Hey #AWS peeps,
are there any published checksums (or better: signed artifacts) for the AWS certificate bundles listed at https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesDownload?
I'd like to be sure I'm adding the right certificates into my certificate store. 😅
Qiita - 人気の記事
If anyone is looking at #Jobs, particularly in #privacy and #security, #1Password has more than a few openings - https://jobs.lever.co/1password
So, #security folks, how are you handling all of these job scams? Specifically, we're seeing a lot of folks coming to us who were "hired" by us, but the hiring process was a scam. ie, we had nothing to do with it.
I'm not sure there's much of anything we *can* do, but maybe I'm incorrect? Thoughts?
Last year I mentioned you should enable global Bundler 2.6.0's support for checksums in your Gemflile.lock for enhanced security:
`bundle config --global lockfile_checksums true`
Well, Maciej has a write up on why this is important that goes into much more detail: https://mensfeld.pl/2025/01/the-silent-guardian-why-bundler-checksums-are-a-game-changer-for-your-applications/
Please enable if you haven't already!
If anyone is looking at #Jobs, particularly in #privacy and #security, #1Password has more than a few openings - https://jobs.lever.co/1password
On Mobile Phone Security
https://www.kicksecure.com/wiki/Mobile_Phone_Security
#SS7 and #baseband #vulnerabilities
What about #mobian hardening on a #MechaComet with a cellular hat? Then there's only carrier protocol weaknesses...
If ISPs use microwave relays (the hated 'air' - remember Max Headroom) and NSA access points, is domestic broadband really secure either? But the cable or fiber doesn't have 'carrier' vulns.
https://www.kicksecure.com/wiki/Router_and_Local_Area_Network_Security
#kicksecure #whonix #docs #security-misc
So, #security folks, how are you handling all of these job scams? Specifically, we're seeing a lot of folks coming to us who were "hired" by us, but the hiring process was a scam. ie, we had nothing to do with it.
I'm not sure there's much of anything we *can* do, but maybe I'm incorrect? Thoughts?
Qiita - 人気の記事Last year I mentioned you should enable global Bundler 2.6.0's support for checksums in your Gemflile.lock for enhanced security:
`bundle config --global lockfile_checksums true`
Well, Maciej has a write up on why this is important that goes into much more detail: https://mensfeld.pl/2025/01/the-silent-guardian-why-bundler-checksums-are-a-game-changer-for-your-applications/
Please enable if you haven't already!
Qiita - 人気の記事
Hey...you may want to delete your LinkedIn accounts.
A few months ago I checked in with it after ignoring it for years, and I found photos of mine used in other's articles without credit that some folk tagged me in. Dealt with that.
During that time I also made sure to turn off their new "allow us and our partners to use your content for AI training" because that's *automatically allowed* - you are auto opted in without asking, you have to opt-out manually.
Today I logged in again, and guess what? That little toggle is back to allow all my content to be used for AI training!
I told them exactly why I deleted my account...and of course it will take 'at least 14 days' to delete.
Qiita - 人気の記事
I just brought up a new, bespoke service. New subdomain, freshly minted LetsEncrypt cert. I hit it once for testing, and then within seconds comes a barrage of requests for common paths... /config.json, /.vscode/sftp.json (lol), /.DS_Store, /.env
of course my service had nothing of interest on these paths (phew) but how the hell did someone enumerate that fresh subdomain so quickly!? How did they know to hit it?
Time to check if you ran any of these 33 malicious #Chrome extensions
At least 33 #browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices.
#privacy #security #chromeextensions
Time to check if you ran any of these 33 malicious #Chrome extensions
At least 33 #browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices.
#privacy #security #chromeextensions
Asking some reasonable questions about Elon Musk's "help" with the Cybertruck bombing case
#news #tech #technology #security #privacy #cybertruck #tesla #elonmusk #bombing
Asking some reasonable questions about Elon Musk's "help" with the Cybertruck bombing case
#news #tech #technology #security #privacy #cybertruck #tesla #elonmusk #bombing
Finally joined merveilles. So, here I go again, again
I am Moksh / untrusem, A kid with questions, from #India.
I am firm believer in #privacy and #security and also practice #permacomputing, My other shenanigans include #emacs, #bsd, #lisp, *nix and learning about #solarpunk. But I delve into so much things to write all of them down.
I also likes esoteric things. I try to program but a novice in that.
I will use my time here to steal knowledge from you amazing people, so watch out :)
In his most recent article, Cloudflare Field CTO John Engates shares how, despite the cloud revolution in IT service delivery, a critical piece remains elusive: IT still lacks sufficient visibility and control over #Networking and #Security. https://cfl.re/3DBYwZn
Qiita - 人気の記事OAuth 2.0の認可エンドポイントにおける脆弱な実装例と対策について考える
https://qiita.com/task4233/items/3af1b3d2690b44979659?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
I made the mistake of engaging with a thread over the weekend where an obvious paranoid schizophrenic decided to start replying to me.
I’ve muted them on my PC but the fact that mutes are only client side means my notifications are likely a god damn minefield and I’m avoiding looking at them on my phone. This is a REALLY STUPID DESIGN.
🚨 SECURITY PSA - 7ZIP VULN🚨
Update your 7zip, folks
https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/
#cybersecurity #zeroday #7zip #malware #security #it #infosec
Qiita - 人気の記事
‘the VW [Volkswagen] Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end. The breach impacts fully electric models across Audi, VW, Seat, and Skoda brands, affecting vehicles not just in Germany but throughout Europe and other parts of the world.’ https://databreaches.net/2024/12/27/massive-vw-group-data-leak-exposed-800000-ev-owners-movements-from-homes-to-brothels/ #privacy #security #surveillance #cybersecurity
‘the VW [Volkswagen] Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end. The breach impacts fully electric models across Audi, VW, Seat, and Skoda brands, affecting vehicles not just in Germany but throughout Europe and other parts of the world.’ https://databreaches.net/2024/12/27/massive-vw-group-data-leak-exposed-800000-ev-owners-movements-from-homes-to-brothels/ #privacy #security #surveillance #cybersecurity
‘the VW [Volkswagen] Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end. The breach impacts fully electric models across Audi, VW, Seat, and Skoda brands, affecting vehicles not just in Germany but throughout Europe and other parts of the world.’ https://databreaches.net/2024/12/27/massive-vw-group-data-leak-exposed-800000-ev-owners-movements-from-homes-to-brothels/ #privacy #security #surveillance #cybersecurity
Qiita - 人気の記事
You may want to hold off on installing Windows 11 for a bit.
A weird Windows 11 bug won’t let some people install any security updates
#Windows11#Bug #Security #Updates #OperatingSystem #Microsoft #Tech
I don't remember if I shared this one already. Cape looks to be the first legitimate security/privacy focused US cellular carrier that I've seen. It's currently only available to high profile targets, but they're aiming to launch for everyone next year. I'll most likely be trying it out, provided that I can keep my number in the process.
Qiita - 人気の記事 Qiita - 人気の記事
@[email protected] · Reply to Elena Rossini ⁂'s post
Good morning Fedi friends!
The next chapter of my self-hosting journey is all about beefing up #security of my #VPS.
Do I have any idea of what I'm doing? Not really, no. But thankfully many of you here shared some brilliant tips (special thanks to @mkj and @st3fan)
Now, it's NOT very reassuring that #YunoHost's security page (recommended by St3fan) says:
"WARNING: Following these instructions requires advanced knowledge of system administration." 😳
Wish me luck!
okay what was that wifi / authentication / four-eyes system that sounds kinda like shoggoth or an acryonym or something.
Can scanning a QR code do this? I want to call bullshit because I’ve seen two (non-techie) friends share this. Can a computer security expert weigh in on this?
> “There is a QR code to scan, and once scanned, all the information from that phone will be sent to scammers. They receive all access to the phone. All personal and financial information is accessible to the scammers and often the victim's bank accounts are drained.”
@[email protected] · Reply to Sovereign Tech Fund's post
The Sovereign Tech Agency is looking for an experienced and innovative expert in #opensource #security to lead the Sovereign Tech Resilience program.
https://www.sovereign.tech/jobs/cybersecurity-program-lead #fossjobs #getfedihired
#Tracker firm #Hapn spilling names of thousands of #GPS #tracking customers | TechCrunch
A #security researcher alerted TechCrunch in late November to customer names and affiliations — such as the name of their workplace — spilling from one of Hapn’s servers, which TechCrunch has seen.
#privacy #surveillance
#SupremeCourt to Hear TikTok’s Challenge to Law That Could Ban It
The company and its Chinese parent invoked the #FirstAmendment in urging the justices to step in before a Jan. 19 deadline to sell or be shut down.
#China #tiktok #scotus #privacy #security
https://www.nytimes.com/2024/12/18/us/politics/supreme-court-tiktok-ban.html
Good day netizens. Blue has returned after 10 years in tech, once again on the job hunt. I have worked a variety of roles from hands-on computer repair to NOC tech to Sys admin and more. In that time, I have accrued several certifications including the #Swimlane Certified #SOAR Administrator, #CompTIA #Network+, #Security+, #Pentest+, #CertifiedNetworkVulnerabilityProfessional, and #CASP+. I'm currently looking for #remotework for anywhere in the #US . I'm targeting #cybersecurity roles, since that is what I am passionate about and my certifications are focused in, but I am also open to other IT roles such as software engineer, dev ops, etc. I'm a #transgender woman trying to provide for her #LGBTQIA family and any pay would greatly help us make ends meet as we try to survive in this refuge state where the cost of living is so much higher than back home. Boosts and sharing is welcome, thanks for your time and help. #getfedihired #breakingintoinfosec #infosec #informationtechnology #sysadmin #netadmin #redteam #pentest
Generating SBOM for NuGet packages #NuGet #dotnet #security https://www.meziantou.net/generating-sbom-for-nuget-packages.htm?utm_medium=social&utm_source=mastodon
Ad blockers are becoming essential #security tools:
Threat actors often abuse ad networks - Even #Facebook ads or #Google’s Search sponsored results aren’t immune to malvertising.
