#security

Someone told me yesterday of a minutes app for meetings they'd found. Knowing how these apps work, I checked the security policy. I got my fears confirmed. It collects data and share it with 8 third parties, including use for ads & analysis.

I showed her this, and said she should probably get consent from others when using the app. Today she told me she'd uninstalled it and thanked me for the warning!

We can't expect people to figure this out. We need better regulation.

#AI #Security #Privacy

At Tuta, we believe that best security must be free for everyone.

We are happy to announce that in December all existing Tuta accounts will be upgraded to quantum-safe encryption! 🥳🎉

With TutaCrypt your data is safe - now and in the future. ⚛️ 🔒

Learn more about this quantum leap in #security: https://tuta.com/blog/post-quantum-cryptography

Helldown-Ransomware: Einbruch durch Sicherheitslücke in Zyxel-Firewalls

IT-Forscher beobachten, dass die Helldown-Ransomware nach Einbruch in Netze durch Sicherheitslücken Zyxel-Firewalls zuschlägt.

https://www.heise.de/news/Helldown-Ransomware-Einbruch-durch-Sicherheitsluecke-in-Zyxel-Firewalls-10176669.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Firewall #Ransomware #Security #Sicherheitslücken #news

Wordpress-Plug-in Anti-Spam by Cleantalk gefährdet 200.000 Seiten

Im Wordpress-Plug-in Anti-Spam by Cleantalk klaffen gleich zwei Sicherheitslücken, durch die nicht authentifizierte Angreifern Instanzen kompromittieren können.

https://www.heise.de/news/Wordpress-Plug-in-Anti-Spam-by-Cleantalk-gefaehrdet-200-000-Seiten-10175993.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Security #Sicherheitslücken #Wordpress #news

I wrote a report on a recent #Python #malware package uploaded to #PyPI over here: https://blog.pypi.org/posts/2024-11-25-aiocpa-attack-analysis/

#OpenSource #Security

Signal Is Now a Great Encrypted Alternative to Zoom and Google Meet
And Signal app is FREE 😁
#security #encrypted #message
https://lifehacker.com/tech/signal-is-now-a-great-encrypted-alternative-to-zoom-google-meet

PyPI's support for PEP 740 now includes GitLab, extending support beyond the initial scope (which was GitHub). that means that, if you're a GitLab CI/CD user, you can now upload attestations to PyPI and the index will verify and re-serve them!

docs here: https://docs.pypi.org/attestations/producing-attestations/#gitlab-cicd

#pypi #python #security

Urgent Warning for Fedi Admins

We've discovered an ongoing Denial-of-Service attack against Misskey-based instances. The attacks exploit a zero-day vulnerability impacting Misskey, Sharkey, IceShrimp, and other related software. Patches are in progress and will be released ASAP. We encourage all admins to update immediately!

Note: this is a different vulnerability from the ones that were recently announced! You should update today and again tomorrow at the scheduled time.

Update: Sharkey version 2024.9.2 has been released with a patch. You can get the update here: https://activitypub.software/TransFem-org/Sharkey/-/releases/2024.9.2

#Misskey #Sharkey #IceShrimp #FediAdmins #Security

Have you ever thought about how awesome it would be to work with me? My team is looking for a Senior #SRE with good #security sense!

The SRE job description is https://www.mongodb.com/careers/jobs/6361896, either #RemoteWork anywhere in North America or hybrid/in-office. No formal #infosec experience required, good sense is perfectly fine; this is first and foremost a SRE role with security as a focus.

Apply even if you don't meet all requirements! You don't need to be perfect!

#GetFediHired #FediJobs

Let's Encrypt is 10 years old today!
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Huge thanks to everyone involved in making HTTPS available to everyone for free

https://letsencrypt.org/

#tech #technology #security #privacy #encryption #https #letsencrypt #ISRG

Oha, das ist provokativ: Dieser Blogartikel sagt:

- Nutzt kein #PGP / #GPG
- Nutzt kein #XMPP + OMEMO
- Nutzt kein #Matrix (im Sinne: verlasst euch nicht auf die Verschlüsselung)
- E-Mails verschlüsseln ist sinnlos

Ich kenne den Autor nicht und würde ihn nicht erwähnen, würde der Artikel nicht in ernstzunehmenden ITSec-Newslettern zitiert

https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

Meinungen? #itsec #security

Security means securing people where they are

https://blog.yossarian.net/2024/11/18/Security-means-securing-people-where-they-are

#security #oss

US senators urge investigation into Musk

Senators argued #Musk’s involvement in #SpaceX programs should be reviewed for potential debarment & exclusion due to the alleged contacts. Debarment would bar him from certain contracts and privileges.

Relationships between well-known US #adversary & Musk, beneficiary of billions in US govt funding, is serious risk regarding #Musk’s reliability as contractor & #SecurityClearance holder

https://kyivindependent.com/democratic-senators-urge-investigation-into-musks-calls-with-russia-reuters-reports/

#security #NationalSecurity #traitors

Le Monde used #Strava to track the movements of world leaders. They don’t use tracking devices, but their #bodyguards do.
#EmmanuelMacron: https://www.lemonde.fr/en/france/article/2024/10/27/how-emmanuel-macron-can-be-tracked-watch-the-first-episode-of-stravaleaks_6730708_7.html
#Biden and #Trump: https://www.lemonde.fr/en/united-states/article/2024/10/28/biden-and-trump-put-in-danger-by-secret-service-agents-watch-the-second-episode-of-stravaleaks_6730825_133.html
#Putin: https://www.lemonde.fr/en/international/article/2024/10/29/putin-s-bodyguards-go-on-runs-near-palace-he-denies-owning-stravaleaks-episode-3_6730915_4.html
#StravaLeaks #Security

#security tip:

unless you know your chats or audio/video calls are secure, DON'T say anything that you wouldn't say around an unsafe person.

does this restrict your speech? yes it fucking does. but only in certain spaces.

be the annoying person who suggests over and over again to set up a secure group chat with your fellow community members. almost every service is free to use.

remember that #Discord is not secure comms. remember that #Instagram chats, and activity there, is not secure comms. remember that anything owned by Meta is not secure comms no matter what the company says.

be too careful. it's better to be too careful than careless for a moment.

Is there any European body giving recommendations/requirements about It security, similar to NIST? Especially I'm looking for an organisation giving recommendations for passwords related policies. Preferably a widely scoped, but if there is anything reasonable in a particular industry, I'd be glad to know it as well.
#itsecurity #itsec #opsec #security

Hey everyone! A couple good things to remember:

Signal is your friend! https://signal.org/
Be careful about what you post on corporate and federated social media. You don't need to self censor but you should take extra spicy discussions to something like Signal!

