the free macOS firewall
password-manager-resources - A place for creators and users of password managers to collaborate on resources to make password management better.
musescore-downloader - ⚠️ This repo has moved to https://github.com/LibreScore/dl-librescore ⚠️ | Download sheet music (MSCZ, PDF, MusicXML, MIDI, MP3, download individual parts as PDF) from musescore.com for free, no login or Musescore Pro required | 免登录、免 Musescore Pro,免费下载 musescore.com 上的曲谱