“Ad networks have proven exceptionally successful; they are fine-tuned machines built from the ground up to distribute traffic on a massive scale,” the Guardio Labs explain in the new report.
https://cybernews.com/security/fake-captchas-reaching-millions-malvertising-mayhem/
I just replied to a blog comment, and I thought that I post my reply here as well:
I think that I have good reasons to be “against Avast,” having published seven articles on them so far. The security issues alone are bad enough. But Avast abused their position to collect and sell users’ browsing profiles. After they were caught they claimed the data to be anonymized, they claimed to only sell aggregated data – and they continue lying to this day, despite there being conclusive evidence to the contrary. While the company has been bought, it’s still the same people in charge. This sort of undermines any trust in them for anything related to security.
As the security of antivirus software goes, I’m not very fond of any as the articles in the “antivirus” category of my blog show. With Kaspersky it wasn’t only the security issues but also how they handled them, pushing out half-hearted fixes only for these to be circumvented shortly afterwards. McAfee and BullGuard had massive security issues stemming from being careless about security and not following best practices.
I’ve found a critical security issue in Bitdefender’s solution as well, but with them I at least had the impression that they were trying. Unfortunately, that’s currently the bar in the antivirus industry – at least trying to make their product secure.
Security-wise, one good thing about Windows Defender is that it only needs to do one job. It doesn’t need all the extra functionality as a selling argument. It doesn’t need to be a banking browser, it doesn’t need to be a phishing protection, it only needs to be an antivirus solution. It can keep a very small attack surface compared to all those antivirus suites, and so it does (yes, I checked).
#antivirus #security #avast #McAfee #BullGuard #Bitdefender #WindowsDefender
セキュリティエンジニアって200職あんねん(分類とキャリアの話) #Security - Qiita
Qiita - 人気の記事
"Artist Morry Kolman made a website called Traffic Cam Photobooth that lets people take “selfies” using publicly-available feeds from traffic cameras. The New York City Department of Transportation sent him a cease and desist letter demanding he cut it out. In response, he kept the site online and held the letter up to a traffic camera...
Kolman writes on the Traffic Cam Photobooth website that this project has always been a critique of surveillance systems...
“While these cameras are ostensibly intended for traffic, they also serve to acclimate us to the idea that constant monitoring is an everyday part [of] life in the city,” Kolman writes on the website. “No matter the target of this surveillance, it’s clear from looking at the map that most New Yorkers get unconsentingly captured by the lens of at least one camera—if not several—every day."
https://www.404media.co/traffic-cam-photobooth-cease-and-desist/
Qiita - 人気の記事
@[email protected] · Reply to Joshua Byrd's post
the biggest update to #Signal since usernames - fully encrypted, fully secure cloud backups - are coming soon!
the first part of it - message syncing to a new secondary device - is now in pre-beta testing!
go and help test it out!
https://community.signalusers.org/t/help-us-test-desktop-history-syncing/65452?u=rassilon1963
@[email protected] · Reply to dansup the creator's post
@dansup This doesn't seem like a good idea to me. On the one hand, transcoding uses up a lot of battery power, and on the other hand, simpler smartphones may not be able to cope with it, or it takes a long time and the device gets pretty warm.
But I see the bigger problem in #security: If the encoding is done on the client side, an attacker can prepare the video in such a way that it crashes the decoder on other phones or use security vulnerabilities to execute code, with #Loops as a multiplicator.
The severity level of this bug is critical, 9.8 out of 10. Upgrade your devices.
#iOS #iPhone #security #infosec #Apple #cybersecurity
https://mastodon.social/@mysk/113636630798700926
zizmor 0.9.0 is released!
some key changes:
* bugfixes/precision improvements around a handle of safe template patterns (e.g. `runner.temp`)
* precision improvements to our handling of matrices and matrix expansions, thanks to @ubiratansoares
* the terminal interface has been reworked to use tracing spans internally, making it even more responsive
full release notes here: https://github.com/woodruffw/zizmor/releases/tag/v0.9.0
Hi #Fediverse, let's start our journey here with our #introduction. We are #Turris project by #CZNIC. We develop and produce #opensource #wifi #router with focus on #security running #Linux distribution based on #OpenWrt. Of course, we provide automatic #updates and #root accounts. We have a #network of #honeypots running on our devices and create a dynamic #firewall based on the data.
I'm mind blown you can compromise a release CI/CD system with two malicious branch names. Like how.
At last, the USB portal originally authored by @refi64 in 2021, later continued by Georges Stavracas in 2023, and finalized by @hub and @swick, has been merged!
The USB portal allows sandboxed formats like Flatpak to access USB devices without poking holes in the sandbox. This is great for security, as accessing USB devices will now need to be explicitly granted by the user.
Now we just need to wait for implementers to implement them in their respective portal implementations, starting with GNOME: https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/merge_requests/159
The documentation for the USB portal is available on the xdg-desktop-portal website: https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.freedesktop.portal.Usb.html
FreeBSD 14.2 is here! New ZFS, Firecracker VMM, AIM for UDP, rtw89(4) driver, & AddressSanitizer. Explore performance & security updates! 🔗https://buff.ly/4f5bZG5
#FreeBSD #OpenSource #Networking #Virtualization #Security #Performance
I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:
https://sethmlarson.dev/slop-security-reports?utm_campaign=mastodon
Someone told me yesterday of a minutes app for meetings they'd found. Knowing how these apps work, I checked the security policy. I got my fears confirmed. It collects data and share it with 8 third parties, including use for ads & analysis.
I showed her this, and said she should probably get consent from others when using the app. Today she told me she'd uninstalled it and thanked me for the warning!
We can't expect people to figure this out. We need better regulation.
At Tuta, we believe that best security must be free for everyone.
We are happy to announce that in December all existing Tuta accounts will be upgraded to quantum-safe encryption! 🥳🎉
With TutaCrypt your data is safe - now and in the future. ⚛️ 🔒
Learn more about this quantum leap in #security: https://tuta.com/blog/post-quantum-cryptography
Helldown-Ransomware: Einbruch durch Sicherheitslücke in Zyxel-Firewalls
IT-Forscher beobachten, dass die Helldown-Ransomware nach Einbruch in Netze durch Sicherheitslücken Zyxel-Firewalls zuschlägt.
Wordpress-Plug-in Anti-Spam by Cleantalk gefährdet 200.000 Seiten
Im Wordpress-Plug-in Anti-Spam by Cleantalk klaffen gleich zwei Sicherheitslücken, durch die nicht authentifizierte Angreifern Instanzen kompromittieren können.
I wrote a report on a recent #Python #malware package uploaded to #PyPI over here: https://blog.pypi.org/posts/2024-11-25-aiocpa-attack-analysis/
Signal Is Now a Great Encrypted Alternative to Zoom and Google Meet
And Signal app is FREE 😁
#security #encrypted #message
https://lifehacker.com/tech/signal-is-now-a-great-encrypted-alternative-to-zoom-google-meet
PyPI's support for PEP 740 now includes GitLab, extending support beyond the initial scope (which was GitHub). that means that, if you're a GitLab CI/CD user, you can now upload attestations to PyPI and the index will verify and re-serve them!
docs here: https://docs.pypi.org/attestations/producing-attestations/#gitlab-cicd
Urgent Warning for Fedi Admins
We've discovered an ongoing Denial-of-Service attack against Misskey-based instances. The attacks exploit a zero-day vulnerability impacting Misskey, Sharkey, IceShrimp, and other related software. Patches are in progress and will be released ASAP. We encourage all admins to update immediately!
Note: this is a different vulnerability from the ones that were recently announced! You should update today and again tomorrow at the scheduled time.
Update: Sharkey version 2024.9.2 has been released with a patch. You can get the update here: https://activitypub.software/TransFem-org/Sharkey/-/releases/2024.9.2
#Misskey #Sharkey #IceShrimp #FediAdmins #Security
Have you ever thought about how awesome it would be to work with me? My team is looking for a Senior #SRE with good #security sense!
The SRE job description is https://www.mongodb.com/careers/jobs/6361896, either #RemoteWork anywhere in North America or hybrid/in-office. No formal #infosec experience required, good sense is perfectly fine; this is first and foremost a SRE role with security as a focus.
Apply even if you don't meet all requirements! You don't need to be perfect!
Let's Encrypt is 10 years old today!
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Huge thanks to everyone involved in making HTTPS available to everyone for free
#tech #technology #security #privacy #encryption #https #letsencrypt #ISRG
Oha, das ist provokativ: Dieser Blogartikel sagt:
- Nutzt kein #PGP / #GPG
- Nutzt kein #XMPP + OMEMO
- Nutzt kein #Matrix (im Sinne: verlasst euch nicht auf die Verschlüsselung)
- E-Mails verschlüsseln ist sinnlos
Ich kenne den Autor nicht und würde ihn nicht erwähnen, würde der Artikel nicht in ernstzunehmenden ITSec-Newslettern zitiert
Security means securing people where they are
https://blog.yossarian.net/2024/11/18/Security-means-securing-people-where-they-are
US senators urge investigation into Musk
Senators argued #Musk’s involvement in #SpaceX programs should be reviewed for potential debarment & exclusion due to the alleged contacts. Debarment would bar him from certain contracts and privileges.
Relationships between well-known US #adversary & Musk, beneficiary of billions in US govt funding, is serious risk regarding #Musk’s reliability as contractor & #SecurityClearance holder
Election infrastructure is vital to global democracies. Find out how the Internet plays its part, in this conversation with Cloudflare and Accenture. Watch the full Modern Security episode here >> https://cfl.re/48HUZnR
Le Monde used #Strava to track the movements of world leaders. They don’t use tracking devices, but their #bodyguards do.
#EmmanuelMacron: https://www.lemonde.fr/en/france/article/2024/10/27/how-emmanuel-macron-can-be-tracked-watch-the-first-episode-of-stravaleaks_6730708_7.html
#Biden and #Trump: https://www.lemonde.fr/en/united-states/article/2024/10/28/biden-and-trump-put-in-danger-by-secret-service-agents-watch-the-second-episode-of-stravaleaks_6730825_133.html
#Putin: https://www.lemonde.fr/en/international/article/2024/10/29/putin-s-bodyguards-go-on-runs-near-palace-he-denies-owning-stravaleaks-episode-3_6730915_4.html
#StravaLeaks #Security
@[email protected] · Reply to Nix Kelley's post
#security tip:
unless you know your chats or audio/video calls are secure, DON'T say anything that you wouldn't say around an unsafe person.
does this restrict your speech? yes it fucking does. but only in certain spaces.
be the annoying person who suggests over and over again to set up a secure group chat with your fellow community members. almost every service is free to use.
remember that #Discord is not secure comms. remember that #Instagram chats, and activity there, is not secure comms. remember that anything owned by Meta is not secure comms no matter what the company says.
be too careful. it's better to be too careful than careless for a moment.