(people: please feel free to add hot tips for helping people keep things private!)

EDIT: It's definitely worth pointing out what I mean about "spicy". Expressing frustration in a way that could easily be misinterpreted by law enforcement? That's spicy! Planning a safe, legal protest? I'd argue that's spicy! That's the sort of thing I mean by this. No encryption or software is perfect; consider the level of risk when utilizing the tools.

But broadcasting stuff on social media can carry a lot of risk, so just... you know.

#security #secureCommunications

Apple creates Private Cloud Compute VM to let Researchers find Bugs.

The company also seeks to improve the system's security and has expanded its security bounty program to include rewards of up to [$1 Million] for vulnerabilities that could compromise “the fundamental security and privacy guarantees of PCC”.

https://security.apple.com/blog/pcc-security-research

#apple #pcc #vm #securityresearch #bug #bounty #programming #ai #it #security #privacy #engineer #media #tech #news

Change Healthcare: Größtes Datenleck im US-Gesundheitswesen

Nach einem Cyberangriff auf Change Healthcare Anfang des Jahres gibt es Gewissheit. Krankendaten von fast einem Drittel der US-Bevölkerung wurden geleakt.

https://www.heise.de/news/Change-Healthcare-Groesstes-Datenleck-im-US-Gesundheitswesen-9998090.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#DigitalHealth #Security #news

Just got a notification from F-Droid that my browser ( #Fennec ) has known #security issues. Looks like I'm in the market for a new browser on my mobile devices.

I know I'm gonna hate asking this, but what browser sucks the least on #Android these days?

"Russia’s Central Bank raised its key #InterestRate from 19% to a historic 21% on Friday"

"seasonally adjusted price growth last month rose to 9.8% year-on-year from 7.5% in August. Core #inflation increased to 9.1% from 7.7% over the same period."

"russia has faced volatile prices since it sent troops into #Ukraine in February 2022"

"#russia is set to spend almost 9% of its GDP on #defense and #security this year"

#ArrestPutin #StopRussianAggression #ArmUkraineToWIN

https://www.themoscowtimes.com/2024/10/25/russias-central-bank-raises-key-rate-to-historic-21-signals-aggressive-fight-to-curb-inflation-a86806

There should be a SOC 2 version for companies that are just getting started. The amount of work required to be compliant can kill companies… #security

BSides Delaware parking and hotel information is up on the website now! https://bsidesdelaware.com/2024-venue/

If you don't have your tickets yet, WHAT ARE YOU WAITING FOR! Come join us!

https://www.eventbrite.com/e/security-bsides-delaware-2024-registration-1007007766337

AND SPEAK! CFP is open and waiting for your amazing submissions!

http://bit.ly/BDECFP24

#security #conference #BSides #BsidesDE

#meme #memes #memy #mem #yesbut #privacy #camera #phone #laptop #security #cybersecurity

Decentralized Encrypted P2P Chat

Blog: https://positive-intentions.com/blog/introducing-decentralized-chat

GitHub: https://github.com/positive-intentions/chat

Demo: https://chat.positive-intentions.com

Follow for more!

#cryptography #p2p #decentralized #webrtc #cybersecurity #privacy #security

Grant Negotiation and Authorization Protocol (GNAP), the successor to OAuth 2, became RFC 9635 yesterday!

GNAP is easier to use than OAuth 2.0, with best practices as defaults and clearly articulated uses cases.

https://www.rfc-editor.org/rfc/rfc9635

#webDev #security

Wichtiger Hinweis am Rande:

Wer via #MicrosoftIntune die WLAN-Daten auf iPhones, iPads und Macs verteilt, damit nur Unternehmensgeräte ins Netzwerk können, der sollte UNBEDINGT die #Passwörter-App ausblenden.

Es wäre sonst möglich, sich in der Rubrik „WLAN“ den Anmelde-QR-Code anzeigen zu lassen, was es dann zu einem Kinderspiel macht, auch private Geräte ins Netzwerk einzubinden.

Die bessere Variante ist, den Zugang zum #WLAN nur mittels eines Zertifikats zuzulassen. #Security #Microsoft365

We're excited to announce the receipt of critical funding from @craignewmark Philanthropies to continue and further our work on improving the #security and stability of the Internet through our #DNS services, as part of CNP's commitment to #CyberCivilDefense.

https://www.quad9.net/news/press/quad9-receives-support-from-craig-newmark-philanthropies-to-protect-against-cyber-threats

#privacy

There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a "backdoor for good guys" is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There's no safe way to create a backdoor that can't be exploited by malicious actors. #privacy #security #infosec

My 400TH #podcast is only 5 weeks away! For 7.5 years, I've helped my audience improve their #privacy & #security. And damn it, that's worth celebrating! 🥂🐉🔥

Wanna help? Post a link to a fav episode & tag it #FDSD400!

Stay tuned for more...

💯 💯 💯 💯

https://podcast.firewallsdontstopdragons.com/

And another one published simultaneously: Why are JWT?

about why you don't actually want to add them to your application, and certainly not as a kind of session token

https://blog.ltgt.net/jwt/

#jwt #security #webdev

New blog post: Beyond the login page

about why authentication is much more than just a login page and password storage and verification

https://blog.ltgt.net/beyond-the-login-page/

#webdev #authentication #security #login

Fresh #introduction!

Hi, I'm Harris.

Professionally I work for Freedom of the Press Foundation (https://freedom.press/) managing our web team and @dangerzone. I'm a web developer learning to put my skills to good use.

My posts are likely to be about #security #privacy #webdev #dataviz #design #ux #ml and, lately, some self-conscious #epidemiology epistemic trespassing.

I also do a lot of social dance #baking #cooking and #cocktail making—maybe I'll try posting about those a bit more often!

Fennec und Mull sind besonders für datenschutzbewusste Nutzer interessant, aber wegen der verzögerten Updates nicht für jeden geeignet. Teil 5 der Artikelserie »Sichere und datenschutzfreundliche Browser«. 👇

https://www.kuketz-blog.de/fennec-und-mull-sichere-und-datenschutzfreundliche-android-browser-teil-5/

#fennec #mull #browser #firefox #brave #mozilla #datenschutz #sicherheit #privacy #security

How I see attempts to force #backdoors in E2E #encryption...

#drawing #comic #geek #government #privacy #security

hold up. I just remembered something.

a phone (android or iOS, I forget) said "you can set the phone to [technician-safe] mode while [repair guy] fixes it"

I mean I expect the SSDs of my devices to /always/ have that same evil maid data protection at all times?*

like what exactly does that add?

