#security

This week we’re tackling some common misconceptions with privacy, security, and anonymity!

Often privacy and anonymity are used interchangeably. However, there are distinct differences between the two. In our latest video, we aim to explain and discuss the differences, so you can make better decisions on your privacy and security journey.

https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/

#Privacy #Security #Anonymity #PrivacyGuides #Video

New Privacy Guides article 🔐✨
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc

Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS

Come work with me!

#Monterey #MontereyBayAquarium #Security #GetFediHired #Jobs #Hiring

https://candidateportal.creativecircle.com/job-detail/796730

New Privacy Guides article 🔐✨
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc

Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS

New Privacy Guides article 🔐✨
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc

Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS

New Privacy Guides article 🔐✨
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc

Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS

Blogged: Creating provenance attestations for NuGet packages in GitHub Actions

https://andrewlock.net/creating-provenance-attestations-for-nuget-packages-in-github-actions/

In this post I discuss software provenance, what attestations say about your software, how they work, how to create an attestation for a NuGet package, and why that doesn't really work 😅

#dotnet #security

Mastodon friends, I've heard a few suggestions of companies moving from US cloud providers to those based in the EU, due to risks with the Trump administration/Cloud Act, etc.

Has anyone come across any businesses that have made the leap recently? Feel free to DM or message on Signal, mattburgess.20

#infosec #privacy #cloud #security

Mastodon friends, I've heard a few suggestions of companies moving from US cloud providers to those based in the EU, due to risks with the Trump administration/Cloud Act, etc.

Has anyone come across any businesses that have made the leap recently? Feel free to DM or message on Signal, mattburgess.20

#infosec #privacy #cloud #security

I thought I had seen it all when it comes to mail delivery and security issues.

But this morning I was introduced to the fact that there are Exchange admins who will implement a rule that all incoming mail from outside their own organization should be flagged as potentially dangerous and presented to the user with the option to block sender and no option to mark the message or the sender as valid.

Yes, that for every single message.

#exchange #smtp #email #security

I thought I had seen it all when it comes to mail delivery and security issues.

But this morning I was introduced to the fact that there are Exchange admins who will implement a rule that all incoming mail from outside their own organization should be flagged as potentially dangerous and presented to the user with the option to block sender and no option to mark the message or the sender as valid.

Yes, that for every single message.

#exchange #smtp #email #security

New Privacy Guides video 📺✨
by @jw

If you've wondered about
the difference between:

Privacy,
Security,
and Anonymity

And why some privacy-focused
services are worth using even when they don't provide perfect anonymity, watch this!

It's truly an amazing short video!
Everyone should watch it 👇

https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/

#PrivacyGuides #Privacy #Security #Anonymity

One more reason for this: https://arstechnica.com/gadgets/2025/03/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-on-march-28/ #alexa #security #privacy #geek

One more reason for this: https://arstechnica.com/gadgets/2025/03/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-on-march-28/ #alexa #security #privacy #geek

One more reason for this: https://arstechnica.com/gadgets/2025/03/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-on-march-28/ #alexa #security #privacy #geek

One more reason for this: https://arstechnica.com/gadgets/2025/03/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-on-march-28/ #alexa #security #privacy #geek

The battle for encryption happens TODAY. Your right to privacy and security will be decided behind your back.

We call for the hearing to be made public.

Encryption must be protected from this slippery slope.

Sign and share our petition to have your say ⬇️

https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted

#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #tech #Apple

The battle for encryption happens TODAY. Your right to privacy and security will be decided behind your back.

We call for the hearing to be made public.

Encryption must be protected from this slippery slope.

Sign and share our petition to have your say ⬇️

https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted

#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #tech #Apple

"This is a significant test for the battle between law enforcement and technology.”

Holding the Apple case in secret makes the legal process more cloak and dagger, less scales and sword.

It makes it harder to challenge the UK government's order to break encryption and creates a dangerous precedent.

This case sets the stage for more shady encryption-breaking orders to be made.

https://www.theguardian.com/technology/2025/mar/14/what-could-apples-high-court-challenge-mean-for-data-protection

#encryption #e2ee #Apple #ukpolitics #ukpol #privacy #security #tech #cybersecurity

This week we’re tackling some common misconceptions with privacy, security, and anonymity!

Often privacy and anonymity are used interchangeably. However, there are distinct differences between the two. In our latest video, we aim to explain and discuss the differences, so you can make better decisions on your privacy and security journey.

https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/

#Privacy #Security #Anonymity #PrivacyGuides #Video

Come work with me!

#Monterey #MontereyBayAquarium #Security #GetFediHired #Jobs #Hiring

https://candidateportal.creativecircle.com/job-detail/796730

Come work with me!

#Monterey #MontereyBayAquarium #Security #GetFediHired #Jobs #Hiring

https://candidateportal.creativecircle.com/job-detail/796730

Based on the @w3c workshop "Secure the Web Forward” and thanks to work taking place in the W3C Security Web Application Guidelines (SWAG) #CommunityGroup, we are happy to release 6 videos that address the complexities of Content Security Policy and Trusted Types, by introducing open-source tooling that reduce uncertainty and complexity of configuring web #security mitigations against XSS.

▶️ https://www.w3.org/blog/2025/how-to-protect-your-web-applications-from-xss/
cc @simone @torgo

🎬 Security at W3C playlist: https://www.youtube.com/playlist?list=PLNhYw8KaLq2Wr27HLfSTD4d6JpC3G0PVr

Whisper it, the showdown over Apple encryption is THIS WEEK ⏱️

🤐 A secret tribunal will hear the appeal against the UK government’s order to carve a backdoor into Apple’s encrypted services.

🛑 Our cybersecurity and privacy shouldn’t be decided in the shadows.

https://www.computerweekly.com/news/366620363/Secret-London-tribunal-to-hear-appeal-in-Apple-vs-government-battle-over-encryption

#encryption #Apple #privacy #cybersecurity #security #e2ee #ukpolitics #ukpol

In response to the State's demand for insecurity, Apple withdrew its encrypted services from the UK and appealed.

A secret tribunal now decides 🤫

This hearing MUST happen in public.

It starts with Apple... the UK government will chomp away encryption to a rotten core.

https://www.digit.fyi/apple-to-battle-uk-gov-over-encryption-in-secret-tribunal/

#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple

In response to the State's demand for insecurity, Apple withdrew its encrypted services from the UK and appealed.

A secret tribunal now decides 🤫

This hearing MUST happen in public.

It starts with Apple... the UK government will chomp away encryption to a rotten core.

https://www.digit.fyi/apple-to-battle-uk-gov-over-encryption-in-secret-tribunal/

#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple

History is a set of lies agreed upon.

The UK government took to revisionist tactics and wiped its advice for lawyers and barristers to use Apple encrypted services.

Putting victims of crime at a greater risk of harm so you don't contradict yourself isn't a good look 🤷‍♂️

https://techcrunch.com/2025/03/06/uk-quietly-scrubs-encryption-advice-from-government-websites/

#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple

The UK Home Office issued a secret order under the Investigatory Powers Act to make Apple put a backdoor in its encrypted services.

This is so the government can access what's uploaded to the cloud... them and hackers alike.

Too sly sly, hush hush spy to spy.

https://www.openrightsgroup.org/press-releases/uk-government-undermines-security-with-demands-for-apple-encrypted-data/

#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple

The story so far...

The Investigatory Powers Act was widened last year to:

🔴 Prevent companies from rolling out encryption.
🔴 Have the UK government approve any security updates to tech products.

Surveillance first 👁️, security be damned 🗑️

https://www.openrightsgroup.org/press-releases/investigatory-powers-amendment-bill-threatens-security-and-privacy/

#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple

Make it rain 🌧️

The UK government’s demand for a spy hole makes your iCloud storage leaky.

All your pics, docs, finances and more are up for grabs. Hackers, blackmailers and predators will have a field day.

Sign our petition to save Apple encrypted services!

➡️ https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted

#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple

🚨BREAKING🚨 The French National Assembly removed the backdoor section from the amendment to the #Narcotrafic law.

Read here how Politicians tried to undermine everybody's #security: https://tuta.com/blog/france-surveillance-nacrotrafic-law

🙏 And thank you for fighting against this with us. This is a great win for privacy, yet, the battle is not over. Together we are strong! 💪

#backdoor #encryption #privacy #security

🚨BREAKING🚨 The French National Assembly removed the backdoor section from the amendment to the #Narcotrafic law.

Read here how Politicians tried to undermine everybody's #security: https://tuta.com/blog/france-surveillance-nacrotrafic-law

🙏 And thank you for fighting against this with us. This is a great win for privacy, yet, the battle is not over. Together we are strong! 💪

#backdoor #encryption #privacy #security

Whisper it, the showdown over Apple encryption is THIS WEEK ⏱️

🤐 A secret tribunal will hear the appeal against the UK government’s order to carve a backdoor into Apple’s encrypted services.

🛑 Our cybersecurity and privacy shouldn’t be decided in the shadows.

https://www.computerweekly.com/news/366620363/Secret-London-tribunal-to-hear-appeal-in-Apple-vs-government-battle-over-encryption

#encryption #Apple #privacy #cybersecurity #security #e2ee #ukpolitics #ukpol

Whisper it, the showdown over Apple encryption is THIS WEEK ⏱️

🤐 A secret tribunal will hear the appeal against the UK government’s order to carve a backdoor into Apple’s encrypted services.

🛑 Our cybersecurity and privacy shouldn’t be decided in the shadows.

https://www.computerweekly.com/news/366620363/Secret-London-tribunal-to-hear-appeal-in-Apple-vs-government-battle-over-encryption

#encryption #Apple #privacy #cybersecurity #security #e2ee #ukpolitics #ukpol

Save Encryption. Save the World 🌐

Only by blocking message scanning technology on messaging apps can we ensure online safety!

End-to-end encryption prevents predators and hackers from weeding their way into our private lives.

We must #PracticeSafeText 💬

https://www.openrightsgroup.org/blog/the-case-for-encryption/

#e2ee #encryption #onlinesafety #onlinesafetyact #ukpolitics #ukpol #privacy #security #cybersecurity #ofcom #whatsapp #signal

Mixing up Public and Private Keys in OpenID Connect deployments - Hanno's Blog:

https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html

#oauth #openid #security

Based on the @w3c workshop "Secure the Web Forward” and thanks to work taking place in the W3C Security Web Application Guidelines (SWAG) #CommunityGroup, we are happy to release 6 videos that address the complexities of Content Security Policy and Trusted Types, by introducing open-source tooling that reduce uncertainty and complexity of configuring web #security mitigations against XSS.

▶️ https://www.w3.org/blog/2025/how-to-protect-your-web-applications-from-xss/
cc @simone @torgo

🎬 Security at W3C playlist: https://www.youtube.com/playlist?list=PLNhYw8KaLq2Wr27HLfSTD4d6JpC3G0PVr

Carpe DM 👁️‍🗨️?

End-to-end encryption = online safety. It keeps what we send on messaging apps secure from hackers and predators.

🚫 Tell Ofcom NOT to implement message scanning powers in their consultation.

⏰ You have until 5pm TODAY!

#PracticeSafeText 💬

https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text

#e2ee #encryption #onlinesafety #onlinesafetyact #ukpolitics #ukpol #privacy #security #cybersecurity #ofcom #whatsapp #signal

Carpe DM 👁️‍🗨️?

End-to-end encryption = online safety. It keeps what we send on messaging apps secure from hackers and predators.

🚫 Tell Ofcom NOT to implement message scanning powers in their consultation.

⏰ You have until 5pm TODAY!