Is there any European body giving recommendations/requirements about It security, similar to NIST? Especially I'm looking for an organisation giving recommendations for passwords related policies. Preferably a widely scoped, but if there is anything reasonable in a particular industry, I'd be glad to know it as well.
#itsecurity #itsec #opsec #security
Hey everyone! A couple good things to remember:
Signal is your friend! https://signal.org/
Be careful about what you post on corporate and federated social media. You don't need to self censor but you should take extra spicy discussions to something like Signal!
(people: please feel free to add hot tips for helping people keep things private!)
EDIT: It's definitely worth pointing out what I mean about "spicy". Expressing frustration in a way that could easily be misinterpreted by law enforcement? That's spicy! Planning a safe, legal protest? I'd argue that's spicy! That's the sort of thing I mean by this. No encryption or software is perfect; consider the level of risk when utilizing the tools.
But broadcasting stuff on social media can carry a lot of risk, so just... you know.
#security #secureCommunications
Apple creates Private Cloud Compute VM to let Researchers find Bugs. 
The company also seeks to improve the system's security and has expanded its security bounty program to include rewards of up to [$1 Million] for vulnerabilities that could compromise “the fundamental security and privacy guarantees of PCC”.
https://security.apple.com/blog/pcc-security-research
#apple #pcc #vm #securityresearch #bug #bounty #programming #ai #it #security #privacy #engineer #media #tech #news
![[ImageSource: Apple]
Interacting with the Private Cloud Compute client from the Virtual Research Environment.
Apple provides a Virtual Research Environment (VRE), which replicates locally the cloud intelligence system and allows inspecting it as well as testing its security and hunting for issues.
“The VRE runs the PCC node software in a virtual machine with only minor modifications. Userspace software runs identically to the PCC node, with the boot process and kernel adapted for virtualization,” Apple explains, sharing documentation on how to set up the Virtual Research Environment on your device.
VRE is present on macOS Sequia 15.1 Developer Preview and it needs a device with Apple silicaon and at least 16GB of unified memory.
<https://security.apple.com/documentation/private-cloud-compute/vresetup>](https://nerdculture.de/system/media_attachments/files/113/407/824/963/613/937/original/a72a81f16cf58a68.png)
Change Healthcare: Größtes Datenleck im US-Gesundheitswesen
Nach einem Cyberangriff auf Change Healthcare Anfang des Jahres gibt es Gewissheit. Krankendaten von fast einem Drittel der US-Bevölkerung wurden geleakt.
"Russia’s Central Bank raised its key #InterestRate from 19% to a historic 21% on Friday"
"seasonally adjusted price growth last month rose to 9.8% year-on-year from 7.5% in August. Core #inflation increased to 9.1% from 7.7% over the same period."
"russia has faced volatile prices since it sent troops into #Ukraine in February 2022"
"#russia is set to spend almost 9% of its GDP on #defense and #security this year"
There should be a SOC 2 version for companies that are just getting started. The amount of work required to be compliant can kill companies… #security
Your average free spirit, boosting psychedelics, complaining about North Korea, ranting about mobile security, and reminding you why @pir matters!
If you’re really curious, check out my website: https://midtsveen.github.io
#Monero #GrapheneOS #FreeKorea #Psychedelics #Cannabis #Privacy #DigitalFreedom #OpenSource #Security #Freedom #FreeSpirit
BSides Delaware parking and hotel information is up on the website now! https://bsidesdelaware.com/2024-venue/
If you don't have your tickets yet, WHAT ARE YOU WAITING FOR! Come join us!
https://www.eventbrite.com/e/security-bsides-delaware-2024-registration-1007007766337
AND SPEAK! CFP is open and waiting for your amazing submissions!
Decentralized Encrypted P2P Chat
Blog: https://positive-intentions.com/blog/introducing-decentralized-chat
GitHub: https://github.com/positive-intentions/chat
Demo: https://chat.positive-intentions.com
Follow for more!
#cryptography #p2p #decentralized #webrtc #cybersecurity #privacy #security
Grant Negotiation and Authorization Protocol (GNAP), the successor to OAuth 2, became RFC 9635 yesterday!
GNAP is easier to use than OAuth 2.0, with best practices as defaults and clearly articulated uses cases.
Wichtiger Hinweis am Rande:
Wer via #MicrosoftIntune die WLAN-Daten auf iPhones, iPads und Macs verteilt, damit nur Unternehmensgeräte ins Netzwerk können, der sollte UNBEDINGT die #Passwörter-App ausblenden.
Es wäre sonst möglich, sich in der Rubrik „WLAN“ den Anmelde-QR-Code anzeigen zu lassen, was es dann zu einem Kinderspiel macht, auch private Geräte ins Netzwerk einzubinden.
Die bessere Variante ist, den Zugang zum #WLAN nur mittels eines Zertifikats zuzulassen. #Security #Microsoft365
We're excited to announce the receipt of critical funding from @craignewmark Philanthropies to continue and further our work on improving the #security and stability of the Internet through our #DNS services, as part of CNP's commitment to #CyberCivilDefense.
There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a "backdoor for good guys" is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There's no safe way to create a backdoor that can't be exploited by malicious actors. #privacy #security #infosec
My 400TH #podcast is only 5 weeks away! For 7.5 years, I've helped my audience improve their #privacy & #security. And damn it, that's worth celebrating! 🥂🐉🔥
Wanna help? Post a link to a fav episode & tag it #FDSD400!
Stay tuned for more...
💯 💯 💯 💯
@[email protected] · Reply to Thomas Broyer's post
And another one published simultaneously: Why are JWT?
about why you don't actually want to add them to your application, and certainly not as a kind of session token
New blog post: Beyond the login page
about why authentication is much more than just a login page and password storage and verification
Fresh #introduction!
Hi, I'm Harris.
Professionally I work for Freedom of the Press Foundation (https://freedom.press/) managing our web team and @dangerzone. I'm a web developer learning to put my skills to good use.
My posts are likely to be about #security #privacy #webdev #dataviz #design #ux #ml and, lately, some self-conscious #epidemiology epistemic trespassing.
I also do a lot of social dance #baking #cooking and #cocktail making—maybe I'll try posting about those a bit more often!
Fennec und Mull sind besonders für datenschutzbewusste Nutzer interessant, aber wegen der verzögerten Updates nicht für jeden geeignet. Teil 5 der Artikelserie »Sichere und datenschutzfreundliche Browser«. 👇
#fennec #mull #browser #firefox #brave #mozilla #datenschutz #sicherheit #privacy #security
How I see attempts to force #backdoors in E2E #encryption...
hold up. I just remembered something.
a phone (android or iOS, I forget) said "you can set the phone to [technician-safe] mode while [repair guy] fixes it"
I mean I expect the SSDs of my devices to /always/ have that same evil maid data protection at all times?*
like what exactly does that add?
*as distinct from tampering from the device itself. e.g., not full evil maid, more like "read the C:/ drive without authentication". as in, "wait it would let you read it without auth while the SSD is offline before?"
I mean maybe the NVMe has like, a cached drive key, that you could get from specialized hardware / jtags, and this tells the device "hey, forget the drive key"
but also... shouldn't it do that anytime the device powers off? (and restore SSD access via TPM? or via password and small bootloader?)
Red Hat Open Source Practice Office (#OSPO) is hiring not one, not two, but three new staff! If you're into working 100% on community #OpenSource, one of these jobs may be for you.
All positions are attached to either the Ireland or Czech office.
Security Community Architect: work in our Verticals Team identifying, boosting, and participating in #OSS #Security communities: https://redhat.wd5.myworkdayjobs.com/en-US/jobs/jobs/details/Security-Community-Architect_R-041442-1?a=04a05835925f45b3a59406a2a6b72c8a
#FediHired (1/2)
✔ @torproject & @tails are going to strengthen their collaboration by merging¹! 👍
✔ #Tor has also released a new alpha
✔ It seems this #update does not address any of the potential #security issues, recently suspected after #German #lawenforcement claims to have used #timinganalysis to unmask Tor users.
✔ Potential solutions: timing delays, cover traffic...
¹https://blog.torproject.org/tor-tails-join-forces/
²https://blog.torproject.org/tor-is-still-safe/
#Torproject #Tails #Privacy #Surveillance #Freedom #Germany #Tech #Internet #Gov #IT
MVP #KamalaHarris speaking soon in #Pittsburgh, #Pennsylvania about building an #economy that will work for all Americans.
#OpportunityEconomy #MiddleClass #labor #unions #protection #security #education #training #infrastructure
#Vote for #KamalaHarris & Gov #TimWalz to protect our fundamental freedoms & defeat #Trump & the #MAGA #Republicans this #election.
#VoteBlue
#HarrisWalz2024
https://www.youtube.com/watch?v=XokApnr_Cak
"The team used a DJI Phantom 4 Pro drone as a stand-in for such an aircraft for an experiment. Using a ground-based radar system, the team spotted the tiny drone thanks to the radiation emitted by a Starlink #satellite, which was flying over the Philippines at the time."
https://futurism.com/the-byte/chinese-researchers-detect-stealth-aircraft-starlink
Have you ever heard of SS7? It's the backbone of most of our phone system and it's extremely insecure. Here's Veritasium exposing how easy it is to intercept your calls and texts without your knowledge.
#security #phone #veritasium #ss7 #CyberSecurity #hacking
https://www.youtube.com/watch?v=wVyu7NB7W6Y&ab_channel=Veritasium
I guess I should probably do an #introduction
- IT professional
- #Ohio born and raised
- Lifelong fan of #OhioState football.
- Advocate of #OpenSource, #Privacy, and #Security.
- #Linux user (btw, I use #Arch)
- Building experience with my #Homelab
Any security/privacy experts have any thoughts about Apple’s Private Relay service through their iCloud+ subscription?
Good?
Bad?
Irrelevant?
I won’t be getting rid of my iCloud account anytime soon, so unless there is some other compelling reason not to, it seems worth using it.
Edit: Ironically, I couldn’t send this post from my local server because, I think, of my local DNS so… Private Relay off now. 😆
#Apple #Firewall #security #privacy #icloud
I never did an #introduction!