#security #blueteam

*as distinct from tampering from the device itself. e.g., not full evil maid, more like "read the C:/ drive without authentication". as in, "wait it would let you read it without auth while the SSD is offline before?"

I mean maybe the NVMe has like, a cached drive key, that you could get from specialized hardware / jtags, and this tells the device "hey, forget the drive key"

but also... shouldn't it do that anytime the device powers off? (and restore SSD access via TPM? or via password and small bootloader?)

#iPhone #android

Red Hat Open Source Practice Office (#OSPO) is hiring not one, not two, but three new staff! If you're into working 100% on community #OpenSource, one of these jobs may be for you.

All positions are attached to either the Ireland or Czech office.

Security Community Architect: work in our Verticals Team identifying, boosting, and participating in #OSS #Security communities: https://redhat.wd5.myworkdayjobs.com/en-US/jobs/jobs/details/Security-Community-Architect_R-041442-1?a=04a05835925f45b3a59406a2a6b72c8a

#FediHired (1/2)

✔ @torproject & @tails are going to strengthen their collaboration by merging¹! 👍

✔ #Tor has also released a new alpha

✔ It seems this #update does not address any of the potential #security issues, recently suspected after #German #lawenforcement claims to have used #timinganalysis to unmask Tor users.

✔ Potential solutions: timing delays, cover traffic...

¹https://blog.torproject.org/tor-tails-join-forces/
²https://blog.torproject.org/tor-is-still-safe/

#Torproject #Tails #Privacy #Surveillance #Freedom #Germany #Tech #Internet #Gov #IT

MVP #KamalaHarris speaking soon in #Pittsburgh, #Pennsylvania about building an #economy that will work for all Americans.

#OpportunityEconomy #MiddleClass #labor #unions #protection #security #education #training #infrastructure

#Vote for #KamalaHarris & Gov #TimWalz to protect our fundamental freedoms & defeat #Trump & the #MAGA #Republicans this #election.

#VoteBlue
#HarrisWalz2024
https://www.youtube.com/watch?v=XokApnr_Cak

"The team used a DJI Phantom 4 Pro drone as a stand-in for such an aircraft for an experiment. Using a ground-based radar system, the team spotted the tiny drone thanks to the radiation emitted by a Starlink #satellite, which was flying over the Philippines at the time."

https://futurism.com/the-byte/chinese-researchers-detect-stealth-aircraft-starlink

#Space #Security #Defense

Have you ever heard of SS7? It's the backbone of most of our phone system and it's extremely insecure. Here's Veritasium exposing how easy it is to intercept your calls and texts without your knowledge.

#security #phone #veritasium #ss7 #CyberSecurity #hacking

https://www.youtube.com/watch?v=wVyu7NB7W6Y&ab_channel=Veritasium

I guess I should probably do an #introduction

- IT professional
- #Ohio born and raised
- Lifelong fan of #OhioState football.
- Advocate of #OpenSource, #Privacy, and #Security.
- #Linux user (btw, I use #Arch)
- Building experience with my #Homelab

Any security/privacy experts have any thoughts about Apple’s Private Relay service through their iCloud+ subscription?
Good?
Bad?
Irrelevant?
I won’t be getting rid of my iCloud account anytime soon, so unless there is some other compelling reason not to, it seems worth using it.
Edit: Ironically, I couldn’t send this post from my local server because, I think, of my local DNS so… Private Relay off now. 😆
#Apple #Firewall #security #privacy #icloud

I never did an #introduction!

Hi, I'm Max. I live in #NYC and do #journalism at PCMag where I cover #infosec, #security, and #privacy. I also write reviews of #VPN and professionally complain about #capitalism. I'm the Unit Chair of the ZDCG #union and moonlight as a #labor organizer. If you want to learn about how to unionize your workplace, plz DM me. I play #banjo badly and think about #medieval literature. I'm spending too much money on #fountainpens.

🚨🎬 🧵 1/4
Here is what happens when you insert an unlocked SIM card into a locked iPhone:
- The #iPhone accepts the SIM card and connects to the internet 😳
- Apple immediately adds the phone number of the SIM card to the Apple ID of the iPhone owner 😲
- #Apple accepts the new phone number as a username to sign in with the Apple ID of the iPhone owner 😱
- iOS activates the new phone number for iMessage 🤯

The video:

https://youtu.be/ln-8KnwtdSw

#privacy #security #iOS #iPhone #cybersecurity #infosec

🚨🎬 Privacy Concerns about Apple Push Notifications

TL;DR: data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers, even if the apps aren't running at all on your iPhone. Such apps include TikTok, Facebook, FB Messenger, Instagram, Threads, X, and many more.

Watch this video to see it in action:
https://youtu.be/4ZPTjGG9t7s

🧵 1/9

#Privacy #Security #Cybersecurity #Apple #iPhone #Facebook #TikTok #InfoSec #iOS

Bilateral #security agreements signed with 🇺🇦#Ukraine

1️⃣ 12/1🇬🇧#UK
2️⃣ 16/2🇩🇪#Germany
3️⃣ 16/2🇫🇷#France
4️⃣ 23/2🇩🇰#Denmark
5️⃣ 24/2🇨🇦#Canada
6️⃣ 24/2🇮🇹#Italy
7️⃣ 02/3🇳🇱#Netherlands
8️⃣ 03/3🇫🇮#Finland
9️⃣ 11/4🇱🇻#Latvia
1️⃣0️⃣ 28/5🇪🇸#Spain
1️⃣1️⃣ 28/5🇧🇪#Belgium
1️⃣2️⃣ 28/5🇵🇹#Portugal
1️⃣3️⃣ 31/5🇸🇪#Sweden
1️⃣4️⃣ 31/5🇳🇴#Norway
1️⃣5️⃣ 31/5🇮🇸#Iceland
1️⃣6️⃣ 13/6🇺🇸#US
1️⃣7️⃣ 13/6🇯🇵#Japan
1️⃣8️⃣ 27/6🇪🇪#Estonia
1️⃣9️⃣ 27/6🇱🇹#Lithuania
2️⃣0️⃣ 27/6🇪🇺#EU
2️⃣1️⃣ 08/7🇵🇱#Poland
2️⃣2️⃣ 10/7🇱🇺#Luxembourg
2️⃣3️⃣ 11/7🇷🇴#Romania
2️⃣4️⃣ 18/7🇨🇿#Czechia
2️⃣5️⃣ 18/7🇸🇮#Slovenia
2️⃣6️⃣ 04/9🇮🇪#Ireland
2️⃣7️⃣ 11/9🇱🇹#Lithuania

Here's my #introduction:
I live in The Netherlands, Europe. I work as a self-employed tech consultant & software developer. I like to tinker & have way too many interests :)

Likely to toot about:
#technology #techpolicy, #opensource #openstandards #opencontent #publicdomain #creativecommons #copyright #sustainability #diy #infosec #security #data #privacy #accessibility #ui #ux #interactiondesign #ethics #webdevelopment #devops #sysadmin #climatecrisis #food #music #linux #debian #ubuntu

→ #Google's reCAPTCHA v2 just labor #exploitation, boffins say
https://www.theregister.com/2024/07/24/googles_recaptchav2_labor/

“The conclusion can be extended that the true purpose of #reCAPTCHA v2 is a #free image-labeling #labor and #tracking #cookie farm for advertising and #data #profit masquerading as a #security service”

(1/2)
Announcing the launch of a new blog, Reclaim Your Tech (https://reclaimyour.tech).