#PracticeSafeText 💬

https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text

#e2ee #encryption #onlinesafety #onlinesafetyact #ukpolitics #ukpol #privacy #security #cybersecurity #ofcom #whatsapp #signal

The State of Personal Online Security and Confidentiality | SXSW LIVE

By @Mer__edith , President Signal Foundation

A brilliant discussion on Signal, human rights, surveillance, and security. 🥳

#Signal #SXSW #Privacy #OpenSource #FOSS #MeredithWhittaker #BigTech #Security

Welcome to Jurassic Park: A Comprehensive Study of #Security Risks in #Deno and its Ecosystem

Deno 2.0 addresses many of the problems identified but it's a great paper to read.

#javascript

https://cispa.de/en/research/publications/84103-welcome-to-jurassic-park-a-comprehensive-study-of-security-risks-in-deno-and-its-ecosystem

Save Encryption. Save the World 🌐

Only by blocking message scanning technology on messaging apps can we ensure online safety!

End-to-end encryption prevents predators and hackers from weeding their way into our private lives.

We must #PracticeSafeText 💬

https://www.openrightsgroup.org/blog/the-case-for-encryption/

#e2ee #encryption #onlinesafety #onlinesafetyact #ukpolitics #ukpol #privacy #security #cybersecurity #ofcom #whatsapp #signal

https://wybt.net/@tfiebig/114123189213216793

It's almost like treating #optOut as a standard approach is a really f***ing bad idea.

What's it going to take for code bros to learn?

#consent #optIn #privacy #security

Welcome to Jurassic Park: A Comprehensive Study of #Security Risks in #Deno and its Ecosystem

Deno 2.0 addresses many of the problems identified but it's a great paper to read.

#javascript

https://cispa.de/en/research/publications/84103-welcome-to-jurassic-park-a-comprehensive-study-of-security-risks-in-deno-and-its-ecosystem

🚨 Time is Running Out to Save Encryption 🔐

Ofcom is consulting on implementing message scanning powers in the UK Online Safety Act.

This would break end-to-end encryption on the messaging apps we all use!

⏰ CLOSES Monday 10 March, 5pm.

Use our tool to tell Ofcom #PracticeSafeText 💬

ACT NOW ⬇️

https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text

#e2ee #encryption #OnlineSafetyAct #ukpolitics #ukpol #privacy #ofcom #security #cybersecurity #whatsapp #signal

🚨 Time is Running Out to Save Encryption 🔐

Ofcom is consulting on implementing message scanning powers in the UK Online Safety Act.

This would break end-to-end encryption on the messaging apps we all use!

⏰ CLOSES Monday 10 March, 5pm.

Use our tool to tell Ofcom #PracticeSafeText 💬

ACT NOW ⬇️

https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text

#e2ee #encryption #OnlineSafetyAct #ukpolitics #ukpol #privacy #ofcom #security #cybersecurity #whatsapp #signal

GNU Emacs: new critical remote shell injection vulnerability.

Red Hat discovered a command injection flaw in the text editor Emacs. It allows a remote, unauthenticated attacker to execute any command on your computer. The vulnerability is activated when you visit a malicious website or link.

https://www.cve.org/CVERecord?id=CVE-2025-1244

---

#news #software #gnu #emacs #security #hacking #terminal #linux #cve #opensource #freesoftware

---

Mitigation: uninstall/update immediately.

New Privacy Guides article 🔑✨
by me:

If you are using a YubiKey,

you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.

This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.

I hope you find it helpful!

https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/

#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA

New Privacy Guides article 🔑✨
by me:

If you are using a YubiKey,

you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.

This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.

I hope you find it helpful!

https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/

#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA

New Privacy Guides article 🔑✨
by me:

If you are using a YubiKey,

you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.

This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.

I hope you find it helpful!

https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/

#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA

I can't believe that Mozilla is choosing to take Firefox down this road of seemingly trying to harvest and sell their users' data, when there is already a proven method to increase their revenue with one of their own products.

Thunderbird has already proven that people are willing to support open source, privacy-friendly and well-maintained projects, especially if it's a critical part of their workflow. Just build a product that people want to use.

#Mozilla #Firefox #Privacy #Security

I can't believe that Mozilla is choosing to take Firefox down this road of seemingly trying to harvest and sell their users' data, when there is already a proven method to increase their revenue with one of their own products.

Thunderbird has already proven that people are willing to support open source, privacy-friendly and well-maintained projects, especially if it's a critical part of their workflow. Just build a product that people want to use.

#Mozilla #Firefox #Privacy #Security

Since Firefox requires a "nonexclusive, royalty-free, worldwide license" to my personal data, I've finally decided to move away to another browser.

https://www.youtube.com/watch?v=Rc96ISKh2OM

The problem appears to be, though, that I'm not sure which browser to use now. Most of the alternatives seem to have questionable privacy or security.

#Firefox #Privacy #Security

#NATO #EU #USpol #security

Very interesting food for thought:

"Managing the Transatlantic Divorce: A roadmap towards a European way of war"

Warning: May make an uncomfortable read but IMHO we have to face reality as is, not as we wish it to be.

https://www.epc.eu/en/publications/Managing-the-Transatlantic-Divorce-A-roadmap-towards-a-European-way-o~62bd58

#NATO #EU #USpol #security

Very interesting food for thought:

"Managing the Transatlantic Divorce: A roadmap towards a European way of war"

Warning: May make an uncomfortable read but IMHO we have to face reality as is, not as we wish it to be.

https://www.epc.eu/en/publications/Managing-the-Transatlantic-Divorce-A-roadmap-towards-a-European-way-o~62bd58

LGBTQ people need online communities for support 🏳️‍🌈 🌐

End-to-end encryption underpins this essential lifeline with the safety of confidentiality.

It's a matter of survival, particularly for people who live with unsupportive families or in oppressive societies.

Save encryption. #PracticeSafeText 💬

https://www.openrightsgroup.org/blog/queercryption-safety-in-numbers/

#e2ee #encryption #lgbtq #lgbtqia #lgbt #queer #privacy #security #queercryption

“Strong encryption strengthens the foundation of trust online and ensures that our digital spaces remain ones where individuals can live authentically and without fear.”

Shae Gardner from LGBT Tech explains why encryption is so important for the LGBTQ community 🏳️‍🌈

#PracticeSafeText 💬

#e2ee #encryption #lgbt #lgbtq #lgbtqia #privacy #security #queer #queercryption

“Strong encryption strengthens the foundation of trust online and ensures that our digital spaces remain ones where individuals can live authentically and without fear.”

Shae Gardner from LGBT Tech explains why encryption is so important for the LGBTQ community 🏳️‍🌈

#PracticeSafeText 💬

#e2ee #encryption #lgbt #lgbtq #lgbtqia #privacy #security #queer #queercryption

LGBTQ people are core users of the Internet 🏳️‍🌈 🌐

80% participate in social networking, compared to 58% of the general public.

Messaging apps that use end-to-end encryption help to keep LGBTQ people safe.

Read more from LGBT Tech ⬇️

https://www.lgbttech.org/post/2019/11/22/lgbt-tech-release-encryption-one-sheet

#PracticeSafeText 💬

#e2ee #encryption #queercryption #privacy #security #lgbt #lgbtq #lgbtqia #queer

LGBTQ people need online communities for support 🏳️‍🌈 🌐

End-to-end encryption underpins this essential lifeline with the safety of confidentiality.

It's a matter of survival, particularly for people who live with unsupportive families or in oppressive societies.

Save encryption. #PracticeSafeText 💬

https://www.openrightsgroup.org/blog/queercryption-safety-in-numbers/

#e2ee #encryption #lgbtq #lgbtqia #lgbt #queer #privacy #security #queercryption

Welcome to Jurassic Park: A Comprehensive Study of #Security Risks in #Deno and its Ecosystem

Deno 2.0 addresses many of the problems identified but it's a great paper to read.

#javascript

https://cispa.de/en/research/publications/84103-welcome-to-jurassic-park-a-comprehensive-study-of-security-risks-in-deno-and-its-ecosystem

🧪 NEW BETA RELEASES 🧪

📱 iOS 18.4 beta 2 (22E5216h)
📱 iPadOS 18.4 beta 2 (22E5216h)
💻 macOS 15.4 beta 2 (24E5222f)
📺 tvOS 18.4 beta 2 (22L5234e)
🥽 visionOS 2.4 beta 2 (22O5215f)
⌚ watchOS 11.4 beta 2 (22T5228e)

#apple #cybersecurity #infosec #security #ios

France is about to pass the worst surveillance law in the EU.

Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law

#backdoor #encryption #privacy #security

@psuPete Recommends - Weekly highlights on cyber security issues, 03/01/25 https://www.llrx.com/2025/03/pete-recommends-weekly-highlights-on-cyber-security-issues-march-1-2025/ Five posts from this week: #Trump has purged government websites; The Wayback Machine trying to preserve the record; Turn off your read receipts. They’re a #security risk; You can now easily remove personal info from #Google Search results; Google plans to end #SMS verification in favor of #QR codes; and #Verizon isn’t doing enough to protect customers from #robocall scams. #cybercrime #privacy

@psuPete Recommends - Weekly highlights on cyber security issues, 03/01/25 https://www.llrx.com/2025/03/pete-recommends-weekly-highlights-on-cyber-security-issues-march-1-2025/ Five posts from this week: #Trump has purged government websites; The Wayback Machine trying to preserve the record; Turn off your read receipts. They’re a #security risk; You can now easily remove personal info from #Google Search results; Google plans to end #SMS verification in favor of #QR codes; and #Verizon isn’t doing enough to protect customers from #robocall scams. #cybercrime #privacy

🧪 NEW BETA RELEASES 🧪

📱 iOS 18.4 beta 2 (22E5216h)
📱 iPadOS 18.4 beta 2 (22E5216h)
💻 macOS 15.4 beta 2 (24E5222f)
📺 tvOS 18.4 beta 2 (22L5234e)
🥽 visionOS 2.4 beta 2 (22O5215f)
⌚ watchOS 11.4 beta 2 (22T5228e)

#apple #cybersecurity #infosec #security #ios

Von wegen #Arbeitsagentur: Wer nen schoenen #Job hat, darf mich gerne anpingen. Mit #ubirch hab ich 8 Jahre als #CTO gewerkelt. Dabei war Hardware (#Calliope mini, #Trackle), Software (embedded, Blockchain, #security, #cryptography, #trust) - speziell der elektonische #Impfnachweis und am Ende #ESG greenhouse gas accounting. Ich helfe Teams mit ihren Aufgaben zu wachsen und stabile Produkte zu produzieren.

Von wegen #Arbeitsagentur: Wer nen schoenen #Job hat, darf mich gerne anpingen. Mit #ubirch hab ich 8 Jahre als #CTO gewerkelt. Dabei war Hardware (#Calliope mini, #Trackle), Software (embedded, Blockchain, #security, #cryptography, #trust) - speziell der elektonische #Impfnachweis und am Ende #ESG greenhouse gas accounting. Ich helfe Teams mit ihren Aufgaben zu wachsen und stabile Produkte zu produzieren.

“It is unsurprising that allies in #Europe are gathering in London this weekend & equally unsurprising that the #UK is being taken much more seriously in Brussels & capitals,” Ashton said.

And yet there are limits to #Starmer’s #diplomacy. He was unable to extract any #security guarantees from #Trump for #Ukraine, despite an exaggerated show of deference to the president. That included Starmer hand-delivering an invitation for a state visit from #KingCharles….