Hi, I'm Max. I live in #NYC and do #journalism at PCMag where I cover #infosec, #security, and #privacy. I also write reviews of #VPN and professionally complain about #capitalism. I'm the Unit Chair of the ZDCG #union and moonlight as a #labor organizer. If you want to learn about how to unionize your workplace, plz DM me. I play #banjo badly and think about #medieval literature. I'm spending too much money on #fountainpens.
🚨🎬 🧵 1/4
Here is what happens when you insert an unlocked SIM card into a locked iPhone:
- The #iPhone accepts the SIM card and connects to the internet 😳
- Apple immediately adds the phone number of the SIM card to the Apple ID of the iPhone owner 😲
- #Apple accepts the new phone number as a username to sign in with the Apple ID of the iPhone owner 😱
- iOS activates the new phone number for iMessage 🤯
The video:
🚨🎬 Privacy Concerns about Apple Push Notifications
TL;DR: data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers, even if the apps aren't running at all on your iPhone. Such apps include TikTok, Facebook, FB Messenger, Instagram, Threads, X, and many more.
Watch this video to see it in action:
https://youtu.be/4ZPTjGG9t7s
🧵 1/9
#Privacy #Security #Cybersecurity #Apple #iPhone #Facebook #TikTok #InfoSec #iOS
Bilateral #security agreements signed with 🇺🇦#Ukraine
1️⃣ 12/1🇬🇧#UK
2️⃣ 16/2🇩🇪#Germany
3️⃣ 16/2🇫🇷#France
4️⃣ 23/2🇩🇰#Denmark
5️⃣ 24/2🇨🇦#Canada
6️⃣ 24/2🇮🇹#Italy
7️⃣ 02/3🇳🇱#Netherlands
8️⃣ 03/3🇫🇮#Finland
9️⃣ 11/4🇱🇻#Latvia
1️⃣0️⃣ 28/5🇪🇸#Spain
1️⃣1️⃣ 28/5🇧🇪#Belgium
1️⃣2️⃣ 28/5🇵🇹#Portugal
1️⃣3️⃣ 31/5🇸🇪#Sweden
1️⃣4️⃣ 31/5🇳🇴#Norway
1️⃣5️⃣ 31/5🇮🇸#Iceland
1️⃣6️⃣ 13/6🇺🇸#US
1️⃣7️⃣ 13/6🇯🇵#Japan
1️⃣8️⃣ 27/6🇪🇪#Estonia
1️⃣9️⃣ 27/6🇱🇹#Lithuania
2️⃣0️⃣ 27/6🇪🇺#EU
2️⃣1️⃣ 08/7🇵🇱#Poland
2️⃣2️⃣ 10/7🇱🇺#Luxembourg
2️⃣3️⃣ 11/7🇷🇴#Romania
2️⃣4️⃣ 18/7🇨🇿#Czechia
2️⃣5️⃣ 18/7🇸🇮#Slovenia
2️⃣6️⃣ 04/9🇮🇪#Ireland
2️⃣7️⃣ 11/9🇱🇹#Lithuania
Here's my #introduction:
I live in The Netherlands, Europe. I work as a self-employed tech consultant & software developer. I like to tinker & have way too many interests :)
Likely to toot about:
#technology #techpolicy, #opensource #openstandards #opencontent #publicdomain #creativecommons #copyright #sustainability #diy #infosec #security #data #privacy #accessibility #ui #ux #interactiondesign #ethics #webdevelopment #devops #sysadmin #climatecrisis #food #music #linux #debian #ubuntu
→ #Google's reCAPTCHA v2 just labor #exploitation, boffins say
https://www.theregister.com/2024/07/24/googles_recaptchav2_labor/
“The conclusion can be extended that the true purpose of #reCAPTCHA v2 is a #free image-labeling #labor and #tracking #cookie farm for advertising and #data #profit masquerading as a #security service”
(1/2)
Announcing the launch of a new blog, Reclaim Your Tech (https://reclaimyour.tech).
This blog was founded on the premise that digital infrastructure should be owned by individuals, their families, and their communities. Being user first, it will provide technical guides, open-source tools, software recommendations, essays, and discussion.
#blog #techblog #security #privacy #enshittification #opensource #foss #linux
My book “PROPAGANDA: from disinformation and influence to operations and information warfare” treats the subject adequately, comprehensively, broadly, expertly. How does information influence work? Offence & defence. Expert arrangement of the subject.
#cybersecurity #propaganda #disinformation #book #books #security https://blog.lukaszolejnik.com/propaganda-my-book-on-information-security/
With the ever increasing attacks on users, moving to #multifactorauthentication is a must in order to reduce the attack surface of just relying on a password to secure access to resources. Implementing #MFA that is enforced all the time relies on also having a good user experience, which gave rise to mobile authenticator apps since many users always have their phones with them. However it also gave rise to #mfabombing and griefing to get those users to approve. With the recent GA of #microsoftauthenticator #azuread orgs can enable number match and context for the push notification to further improve the #security of the users by avoiding the blind approval of a push notification.
🔥 See the post on the AzureAD blog here and go enable these settings for your organization https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/advanced-microsoft-authenticator-security-features-are-now/ba-p/2365673 #microsoft #office365 #o365 #cloudsecurity
Faktencheck: Telegram ist weniger privat als andere Messenger
Die Annahme, Telegram sei besonders sicher, scheint sich hartnäckig zu halten. Fakt ist: In puncto Verschlüsselung ist Telegram der Konkurrenz unterlegen.
@[email protected] · Reply to Nonilex's post
Pummel #Starlink out of the sky? Impossible; as David Burbach, #NationalSecurity affairs prof at the #US Naval War College,…[said], “Nobody has enough anti-satellite weapons to come anywhere near shooting that down.”
& Starlink, which currently operates in 75 countries, is only getting bigger. A new batch of #satellites went up today. #SpaceX has already received approval from #US regulators [🤬] to launch thousands more,
#ElonMusk #power #Security #law #regulation #Tech #internet #access
@[email protected] · Reply to Nonilex's post
The #Brazil fiasco may have led to #ElonMusk backing down, but it has also revealed just how easily he can serve #Starlink users whatever #content HE may want. #Musk’s fame, the omnipresence of his many businesses, & his growing attention to #politics does not automatically translate to #ForeignPolicy expertise [ya think? He’s a #Putin fanboy FFS]. But what could Brazil—or any nation—really do to curb his control?
#power #Security #law #regulation #Tech #internet #access #information
@[email protected] · Reply to Nonilex's post
Since #ElonMusk took over #Twitter, he has made it a cozy home for #FarRight provocateurs, reinstated the accounts of previously banned bad actors, promoted #ConspiracyTheories, & made the website worse at separating fact from fiction. And yet, #Musk believes that #X is the “number 1 source of news in the world.” [🤦🏼♀️] For a part of the world that relies on #Starlink, Musk could, if he wanted, make it the ONLY #news source.[😱]
#Security #Tech #law #power #regulation #internet #access #information
@[email protected] · Reply to Nonilex's post
Other companies are working on their own #internet constellations, incl’g #Amazon, but they’re lagging far behind—& none of their leaders owns prominent #SocialMedia companies, where they can [personally] govern the flow of #information.
Compared w/ #SpaceX, the world’s town square, as #Musk calls #X, is a cauldron of #chaos, especially for users.
#ElonMusk #Security #Tech #law #power #regulation #access #Starlink
@[email protected] · Reply to Nonilex's post
At the time of this writing—& that’s important to note, because #SpaceX launches a fresh batch nearly every week—more than 6k operational #Starlink #satellites are circling Earth, accounting for >½ of all functioning satellites in orbit.
Starlink has grown so large in part because SpaceX is simply the most prolific #space company in the world.
#ElonMusk #Security #Tech #law #power #regulation #internet #access #information
@[email protected] · Reply to Nonilex's post
The deal resembled agreements between #Israel & other world powers for #HumanitarianAid, but as far as we know, the #UnitedStates, where #SpaceX is registered, did not send #Musk to the #MiddleEast to broker it. He flew over on his private jet.
#Starlink is what’s known in the #satellite business as a #megaconstellation.
@[email protected] · Reply to Nonilex's post
#Musk toured a kibbutz that #Hamas had attacked, dressed in a suit instead of his trademark occupy mars T-shirt, & offered #Starlink’s services to the Israeli govt. #Israel has imposed #internet blackouts & destroyed #telecommunications #infrastructure in #Gaza…. This summer, after lengthy negotiations, Israeli authorities allowed #SpaceX to activate #Starlink in one hospital in Gaza, w/more service on the way.
@[email protected] · Reply to Nonilex's post
As one undersecretary told @NewYorker’s Ronan Farrow, “Even though #Musk is not technically a diplomat or statesman, I felt it was important to treat him as such, given the #influence he had on this issue.”
Last year, when #Israel’s PM Benjamin #Netanyahu hosted #ElonMusk for a visit, the billionaire looked—& [cos]played—the part of a world leader traveling to a war zone.
#Security #Tech #law #power #regulation #Starlink #internet #access
@[email protected] · Reply to Nonilex's post
Soon, #Musk found himself w/ immense decision-making #power, as #Ukraine authorities pleaded w/him to activate #Starlink over a port city in #Crimea, apparently so that they could conduct a surprise drone attack on #Russia’s fleet anchored there. By the end of the war’s first year, when #SpaceX no longer wanted to foot the bill for Starlink ops, the #Pentagon jumped to take over the job before SpaceX could cut off access.
@[email protected] · Reply to Nonilex's post
#Musk dispatched terminals to places reeling from natural disasters, & then to the front lines of war. When #Russia invaded #Ukraine in early 2022, it hacked the #satellite provider that the Ukrainian military relied on for communications. Ukrainian ofcls appealed to #ElonMusk for help, & #SpaceX dispatched truckloads of #Starlink terminals to the besieged country, for free.
@[email protected] · Reply to Nonilex's post
Not only can #ElonMusk now determine who gains traction on a small but #influential corner of the web; in certain corners of the #globe, he can also determine WHO has #access to the #internet at all, & #regulate WHAT people encounter when they use it.
For a service that took off only about 5 yrs ago, #Starlink has become impressively ubiquitous, available for use on all 7 continents.