This blog was founded on the premise that digital infrastructure should be owned by individuals, their families, and their communities. Being user first, it will provide technical guides, open-source tools, software recommendations, essays, and discussion.

#blog #techblog #security #privacy #enshittification #opensource #foss #linux

My book “PROPAGANDA: from disinformation and influence to operations and information warfare” treats the subject adequately, comprehensively, broadly, expertly. How does information influence work? Offence & defence. Expert arrangement of the subject.
#cybersecurity #propaganda #disinformation #book #books #security https://blog.lukaszolejnik.com/propaganda-my-book-on-information-security/

With the ever increasing attacks on users, moving to #multifactorauthentication is a must in order to reduce the attack surface of just relying on a password to secure access to resources. Implementing #MFA that is enforced all the time relies on also having a good user experience, which gave rise to mobile authenticator apps since many users always have their phones with them. However it also gave rise to #mfabombing and griefing to get those users to approve. With the recent GA of #microsoftauthenticator #azuread orgs can enable number match and context for the push notification to further improve the #security of the users by avoiding the blind approval of a push notification.

🔥 See the post on the AzureAD blog here and go enable these settings for your organization https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/advanced-microsoft-authenticator-security-features-are-now/ba-p/2365673 #microsoft #office365 #o365 #cloudsecurity

Faktencheck: Telegram ist weniger privat als andere Messenger

Die Annahme, Telegram sei besonders sicher, scheint sich hartnäckig zu halten. Fakt ist: In puncto Verschlüsselung ist Telegram der Konkurrenz unterlegen.​

https://www.heise.de/hintergrund/Faktencheck-Telegram-ist-weniger-privat-als-andere-Messenger-9860521.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Security #Telegram #Verschlüsselung #news

Pummel #Starlink out of the sky? Impossible; as David Burbach, #NationalSecurity affairs prof at the #US Naval War College,…[said], “Nobody has enough anti-satellite weapons to come anywhere near shooting that down.”

& Starlink, which currently operates in 75 countries, is only getting bigger. A new batch of #satellites went up today. #SpaceX has already received approval from #US regulators [🤬] to launch thousands more,

#ElonMusk #power #Security #law #regulation #Tech #internet #access

The #Brazil fiasco may have led to #ElonMusk backing down, but it has also revealed just how easily he can serve #Starlink users whatever #content HE may want. #Musk’s fame, the omnipresence of his many businesses, & his growing attention to #politics does not automatically translate to #ForeignPolicy expertise [ya think? He’s a #Putin fanboy FFS]. But what could Brazil—or any nation—really do to curb his control?

#power #Security #law #regulation #Tech #internet #access #information

Since #ElonMusk took over #Twitter, he has made it a cozy home for #FarRight provocateurs, reinstated the accounts of previously banned bad actors, promoted #ConspiracyTheories, & made the website worse at separating fact from fiction. And yet, #Musk believes that #X is the “number 1 source of news in the world.” [🤦🏼‍♀️] For a part of the world that relies on #Starlink, Musk could, if he wanted, make it the ONLY #news source.[😱]

#Security #Tech #law #power #regulation #internet #access #information

Other companies are working on their own #internet constellations, incl’g #Amazon, but they’re lagging far behind—& none of their leaders owns prominent #SocialMedia companies, where they can [personally] govern the flow of #information.

Compared w/ #SpaceX, the world’s town square, as #Musk calls #X, is a cauldron of #chaos, especially for users.

#ElonMusk #Security #Tech #law #power #regulation #access #Starlink

At the time of this writing—& that’s important to note, because #SpaceX launches a fresh batch nearly every week—more than 6k operational #Starlink #satellites are circling Earth, accounting for >½ of all functioning satellites in orbit.

Starlink has grown so large in part because SpaceX is simply the most prolific #space company in the world.

#ElonMusk #Security #Tech #law #power #regulation #internet #access #information

The deal resembled agreements between #Israel & other world powers for #HumanitarianAid, but as far as we know, the #UnitedStates, where #SpaceX is registered, did not send #Musk to the #MiddleEast to broker it. He flew over on his private jet.

#Starlink is what’s known in the #satellite business as a #megaconstellation.

#Security #Tech #law #power #regulation #internet #access

#Musk toured a kibbutz that #Hamas had attacked, dressed in a suit instead of his trademark occupy mars T-shirt, & offered #Starlink’s services to the Israeli govt. #Israel has imposed #internet blackouts & destroyed #telecommunications #infrastructure in #Gaza…. This summer, after lengthy negotiations, Israeli authorities allowed #SpaceX to activate #Starlink in one hospital in Gaza, w/more service on the way.

#Security #Tech #law #power #regulation

As one undersecretary told @NewYorker’s Ronan Farrow, “Even though #Musk is not technically a diplomat or statesman, I felt it was important to treat him as such, given the #influence he had on this issue.”

Last year, when #Israel’s PM Benjamin #Netanyahu hosted #ElonMusk for a visit, the billionaire looked—& [cos]played—the part of a world leader traveling to a war zone.

#Security #Tech #law #power #regulation #Starlink #internet #access

Soon, #Musk found himself w/ immense decision-making #power, as #Ukraine authorities pleaded w/him to activate #Starlink over a port city in #Crimea, apparently so that they could conduct a surprise drone attack on #Russia’s fleet anchored there. By the end of the war’s first year, when #SpaceX no longer wanted to foot the bill for Starlink ops, the #Pentagon jumped to take over the job before SpaceX could cut off access.

#Security #Tech #law #power #regulation

#Musk dispatched terminals to places reeling from natural disasters, & then to the front lines of war. When #Russia invaded #Ukraine in early 2022, it hacked the #satellite provider that the Ukrainian military relied on for communications. Ukrainian ofcls appealed to #ElonMusk for help, & #SpaceX dispatched truckloads of #Starlink terminals to the besieged country, for free.