#geopolitics #Russia #US #NATO

The #summit meeting has thrust #Starmer into an unaccustomed place for a British prime minister: at the heart of #Europe during a crisis. >8 years after the country voted to leave the #EU, the rapidly changing #security landscape is driving #Britain closer to the continent.

Catherine Ashton, a Briton who served as the EU’s high representative for #ForeignAffairs & security policy, said Starmer’s successful meeting w/ #Trump had reinforced his credentials as a leader for Europe.

#geopolitics

🚀 BiznisBox v2 is here! 🎉

After 6+ months of development, we’re bringing you a major upgrade with:

🔐 2FA & Login Notifications – Enhanced security for safer access
🔗 Webhook Support – Seamless third-party integrations
🛠️ New Support Ticket Module – Streamlined issue tracking
📜 New Contracts Module – Better document organization
🎨 Complete UI Redesign – Modern, intuitive & sleek
Upgrade now & experience the future of business management! 🚀

#BiznisBox #Update #Productivity #Security #NewRelease

France is about to pass the worst surveillance law in the EU.

Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law

#backdoor #encryption #privacy #security

🚀 BiznisBox v2 is here! 🎉

After 6+ months of development, we’re bringing you a major upgrade with:

🔐 2FA & Login Notifications – Enhanced security for safer access
🔗 Webhook Support – Seamless third-party integrations
🛠️ New Support Ticket Module – Streamlined issue tracking
📜 New Contracts Module – Better document organization
🎨 Complete UI Redesign – Modern, intuitive & sleek
Upgrade now & experience the future of business management! 🚀

#BiznisBox #Update #Productivity #Security #NewRelease

Good morning to readers; Kyiv remains in Ukrainian hands.

#Zelenskyy said a deal with #Russia is pointless w/o #security #guarantees.

Here’s why: #Kyiv made this mistake before.

#Moscow broke ceasefire after #Minsk agreements. International lawyer Oleksandr watched it all unfold.

Good morning to readers; Kyiv remains in Ukrainian hands.

#Zelenskyy said a deal with #Russia is pointless w/o #security #guarantees.

Here’s why: #Kyiv made this mistake before.

#Moscow broke ceasefire after #Minsk agreements. International lawyer Oleksandr watched it all unfold.

“Principle 4. Individuals’ #security and #privacy on the internet are fundamental and must not be treated as optional.”

“The Mozilla #Manifesto Addendum

Pledge for a Healthy #Internet

The open, global internet is the most powerful communication and collaboration resource we have ever seen. It embodies some of our deepest hopes for human progress. It enables new opportunities for learning, building a sense of shared humanity, and solving the pressing problems facing people everywhere.

Over the last decade we have seen this promise fulfilled in many ways. We have also seen the power of the internet used to magnify divisiveness, incite violence, promote hatred, and intentionally manipulate fact and reality. We have learned that we should more explicitly set out our aspirations for the human experience of the internet. We do so now.”

Lol 🤪 Principles

#mozilla <https://mozilla.org/en-US/about/manifesto/>

GNU Emacs: new critical remote shell injection vulnerability.

Red Hat discovered a command injection flaw in the text editor Emacs. It allows a remote, unauthenticated attacker to execute any command on your computer. The vulnerability is activated when you visit a malicious website or link.

https://www.cve.org/CVERecord?id=CVE-2025-1244

---

#news #software #gnu #emacs #security #hacking #terminal #linux #cve #opensource #freesoftware

---

Mitigation: uninstall/update immediately.

does anybody have a good demo library for correctly doing Shamir Secret Sharing?

#Security #BlueTeam #Cryptography

GrapheneOS version 2025022700 released:

https://grapheneos.org/releases#2025022700

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/20369-grapheneos-version-2025022700-released

#GrapheneOS #privacy #security

'The EU’s chat control legislation is reportedly back on the table... Polish officials have now tabled a new proposal, which is open for feedback until 20 February.'
#law #eu #privacy #surveillance #csam #encryption #security #cybersecurity https://secure.dialog-mail.com/v/145667/1/Wdn4xzHFg8/99136250

France is about to pass the worst surveillance law in the EU.

Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law

#backdoor #encryption #privacy #security

France is about to pass the worst surveillance law in the EU.

Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law

#backdoor #encryption #privacy #security

❌ You can't trade privacy to prevent crime.

⚠️ Message scanning tech punches a hole in everyone's security. Surveillance organisations, hackers, scammers and predators alike will be able to creep into your life.

Read our longread on the need to protect end-to-end encryption ⬇️

#PracticeSafeText #e2ee #encryption #OnlineSafetyAct #privacy #security

https://www.openrightsgroup.org/blog/the-case-for-encryption/

LibreOffice: Manipulierte Dokumente können in Windows Befehle einschleusen

In LibreOffice können Angreifer unter Windows eine Lücke missbrauchen, durch die Dateien nach Klick auf Links ausgeführt werden.

https://www.heise.de/news/LibreOffice-Manipulierte-Dokumente-koennen-in-Windows-Befehle-einschleusen-10296915.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#LibreOffice #Security #Sicherheitslücken #news

LibreOffice: Manipulierte Dokumente können in Windows Befehle einschleusen

In LibreOffice können Angreifer unter Windows eine Lücke missbrauchen, durch die Dateien nach Klick auf Links ausgeführt werden.

https://www.heise.de/news/LibreOffice-Manipulierte-Dokumente-koennen-in-Windows-Befehle-einschleusen-10296915.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#LibreOffice #Security #Sicherheitslücken #news

I am hiring a Senior Privacy Engineer at Gusto: https://job-boards.greenhouse.io/gusto/jobs/6527585

Preferring candidates in Denver, but can hire (remote) in Atlanta, Austin, Chicago, Los Angeles, Miami, Toronto.

More roles coming soon...

#FediHire #security #privacy

OPM’s Own Guidance Says Fed Employees Never Have to Respond to the Elon Emails
https://talkingpointsmemo.com/edblog/opms-own-guidance-says-fed-employees-never-have-to-respond-to-the-elon-emails

"new system [created by #Doge] was given the name Government-Wide Email System (GWES). On February 5th, 2025... OPM published this document... in sections 4.2 and 4.3, federal government employees are never obligated to respond to any GWES emails and are under no obligation to share any information."

#ElonMusk #Musk #5Bullets #email #GWES #OPM #Privacy #Security #Government #News #USA

Someone really should start another not self-hosted, non-US-based, Password Manager. I only know of two:

1) Heylogin
2) pCloud

(1Password, is owned by a Canadian company, owned by a US company).

1) Heylogin - Sucks.

It is completely tired to your phone. Using their web browser extension? Check your phone. Want to log in to a site? Check your phone. Want to update a login details? Check your phone.

You ever lose or damage your phone, you're f-cked. It is not designed for multiple devices either.

2) pCloud

It is indeed outside US-jurisdiction. The company is not owned by any business in the USA. It does not own any businesses itself in the USA. But they do resell services in the USA, and the only way you can avoid not being assigned to one of those US Servers is to use a VPN so you'll be forwarded to their Europe Servers.

From their own documentation:

" As a consequence API calls have to be made to the correct API host name depending were the user has been registered – api.pcloud.com for United States and eapi.pcloud.com for Europe. "

#PasswordManager #Password #Security #Privacy

❌ You can't trade privacy to prevent crime.

⚠️ Message scanning tech punches a hole in everyone's security. Surveillance organisations, hackers, scammers and predators alike will be able to creep into your life.

Read our longread on the need to protect end-to-end encryption ⬇️

#PracticeSafeText #e2ee #encryption #OnlineSafetyAct #privacy #security

https://www.openrightsgroup.org/blog/the-case-for-encryption/

❌ You can't trade privacy to prevent crime.

⚠️ Message scanning tech punches a hole in everyone's security. Surveillance organisations, hackers, scammers and predators alike will be able to creep into your life.

Read our longread on the need to protect end-to-end encryption ⬇️

#PracticeSafeText #e2ee #encryption #OnlineSafetyAct #privacy #security

https://www.openrightsgroup.org/blog/the-case-for-encryption/

Thought experiment:

@letsencrypt offers certificates to encrypt the traffic between a website & your browser.

They reside in the US & thus are subject to the judiciary system of the US.

What are the possible risks for websites outside the US, given the current unstable political situation & administration? What type of damage could an executive order do? How could this be mitigated?

Boosts appreciated.

#Politics #Security #GeoPolitics #Encryption #LetsEncrypt #CyberSecurity #Tech

Apple entfernt seine höchste »Sicherheitsstufe« für Nutzerdaten in UK, nachdem die Regierung Zugriff auf Daten forderte. Die »Advanced Data Protection« (ADP) stellt durch Ende-zu-Ende-Verschlüsselung sicher, dass nur Kontoinhaber auf ihre gespeicherten Fotos oder Dokumente zugreifen können. Das gilt nun nicht mehr.

https://www.bbc.com/news/articles/cgj54eq4vejo

#apple #security #adp #sicherheit

Notesnook v3.0.27 is out with an all new command palette, quick open, support for pasting markdown directly, and much more!

Read the full release notes here: https://blog.notesnook.com/notesnook-v3.0.27

#notesnook, #notetaking, #privacy, #security, #productivity, #encryption

European Court of Human Rights Confirms: Weakening Encryption Violates Fundamental Rights

In a milestone judgment—Podchasov v. Russia—the #European Court of #HumanRights ( #ECtHR) has ruled that weakening of #encryption can lead to general and indiscriminate #surveillance of the #communications of all users and violates the #HumanRight to #privacy.

https://www.eff.org/deeplinks/2024/03/european-court-human-rights-confirms-undermining-encryption-violates-fundamental

#security #freedom #authoritarian #backdoors #hackers #IdentityTheft #banking

The least secure TOTP code possible

https://shkspr.mobi/blog/2025/02/the-least-secure-totp-code-possible/

If you use Multi-Factor Authentication, you'll be well used to scanning in QR codes which allow you to share a secret code with a website. These are known as Time-based One Time Passwords (TOTP⁰).

As I've moaned about before, TOTP has never been properly standardised. It's a mish-mash of half-finished proposals with no active development, no test suite, and no-one looking after it. Which is exactly what you want from a security specification, right?!

So let's try to find some edge-cases and see where things break down.

One Punch Man

This is possibly the least secure TOTP code I could create. Scan it and see whether your app will accept it.

What makes it so crap? There are three things which protect you when using TOTP.

1. The shared secret. In this case, it is abcdefghijklmno - OK, that's not the easiest thing to guess, but it isn't exactly complex.
2. The amount time the code is valid for before changing. Most TOTP codes last 30 seconds, this lasts 120.
3. The length of the code. Most codes are 6 digits long. In theory, the spec allows 8 digits. This is 1. Yup. A single digit.

If you were thick enough to use this¹, an attacker would have a 1/10 chance of simply guessing your MFA code. If they saw you type it in, they'd have a couple of minutes in which to reuse it.

Can modern TOTP apps add this code? I crowdsourced the answers.

Surprisingly, a few apps accept it! Aegis, 1password, and BitWarden will happily store it and show you a 1 digit code for 120 seconds.

A few reject it. Authy, Google Authenticator, and OpenOTP claim the code is broken and won't add it.

But, weirdly, a few interpret it incorrectly! The native iOS app, Microsoft Authenticator, and KeepassXC store the code, but treat it as a 6 digit, 30 second code.

Do The Right Thing

What is the right thing to do in this case? The code is outside the (very loosely defined) specification. Postel's Law tells us that we should try our best to interpret malformed data - which is what Aegis and BitWarden do.

But, in a security context, that could be dangerous. Perhaps rejecting a dodgy code makes more sense?