@[email protected] · Reply to Nonilex's post
This particular feud has crystallized an unsettling truth that is growing more apparent each day: #Musk is becoming an #internet god [oh he’s gonna love that 🤢]. #Space-based internet & #SocialMedia are a potent combination, & their #control by a single person is quite unprecedented—& alarming in the same manner as a federal govt restricting online speech via sweeping decree.
@[email protected] · Reply to Nonilex's post
(& pursue #legal action over assets). But in other ways, the debacle is a microcosm of fraught, ongoing debates over #FreeSpeech & #internet #regulation around the world [& businesses abiding by the laws of the countries in which they operate]
…[#Musk’s] actions could be seen as a…corrective to govt overreach. But they seem less magnanimous when you consider that the alternative to govt overreach is…a World Wide Web governed by the whims of the world’s richest man.
@[email protected] · Reply to Nonilex's post
The fight reached a boil in recent days, when #deMoraes instructed #internet providers in #Brazil to cut off access to #X altogether & #Musk refused to block the site on #Starlink until the latter business got its accounts back.
In some ways, this is classic Musk, scuffling w/ govt agencies when he believes they’re infringing on HIS enterprises. “What a scumbag!” Musk posted about de Moraes yesterday, after Starlink reversed course & agreed to block X….
@[email protected] · Reply to Nonilex's post
#ElonMusk, the CEO of #SpaceX, received a medal from the Brazilian govt. But now #Starlink’s Brazilian service is tangled in a mess of #political tensions, #CourtOrders, personal #insults, & #threats to revoke the company’s license to operate in the country. And this drama all started because of another #Musk business that links strangers around the globe: #X, née #Twitter.
#ElonMusk Has the Off Switch
With both #X & #Starlink under his control, the world’s richest man wields unprecedented #power.
By Marina Koren
Since Starlink first beamed down to Brazil 2yrs ago, hundreds of communities in the Amazon that were previously off the grid found themselves connected to the rest of the world. Here was the purest promise of SpaceX’s #satellite #internet—to provide #connectivity in even the most remote places on Earth—fulfilled.
#Security #Tech
https://www.theatlantic.com/technology/archive/2024/09/elon-musk-brazil-starlink-x/679711/
#introduction as I can tag now.
I'm fwaggle, and have been for ages. If you've been around for 20+ years and you're thinking "hey, I think I know that guy" then you're probably right. If you thought I was a dickhead 20 years ago, you're almost certainly right... I'm trying to do better now though.
I do #security things for a WordPress host, which is good fun.
Microsoft has confirmed that Windows 11 users will not be able to uninstall the controversial “Recall” feature, despite earlier reports suggesting otherwise. Recall, part of the Copilot+ suite announced in May, automatically captures screenshots of user activity on the operating system including sensitive information such as passwords or financial data https://digitalmarketreports.com/news/25091/microsoft-recall-feature-on-windows-11-not-removable-after-all/ Do yourself a favor and get rid of Windows from your life—enough of these greedy companies. #privacy #security
Authentication is almost always the most frustrating step of interacting with a service. Matrix is no different, but Quentin is about to dramatically improve the situation.
Get a glimpse of all the goodness awaiting to be unlocked once his project lands!
We should be arming #Ukraine, not "for as long as it takes", but TO WIN.
Why? Because, to begin with, we are seriously struggling to keep #democracy afloat "for as long as it takes" and, in order to defend democracy, we must achieve a resounding Ukrainian #victory.
That's why oligarchs, terrorists, extremists and dictators are ALL so invested in stopping war-time investment in European #security in the Ukrainian front.
Focus. Act decisively. Act now.
#California Legislature Approves A.I. Safety Bill
The California bill has spurred a fierce debate over how to regulate the new technology, which both technologists and lay people have hyped for its potential benefits and harms to humanity.
#ai #security #privacy
https://www.nytimes.com/2024/08/28/technology/california-ai-safety-bill.html
怖いな、これ :vivaldi_red: #Vivaldi も影響あるのかな
a list of #hashtags for my #introduction
#technology / #computer #geek (#security pays the bills)
#music / #musician (#drummer for fun but not profit... learning other #instruments)
#weather (it's both awesome and scary)
#health / #fitness (however, will not turn down #chocolate)
#gaming newbie (#fantasian / #ffxiv occupy my time currently)
#anime (#SAO, #attackontitan, #psychopass, #RWBY, etc. etc.)
#DIY projects (if / as needed)
it's difficult writing #introductions 😅
CVE Binary Tool 3.3 is released! (At long last!)
This is my work open source project that lets you scan for known vulnerabilities in your binaries, package lists and SBOMs. It's meant to make it easier (and cheaper!) to make secure open source software.
3.3 has new features from our Google Summer of Code 2023 contributors including EPSS metrics to help users assess risks associated with vulnerabilities, a new GitHub Action to make scanning easier, and a mirror of the NVD data backed by the same servers that do Linux distro mirroring so you don't have to deal with rate limits, downtime, and servers only located in the US.
Release notes: https://github.com/intel/cve-bin-tool/releases/tag/v3.3
And get the code on pypi:
https://pypi.org/project/cve-bin-tool/3.3/
Boosts appreciated!
We noticed a similar vulnerability in #Socialhome that had been found in #Mastodon and various other projects, ie https://arcanican.is/excerpts/cve-2024-23832/discovery.htm
This should hopefully now be mitigated and anyone running a #Socialhome instance should update asap.
Other changes:
#tech #coding #hack #security #cybersecurity #programmer #linux #kalilinux #ubuntu #linuxmint
Falsehoods programmers believe about... Biometrics
https://shkspr.mobi/blog/2021/01/falsehoods-programmers-believe-about-biometrics/
(For the new reader, there is a famous essay called Falsehoods Programmers Believe About Names. It has since spawned a long list of Falsehoods Programmers Believe About....)
The BBC has a grim tale of a family with a genetic mutation which means they have no fingerprints. It details the issues they have getting official ID.
In 2010, fingerprints became mandatory for passports and driver's licences. After several attempts, Amal was able to obtain a passport by showing a certificate from a medical board. He has never used it though, partly because he fears the problems he may face at the airport. And though riding a motorbike is essential to his farming work, he has never obtained a driving licence. "I paid the fee, passed the exam, but they did not issue a licence because I couldn't provide fingerprint," he said. The family with no fingerprints
Even if this genetic issue didn't exist, it should be obvious that not everyone has fingers, or hands. Some people are born without hands, some people lose them later in life.
Policy is about the edge-cases. It's easy to design something which works for the majority of people - the real challenge is how we deal with the fringes.
Ever heard of twins, dumbass?
OK, it is a little bit more complicated than that.
Even if you assumed that everyone has ten fingers - that means you can only change your ID 9 times. If you're using iris recognition, that's one change you're permitted before you have to grow new eyeballs.
Back in 2002, Tsutomu Matsumoto copied fingerprints using Gummy Bears.
Researchers can consistently fool iris scanners
3D printed facemasks can defeat facial recognition systems.
The thing about biometrics is that they are not secret. You leave your fingerprints everywhere. If a camera can read your face, it can copy your details.
Will having a "nose job" stop your iPhone from recognising you? Probably not. But there are a range of surgical procedures which can be done.
People who have Facial Feminisation Surgery can be given a letter from a doctor to explain to border guards why a person's face may no longer match their biometrics.
Biometrics are not passwords. Nor are they a universal 2nd factor. Biometrics are, at best, usernames.
For the average user, it's probably fine to use your fingerprint or face to unlock your phone. If you think an enemy state is going to devote considerable resources to steal copies of your biometrics, consider changing to a different password mechanism.
Or, if you have kids.
に任せちゃってる…
Or if you're cheating on your spouse.
A Qatar Airways pilot was forced to make an emergency landing after a passenger found out her husband was cheating on her and had a violent reaction in midair. The woman reportedly used her sleeping husband's finger to unlock his phone and discovered his cheating ways. Eyewitness News
In a safe-ish environment, biometrics are a good convenience mechanism. If your phone is snatched by an opportunistic thief, they're unlikely to have the means to spoof your ID.
But they are not a perfect security measure.
https://shkspr.mobi/blog/2021/01/falsehoods-programmers-believe-about-biometrics/
Noch kein Patch: Sicherheitsforscher beraubt Windows sämtlicher Schutzfunktionen
Stimmen die Voraussetzungen, können Angreifer Windows Update manipulieren, um beliebige Windows-Komponenten durch veraltete, angreifbare Vorgänger zu ersetzen.
"75 Prozent der Server des Standorts waren anfällig für Cyberangriffe. [...]Die Daten der Server blieben vier Jahre lang ungeschützt, berichtet der Guardian unter Verweis auf die NDA."
#Atomkraft #Kernkraft #Sellafield #security #PoweredByRSS
Atomkraft: Sellafield räumt massive Versäumnisse bei Cybersicherheit ein
Hardware kill switches: Empowering users in the digital age. Our latest blog explores how physical control over your device builds trust, respects autonomy, and offers unparalleled protection. Discover how Purism is putting privacy at the forefront of mobile tech.
https://puri.sm/posts/the-evolution-of-smartphone-security/
#UserPrivacy #Purism #PureOS #Security
Hackers are finding more ways to commit supply chain attacks.
Mac and Windows users infected by software updates delivered over hacked ISP
#Mac #Windows #Malware #ISP #Hacks #Security #InfoSec #Tech #Apple #Microsoft
#Ventoy Security Concerns (please boost for visibility)
Ventoy is a popular utility for making USB drives containing multiple operating systems in the form of bootable image files. While very useful in theory, the source tree contains numerous binary blobs without source code. This issue has been brought up to the authors multiple times, have not been corrected, and have even gotten worse (more blobs have been added to the code over time). This is a potential malware vector, similar to the "test files" in the xz-utils backdoor catastrophe.
Recently the author has ignored a very lengthy thread raising security concerns because of these binary blobs. Given the amount of attention the thread has gotten, this seems strange, especially given that the authors have been active since then. https://github.com/ventoy/Ventoy/issues/2795
Stranger yet still, a video by Veronica Explains (@vkc) on how to create bootable USB flash drives got flooded by comments heavily suggesting the use of Ventoy and even being somewhat accusing because Veronica didn't advertise Ventoy. This is... not anything I've seen users of ANY open-source project do, and it feels similar to the social engineering done against Lasse Collin that convinced him to add Jia Tan as a maintainer, thus compromising xz-utils. See the comments of https://www.youtube.com/watch?v=QiSXClZauXA&t=3s
If you're using Ventoy, you may want to consider ceasing its use for the time being out of an abundance of caution. If you truly need its functionality, you might look into something like the IODD SSD Enclosure (https://www.iodd.shop/HDD/SSD-Enclosure) which can emulate an optical drive and allows you to select an ISO saved to the drive to boot from.