#Security #Tech #law #power #regulation

Not only can #ElonMusk now determine who gains traction on a small but #influential corner of the web; in certain corners of the #globe, he can also determine WHO has #access to the #internet at all, & #regulate WHAT people encounter when they use it.

For a service that took off only about 5 yrs ago, #Starlink has become impressively ubiquitous, available for use on all 7 continents.

#power #Security #law #regulation #Tech #information

This particular feud has crystallized an unsettling truth that is growing more apparent each day: #Musk is becoming an #internet god [oh he’s gonna love that 🤢]. #Space-based internet & #SocialMedia are a potent combination, & their #control by a single person is quite unprecedented—& alarming in the same manner as a federal govt restricting online speech via sweeping decree.

#Security #Tech #law #power #regulation

(& pursue #legal action over assets). But in other ways, the debacle is a microcosm of fraught, ongoing debates over #FreeSpeech & #internet #regulation around the world [& businesses abiding by the laws of the countries in which they operate]

…[#Musk’s] actions could be seen as a…corrective to govt overreach. But they seem less magnanimous when you consider that the alternative to govt overreach is…a World Wide Web governed by the whims of the world’s richest man.

#Security #Tech #law #power

The fight reached a boil in recent days, when #deMoraes instructed #internet providers in #Brazil to cut off access to #X altogether & #Musk refused to block the site on #Starlink until the latter business got its accounts back.

In some ways, this is classic Musk, scuffling w/ govt agencies when he believes they’re infringing on HIS enterprises. “What a scumbag!” Musk posted about de Moraes yesterday, after Starlink reversed course & agreed to block X….

#Security #Tech #law #power #regulation

#ElonMusk, the CEO of #SpaceX, received a medal from the Brazilian govt. But now #Starlink’s Brazilian service is tangled in a mess of #political tensions, #CourtOrders, personal #insults, & #threats to revoke the company’s license to operate in the country. And this drama all started because of another #Musk business that links strangers around the globe: #X, née #Twitter.

#Security #Tech #law #power #regulation

#ElonMusk Has the Off Switch

With both #X & #Starlink under his control, the world’s richest man wields unprecedented #power.

By Marina Koren

Since Starlink first beamed down to Brazil 2yrs ago, hundreds of communities in the Amazon that were previously off the grid found themselves connected to the rest of the world. Here was the purest promise of SpaceX’s #satellite #internet—to provide #connectivity in even the most remote places on Earth—fulfilled.

#Security #Tech
https://www.theatlantic.com/technology/archive/2024/09/elon-musk-brazil-starlink-x/679711/

#introduction as I can tag now.

I'm fwaggle, and have been for ages. If you've been around for 20+ years and you're thinking "hey, I think I know that guy" then you're probably right. If you thought I was a dickhead 20 years ago, you're almost certainly right... I'm trying to do better now though.

I do #security things for a WordPress host, which is good fun.

Microsoft has confirmed that Windows 11 users will not be able to uninstall the controversial “Recall” feature, despite earlier reports suggesting otherwise. Recall, part of the Copilot+ suite announced in May, automatically captures screenshots of user activity on the operating system including sensitive information such as passwords or financial data https://digitalmarketreports.com/news/25091/microsoft-recall-feature-on-windows-11-not-removable-after-all/ Do yourself a favor and get rid of Windows from your life—enough of these greedy companies. #privacy #security

Authentication is almost always the most frustrating step of interacting with a service. Matrix is no different, but Quentin is about to dramatically improve the situation.

Get a glimpse of all the goodness awaiting to be unlocked once his project lands!

https://youtu.be/dmUi4ZoYRWc

#authentication #ux #security

We should be arming #Ukraine, not "for as long as it takes", but TO WIN.

Why? Because, to begin with, we are seriously struggling to keep #democracy afloat "for as long as it takes" and, in order to defend democracy, we must achieve a resounding Ukrainian #victory.

That's why oligarchs, terrorists, extremists and dictators are ALL so invested in stopping war-time investment in European #security in the Ukrainian front.

Focus. Act decisively. Act now.

#ArmUkraineNow
#ArmUkrainwToWIN
#US #NATO

#California Legislature Approves A.I. Safety Bill

The California bill has spurred a fierce debate over how to regulate the new technology, which both technologists and lay people have hyped for its potential benefits and harms to humanity.
#ai #security #privacy

https://www.nytimes.com/2024/08/28/technology/california-ai-safety-bill.html

怖いな、これ :vivaldi_red: #Vivaldi も影響あるのかな

https://news.mynavi.jp/techplus/article/20240824-3011152/

#browser #security #chrome

a list of #hashtags for my #introduction

#technology / #computer #geek (#security pays the bills)
#music / #musician (#drummer for fun but not profit... learning other #instruments)
#weather (it's both awesome and scary)
#health / #fitness (however, will not turn down #chocolate)
#gaming newbie (#fantasian / #ffxiv occupy my time currently)
#anime (#SAO, #attackontitan, #psychopass, #RWBY, etc. etc.)
#DIY projects (if / as needed)

it's difficult writing #introductions 😅

CVE Binary Tool 3.3 is released! (At long last!)

This is my work open source project that lets you scan for known vulnerabilities in your binaries, package lists and SBOMs. It's meant to make it easier (and cheaper!) to make secure open source software.

3.3 has new features from our Google Summer of Code 2023 contributors including EPSS metrics to help users assess risks associated with vulnerabilities, a new GitHub Action to make scanning easier, and a mirror of the NVD data backed by the same servers that do Linux distro mirroring so you don't have to deal with rate limits, downtime, and servers only located in the US.

Release notes: https://github.com/intel/cve-bin-tool/releases/tag/v3.3

And get the code on pypi:
https://pypi.org/project/cve-bin-tool/3.3/

Boosts appreciated!

#OpenSource #GSoC #hacktoberfest #infosec #security #Python

Socialhome v0.19.0 (security release!)

We noticed a similar vulnerability in #Socialhome that had been found in #Mastodon and various other projects, ie https://arcanican.is/excerpts/cve-2024-23832/discovery.htm

This should hopefully now be mitigated and anyone running a #Socialhome instance should update asap.

Other changes:

• Docker images are now based on Python 3.10
• The public stream is disabled by default on single user instances (with a configured root profile) for privacy reasons regarding followed content

https://socialhome.network

#security

#tech #coding #hack #security #cybersecurity #programmer #linux #kalilinux #ubuntu #linuxmint

Falsehoods programmers believe about... Biometrics
https://shkspr.mobi/blog/2021/01/falsehoods-programmers-believe-about-biometrics/

(For the new reader, there is a famous essay called Falsehoods Programmers Believe About Names. It has since spawned a long list of Falsehoods Programmers Believe About....)