What is absolutely daft² is ignoring the bits of the code you don't like and substituting your own data! Luckily, in a normal TOTP enrolment, the user has to enter a code to prove they've saved it correctly. Entering in a 6 digit code where only 1 is expected is likely to fail.

We're Only Human

A one-digit code is ridiculous. But what about the other extreme? Would a 128-digit code be acceptable? For a human, no; it would be impossible to type in correctly. For a machine with a shared secret, it possibly makes sesne.

On a high-latency connection or with users who may have mobility difficulties, a multi-minute timeframe could be sensible. For something of extremely high security, sub-30 seconds may be necessary.

But, again, the specification hasn't evolved to meet user needs. It is stagnant and decaying.

What's Next?

There's an draft proposal to tighten up to TOTP spec which has expired.

It would be nice if the major security players came together to work out a formal and complete specification for this vital piece of security architecture. But I bet it won't ever happen.

• Google have archived their work on authentication standards.
• Apple points to Google's outdated spec.
• YubiCo's incompatible spec hasn't been updated in 4 years.
• The otpauth registration lists a consortium called https://openauthentication.org who don't appear to published anything in a decade.
• Microsoft don't have any documentation whatsoever.

So there you have it. We're told to rely on TOTP for our MFA - yet the major apps all disagree on how the standard should be implemented. This is a recipe for an eventual security disaster.

How do we fix it?

#CyberSecurity #rant #security #standards #totp

The least secure TOTP code possible

https://shkspr.mobi/blog/2025/02/the-least-secure-totp-code-possible/

If you use Multi-Factor Authentication, you'll be well used to scanning in QR codes which allow you to share a secret code with a website. These are known as Time-based One Time Passwords (TOTP⁰).

As I've moaned about before, TOTP has never been properly standardised. It's a mish-mash of half-finished proposals with no active development, no test suite, and no-one looking after it. Which is exactly what you want from a security specification, right?!

So let's try to find some edge-cases and see where things break down.

One Punch Man

This is possibly the least secure TOTP code I could create. Scan it and see whether your app will accept it.

What makes it so crap? There are three things which protect you when using TOTP.

1. The shared secret. In this case, it is abcdefghijklmno - OK, that's not the easiest thing to guess, but it isn't exactly complex.
2. The amount time the code is valid for before changing. Most TOTP codes last 30 seconds, this lasts 120.
3. The length of the code. Most codes are 6 digits long. In theory, the spec allows 8 digits. This is 1. Yup. A single digit.

If you were thick enough to use this¹, an attacker would have a 1/10 chance of simply guessing your MFA code. If they saw you type it in, they'd have a couple of minutes in which to reuse it.

Can modern TOTP apps add this code? I crowdsourced the answers.

Surprisingly, a few apps accept it! Aegis, 1password, and BitWarden will happily store it and show you a 1 digit code for 120 seconds.

A few reject it. Authy, Google Authenticator, and OpenOTP claim the code is broken and won't add it.

But, weirdly, a few interpret it incorrectly! The native iOS app, Microsoft Authenticator, and KeepassXC store the code, but treat it as a 6 digit, 30 second code.

Do The Right Thing

What is the right thing to do in this case? The code is outside the (very loosely defined) specification. Postel's Law tells us that we should try our best to interpret malformed data - which is what Aegis and BitWarden do.

But, in a security context, that could be dangerous. Perhaps rejecting a dodgy code makes more sense?

What is absolutely daft² is ignoring the bits of the code you don't like and substituting your own data! Luckily, in a normal TOTP enrolment, the user has to enter a code to prove they've saved it correctly. Entering in a 6 digit code where only 1 is expected is likely to fail.

We're Only Human

A one-digit code is ridiculous. But what about the other extreme? Would a 128-digit code be acceptable? For a human, no; it would be impossible to type in correctly. For a machine with a shared secret, it possibly makes sesne.

On a high-latency connection or with users who may have mobility difficulties, a multi-minute timeframe could be sensible. For something of extremely high security, sub-30 seconds may be necessary.

But, again, the specification hasn't evolved to meet user needs. It is stagnant and decaying.

What's Next?

There's an draft proposal to tighten up to TOTP spec which has expired.

It would be nice if the major security players came together to work out a formal and complete specification for this vital piece of security architecture. But I bet it won't ever happen.

• Google have archived their work on authentication standards.
• Apple points to Google's outdated spec.
• YubiCo's incompatible spec hasn't been updated in 4 years.
• The otpauth registration lists a consortium called https://openauthentication.org who don't appear to published anything in a decade.
• Microsoft don't have any documentation whatsoever.

So there you have it. We're told to rely on TOTP for our MFA - yet the major apps all disagree on how the standard should be implemented. This is a recipe for an eventual security disaster.

How do we fix it?

#CyberSecurity #rant #security #standards #totp

The least secure TOTP code possible

https://shkspr.mobi/blog/2025/02/the-least-secure-totp-code-possible/

If you use Multi-Factor Authentication, you'll be well used to scanning in QR codes which allow you to share a secret code with a website. These are known as Time-based One Time Passwords (TOTP⁰).

As I've moaned about before, TOTP has never been properly standardised. It's a mish-mash of half-finished proposals with no active development, no test suite, and no-one looking after it. Which is exactly what you want from a security specification, right?!

So let's try to find some edge-cases and see where things break down.

One Punch Man

This is possibly the least secure TOTP code I could create. Scan it and see whether your app will accept it.

What makes it so crap? There are three things which protect you when using TOTP.

1. The shared secret. In this case, it is abcdefghijklmno - OK, that's not the easiest thing to guess, but it isn't exactly complex.
2. The amount time the code is valid for before changing. Most TOTP codes last 30 seconds, this lasts 120.
3. The length of the code. Most codes are 6 digits long. In theory, the spec allows 8 digits. This is 1. Yup. A single digit.

If you were thick enough to use this¹, an attacker would have a 1/10 chance of simply guessing your MFA code. If they saw you type it in, they'd have a couple of minutes in which to reuse it.

Can modern TOTP apps add this code? I crowdsourced the answers.

Surprisingly, a few apps accept it! Aegis, 1password, and BitWarden will happily store it and show you a 1 digit code for 120 seconds.

A few reject it. Authy, Google Authenticator, and OpenOTP claim the code is broken and won't add it.

But, weirdly, a few interpret it incorrectly! The native iOS app, Microsoft Authenticator, and KeepassXC store the code, but treat it as a 6 digit, 30 second code.

Do The Right Thing

What is the right thing to do in this case? The code is outside the (very loosely defined) specification. Postel's Law tells us that we should try our best to interpret malformed data - which is what Aegis and BitWarden do.

But, in a security context, that could be dangerous. Perhaps rejecting a dodgy code makes more sense?

What is absolutely daft² is ignoring the bits of the code you don't like and substituting your own data! Luckily, in a normal TOTP enrolment, the user has to enter a code to prove they've saved it correctly. Entering in a 6 digit code where only 1 is expected is likely to fail.

We're Only Human

A one-digit code is ridiculous. But what about the other extreme? Would a 128-digit code be acceptable? For a human, no; it would be impossible to type in correctly. For a machine with a shared secret, it possibly makes sesne.

On a high-latency connection or with users who may have mobility difficulties, a multi-minute timeframe could be sensible. For something of extremely high security, sub-30 seconds may be necessary.

But, again, the specification hasn't evolved to meet user needs. It is stagnant and decaying.

What's Next?

There's an draft proposal to tighten up to TOTP spec which has expired.

It would be nice if the major security players came together to work out a formal and complete specification for this vital piece of security architecture. But I bet it won't ever happen.

• Google have archived their work on authentication standards.
• Apple points to Google's outdated spec.
• YubiCo's incompatible spec hasn't been updated in 4 years.
• The otpauth registration lists a consortium called https://openauthentication.org who don't appear to published anything in a decade.
• Microsoft don't have any documentation whatsoever.

So there you have it. We're told to rely on TOTP for our MFA - yet the major apps all disagree on how the standard should be implemented. This is a recipe for an eventual security disaster.

How do we fix it?

#CyberSecurity #rant #security #standards #totp

If you’re a Windows user, I can help you switch to Linux. Please stop supporting an insecure and privacy-intrusive operating system. What’s stopping you from switching to Linux/macOS? Ask all your questions, and I’ll answer everything.

#linux #macOS #privacy #security #windows

Breaking news for the crab people 🚨

🦀 Ring, a widely used Rust cryptography library, is now unmaintained.

🔐 Security advisory: https://rustsec.org/advisories/RUSTSEC-2025-0007

➡️ Details: https://github.com/briansmith/ring/discussions/2414

#rustlang #opensource #library #security #cryptography

Breaking news for the crab people 🚨

🦀 Ring, a widely used Rust cryptography library, is now unmaintained.

🔐 Security advisory: https://rustsec.org/advisories/RUSTSEC-2025-0007

➡️ Details: https://github.com/briansmith/ring/discussions/2414

#rustlang #opensource #library #security #cryptography

Breaking news for the crab people 🚨

🦀 Ring, a widely used Rust cryptography library, is now unmaintained.

🔐 Security advisory: https://rustsec.org/advisories/RUSTSEC-2025-0007

➡️ Details: https://github.com/briansmith/ring/discussions/2414

#rustlang #opensource #library #security #cryptography

Today I learned that the alarm system that came with our house – a very popular one here in Ireland – can be disarmed via Siri.

The default command?

“Hey, Siri, disarm.”

I shit you not.

#security #smartHome #youGottaBeFuckingKiddingMe #siri #openSesame

Today I learned that the alarm system that came with our house – a very popular one here in Ireland – can be disarmed via Siri.

The default command?

“Hey, Siri, disarm.”

I shit you not.

#security #smartHome #youGottaBeFuckingKiddingMe #siri #openSesame

Apple entfernt seine höchste »Sicherheitsstufe« für Nutzerdaten in UK, nachdem die Regierung Zugriff auf Daten forderte. Die »Advanced Data Protection« (ADP) stellt durch Ende-zu-Ende-Verschlüsselung sicher, dass nur Kontoinhaber auf ihre gespeicherten Fotos oder Dokumente zugreifen können. Das gilt nun nicht mehr.

https://www.bbc.com/news/articles/cgj54eq4vejo

#apple #security #adp #sicherheit

A family member has a Mac that appears compromised. It behaves strangely, runs with higher load than it should and macOS produced some error messages that imply it quarantined some code. I think the machine should be wiped completely and rebuilt.

#Security people: how would you go about this without inadvertently carrying bad stuff over to another Mac or the rebuilt Mac? There are many files, email etc that need to be preserved.

#Russia's main demands to stop the fighting include a withdrawal of Kyiv's troops from Ukrainian territory Moscow [illegally] claims & an end to #Ukraine's ambitions to join #NATO. Ukraine says Russia must withdraw from its territory, & wants #security guarantees from the West. The #Trump admin says Ukraine has unrealistic, "illusionary" goals.

#geopolitics #StandWithUkraine

This is NOT GOOD, not good AT ALL!

Now it will be only a matter of time before the US will want the same!

https://www.bbc.com/news/articles/cgj54eq4vejo

#Privacy #InfoSec #Apple #ADP #iCloud #Data #Security

This is NOT GOOD, not good AT ALL!

Now it will be only a matter of time before the US will want the same!

https://www.bbc.com/news/articles/cgj54eq4vejo

#Privacy #InfoSec #Apple #ADP #iCloud #Data #Security

Trump Guts Crucial OPM Team as Elon Musk Gains Even More Power

The Office of Personnel Management has just limited access to certain government records on #ElonMusk and his #DOGE minions.
https://newrepublic.com/post/191663/elon-musk-opm-privacy-team

"The Trump administration has fired members of the “privacy team” at the #OPM, a move that will hinder #public access & scrutiny over #government records related to the #security clearances of #ElonMusk & Doge."