Exquisite supports DANE, even while not every browser supports it. The 3-1-2 hash (domain issued certificate, SPKI, SHA-512) is:
6a9976657f0e85aa59e2954db3bd342c04f5e33ea166a70147fd6bb54bbafe23c11be8db582671e4d169be794ff2174ee99227e78ccd3961c84b53e20dad13b0
This goes for 443/tcp.
Minister Wissing: IT-Pannen werden zunehmen
Crowdstrike hat gezeigt, wie verwundbar weltweite Vernetzung machen kann. Der Digitalminister sieht Deutschland gut gerüstet, auch für andere Szenarien.
@[email protected] · Reply to Nonilex's post
Thursday’s prisoner swap, which saw American #journalists & a #security consultant, & a group of some of #Russia’s most prominent #dissidents & #PoliticalPrisoners, exchanged for a Russian group including a state #assassin, #spies & #hackers, was the biggest & most complex switch since the Cold War.
It took place at a time of #war, w/ #GlobalRelations between the #UnitedStates & Russia as bad as they have ever been.
#MafiaState #Hostages #ForeignPolicy #diplomacy #alliances #geopolitics #law
I started to try a #comparison with all mainstream #FIDO2 #security #keys.
Here Is the comparison:
https://docs.google.com/spreadsheets/d/1o_l6ieNRgf4IDYFcTNuw2st96VjrB-djtT2BMRhRDbI/edit?usp=sharing
it is really hard to compare since vendors are super unstructured
please #boost for more reach
contributors welcome
https://docs.google.com/spreadsheets/d/1o_l6ieNRgf4IDYFcTNuw2st96VjrB-djtT2BMRhRDbI/edit?usp=sharing
#Authentication strength #maturity #model for #security
#conumerVersion
Original source:
A few #introductions:
I run Systems Structure Ltd., a US consultancy that provides fractional CISO services for pre-A to post-C round #startups, along with #threatmodeling training and #securityarchitecture reviews.
I've been working in #security since 2003 and did a spell in NGOland from ~2011 to 2016, working with NGOs and news organizations targeted by states and on tools they use, including the #briar messaging app. The field work I did then fundamentally reshaped my approach to security, and I recommend that everyone in the field learn about the reality of being a high-risk user.
I live in #Helsinki the days, although in the before times (and hopefully soon again) I spent a fair bit of time in #NYC and #London. I run a #queer performance space out of my home, along with my partner, called The Attic (@theatticfi on insta), where we make space for #drag, #burlesque, #performanceart, and music, along other things. Before I moved here, I spent six or so years traveling full time.
I have written various essays over the years, which you can see on dymaxion.org, and I'm slowly writing a book. While security pays the bills, I spend a lot of my time thinking about #complexsystems, and in particular how the human and technical bits mesh, how they fail, and how to redesign them to fail better. In practice, this has meant everything from consulting on a constitution to thinking about what comes after the #climate apocalypse. The "recruiting barbarians" in my bio refers to being more comfortable outside of institutions, but I'm starting to think more about community and infrastructure building now that I live somewhere.
I'm also an #artist; I paint and am slowly learning my way around a #synthesizer, and I've been accused of being an #architect. I'm active in the #nordiclarp scene, where we take larp serious as a dramatic form and do everything from a reworking of Hamlet played at the actual Elsinore castle to a larp about the early days of the HIV crisis. I'm primarily a theorist and critic there, as well as player, and I've edited two books and written a number of essays. Nordic larp has the best toolkit I've seen anywhere for analyzing the human parts of complex systems and especially for building new systems; it's heavily influenced my security work, along with my #designfutures thinking.
I wrote about #MFA #2FA #FIDO2 #authentication on #django applications. https://kushaldas.in/posts/multi-factor-authentication-in-django.html #python #security
Intro:
#python #linux #Sysadmin #developer #bash :sad_face: #sre #security #osm #OpenStreetMap #photography #astrophotography #hiking #bouldering #science enthusiast (most of them) #diy (not much of it) #ebike
Father of two, make my own maps and computer tools, have my own home server, fix as many things as I can myself, love to drive and travel by car but not for the city, and much more.
Mostly boosts, in several languages, including some I can't speak, write or read.
Full-featured email server running OpenBSD
https://dataswamp.org/~solene/2024-07-24-openbsd-email-server-setup.html
gemini://perso.pw/blog/articles/openbsd-email-server-setup.gmi
#nocloud #selfhosting #openbsd #security
We're proud our testing helps ensure the security of Thinkst's OSS Canary Tokens! As part of their transparency efforts, you can read the results of our latest round of testing here:
https://www.doyensec.com/resources/Doyensec_ThinkstCanaryTokensOSS_Report_Q22024_WithRetesting.pdf
Fediverse Competition time!
I have two signed copies of my book 'Security Operations in Practice', which is all about building effective Security Operations teams, to give away to my Fediverse friends.
To enter - all you have to do is boost this toot before 12pm PT on Thursday July 25th, and I'll randomly select two of the boosters to receive the copies.
You can find out more about this book, and my other releases at https://infosecdiaries.com. Thanks, and good luck!
@[email protected] · Reply to Kelly Shortridge's post
this is why I’ve side eyed any federal document about software #security, quality, or #resilience that demonizes open source software while touting the virtues of commercial cybersecurity products
as if those products aren’t notorious for deep access + flimsy quality…
I’ve written about this concern in two separate RFIs to CISA et al (with co-conspirator @rpetrich)
1) on OSS security https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/
2) on secure by design https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/
Did you know #Project2025 calls for “the entirety of the CISA #Cybersecurity Advisory Committee should be dismissed on Day One.” (page 155).
If you like being able to use computers (or do anything with organizations that use computers, including have your vote counted in elections) that’s a very bad idea.
Apparently NS&I (the old UK National Savings, as they put it "the government savings bank") have launched two factor authentication, which is good.
Except, it told me to expect a code, you would think through SMS. But no, its a phone call. To make matters worse its from France according to my phone! So of course I thought it had been compromised and wrote to them.
No, apparently they use a French company to do the OTP codes and then mask this with the UK number normally, except when it messes up or I guess your security is so high it does not show it. Actually the reply seemed annoyed that I did not just accept that the UK government bank would use a French company to do their security.
So I do not think much of the " improved security " until I can register a FIDO key or the local code generator as a call from France seems to have lots of points of failure. (Its not that its France specifically, just that it is another country.) Also they should mention this on their website! (Unless missed it).
https://www.nsandi.com/get-to-know-us/security/improved-security
Welcome to the world of #privacy, #security, and #anonymity in 2023!📅
This thread covers what we’re doing to spread privacy to the masses ⬇️⬇️
Test your prompting skills to make Gandalf reveal secret information.
Gandalf is an exciting #game designed to challenge your ability to interact with large language models (LLMs).
What's the main difference between Tuta Mail and Gmail? 😎 PRIVACY 🔐
Get your #FREE Tuta Mail account now: https://app.tuta.com/signup
#Tuta #Germany #privacy #freedom #bestemail #encryption #security #PrivacyMatters #FREE #SecureEmail #privacyfirst #encrypted
The Release Candidate 3 of Aeon #Desktop will include Full Disk #Encryption to boost data #security. Get more details! #DataSecurity #AeonDesktop #Encryption https://news.opensuse.org/2024/07/12/aeon-desktop-intros-fde/
Some exciting news: Over the past few months I have been working on founding a new organization: Blodeuwedd Labs (@blodeuweddlabs)
We are now in a position to offer subsidized security assessments (and other services) for open source projects.
(In addition to a whole array of analysis, development, and custom research offerings for everyone else)
Announcement (and more info): https://blodeuweddlabs.com/news/open-source-review-announce/
I am working on starting a project under fiscal sponsorship to teach underserved youth cybersecurity and provide them pathways to careers. I have received the application and budget projection template to fill out. I am looking for partnerships and potential donors. I am also looking for anyone who would be willing to join an advisor board. Please share if you think of anyone who would be interested in either!
Hi all, been lurking for a few days but introducing myself now! I'm Matt and a #security reporter at WIRED. Like many others here, I'm coming to Mastodon after the chaos at the bird site in the last week.
The things I cover on a regular basis are #privacy, cybersecurity, #surveillance, internet freedom, #tech and human rights, and a bunch more things in the wider security realm.
I'm based in #London—and have lived here for the last decade—so I'm often reporting on issues from across Europe. When not writing words for the web, I'm often found #running and have been dabbling in the #ultramarathon a few times over the last few years #introduction (edited to add introduction hashtag)
STAGGERING: Nearly all #ATT customers' text & call records breached.
An unnamed entity now has an NSA-level view into Americans' lives.
Damage isn't limited to AT&T customers.
But everyone they interacted with.
Also a huge national security incident given government customers on the network.
And of course, third party #Snowflake makes an appearance.
https://www.cnn.com/2024/07/12/business/att-customers-massive-breach/index.html
#infosec #cybersecurity #telco #cellular #privacy #security #breach
Little Bits: Issue #14
Uncover the accumulation of little bits I’ve found over the the past month on the topics of design, hardware, open source, privacy, security and more.
Hackvists release two gigabytes of Heritage Foundation data
"Self-described “gay furry hackers,” SiegedSec said it released the data in response to Heritage Foundation’s Project 2025, a set of proposals that aim to give Donald Trump a set of ready-made policies to implement if he wins this fall’s election. Its authors describe it as an initiative “to lay the groundwork for a White House more friendly to the right.”
The data, reviewed by CyberScoop, includes Heritage Foundation blogs and material related to The Daily Signal, a right-wing media site affiliated with Heritage. The data was created between 2007 and November 2022.
The group says it gained access to the data on July 2 and released it to provide “transparency to the public regarding who exactly is supporting heritage (sic),” a spokesperson for the group who goes by the online handle “vio” told CyberScoop in an online chat Tuesday."
https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/
#hackers #opsec #infosec #databreach #politics #ethics #furry #furries #altright #gay #uspoli #project2025 #security #privacy #transtights #fascism #hacktavists
We released #Fedify 0.9.2, 0.10.1, and 0.11.1, which patched the last reported #vulnerability, CVE-2024-39687, but the vulnerability of SSRF attacks via DNS rebinding still exists, so we released Fedify 0.9.3, 0.10.2, and 0.11.2, which fixes it.