Everyone has fingerprints!

The BBC has a grim tale of a family with a genetic mutation which means they have no fingerprints. It details the issues they have getting official ID.

In 2010, fingerprints became mandatory for passports and driver's licences. After several attempts, Amal was able to obtain a passport by showing a certificate from a medical board. He has never used it though, partly because he fears the problems he may face at the airport. And though riding a motorbike is essential to his farming work, he has never obtained a driving licence. "I paid the fee, passed the exam, but they did not issue a licence because I couldn't provide fingerprint," he said. The family with no fingerprints

Even if this genetic issue didn't exist, it should be obvious that not everyone has fingers, or hands. Some people are born without hands, some people lose them later in life.

Policy is about the edge-cases. It's easy to design something which works for the majority of people - the real challenge is how we deal with the fringes.

Everyone has a unique face / unique DNA

Ever heard of twins, dumbass?

OK, it is a little bit more complicated than that.

It is easy to revoke a biometric indicator

Even if you assumed that everyone has ten fingers - that means you can only change your ID 9 times. If you're using iris recognition, that's one change you're permitted before you have to grow new eyeballs.

Biometrics can't be copied

Back in 2002, Tsutomu Matsumoto copied fingerprints using Gummy Bears.

Researchers can consistently fool iris scanners

3D printed facemasks can defeat facial recognition systems.

The thing about biometrics is that they are not secret. You leave your fingerprints everywhere. If a camera can read your face, it can copy your details.

Biometrics can't be changed

Will having a "nose job" stop your iPhone from recognising you? Probably not. But there are a range of surgical procedures which can be done.

People who have Facial Feminisation Surgery can be given a letter from a doctor to explain to border guards why a person's face may no longer match their biometrics.

What are they good for?

Biometrics are not passwords. Nor are they a universal 2nd factor. Biometrics are, at best, usernames.

For the average user, it's probably fine to use your fingerprint or face to unlock your phone. If you think an enemy state is going to devote considerable resources to steal copies of your biometrics, consider changing to a different password mechanism.

Or, if you have kids.

Pushkar

@Pushkarr

Friend's 5-year old daughter started unlocking his phone with his fingerprint while he's asleep so that she can play games.

He now sleeps with gloves on. #lifeisblackmirror

---

Or if you're cheating on your spouse.

A Qatar Airways pilot was forced to make an emergency landing after a passenger found out her husband was cheating on her and had a violent reaction in midair. The woman reportedly used her sleeping husband's finger to unlock his phone and discovered his cheating ways. Eyewitness News

In a safe-ish environment, biometrics are a good convenience mechanism. If your phone is snatched by an opportunistic thief, they're unlikely to have the means to spoof your ID.

But they are not a perfect security measure.

https://shkspr.mobi/blog/2021/01/falsehoods-programmers-believe-about-biometrics/

#design #falsehoods #policy #security

#security #gender

Noch kein Patch: Sicherheitsforscher beraubt Windows sämtlicher Schutzfunktionen

Stimmen die Voraussetzungen, können Angreifer Windows Update manipulieren, um beliebige Windows-Komponenten durch veraltete, angreifbare Vorgänger zu ersetzen.

https://www.heise.de/news/Noch-kein-Patch-Sicherheitsforscher-beraubt-Windows-saemtlicher-Schutzfunktionen-9834479.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#BlackHat #Security #Sicherheitslücken #news

"75 Prozent der Server des Standorts waren anfällig für Cyberangriffe. [...]

Die Daten der Server blieben vier Jahre lang ungeschützt, berichtet der Guardian unter Verweis auf die NDA."

#Atomkraft #Kernkraft #Sellafield #security #PoweredByRSS
Atomkraft: Sellafield räumt massive Versäumnisse bei Cybersicherheit ein

Hardware kill switches: Empowering users in the digital age. Our latest blog explores how physical control over your device builds trust, respects autonomy, and offers unparalleled protection. Discover how Purism is putting privacy at the forefront of mobile tech.
https://puri.sm/posts/the-evolution-of-smartphone-security/
#UserPrivacy #Purism #PureOS #Security

Hackers are finding more ways to commit supply chain attacks.

Mac and Windows users infected by software updates delivered over hacked ISP

https://arstechnica.com/security/2024/08/hacked-isp-infects-users-receiving-unsecure-software-updates/

#Mac #Windows #Malware #ISP #Hacks #Security #InfoSec #Tech #Apple #Microsoft

#Ventoy Security Concerns (please boost for visibility)

Ventoy is a popular utility for making USB drives containing multiple operating systems in the form of bootable image files. While very useful in theory, the source tree contains numerous binary blobs without source code. This issue has been brought up to the authors multiple times, have not been corrected, and have even gotten worse (more blobs have been added to the code over time). This is a potential malware vector, similar to the "test files" in the xz-utils backdoor catastrophe.

Recently the author has ignored a very lengthy thread raising security concerns because of these binary blobs. Given the amount of attention the thread has gotten, this seems strange, especially given that the authors have been active since then. https://github.com/ventoy/Ventoy/issues/2795

Stranger yet still, a video by Veronica Explains (@vkc) on how to create bootable USB flash drives got flooded by comments heavily suggesting the use of Ventoy and even being somewhat accusing because Veronica didn't advertise Ventoy. This is... not anything I've seen users of ANY open-source project do, and it feels similar to the social engineering done against Lasse Collin that convinced him to add Jia Tan as a maintainer, thus compromising xz-utils. See the comments of https://www.youtube.com/watch?v=QiSXClZauXA&t=3s

If you're using Ventoy, you may want to consider ceasing its use for the time being out of an abundance of caution. If you truly need its functionality, you might look into something like the IODD SSD Enclosure (https://www.iodd.shop/HDD/SSD-Enclosure) which can emulate an optical drive and allows you to select an ISO saved to the drive to boot from.

#linux #boot #security #malicious #backdoor

Exquisite supports DANE, even while not every browser supports it. The 3-1-2 hash (domain issued certificate, SPKI, SHA-512) is:

6a9976657f0e85aa59e2954db3bd342c04f5e33ea166a70147fd6bb54bbafe23c11be8db582671e4d169be794ff2174ee99227e78ccd3961c84b53e20dad13b0

This goes for 443/tcp.