#Musk #Coup #Trump #Corruption #Politics #Privacy #USPol #News #US #USA

Point of view always matters.

#infosec #breach #databreach #security

This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz

https://www.jwz.org/xscreensaver/google.html

#privacy #security #infosec #Android #screensaver

I wrote a new blog post about DNS (part 1)!

Learn how DNS works in more depth and I even provide you will some useful terminal commands you can try yourself:

https://blog.melroy.org/2025/dns-part-1/

#dns #security #linux #unbound #bind #linux #recursive authoritative# server #nsd #dig #zone #domain #name #system

This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz

https://www.jwz.org/xscreensaver/google.html

#privacy #security #infosec #Android #screensaver

My list of digital service providers outside the jurisdiction of the United States of America. 😉

https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction

The list is now hosted on Codeberg, an alternative to GitHub or GitLab, but based out of Germany. 😉

#Vpn #Dns #Cdn #WebHosting #Email #PasswordManager #WebSearch #Privacy #Security #Project2025 #Fascism #Nazis

We’ve seen significant interest in newsrooms setting up SecureDrop to better protect whistleblowers, so we've put together a quick list of 5 key things you should know before setting it up:

https://securedrop.org/news/five-things-to-know-about-securedrop/

#SecureDrop #security #whistleblowing #OpenSource

We’ve seen significant interest in newsrooms setting up SecureDrop to better protect whistleblowers, so we've put together a quick list of 5 key things you should know before setting it up:

https://securedrop.org/news/five-things-to-know-about-securedrop/

#SecureDrop #security #whistleblowing #OpenSource

Microsoft and the United States Government have a working partnership. You should consider try using Linux.

For a newbie, I would suggest Ultramarine Linux (KDE Plasma) or MX Linux (KDE Plasma). But ultimately, your goal should be to try using Linux.

If you need to keep a copy of Windows for gaming, that's fine. But still try using Linux too.

#Project2025 #Fascism #Nazis #DonaldTrump #Trump #ElonMusk #Musk #Privacy #Security #UsJurisdiction

Microsoft and the United States Government have a working partnership. You should consider try using Linux.

For a newbie, I would suggest Ultramarine Linux (KDE Plasma) or MX Linux (KDE Plasma). But ultimately, your goal should be to try using Linux.

If you need to keep a copy of Windows for gaming, that's fine. But still try using Linux too.

#Project2025 #Fascism #Nazis #DonaldTrump #Trump #ElonMusk #Musk #Privacy #Security #UsJurisdiction

We're Privacy Guides, a non-profit project & community focused on personal data security and privacy. 👋

Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. Privacy is a human right, inherent to all of us, that we are entitled to (without discrimination).

You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. Everyone has something to protect. Privacy is something that makes us human.

We're on a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity.

#PrivacyGuides #Introduction #Privacy #Security

My list of digital service providers outside the jurisdiction of the United States of America. 😉

https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction

The list is now hosted on Codeberg, an alternative to GitHub or GitLab, but based out of Germany. 😉

#Vpn #Dns #Cdn #WebHosting #Email #PasswordManager #WebSearch #Privacy #Security #Project2025 #Fascism #Nazis

For every obvious reason and then some, I'm not linking to anything here; I refer herein and throughout to the adult video website that functionally everyone knows exists.

What they want you to believe is that they've made the decision to geo-block U.S. states requiring users to verify their age, specifically because they care about their users' privacy, supposedly.

Adult websites don't need government issued IDs on file to de-anonymize and track people; they already do that, and already do so very well.

So:
"These Terms of Service, your use of this Website, and the relationship between you and us shall be governed by the laws of the Republic of Cyprus, without regard to conflict of law rules. Nothing contained in these Terms of Service shall constitute an agreement to the application of the laws of any other nation to this Website. You agree that this Website shall be deemed a passive Website that does not give rise to personal jurisdiction over us, either specific or general, in jurisdictions other than the Republic of Cyprus. The sole and exclusive jurisdiction and venue for any action or proceeding arising out of or related to these Terms of Service shall be in an appropriate court located in Limassol, Cyprus. You hereby submit to the jurisdiction and venue of said Courts."

They are a business and nothing else, they always care only about their own profit and never about anything else, and it's simply a technical matter that to comply with age verification laws outside of the jurisdiction in which they already hide everything, would nullify the above quoted legally binding contract between themselves, their users, and their precious tax haven.

It is absolutely in their financial best interest to lose a certain number of existing customers when the only alternative necessitates that they stop evading taxes and getting away with it; Al Capone, eat your heart out.

They do not care at all about anyone's privacy, whatsoever.

#privacy #security #infosec #uspol

How do folks deal with GitHub and GPG keys? #github #security #gpg #pgp

Thanks to the threats from the United States, I have only now become interested in getting to know the EU properly, and especially its security issues.

If there are people here who know how to get involved at EU level, all tips and advice are welcome, thank you!

#EU #Security

Thanks to the threats from the United States, I have only now become interested in getting to know the EU properly, and especially its security issues.

If there are people here who know how to get involved at EU level, all tips and advice are welcome, thank you!

#EU #Security

Elon Musk’s DOGE Shares Classified U.S. Intel With Entire World

Elon Musk’s minions posted classified data on their website for anyone to see.
https://newrepublic.com/post/191580/elon-musk-doge-classified-us-intel-data-website

"this incident doesn’t speak well of the pseudo-agency’s #security procedures. The website has already been hacked by Thursday evening thanks to #coding vulnerabilities. And since #DOGE has gotten into all kinds of sensitive #data, every #American could be at risk."

#ElonMusk #Coup #Musk #GOP #Politics #News #USPol #Press #USA

Elon Musk’s DOGE Shares Classified U.S. Intel With Entire World

Elon Musk’s minions posted classified data on their website for anyone to see.
https://newrepublic.com/post/191580/elon-musk-doge-classified-us-intel-data-website

"this incident doesn’t speak well of the pseudo-agency’s #security procedures. The website has already been hacked by Thursday evening thanks to #coding vulnerabilities. And since #DOGE has gotten into all kinds of sensitive #data, every #American could be at risk."

#ElonMusk #Coup #Musk #GOP #Politics #News #USPol #Press #USA

This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz

https://www.jwz.org/xscreensaver/google.html

#privacy #security #infosec #Android #screensaver

We're Privacy Guides, a non-profit project & community focused on personal data security and privacy. 👋

Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. Privacy is a human right, inherent to all of us, that we are entitled to (without discrimination).

You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. Everyone has something to protect. Privacy is something that makes us human.

We're on a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity.

#PrivacyGuides #Introduction #Privacy #Security

DOGE’s .gov site lampooned as coders quickly realize it can be edited by anyone

DOGE site is apparently not running on government servers.
https://arstechnica.com/tech-policy/2025/02/doges-gov-site-lampooned-as-coders-quickly-realize-it-can-be-edited-by-anyone/

"DOGE appears to have skipped #security steps that are expected of #government websites. That pattern is troubling some federal workers...

makes it possible for bad actors to alter official databases of government information."

#ElonMusk #Musk #Doge #Programming #Tech #Data #Fail #News #US #USA

DOGE software approval alarms Labor Dept employees

Elon Musk’s #DOGE subordinates received approval to use #software at the Labor Dept that could be used to transfer large amounts of #data...
https://www.nbcnews.com/tech/security/doge-software-approval-alarms-labor-department-employees-data-security-rcna191583

"The approval for Musk’s team to use the remote-access and file-transfer software, known as PuTTY, has alarmed... #Labor Dept’s career employees...

“This is completely opposite of what we’d do to protect #privacy.”"

#Musk #Doge #Coup #Corruption #Tech #Security #News #USA #US

Does DOGE Pose a National Security Risk?

Uncertainty About Access & Authority Will Worry Allies and Tempt Adversaries
https://www.foreignaffairs.com/united-states/elon-musk-does-doge-pose-national-security-risk

"what the #intelligence agencies of US allies & adversaries see when [ #Trump] grants sweeping access... to a team of young people who have no #government experience... and who work for an unelected figure w/extensive personal financial interests... American adversaries surely see an espionage & blackmail bonanza."

#Musk #Coup #Corruption #Security #US

The world needs secure communication more than ever, as a bulwark against the surveillance, authoritarianism, and oppression increasingly enabled by Big Tech. Matrix seeks to meet that need, as an open source, decentralised, encrypted comms protocol.

But Trust & Safety is more difficult in a decentralised environment. How are we building a safer Matrix?

https://matrix.org/blog/2025/02/building-a-safer-matrix/

#Matrix #Security #Privacy #TrustAndSafety #OpenSource #FOSS

European Parliament #security advice after #China hacked #US infrastructure: Use plaintext #Microsoft Teams and only use encrypted @signalapp if Teams is unavailable. 🤷

Politico: "Parliament’s email reminded lawmakers they should use (...) Teams and #Jabber when possible and only #Signal if the two are unavailable."

“The use of Signal is proposed as a safe alternative in cases where no equivalent corporate tool is available,” the Parliament’s press service said in a statement.

European Parliament #security advice after #China hacked #US infrastructure: Use plaintext #Microsoft Teams and only use encrypted @signalapp if Teams is unavailable. 🤷

Politico: "Parliament’s email reminded lawmakers they should use (...) Teams and #Jabber when possible and only #Signal if the two are unavailable."

“The use of Signal is proposed as a safe alternative in cases where no equivalent corporate tool is available,” the Parliament’s press service said in a statement.

Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.

#privacy #privacymatters #security #infosec #cybersecurity #cybersec #amazon #amazonecho #surveillance

Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.

#privacy #privacymatters #security #infosec #cybersecurity #cybersec #amazon #amazonecho #surveillance

Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.

#privacy #privacymatters #security #infosec #cybersecurity #cybersec #amazon #amazonecho #surveillance

If you’re a Windows user, I can help you switch to Linux. Please stop supporting an insecure and privacy-intrusive operating system. What’s stopping you from switching to Linux/macOS? Ask all your questions, and I’ll answer everything.

#linux #macOS #privacy #security #windows

Blogged: Preventing client-side cross-site-scripting vulnerabilities with Trusted Types

https://andrewlock.net/preventing-client-side-cross-site-scripting-vulnerabilities-with-trusted-types/

In this post I describe how the Trusted Types feature in a Content-Security-Policy can protect you against cross-site-scripting attacks

#dotnet #security

IMPORTANT PSA FOR ALL IPHONE USERS

Siri is "reading" all of your apps. Note, you must INDIVIDUALLY turn this feature off for every single app ***even if you have Siri completely disabled.***

#apple #iphone #security #cybersecurity #phone #safety #siri #fascism

Compromised? In this interview, https://www.muellershewrote.com/p/a-fork-in-the-road-is-federal-employee I speak to a systems security specialist who found privacy problems surrounding the HR@opm.gov email servers #IT #security #natsec #nationalsecurity #cybercrime #cybersecurity #hacking #surveillance #malware #email #DOGE #Musk #treasury #OPM #FAA #FEMA #education #privacy #PII

Compromised? In this interview, https://www.muellershewrote.com/p/a-fork-in-the-road-is-federal-employee I speak to a systems security specialist who found privacy problems surrounding the HR@opm.gov email servers #IT #security #natsec #nationalsecurity #cybercrime #cybersecurity #hacking #surveillance #malware #email #DOGE #Musk #treasury #OPM #FAA #FEMA #education #privacy #PII

“The government want to be able to access anything and everything, anywhere, any time.