If you are using an earlier version, please update as soon as possible.
Thanks to @benaryorg for reporting the vulnerability!
hi, i'm spv. call me spv, or james if you want to be slightly weird without knowing me
here's an #introduction post because i don't think i've made one yet.
info to know about me: 17 from BFE, NY
i'm #autistic, and have too many other conditions to list. woooo!
i do #programming on occasion
#homelab on the regular
i like to work with #security, but i don't do it enough
getting a degree in #Computer Security & #Forensics from SUNY Broome (starting in august)
warning: i use a lot of #hashtags
To #Hollo users: please update your #Hollo to 0.1.0-dev.46, a #security patch which addresses @fedify's #vulnerability CVE-2024-39687, as soon as possible!
https://hollo.social/@fedify/019080c7-c784-755d-a6f2-d1f91f2c5709
The @EUCommission wastes our tax payer money to team up with #Microsoft the #gatekeeper and notorious #antitrust villain and sue the EU data protection agency @EDPS because the Commission wants to continue to use the #M365 software #security shitshow.
How low can this institution sink?
https://digitalcourage.social/@echo_pbreyer/112722381771336529
Announced yesterday, Regal is a new linter for #Rego, with the ambitious goal of both catching bugs/mistakes in policy code, *and* to help people learn the language! If you ever work with #OPA, I’m sure you’ll find it useful. Check it out, and if you’d like to help kick-start the project by giving at star ⭐️ I’d be overjoyed!
https://github.com/StyraInc/regal/
#CloudNative #Linter #Code #Development #CodeQuality #Security
Do you know about http://verybad.kushaldas.in:8000/ experiment? This web application has a lot of #security holes, and I tried to secure it using only #systemd. Feel free to do a round of #pentest, #attack the box. Remember to let me know what did you find.
The box is up from April end 2022.
Please boost so that your other security minded friends see this. I try to make sure that any learning from this goes back to systemd upstream.
Halycon researchers have discovered a new ransomware operator named Volcano Demon that is currently distributing versions of the LukaLocker ransomware.
Halycon says the group engages in targeted ransomware attacks but does not operate a dedicated dark web leak site.
The group is also known for calling a company's executives to extort and negotiate payments.
Follow me if you’re interested in:
Pics of my #chihuahua #dog Mr Maxi & pics from walks in #Sydney #Australia (it’s kind of a puppy spam account, but he’s adorbs)
stuff about #disinformation #terrorism #radicalization & modern #warfare #drones #uavs #history
Topics I’m interested in: #legal #privacy #data #analytics #ethics #technology #feminism #ADHD #cybersecurity #informationsecurity #security #cyber #infosec #digitaltransformation #ai #ml #digitalfutures
What is it about?
#monocles offers ethically acceptable services and an online platform for individuals as well as for companies for a truly fair and secure digital life.
+ complete #opensource
+ 100% electricity from #renewable energy sources
+ no #tracking
+ highest possible #security
+ #independent of corporations and organizations, as completely privately funded
Check out more on https://monocles.eu/more
#monocles chat 1.7.9 is released on the playstore with a lot of updates and improvements! (See comments below)
https://play.google.com/store/apps/details?id=eu.monocles.chat
Today we are proud to announce the launch of the world's first #postquantum secure email platform! 🥳🎉
With TutaCrypt your data is safe against quantum computer attacks at rest & in transit. ⚛️ 🔒
Learn more about this quantum leap in #security here: https://tuta.com/blog/post-quantum-cryptography
Okay, okay, at @nova's behest, an #introduction post:
Hi 👋🏻 I'm Emelia, from #berlin, #germany, I'm trans queer and kinky.
I'm a #tech princess 👸🏻 currently working most with #typescript, currently working on Fediverse Trust & Safety tooling
I'm most known for my work on #nodejs, and contribute to #mastodon & other fediverse software
In 2020, I became the #founder of Unobvious Technology, aiming to improve the safety, #security and profitability of #sexworkers and advance the #adultindustry
Hey! Let's talk about #SSH and #security!
If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.
The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.
This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.
A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24
Let's dive in. 🧵
#ActivityPub, #FediDev and #security question: If instances generally collect only one copy of each post and then share it with the users that need to see it, does that mean nonoriginating instances are trusted to not show that post to users the poster has blocked (or who shouldn't see it because they're not following etc depending on visibility)?
How do the collecting instances know who should see it? (A cached copy of the poster's follow list?)
And does #authorized_fetch change any of this?
I probably should do an #introduction too
I'm Joel, the #wifi -whacker, #network -noodler, #linux - licker, and #security -spooner. I also do a bunch of #electronics design and #embedded coding, while wondering why #3dPrinting still sucks so much.
There will be regular #DadLife and #CatsOfMastodon posts, and likely a lot of swearing as well
🥰 So fulfilling! 🥰 A friend just brought their little daughter over to my place, because she had a journal with a 3 wheel combination lock on it, and she'd forgotten the combo.
I showed her how to decode it, and eventually she got it open! We changed the combo and locked it again so she could practice more.
After a bit, she was asking about other kinds of locks, so I happily brought out an assortment of antique and miniature locks from my collection.
A couple hours later they had to leave, and she was beaming! Today she had picked 2 warded locks, a pair of police cuffs, raked open a 4-pin tumbler, and decoded a combination lock!
I sent her off with a smiley yellow binder clip and a minuscule warded lock to practice on.
They asked to come back next week to learn more. 💜
I feel like the Yoda of lock-sport. 🙂
---
Update: Friend just texted me to say their daughter is thinking of starting a YouTube channel to document her growth in lock-sport, and wanted advice on gear/setup stuff.
---
#LockSport #Locks #Adorable #Teaching #LockPicking #Security #Hobbies #GirlPower
@[email protected] · Reply to Strypey's post
Our Mastodon server has been mostly down for a week, and anything we posted during the brief uptime during the last week has been lost. Turns out our PostgresSQL container was hit by cryptojacking malware;
https://thehackernews.com/2024/05/kinsing-hacker-group-exploits-more.html
It doesn't seem like a targeted attack, I think we were just unlucky. I highly recommend admins review your security measures and harden your systems against automated attacks.
Is this something Reproducible Builds could help with?
Hello all 👋
Am a self-employed #security consultant of 10+ years via https://securit.ie/
I regularly enjoy live sports/music (likely to post about), I code #Python & #Rust and am unafraid of low-level / reverse engineering, builder, breaker, cocktail shaker. Lefty af ☭. An aspiring cyberterrorist armchair general on main
🤘😜👍 #Introduction
👋🏽 Hi Mastodon
(Redoing #introduction)
I am the same Avoid The Hack from Bird Site
Only news items and updates for https://avoidthehack.com are cross posted from Bird Site. Everything else is here (and only here) as I’m more active on Mastodon.
Most of this feed is related to #cybersecurity and #privacy. Sometimes I post advice. Sometimes I share articles I have written. Sometimes I share articles featuring Avoid The Hack. Sometimes there are memes.
Bio was too big, and I didn't yet make an #Introduction:
Hi, I'm Leonard/Janis (like Cohen/Joplin respectively), I use they/them pronouns, he/him (Leo) and she/her (Janis).
I'm a #genderqueer #hacker from #Berlin. I'm a professional procrastinator, don't expect me to stick to one project :'-)
Outside of computing I love #running, #handball and #rollerblades, adore cats, have a passion for #teaching and spend too much time following politics. I listen to #Blues but my musical taste has since widened to also embrace R'n'B, Rock, Funk, and a lot of modern stuff. I read classic #fiction and my favorite authors are Terry #Pratchett, Douglas Adams, J.R.R. #Tolkien, Robert Harris, and Sjöwall & Wahlöö (rather male dominated, send recommendations!).
I'm politically left #AssignedCatAtBirth but not settled on the specific question of government.
I'm a #privacy and #security fetishist (these aren't the same, sometimes even oblique). Some see a gray space here, I consider the right to data self-determination a fundamental right. Also, free #housing, #publicTransport and a livable environment are fundamental. #Learning and #teaching are crucial for individuals and society. Tech won't solve our core problems, merely highlight them and perhaps provide tools for change we can use.
Pretty huge news from Canonical yesterday!
"Today, Canonical announced a 12 year LTS for any open source Docker image!"
https://canonical.com/blog/canonical-offers-12-year-lts-for-any-open-source-docker-image
Ab sofort gibt es Desinfec’t 2024 auf einem USB-Stick zum Kauf
Mit dem c’t-Sicherheitstool entfernen Sie Windows-Trojaner und greifen auf nicht mehr startenden PCs auf Ihre Daten zu.
the talk. credit ig https://www.instagram.com/peter.conrad.comics/ #infosec #security #microsoft #technology
New instance, new #intro post!
OHAI! I am Renata (it's pronounced heh-NA-ta and I am very particular about it) - I am a Manager of Solutions Architecture in Toronto, Canada. I work with #Cloud, #DevOps, #Security and all their relatives.
I am super invested in ID&E, social issues, I am an avid #cyclist, I #run, do #yoga, and still find time to find some random new hobby that I will completely ignore six months later. It is what it is.
I also love #cats! Hello!
Let’s hope this #security-conscious *choice* in the Kia EV9 is the start of a trend. They didn’t have to give us this. In a real button, no less — you can connect or disconnect the data from your phone while #USB-charging it in your car. From MKBHD https://youtu.be/CRhjL9X2yKA
Don't have time for a banner grab but still interested in basic info about a server?
Well taking advantage of a server's inability to process '%' b/c it expects two hex digits to follow; in many cases it errors
Preventing this from happening is actually easy
It requires an essential secure programming principle: verify, validate, and sanitize your input
This principle should be applied to EVERY input, and yes the URL is input
#infosec #security #it #sysadmin #tech #development #programming
So glad to be on floss.social! Time for another introduction. Hello from #Sheffield, #SouthYorkshire, UK! We're a #NonProfit initiative founded back in 2010, focused on helping people use #technology in a way that is more financially, environmentally, and socially #sustainable, regardless of knowledge or skill level – using and promoting primarily #FOSS to provide personalised learning. We particularly love #Linux, #RaspberryPi, #privacy and #security! Feel free to spread the word. Thanks!