#mastoadmin #security

Minister Wissing: IT-Pannen werden zunehmen

Crowdstrike hat gezeigt, wie verwundbar weltweite Vernetzung machen kann. Der Digitalminister sieht Deutschland gut gerüstet, auch für andere Szenarien.

https://www.heise.de/news/Minister-Wissing-IT-Pannen-werden-zunehmen-9823654.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Crowdstrike #Cyberangriff #KRITIS #Security #news

Thursday’s prisoner swap, which saw American #journalists & a #security consultant, & a group of some of #Russia’s most prominent #dissidents & #PoliticalPrisoners, exchanged for a Russian group including a state #assassin, #spies & #hackers, was the biggest & most complex switch since the Cold War.

It took place at a time of #war, w/ #GlobalRelations between the #UnitedStates & Russia as bad as they have ever been.

#MafiaState #Hostages #ForeignPolicy #diplomacy #alliances #geopolitics #law

I started to try a #comparison with all mainstream #FIDO2 #security #keys.

Here Is the comparison:

https://docs.google.com/spreadsheets/d/1o_l6ieNRgf4IDYFcTNuw2st96VjrB-djtT2BMRhRDbI/edit?usp=sharing

it is really hard to compare since vendors are super unstructured

please #boost for more reach

contributors welcome

https://docs.google.com/spreadsheets/d/1o_l6ieNRgf4IDYFcTNuw2st96VjrB-djtT2BMRhRDbI/edit?usp=sharing

#Authentication strength #maturity #model for #security
#conumerVersion

Original source:

https://www.linkedin.com/feed/update/urn:li:activity:7088125479261462528?utm_source=share&utm_medium=member_ios

A few #introductions:

I run Systems Structure Ltd., a US consultancy that provides fractional CISO services for pre-A to post-C round #startups, along with #threatmodeling training and #securityarchitecture reviews.

I've been working in #security since 2003 and did a spell in NGOland from ~2011 to 2016, working with NGOs and news organizations targeted by states and on tools they use, including the #briar messaging app. The field work I did then fundamentally reshaped my approach to security, and I recommend that everyone in the field learn about the reality of being a high-risk user.

I live in #Helsinki the days, although in the before times (and hopefully soon again) I spent a fair bit of time in #NYC and #London. I run a #queer performance space out of my home, along with my partner, called The Attic (@theatticfi on insta), where we make space for #drag, #burlesque, #performanceart, and music, along other things. Before I moved here, I spent six or so years traveling full time.

I have written various essays over the years, which you can see on dymaxion.org, and I'm slowly writing a book. While security pays the bills, I spend a lot of my time thinking about #complexsystems, and in particular how the human and technical bits mesh, how they fail, and how to redesign them to fail better. In practice, this has meant everything from consulting on a constitution to thinking about what comes after the #climate apocalypse. The "recruiting barbarians" in my bio refers to being more comfortable outside of institutions, but I'm starting to think more about community and infrastructure building now that I live somewhere.

I'm also an #artist; I paint and am slowly learning my way around a #synthesizer, and I've been accused of being an #architect. I'm active in the #nordiclarp scene, where we take larp serious as a dramatic form and do everything from a reworking of Hamlet played at the actual Elsinore castle to a larp about the early days of the HIV crisis. I'm primarily a theorist and critic there, as well as player, and I've edited two books and written a number of essays. Nordic larp has the best toolkit I've seen anywhere for analyzing the human parts of complex systems and especially for building new systems; it's heavily influenced my security work, along with my #designfutures thinking.

I wrote about #MFA #2FA #FIDO2 #authentication on #django applications. https://kushaldas.in/posts/multi-factor-authentication-in-django.html #python #security

Intro:

#python #linux #Sysadmin #developer #bash :sad_face: #sre #security #osm #OpenStreetMap #photography #astrophotography #hiking #bouldering #science enthusiast (most of them) #diy (not much of it) #ebike

Father of two, make my own maps and computer tools, have my own home server, fix as many things as I can myself, love to drive and travel by car but not for the city, and much more.

Mostly boosts, in several languages, including some I can't speak, write or read.

Full-featured email server running OpenBSD

https://dataswamp.org/~solene/2024-07-24-openbsd-email-server-setup.html

gemini://perso.pw/blog/articles/openbsd-email-server-setup.gmi
#nocloud #selfhosting #openbsd #security

@solene

We're proud our testing helps ensure the security of Thinkst's OSS Canary Tokens! As part of their transparency efforts, you can read the results of our latest round of testing here:

https://www.doyensec.com/resources/Doyensec_ThinkstCanaryTokensOSS_Report_Q22024_WithRetesting.pdf

#doyensec #appsec #security #thinkst

Fediverse Competition time!

I have two signed copies of my book 'Security Operations in Practice', which is all about building effective Security Operations teams, to give away to my Fediverse friends.

To enter - all you have to do is boost this toot before 12pm PT on Thursday July 25th, and I'll randomly select two of the boosters to receive the copies.

You can find out more about this book, and my other releases at https://infosecdiaries.com. Thanks, and good luck!

#infosec #DFIR #SecOps #Security #cybersecurity

this is why I’ve side eyed any federal document about software #security, quality, or #resilience that demonizes open source software while touting the virtues of commercial cybersecurity products

as if those products aren’t notorious for deep access + flimsy quality…

I’ve written about this concern in two separate RFIs to CISA et al (with co-conspirator @rpetrich)

1) on OSS security https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/

2) on secure by design https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/

#crowdstrike

Did you know #Project2025 calls for “the entirety of the CISA #Cybersecurity Advisory Committee should be dismissed on Day One.” (page 155).

If you like being able to use computers (or do anything with organizations that use computers, including have your vote counted in elections) that’s a very bad idea.

#infosec #security #USpol #politics #political

Apparently NS&I (the old UK National Savings, as they put it "the government savings bank") have launched two factor authentication, which is good.

Except, it told me to expect a code, you would think through SMS. But no, its a phone call. To make matters worse its from France according to my phone! So of course I thought it had been compromised and wrote to them.

No, apparently they use a French company to do the OTP codes and then mask this with the UK number normally, except when it messes up or I guess your security is so high it does not show it. Actually the reply seemed annoyed that I did not just accept that the UK government bank would use a French company to do their security.

So I do not think much of the " improved security " until I can register a FIDO key or the local code generator as a call from France seems to have lots of points of failure. (Its not that its France specifically, just that it is another country.) Also they should mention this on their website! (Unless missed it).

#nsandi #2FA #security

https://www.nsandi.com/get-to-know-us/security/improved-security

Welcome to the world of #privacy, #security, and #anonymity in 2023!📅

This thread covers what we’re doing to spread privacy to the masses ⬇️⬇️

Test your prompting skills to make Gandalf reveal secret information.