Their ambition to undermine basic security is frightening, unaccountable and would make everyone less safe.

It is straightforward bullying.”

🗣️ ORG’s @JamesBaker on the UK government’s order to break Apple’s encryption for millions.

#e2ee #encryption #Apple #ukpolitics #ukpol #privacy #security

https://metro.co.uk/2025/02/08/privacy-fears-millions-government-demands-access-messages-photos-22520358/

My talk on `ssh-tpm-agent` I held at #FOSDEM has been released!

Video: https://video.fosdem.org/2025/ub4132/fosdem-2025-5544-hardware-backed-ssh-keys-ssh-tpm-agent.av1.webm

Abstract: https://fosdem.org/2025/schedule/event/fosdem-2025-5544-hardware-backed-ssh-keys-ssh-tpm-agent/

Slides: https://pub.linderud.dev/talks/Hardware-backed-SSH-keys.pdf

#TPM #SSH #Security #Linux

My talk on `ssh-tpm-agent` I held at #FOSDEM has been released!

Video: https://video.fosdem.org/2025/ub4132/fosdem-2025-5544-hardware-backed-ssh-keys-ssh-tpm-agent.av1.webm

Abstract: https://fosdem.org/2025/schedule/event/fosdem-2025-5544-hardware-backed-ssh-keys-ssh-tpm-agent/

Slides: https://pub.linderud.dev/talks/Hardware-backed-SSH-keys.pdf

#TPM #SSH #Security #Linux

Trump Has Disturbing Response to DOGE’s Massive Overreach of Power:
Donald Trump admitted that Elon Musk’s agency has access to too much sensitive data.
https://newrepublic.com/post/191322/donald-trump-elon-musk-doge-overreach-power

"“Why does #DOGE need all of that?” asked one reporter.

“Well, it doesn’t, but they get it very easily,” Trump admitted. “I mean, we don’t have very good #security in our country, & they get it very easily.”

#Trump appeared completely unbothered by the massive intrusion on the #privacy of #US citizens"

#Musk #Coup

Elon Musk’s #DOGE Is Expected to Examine Another #Treasury System Next Week:
The new target, sources said, is a sensitive database that tracks the flow of money across the #government.
https://www.propublica.org/article/elon-musk-doge-cars-treasury-examine

"The #data in the system, known as the Central Accounting Reporting System, or #CARS, is considered sensitive...

People who work with the system have in the past been briefed that the #database may be of interest to foreign #intelligence agencies"

#Musk #Coup #Tech #Security #News #USA

Musk’s DOGE Teen Was Fired By #Cybersecurity Firm for Leaking Company Secrets:
Edward Coristine posted online that he had retained access to the firm’s servers. Now he has access to sensitive govt information.
https://archive.is/1v8FG#selection-1405.0-1411.136

“I can confirm that #EdwardCoristine 's brief contract was terminated after the conclusion of an internal investigation into the #leaking of proprietary company information"

#ElonMusk #Tech #Coup #Musk #DOGE #Politics #Government #Data #Security #News #US #USA

The Government’s Computing Experts Say They Are Terrified:

Four IT professionals lay out just how destructive Elon Musk’s incursion into the US govt could be.
https://www.theatlantic.com/technology/archive/2025/02/elon-musk-doge-security/681600/

"“This is the largest data breach & the largest #IT #security breach in our country’s #history—at least that’s publicly known”...

nobody yet knows which info #DOGE has access to, or what it plans to do with it...

“I don’t think the public quite understands the level of danger.”"

#Musk #Coup #Tech #News #USA

Musk’s rats:
They’re burrowing into every #data system in the federal govt, although many wouldn’t pass a #security test
https://robertreich.substack.com/p/doge-poop

"Sure, there’s some waste & fraud in #government. That’s why every department had an #InspectorGeneral to find & stop it — until #Trump fired most of them. In addition, before Musk’s rats tunneled into the General Services Administration, accountants oversaw every department’s & agency’s spending.

In other words, the #coup continues."

#Musk #News

If Apple complies with this, the UK government will gain access to all iCloud data globally. The only way Apple comes out of this with any integrity is to leave the UK market. If they give in to this, every regime in the world will demand the same thing. And that’s before we even get to the fact that there’s no such thing a “backdoor” for just so-and-so. Either there is a door or there isn’t and if there is, anyone who obtains the key can use it.

https://www.theguardian.com/technology/2025/feb/07/uk-confronts-apple-with-demand-for-cloud-backdoor-to-users-encrypted-data

#apple #backdoor #UK #encryption #privacy #security #personhood #data #democracy #humanRights #iCloud

Looking for opportunities to harden your Fedora system? Here's one way to make your VPN use more secure with NetworkManager.

➡️ https://fedoramagazine.org/protect-your-vpn-from-tunnelvision-attacks-with-networkmanager/

#Fedora #Privacy #Security #Linux #OpenSource #NetworkManager

To all #windows #malware #security #virus #infosec people here, did you see anything on Windows creating a lot of files with names like:

```
ኅȻㅺ慦愔驦䦔钓呩쥷儋ፑʑ壖兝㈪箖鴍퉛맩䑼னᖲ緄㵲
```
Most probably self replicating over external drives etc. Please RT for more reach.

Passkey Ready is a free analytics tool from 1Password for anonymously measuring what percentage of your users are ready for passkeys. It also suggests a rollout strategy for passwordless auth in your product.

https://passage.1password.com/post/passkey-ready

#passkey #security

Do passkeys have some growing pains?

Yes: https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/

Are they being addressed?

Yes: https://fidoalliance.org/fido-alliance-publishes-new-specifications-to-promote-user-choice-and-enhanced-ux-for-passkeys/

Should products start prompting users to sign in with passkeys today? Yes.

Should products keep existing email+password+OTP authentication? Yes, for now.

Should products try to sign up new users with passkeys and fall back to email+password+OTP? Yes.

#security

Of public interest:

At least 15,000 people fully, without limits, irrevocably, licensed their personal information, public image, name and all data that reached loops.video infrastructure... to @dansup@mastodon.social 's loops.video platform.

Had they known they're entirely losing control of everything, would they be using the platform?

Explanation in the renote, and here:

https://bajsicki.com/blog/loops-video-terms/

Is this what we, as a #society, want?

#mastodon #admin #dataprivacy #datasecurity #fediverse #federation #ActivityPub #privacy #security #copyright #consent #instagram #tiktok #pixelfed #loopsvideo

RE: https://fed.bajsicki.com/notes/a349itz9il

At last, the USB portal originally authored by @refi64 in 2021, later continued by Georges Stavracas in 2023, and finalized by @hub and @swick, has been merged!

The USB portal allows sandboxed formats like Flatpak to access USB devices without poking holes in the sandbox. This is great for security, as accessing USB devices will now need to be explicitly granted by the user.

Now we just need to wait for implementers to implement them in their respective portal implementations, starting with GNOME: https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/merge_requests/159

The documentation for the USB portal is available on the xdg-desktop-portal website: https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.freedesktop.portal.Usb.html

#Flatpak #Security #GNOME

Passkeys should be the default sign up/in method for every consumer app.

OpenID Connect should be the default for organization-managed user accounts.

Email+password+OTP is legacy.
Sign in with XYZ is legacy.

Get with the times, apps.

Change the defaults.

Migrate users.

Remove the insecure login.

https://caniuse.com/passkeys

#security

Musk’s Takeover Of The Government’s Computer Systems Needs To Be Understood As A Cyberattack, Or Worse
https://www.techdirt.com/2025/02/03/musks-takeover-of-the-governments-computer-systems-needs-to-be-understood-as-a-cyberattack-or-worse/

"These systems #Musk and his “team” have accessed are among the most sensitive and critical to the running of the #USA...

Yet here is Musk, a man who regularly chats with Vladimir #Putin, with access to it all, if not also outright control."

#ElonMusk #Coup #Tech #Technology #CyberSecurity #Security #NationalSecurity #Treasury #OPM #Russia #China #Trump #News #US

Musk’s Takeover Of The Government’s Computer Systems Needs To Be Understood As A Cyberattack, Or Worse
https://www.techdirt.com/2025/02/03/musks-takeover-of-the-governments-computer-systems-needs-to-be-understood-as-a-cyberattack-or-worse/

"These systems #Musk and his “team” have accessed are among the most sensitive and critical to the running of the #USA...

Yet here is Musk, a man who regularly chats with Vladimir #Putin, with access to it all, if not also outright control."

#ElonMusk #Coup #Tech #Technology #CyberSecurity #Security #NationalSecurity #Treasury #OPM #Russia #China #Trump #News #US

Musk’s Takeover Of The Government’s Computer Systems Needs To Be Understood As A Cyberattack, Or Worse
https://www.techdirt.com/2025/02/03/musks-takeover-of-the-governments-computer-systems-needs-to-be-understood-as-a-cyberattack-or-worse/

"These systems #Musk and his “team” have accessed are among the most sensitive and critical to the running of the #USA...

Yet here is Musk, a man who regularly chats with Vladimir #Putin, with access to it all, if not also outright control."

#ElonMusk #Coup #Tech #Technology #CyberSecurity #Security #NationalSecurity #Treasury #OPM #Russia #China #Trump #News #US

As we're aware, the USB portal was merged a few months ago. All that's needed is for apps and desktops to implement them, so we can use them inside sandboxes without compromising security.

Just today, the USB portal implementation for xdg-desktop-portal-gnome was merged! Apps that use the USB portal will be able to request specific USB devices without giving unfiltered access to all your USB devices.

https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/merge_requests/159

#GNOME #USB #Flatpak #Security

インターネット検閲：世界的脅威を理解する
https://qiita.com/pseudonym2/items/2d99d96d203f5f99031d?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Security #VPN #初心者 #ブロックチェーン #Tor

As we're aware, the USB portal was merged a few months ago. All that's needed is for apps and desktops to implement them, so we can use them inside sandboxes without compromising security.

Just today, the USB portal implementation for xdg-desktop-portal-gnome was merged! Apps that use the USB portal will be able to request specific USB devices without giving unfiltered access to all your USB devices.

https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/merge_requests/159

#GNOME #USB #Flatpak #Security

The War at Home:
Elon Musk and The Security State's Uvalde Moment:
“We have a Constitutional crisis, period," says NSA whistleblower Tom Drake, who can't help but notice how the three-letter agencies that went after him aren't stopping this
https://www.forever-wars.com/elon-musk-and-the-security-states-uvalde-moment/

"The danger to the #Constitution is running amok inside govt buildings. But the #Security State stands outside, deterred, & will present any number of rationalizations about how this isn't their job."

#ElonMusk #Musk #Coup #News #US

Made me think about #cybersecurity , this Doom game running inside (!) a PDF file, by @j0hnnyxm4s
https://doompdf.pages.dev/doom.pdf

#doom #linux #pdf #security

On a slightly lighter topic, there is a Netflix limited series entitled "Zero Day" which from the trailer (https://www.youtube.com/watch?v=FOfBiiPdQPI) looks to be slightly "exaggerated" from a pure technical perspective. The IMDB listing does not show any infosec-related technical advisor. I am wondering how shit this is going to be. On the plus side, a hell of a talented cast!