Sometimes logical isolation isn't enough
My four-month-late #Introduction :
Work: #WordPress #hosting & #Security, #music #festival #IT, #Editor / #Filmmaker, #SmallBusiness
Life: #horror movies, music, #camping, curious and loves to learn, social justice, and to my surprise, a #runner who has #run 15,477 KM Jan 2020 - Dec 2022.
If you stop and look at something the more closely you examine it, the more amazing it becomes.
Married to the wonderful @TAV for over 25 years, furdad to Sprocket the #MinPin, (he/him) #Ottawa, #Canada
Since this is what's done on #mastodon - I am a middle age recovering fandom nerd, still active #security and #tech nerd, and someone who has amateur hour opinions on lots of things. My ideal vacation is reading terrible sci-fi in a nice hotel room.
Strongly in favor of #socialjustice #lgbt #prochoice #acab and I seem to be getting more radical as I get older.
I'll probably post about: #travel #smut #monsters #linux #whiskey #film #scifi #gaming #newwave
(Originally posted on mastodon.lol)
I've been enjoying infosec.exchange for the last month or so but have been putting off an #Introduction because I'm awkward and anxious (#privacy am I right?). I feel more comfortable talking about my cat than myself or my work on social media, so you'll probably mostly see him amongst my boosts and replies. He's a little hacker who tricks me into FaceID unlocking my iPad for him or hides my pouch of physical security keys to remind me not to be careless with them.
See how I just went on about the cat? Yeah... I feel imposter syndrome about belonging in #InfoSec. I'm an IT #security and #operations focused #SysAdmin (#BlueTeam) whose been fascinated/working with computers since I was 3, and have been doing it professionally for over 10 years now. Does that make me #SecOps? I honestly don't know. I love this community though and want to make an effort to share what I do know more often besides the cat pics or conversations or boosting #ThreatIntel and news I think to share.
If I had to sum up in a few hashtags and such, I know securing #Windows and #ActiveDirectory best but I use/protect #Linux and #macOS if you'll forgive me for using #PowerShell there too. I love #scripting and #automation, the #OSINT and #ThreatIntel and #IOCs we share, #infrastructure and #firewall stuff, #logging and #DFIR, and reading/writing reports just as much as code. I'm not super passionate about the #cloud but that's not a hill I'd die on and #Azure is pretty cool.
Did I mention I have one of the best #CatsOfInfoSec ever?
Anyway, "it's me, hi!"
Time for my own intro, I think.
Born and raised in Switzerland on #milk, #cheese and #chocolate. Still there today.
Using computers since #ZX spectrum, always enjoyed technical stuff, programming, network and hardware. Deeply interested in BBS and demoscene (Unreal, futurecrew).
Co-started my own company, #Infomaniak, in 1994 with an associate. We were first selling home-assembled computers for endusers. Then we had our own first internet dialup POP by the end of the same year and each customer was granted free access (except for local call rates). We also ran one of the first websites in Geneva, Switzerland, around that time (still found in archive.org, look for infomaniak.ch).
We then splitted the company and started providing professional web/mail hosting when it was still pretty unusual. I built that company from scratch and my associate kept running the computer shop on one side, and doing strategic thinking for the hosting business. The shop was eventually sold in 2000/2001 and we 100% focused on hosting.
At first, I was involved in every step : network design, hardware choice, mail/web servers, routing/transit, building/maintaining IT racks, staff, programming our own management tools, Delphi at that time ; still programming with Embarcadero today. And it was rapidly too overwhelming. The staff grew, we enrolled people with better skills than we had, and I focused primarily on management, legal and accounting. But it was not what I loved to do every day.
In 2017, my associate and I divorced (a 25 years long coworking is *really* like a marriage) ; I was kicked out :(
By then, Infomaniak staff was +60 people (support staff, sysadmin, devs and office admin).
I took that opportunity to better focus on what matters to me : #data #security and #IT #support for small to very small companies. Those left alone with their too complicated technological problems and they do the best they can. Ourdays, this is obviously not sufficient.
So I started again from scratch, with IT-Awareness. My main objective was being able to provide better comfort with #technology for all non technical people, focused on #data #backups and all related matters. Due to the first customers I met, I'm now mostly helping #praticians in all #medical environments.
I'm still alone in my company (it takes time... so much time...) but I nonetheless received a huge project to build a secure mail system for all practicians in Geneva area (~3,000). "Secure" meaning "with confidentiality guaranteed" following Swiss laws requirements. A case study has been done by Synology : https://www.synology.com/en-us/company/case_study/Geneva_Doctors_Association
Prior to this new secured mail system, practicians were mostly using public services like gmail, aol and local telco mail systems, which is absolutely forbidden due to the sensitivity of data they're exchanging. They're now secure, compliant with the law and patients are better protected. But this is of course only part of the long way they still have to go.
I provide a lot of IT support for small medical centers ; they don't know a thing with technology and don't have time. They need things to be done, they need confidence. I try to bring both.
Interested in all #infosec matters for so many years I can't remember, I followed a lot of incredible people with deep knowledge that shared their insight on Twitter.
And like every one of you, migrated to infosec.exchange Mastodon instance (which I proudly sponsor, @jerry thank you so much for your work and dedication, this place is what we really need, our home).
I'm always open to discuss anything with anybody, sharing knowledge and experience.
#introduction: two weeks late.
Aspiring Gaeilgeoir, recreational cyclist, hiker, dog wrangler. I like traffic lights.
I've worked as a developer, architect, consultant, chief technologist and various types of management, almost always focused on data systems. Post sabbatical, I am contemplating looking for work in security/privacy/digital rights.
Happy to connect and talk.
#IrishLanguage, #cycling, #dogsofmastodon, #privacy #opensource #security
I've archived all my old tweets (except RTs) here:
https://vegard.github.io/twitter/
Almost everything has been tagged by subject/topic in case you are only interested in something specific.
Lots of #LinuxKernel, #Programming, #Security, #Fuzzing, #Git, etc. posts.
Now that the dust has settled, I can finally get to an #introduction
I’m based in Melbourne/Narrm, and live with my family (and dog!) a short walk from one of the loveliest beaches around.
I work as an #IT consultant, mostly specialising in #Microsoft technologies, system architecture, #security and #automation . I’ve also worked as a #journalist , an #educator , a public speaker and an #author
I have one technical book under my belt, but am aspiring to #write #fiction and am enjoying being part of the #AusWrites community
As my first post on mastodon, here's an image of a comic strip that formed in my head while working on something else (I was writing an article for Bob Ambrogi's site at https://directory.lawnext.com/library/an-alternative-calendar-and-contact-program-for-your-law-office-time-and-chaos/ ) Here are some tags: #lawyer #apps #security
A bit late to the fediverse party, but here's my #introduction:
I'm a software engineer in the SF Bay Area working on #secureboot architecture and #bringup at a major tech company. Interested in #security (obviously, on this server) and extreme #homeautomation. Also enjoy #hiking, #cooking with my wonderful wife, the #oxfordcomma, and #lotr. Go #Illini! 🔶🔷
I decided I need to re-do my #introduction post. Why? I didn't know that full-text search wasn't really a thing on Mastodon (well, particularly cross-instance), so I need to hashtag it. If you've read it before, feel free to move on, or read again. Anything goes!
I’ve seen a few others do introductory posts so I figured why not for me too. It’s unlikely I was known on #infosec Twitter because I didn’t post much on Twitter. I hope to change that here.
I’ve worked in #SystemAdministration, #VulnerabilityManagement, #NetworkSecurity, and/or #SystemofSystems #Security for around 8 years. My experience has been solely within the world of #DOD, first as a civilian and then as a contractor. I’m currently a Senior SA/Deupty PM for Broadleaf-inc, a government contractor.
Along with that, I’ve been teaching infosec for around two years for a university. I developed many courses, Network Security, OS Security, #VulnerabilityAssessment and #PenetrationTesting, #OSINT, IDS & IPS, #CyberthreatIntelligence, as well as an Introduction to IT and a CCNA course. I’ll be developing an Advanced Penetration Testing and a Digital Forensics course this upcoming year.
I am an advocate for helping those with no existing experience and fresh graduates find positions in #Cybersecurity, truly entry level positions. I help run a discord that focuses on that, #SecurityNewbs, as well working on free university-style courses that people can take to learn these skills. Those aren’t ready yet, but my first free course will be Introduction to Cybersecurity.
On my off-time, I'm a huge #gamer. You'll generally find me on the Xbox Series X, although once in a while I'll be on PS5. I generally play #destiny2, probably a little too much. I have 4 kids, 5 cats, and 2 dogs. It can be a hectic house.
That’s me. Fin.
Hey everyone, here's my mastodon #introduction.
I'm a seasoned offensive #security researcher with 20+ years of experience.
As a professional #hacker and polyglot programmer of weird machines, basically I study how things can go wrong.
Some examples:
http://phrack.org/issues/70/13.html#article
https://vimeo.com/335197685
https://vimeo.com/474793702
https://youtu.be/Nc9ZLTb2hQ8
Hack the planet! 🏴☠️🌎
#introduction post!
I'm an interdisciplinary researcher, mainly in #computerscience but also a bit of #law, #philosophy, and a pinch of #STS. I study #privacy, #dataprotection, algorithmic decision-making, 'fair' ML/AI, #decentralisation, #security, #regulation of and by technology; hoping to gradually add #climatejustice to my bag of interests.
I build #Enigma machines. I don't know why (https://www.reubenbinns.com/blog/enigma-machine-version-2/)
I live in London and work in Oxford.
Love #TottenhamHotspur
Hi there! Been on the fediverse since 2018 but time for an #introduction update:
As #software developer from #Deventer, the #Netherlands I love #opensource, @nixos_org and @reproducible_builds , maintain #tiling #x11 wm @notion and helped organize @mch2022camp. I'm active at @hack42 and volunteer at Museum @EICAS.
Job: ex-#akka team at #lightbend, now self-employed and available for contracts on FLOSS things next to my part-time engagement as #Security Response Program Manager for #Apache .
Presenting #BusKill: A $20 #DeadManSwitch triggered by someone physically yanking your laptop away from you.
#opsec #infosec #CyberSecurity #travel #saftey #TravelSecurity #security #privacy
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/