#infosec #security #hacking

Made me think about #cybersecurity , this Doom game running inside (!) a PDF file, by @j0hnnyxm4s
https://doompdf.pages.dev/doom.pdf

#doom #linux #pdf #security

【CTF】防衛省サイバーコンテスト2025:Writeup
https://qiita.com/kk0128/items/dbc889300be1bb047b53?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Security #CTF #writeup

@mozillaofficial

Finally! This will allow better process #sandboxing, and make the #flatpak and #android app finally an option?

https://bugzilla.mozilla.org/show_bug.cgi?id=1756236

https://bugzilla.mozilla.org/show_bug.cgi?id=1565196

#security #firefox #sandbox #linux

Principles for a New Security Industry, as per noah's article:

1. We owe it to our users to criticise, thoroughly, our own industries. To do otherwise is to harm both our users and the industries in which we exist.
2. Where possible, this should be done publicly and productively. Security or safety by obscurity is ineffective and counterproductive.
3. We must consider threat models beyond our own.
4. We must do away with the notion that collaboration is less desirable than individual, “you do you” styles of operating. The only way we build a safer (digital/physical) world is together.
5. We must prioritise actually doing the things that keep us safe.
6. We must react strongly and truthfully to incorrect notions.
7. We must actively reject this wherever we see it, and remember that we have an obligation to teach.
8. As best we can, we must act to prevent harm.
9. We have to decide to actively pursue a safer world and make plans to put that into action.
10. No matter how influential we are, we must remember that the work comes first. Your CVE list is useless on an empty planet.
11. We must be aware of our own mistakes and seek to correct them.

Some principles have further annotations, they're in the full article fyi: https://covid.tips/fluconf-post/

#FluConf #security

Hmmm ... TOR and Signal get flagged as 'so-called “freedom” tools' that received funds from state actors (US govt)

hhmmmm

#FluConf #security

Proper security works best when using multiple 'layers' of intervention. Preferably a combination of technical tooling and social (education/policy) steps to protect one another.

Yet that's not what we're doing at all right now, noah comments.

Today, technical tools and messaging are ...

used to protect profits at the expense of our being able to live truly self-actualised lives.

We are told that masks are scary, that security is “too hard”, that companies or government entities that use pandemic-driven-eugenics or New Cold War driven weakening/distorting of digital security processes have our best interests at heart.

So, people working in security: "[are we] willing to let that stand"?

#FluConf #security #TechWorkers

Love this point:

security is a “force multiplier”, not a blocker — that by taking action now, by making digital security a habit, we can make it harder for disaster to strike later.

And also, if and when disaster might strike, the impact can be reduced compared to when you hadn't taken any measures at all

#FluConf #security

If your threat is that the Mossad is gonna do Mossad things to your email account, try as you might, YOU'RE STILL GONNA BE MOSSAD'ED UPON

(sorry for shouting)

#FluConf #security

The result?

If you're in security and are making light of infectious diseases, happily infecting coworkers and others, then:

we indicate that our commitment to security stops once our paycheque or fame or particular social mode of interacting is on the line.

#FluConf #security #cybersecurity

Next up at#FluConf is noah (@text) with:

The Swiss Cheese Model: How Infosec Must Learn From Pandemic Response

Read it here: https://covid.tips/fluconf-post/

The article's blurb:

As a digital security professional and a pandemic activist it has been tremendously revealing to me to see how my professional community has responded to the pandemic. After a brief year of "safe mode" conferences and online trainings, the "back to normal" urge overrode many people's threat models and notable figures in the community began joking about getting covid at conferences, or client engagements, or work trips and so on. This proposal is something of a manifesto aimed at reminding the security community (and indeed the technology community) about our commitments to Defence in Depth, and drawing comparisons between still-successful pandemic interventions and how we can apply these same techniques to information security...and a plea for a new kind of cybersecurity community, one that aims to work in solidarity with our users rather than in spite of them, one that strives to prevent digital as well as physical social murder.

this resonates so strongly here 😬 😭

#CovidIsNotOver #security

This is definitely not OK

https://futurism.com/openai-signs-deal-us-government-nuclear-weapon-security

#ClownShow #GenerativeAI #NuclearWeapons #Security

This is definitely not OK

https://futurism.com/openai-signs-deal-us-government-nuclear-weapon-security

#ClownShow #GenerativeAI #NuclearWeapons #Security

"Wyden Demands Answers Following Report of Musk Personnel Seeking Access to Highly Sensitive U.S. Treasury Payments System:

In New Letter to Treasury Secretary Bessent, Wyden Warns That Political Meddling in Treasury Payments Risks Severe Economic Damage, Calls Out Dangerous Conflicts of Interest Stemming from Elon Musk’s Close Business Ties to the Chinese Government
https://www.finance.senate.gov/chairmans-news/wyden-demands-answers-following-report-of-musk-personnel-seeking-access-to-highly-sensitive-us-treasury-payments-system

#ElonMusk #Treasury #Coup #Musk #China #Corruption #Trump #Politics #Economy #Security #US #USA

Exclusive: Musk aides lock government workers out of computer systems at US agency, sources say
https://www.reuters.com/world/us/musk-aides-lock-government-workers-out-computer-systems-us-agency-sources-say-2025-01-31/

"Aides to #ElonMusk charged with running the US #government human resources agency have locked career civil servants out of computer systems that contain the personal data of millions of federal employees...

"We have no visibility into what they are doing with the computer and data systems," one of the officials said."

#Musk #Coup #Trump #Politics #Tech #Security #News #USA

📢 BREAKING NEWS!!!

🎉 #ArcaneChat got public on #GooglePlay some hours ago!!! 🔥

https://play.google.com/store/apps/details?id=com.github.arcanechat

also check the official website:
https://arcanechat.me

TIP: getting it from #fdroid or direct download is recommended, but if you have friends that only know how to install from Google Play, now it is possible for them!

Thanks a lot to the ArcaneChat beta-testers that made this milestone possible! you rock!!!! 🤩

#DeltaChat #decentralization #encryption #security #whatsapp #alternative

📢 BREAKING NEWS!!!

🎉 #ArcaneChat got public on #GooglePlay some hours ago!!! 🔥

https://play.google.com/store/apps/details?id=com.github.arcanechat

also check the official website:
https://arcanechat.me

TIP: getting it from #fdroid or direct download is recommended, but if you have friends that only know how to install from Google Play, now it is possible for them!

Thanks a lot to the ArcaneChat beta-testers that made this milestone possible! you rock!!!! 🤩

#DeltaChat #decentralization #encryption #security #whatsapp #alternative

A few days ago, a client of mine asked me to install an open-source software (which I won’t name for now). The software has only one official installation method: Docker. This is because, as they themselves admit, it has a huge number of dependencies - some quite outdated - that need to be carefully managed and forced into place; otherwise, nothing works.

I tried replicating the same setup on FreeBSD but didn’t succeed, as some dependencies either aren’t compatible or simply refuse to run. I could try finding workarounds, but I can already picture the chaos every time an update is needed.

So, I decided to build it via Docker to get a better sense of what we’re dealing with. The sheer number of dependencies that Node pulls in is impressive, but even more staggering is the number of warnings and errors it spits out: deprecated and unsupported packages, security vulnerabilities, generic warnings- you name it, and there’s plenty of it.

Since my client needs to launch this service but is subject to audits, they want to be fully compliant and ensure security. Given their substantial budget, they offered financial support to the developers (a company, not just a group of hobbyists) to help improve the project either by making it FreeBSD - compatible or, at the very least, by reducing dependencies with critical vulnerabilities. The client was willing to pay a significant sum, and since the improvements would be open-source, everyone would benefit.

The response from the team? A flat-out refusal. They claimed they couldn’t accept any amount of money because many of these dependencies are "necessary and irreplaceable, as parts of the code relying on them were written by people who no longer work on the project, and we can’t rewrite the core of the software.” Then came the part that really got under my skin: they stated they would rather deal directly “with my client, not with me, because in the end, my concerns are just useless and irrational paranoia.”

Translation? Just pay, and you’ll pass compliance checks - never mind the fact that underneath, it’s a tangled mess of outdated and insecure components. And don’t make a fuss about it.

While I can understand some of the challenges the team faces, I might have accepted this response if it had come from a group of volunteers or hobbyists. But if you’re a company whose sole business revolves around a single software product (with no real competition at the moment), this approach is not just short-sighted - it’s outright dangerous for your users’ security and for your own survival as a business.

The result? They lost a paying client who was ready to invest a significant budget into their software. That budget will now go elsewhere. My client is considering hiring developers to build a similar project with better security (they have both the time and the money for it). I’ll do my best to convince them to release it as open-source - at which point, a new “competitor” will emerge in the market.

#IT #SysAdmin #OSS #Security #Infosec

『Cloudflare WAFのLeaked Credentials Checkを国内最速？で検証する #Security - Qiita』 - https://qiita.com/kanish/items/32d30bb0d6e5ef868cf2

Irregular reminder that https://european-alternatives.eu/alternatives-to exists, a great list of service providers from Europe (including the exact nation as well as tags to know what's FOSS *AND* Self-hostable) that will enable you to move away from services hosted within and governed by the upcoming US Regime laws.
#privacy #security #Europe #USA #Safety

@torproject

Should have left X long ago. Now is the time.

#Security #Privacy

Irregular reminder that https://european-alternatives.eu/alternatives-to exists, a great list of service providers from Europe (including the exact nation as well as tags to know what's FOSS *AND* Self-hostable) that will enable you to move away from services hosted within and governed by the upcoming US Regime laws.
#privacy #security #Europe #USA #Safety

Meta (Facebook) is no longer banning Distrowatch and discussion of Linux allowed again. https://lwn.net/Articles/1006859/ (adding screenshot in case it is taken down)

#linux #security #infosec #cybersecurity

Q. will Greenland be the litmus test for how Europe responds to Trump?

Nathalie Tocci, thinks it reveals that:

'Europeans are scared. They fear Trump & their fear is paralysing. It freezes their actions & quiets their rhetoric. The more Trump confirms their fears through his repeated threats, the less they are inclined to react. Trump presumably smells the fear & like all bullies revels in it, upping the ante'!

Time to toughen up?

#politics #security #Greenland

https://www.theguardian.com/commentisfree/2025/jan/30/greenland-europe-donald-trump-us-threats

Q. will Greenland be the litmus test for how Europe responds to Trump?

Nathalie Tocci, thinks it reveals that:

'Europeans are scared. They fear Trump & their fear is paralysing. It freezes their actions & quiets their rhetoric. The more Trump confirms their fears through his repeated threats, the less they are inclined to react. Trump presumably smells the fear & like all bullies revels in it, upping the ante'!

Time to toughen up?

#politics #security #Greenland

https://www.theguardian.com/commentisfree/2025/jan/30/greenland-europe-donald-trump-us-threats

DeepSeek collects keystroke data and more, storing it in Chinese servers

You might want to learn about DeepSeek's privacy policy before you sign up.

https://mashable.com/article/deepseek-ai-privacy-policy-keystroke-data-chinese-servers

#news #tech #technology #security #privacy #AI #deepseek

Elektronische Patientenakte: Gematik hielt Sicherheitslücke für "akzeptabel"

Die Gematik nahm die Sicherheitslücken bei der E-Patientenakte wohl erst nach Kenntnis von gültigen, auf Kleinanzeigen käuflichen Praxisidentitäten ernst.

https://www.heise.de/news/Elektronische-Patientenakte-Gematik-hielt-Sicherheitsluecke-fuer-akzeptabel-10259471.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#DigitalHealth #elektronischePatientenakteePA #Security #news

zizmor v1.3.0 is released!

this release brings a new audit (overprovisioned-secrets), plus a handful of bugfixes/enhancements to existing audits.

notes here: https://github.com/woodruffw/zizmor/releases/tag/v1.3.0

#rust #security

Human Rights Watch is hiring a Director of Information Security

https://job-boards.greenhouse.io/humanrightswatch/jobs/7833377002

#GetFediHired #Jobs #Security #InfoSec

Human Rights Watch is hiring a Director of Information Security

https://job-boards.greenhouse.io/humanrightswatch/jobs/7833377002

#GetFediHired #Jobs #Security #InfoSec

zizmor v1.3.0 is released!

this release brings a new audit (overprovisioned-secrets), plus a handful of bugfixes/enhancements to existing audits.

notes here: https://github.com/woodruffw/zizmor/releases/tag/v1.3.0

#rust #security

Today is the Data Privacy (Protection) Day! So let us remind you that in #LabPlot, an open-source data analysis and visualization software, Your Data is Yours!

@labplot@lemmy.kde.social @opensource @libre_software @privacy

Boosts appreciated! 🙂 🚀

#DataSecurity #DataProtection #DataPrivacy #Privacy #Ownership #InfoSec #DataAnalysis #DataScience #Analytics #Data #DataAnalytics #DataViz #FOSS #FLOSS #SoftwareLibre #OpenSource #OpenScience #Science #Engineering #KDE #Business #Security #Orwell

Es gibt Neuigkeiten zum Versandstatus des Volla Tablets!

Hier gehts zum Blog Artikel:

https://volla.online/de/blog/files/tablet-shipping-startet.html

-----------------

Shipping of Volla Tablet has started. Find the blog article here:

https://volla.online/en/blog/files/tablet-shipping-started.html

#volla #vollaos #opensource #software #hardware #vollatablet #opensourcehardware #tablet #peertopeer #innovation #freedom #privacy #security

Es gibt Neuigkeiten zum Versandstatus des Volla Tablets!

Hier gehts zum Blog Artikel:

https://volla.online/de/blog/files/tablet-shipping-startet.html

-----------------

Shipping of Volla Tablet has started. Find the blog article here:

https://volla.online/en/blog/files/tablet-shipping-started.html

#volla #vollaos #opensource #software #hardware #vollatablet #opensourcehardware #tablet #peertopeer #innovation #freedom #privacy #security

初心者向けサイバー攻撃の種類と対策の基礎知識
https://qiita.com/nucomiya/items/c30c8de57eba7ccdfbe3?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Security #DDoS #サイバーセキュリティ

In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!

https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed

TIL: GitHub Actions is surprisingly case-insensitive

https://yossarian.net/til/post/github-actions-is-surprisingly-case-insensitive/

#til #github #github_actions #security

TIL: GitHub Actions is surprisingly case-insensitive

https://yossarian.net/til/post/github-actions-is-surprisingly-case-insensitive/

#til #github #github_actions #security

Are passkeys really better than passwords? And what happens when you no longer have access to the authentication device?

I keep reading up on this. But I find few answers. Is anyone willing to elaborate?

#InfoSec #Privacy #Passwords #Security

almost_pwned.md
https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4
g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.
#security

almost_pwned.md
https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4
g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.
#security

Seems that Crunchyroll had a breach. You should change your password.

The option to change the password in menu settings (logged in) didn't work throws an error.

Log out or try in another browser and select forgot password in login menu this will send you a link to reset the password

https://animehunch.com/crunchyroll-premium-login-details-leaked-users-at-high-risk/

#Crunchyroll #anime #manga #otaku #security #animation

You need to protect your communication, not only for your own sake but for those around you. I produced a video at @privacyguides to raise awareness around the insecurity of SMS and to push people towards more secure alternatives. #privacy #encryption #security

https://www.youtube.com/watch?v=B9BWXvn-rB4

You need to protect your communication, not only for your own sake but for those around you. I produced a video at @privacyguides to raise awareness around the insecurity of SMS and to push people towards more secure alternatives. #privacy #encryption #security

https://www.youtube.com/watch?v=B9BWXvn-rB4

Features aren't always innocent 😉

In the most recent publication by Akamai Technologies' Security Intelligence Group, Tomer Peled found yet -a n o t h e r- vuln in K8s. this time in Log Query, and it can do some big bad.

Did you know that out of the 12 vulns found in Kubernetes since 2023, Tomer has found 4 of them?!?!? i work with the coolest people

anyway, couldn't resist a britney parody sooooooo

https://www.akamai.com/blog/security-research/2024-january-kubernetes-log-query-rce-windows

#kubernetes #k8s #vulnerability #security #cybersecurity #parody

Features aren't always innocent 😉

In the most recent publication by Akamai Technologies' Security Intelligence Group, Tomer Peled found yet -a n o t h e r- vuln in K8s. this time in Log Query, and it can do some big bad.

Did you know that out of the 12 vulns found in Kubernetes since 2023, Tomer has found 4 of them?!?!? i work with the coolest people

anyway, couldn't resist a britney parody sooooooo

https://www.akamai.com/blog/security-research/2024-january-kubernetes-log-query-rce-windows

#kubernetes #k8s #vulnerability #security #cybersecurity #parody

Seems that Crunchyroll had a breach. You should change your password.

The option to change the password in menu settings (logged in) didn't work throws an error.

Log out or try in another browser and select forgot password in login menu this will send you a link to reset the password

https://animehunch.com/crunchyroll-premium-login-details-leaked-users-at-high-risk/

#Crunchyroll #anime #manga #otaku #security #animation

If you’re going to participate in a protest or other form of activism, you need to keep yourself protected.

Your smartphone can be an essential tool, but it also represents a huge risk to your privacy and security. If you decide to bring a phone along, understanding these best practices when it comes to securing it will help keep you and your data safe.

https://www.privacyguides.org/articles/2025/01/23/activists-guide-securing-your-smartphone/

#Privacy #Security #Article #PrivacyGuides #Guide

If you’re going to participate in a protest or other form of activism, you need to keep yourself protected.

Your smartphone can be an essential tool, but it also represents a huge risk to your privacy and security. If you decide to bring a phone along, understanding these best practices when it comes to securing it will help keep you and your data safe.

https://www.privacyguides.org/articles/2025/01/23/activists-guide-securing-your-smartphone/

#Privacy #Security #Article #PrivacyGuides #Guide

ポリシーによってはドメイン部以外もリファラとして送信されるのね

『主要ブラウザのReferrer Policyについて調べてみた #Security - Qiita』 - https://qiita.com/n3_x/items/c2bafd5872af61147c89

ポリシーによってはドメイン部以外もリファラとして送信されるのね

『主要ブラウザのReferrer Policyについて調べてみた #Security - Qiita』 - https://qiita.com/n3_x/items/c2bafd5872af61147c89

If you’re going to participate in a protest or other form of activism, you need to keep yourself protected.

Your smartphone can be an essential tool, but it also represents a huge risk to your privacy and security. If you decide to bring a phone along, understanding these best practices when it comes to securing it will help keep you and your data safe.

https://www.privacyguides.org/articles/2025/01/23/activists-guide-securing-your-smartphone/

#Privacy #Security #Article #PrivacyGuides #Guide

I was feeling inspired to write this morning after looking through a lot of this type of article and noticing they all omitted kind of important information. This includes all of the basics, and the stuff I thought was under-discussed, for example: AirDrop's privacy problems, and the importance of security patches in this specific scenario.

I hope someone finds this useful, and if I'm still missing anything or could explain something better, please let me know!

https://www.privacyguides.org/articles/2025/01/23/activists-guide-securing-your-smartphone/

#Privacy #Security #Activism #Protest #PrivacyGuides

The website is live!

https://www.bashcore.org/

#linux #bashcore #cli #nogui #debian #security #pentesting #education #bash

Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.

"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.

Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:

Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.

Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.

Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.

Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.

After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."

https://samcurry.net/hacking-subaru#introduction

#cars #security #subaru @starlink

Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.

"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.

Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:

Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.

Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.

Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.

Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.

After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."

https://samcurry.net/hacking-subaru#introduction

#cars #security #subaru @starlink

Cisco: Kritische Sicherheitslücke in Meeting Management

Cisco warnt vor einer kritischen Sicherheitslücke in Meeting Management sowie Schwachstellen in Broadworks und ClamAV.

https://www.heise.de/news/Cisco-Kritische-Sicherheitsluecke-in-Meeting-Management-10253499.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Cisco #Virenscanner #Security #Sicherheitslücken #news

Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.

"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.

Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:

Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.

Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.

Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.

Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.

After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."

https://samcurry.net/hacking-subaru#introduction

#cars #security #subaru @starlink

【メモ】セキュリティインシデントを調べるときに参考になるサイトまとめ
https://qiita.com/koinunopochi/items/413246b8466ba3505bc8?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Security

Cisco: Kritische Sicherheitslücke in Meeting Management

Cisco warnt vor einer kritischen Sicherheitslücke in Meeting Management sowie Schwachstellen in Broadworks und ClamAV.

https://www.heise.de/news/Cisco-Kritische-Sicherheitsluecke-in-Meeting-Management-10253499.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Cisco #Virenscanner #Security #Sicherheitslücken #news

Signal is a secure messenger, but there are interesting alternatives, such as @matrix , @session , @delta , @simplex or XMPP …

➡️ https://matrix.org

➡️ https://getsession.org

➡️ https://delta.chat

➡️ https://simplex.chat

➡️ https://xmpp.org

If you’d like to learn more about these options, have a look at the responses to this toot.

#matrix #session #signal #XMPP #messenger #decentralized #tech #technology #OpenSource #FOSS #WhatsApp #security #InfoSec #data #safety

Cloudflare CDN flaw leaks user location data, even through secure chat apps - A security researcher discovered a flaw in Cloudflare's content delivery network (CDN), w... https://www.bleepingcomputer.com/news/security/cloudflare-cdn-flaw-leaks-user-location-data-even-through-secure-chat-apps/ #security

List of service providers outside the United States jurisdiction. 😉

🤫 VPN =

* iVPN, located in Gibraltar, Europe (UK territory)
https://www.ivpn.net

* Mullvad VPN, located in Sweden, Europe
https://mullvad.net

* Goose VPN, located in the Netherlands, Europe
https://goosevpn.com

* Xeovo VPN, located in Finland, Europe
https://xeovo.com

🌐 Managed DNS =

* AdGuard DNS, located in Cyprus, Europe
https://adguard-dns.io

* ClouDNS, located in Bulgaria, Europe
https://www.cloudns.net

* deSEC, located in Germany, Europe
https://desec.io

🌐 Public DNS =

* CIRA Canadian Shield, located in Canada, North America
https://www.cira.ca/en/canadian-shield/configure/

* Mullvad DNS, located in Sweden, Europe
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls

🔏 Privacy focused e-mail =

* Tuta, located in Germany, Europe
https://tuta.com

* Soverin, located in the Netherlands, Europe
https://soverin.com

* Startmail, located in the Netherlands, Europe
https://www.startmail.com

* Mailfence, located in Belgium, Europe
https://mailfence.com

🌍 Domain Registration / Web Hosting =

* Scalewy, located in France, Europe
https://www.scaleway.com

* OVH, located in France, Europe
https://www.ovhcloud.com

* Netcup, located in Germany, Europe
https://www.netcup.com

* Glesys, located in Sweden, Europe
https://glesys.com

🌍 CDN =

* OVH, located in France, Europe
https://www.ovhcloud.com/en/web-hosting/options/cdn/

* Key CDN, located in Switzerland, Europe
https://www.keycdn.com

#Project2025 #DonaldTrump #Trump #Facism #Fedi #Fediverse #ActivityPub #Email #Vpn #Domain #WebHosting #DNS #CDN #Privacy #Security #FreedomOfSpeech #UnitedStates #America #Usa