Gandalf is an exciting #game designed to challenge your ability to interact with large language models (LLMs).

https://gandalf.lakera.ai/intro

#ai #llm #security

What's the main difference between Tuta Mail and Gmail? 😎 PRIVACY 🔐

Get your #FREE Tuta Mail account now: https://app.tuta.com/signup

#Tuta #Germany #privacy #freedom #bestemail #encryption #security #PrivacyMatters #FREE #SecureEmail #privacyfirst #encrypted

The Release Candidate 3 of Aeon #Desktop will include Full Disk #Encryption to boost data #security. Get more details! #DataSecurity #AeonDesktop #Encryption https://news.opensuse.org/2024/07/12/aeon-desktop-intros-fde/

Some exciting news: Over the past few months I have been working on founding a new organization: Blodeuwedd Labs (@blodeuweddlabs)

We are now in a position to offer subsidized security assessments (and other services) for open source projects.

(In addition to a whole array of analysis, development, and custom research offerings for everyone else)

Announcement (and more info): https://blodeuweddlabs.com/news/open-source-review-announce/

#infosec #security #appsec #canada #opensource

I am working on starting a project under fiscal sponsorship to teach underserved youth cybersecurity and provide them pathways to careers. I have received the application and budget projection template to fill out. I am looking for partnerships and potential donors. I am also looking for anyone who would be willing to join an advisor board. Please share if you think of anyone who would be interested in either!

#losangeles #infosec #security

Hi all, been lurking for a few days but introducing myself now! I'm Matt and a #security reporter at WIRED. Like many others here, I'm coming to Mastodon after the chaos at the bird site in the last week.

The things I cover on a regular basis are #privacy, cybersecurity, #surveillance, internet freedom, #tech and human rights, and a bunch more things in the wider security realm.

I'm based in #London—and have lived here for the last decade—so I'm often reporting on issues from across Europe. When not writing words for the web, I'm often found #running and have been dabbling in the #ultramarathon a few times over the last few years #introduction (edited to add introduction hashtag)

STAGGERING: Nearly all #ATT customers' text & call records breached.

An unnamed entity now has an NSA-level view into Americans' lives.

Damage isn't limited to AT&T customers.

But everyone they interacted with.

Also a huge national security incident given government customers on the network.

And of course, third party #Snowflake makes an appearance.

https://www.cnn.com/2024/07/12/business/att-customers-massive-breach/index.html

#infosec #cybersecurity #telco #cellular #privacy #security #breach

Little Bits: Issue #14

Uncover the accumulation of little bits I’ve found over the the past month on the topics of design, hardware, open source, privacy, security and more.

https://www.adamsdesk.com/posts/little-bits-issue-14/

#blog #OpenSource #security #privacy

Hackvists release two gigabytes of Heritage Foundation data

"Self-described “gay furry hackers,” SiegedSec said it released the data in response to Heritage Foundation’s Project 2025, a set of proposals that aim to give Donald Trump a set of ready-made policies to implement if he wins this fall’s election. Its authors describe it as an initiative “to lay the groundwork for a White House more friendly to the right.”

The data, reviewed by CyberScoop, includes Heritage Foundation blogs and material related to The Daily Signal, a right-wing media site affiliated with Heritage. The data was created between 2007 and November 2022. 

The group says it gained access to the data on July 2 and released it to provide “transparency to the public regarding who exactly is supporting heritage (sic),” a spokesperson for the group who goes by the online handle “vio” told CyberScoop in an online chat Tuesday."

https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/

#hackers #opsec #infosec #databreach #politics #ethics #furry #furries #altright #gay #uspoli #project2025 #security #privacy #transtights #fascism #hacktavists

We released #Fedify 0.9.2, 0.10.1, and 0.11.1, which patched the last reported #vulnerability, CVE-2024-39687, but the vulnerability of SSRF attacks via DNS rebinding still exists, so we released Fedify 0.9.3, 0.10.2, and 0.11.2, which fixes it.

If you are using an earlier version, please update as soon as possible.

Thanks to @benaryorg for reporting the vulnerability!

#SSRF #security #fedidev

Does anyone know if there is a way to get a snapshot of a running container instance in #Azure for a #security #incident investigation? I can't find anything in the docs to see if it's possible.

hi, i'm spv. call me spv, or james if you want to be slightly weird without knowing me

here's an #introduction post because i don't think i've made one yet.
info to know about me: 17 from BFE, NY

i'm #autistic, and have too many other conditions to list. woooo!

i do #programming on occasion
#homelab on the regular
i like to work with #security, but i don't do it enough

getting a degree in #Computer Security & #Forensics from SUNY Broome (starting in august)

warning: i use a lot of #hashtags

To #Hollo users: please update your #Hollo to 0.1.0-dev.46, a #security patch which addresses @fedify's #vulnerability CVE-2024-39687, as soon as possible!

https://hollo.social/@fedify/019080c7-c784-755d-a6f2-d1f91f2c5709

The @EUCommission wastes our tax payer money to team up with #Microsoft the #gatekeeper and notorious #antitrust villain and sue the EU data protection agency @EDPS because the Commission wants to continue to use the #M365 software #security shitshow.

How low can this institution sink?

https://digitalcourage.social/@echo_pbreyer/112722381771336529

#privacy #gdpr #dataprotection #edps

Announced yesterday, Regal is a new linter for #Rego, with the ambitious goal of both catching bugs/mistakes in policy code, *and* to help people learn the language! If you ever work with #OPA, I’m sure you’ll find it useful. Check it out, and if you’d like to help kick-start the project by giving at star ⭐️ I’d be overjoyed!

https://github.com/StyraInc/regal/

#CloudNative #Linter #Code #Development #CodeQuality #Security

Do you know about http://verybad.kushaldas.in:8000/ experiment? This web application has a lot of #security holes, and I tried to secure it using only #systemd. Feel free to do a round of #pentest, #attack the box. Remember to let me know what did you find.

The box is up from April end 2022.

Please boost so that your other security minded friends see this. I try to make sure that any learning from this goes back to systemd upstream.

#infosec #linux #rustlang #rust

Halycon researchers have discovered a new ransomware operator named Volcano Demon that is currently distributing versions of the LukaLocker ransomware.

Halycon says the group engages in targeted ransomware attacks but does not operate a dedicated dark web leak site.

The group is also known for calling a company's executives to extort and negotiate payments.

https://www.halcyon.ai/blog/halcyon-identifies-new-ransomware-operator-volcano-demon-serving-up-lukalocker

#infosec #cybersecurity #security

Follow me if you’re interested in:

Pics of my #chihuahua #dog Mr Maxi & pics from walks in #Sydney #Australia (it’s kind of a puppy spam account, but he’s adorbs)

stuff about #disinformation #terrorism #radicalization & modern #warfare #drones #uavs #history

Topics I’m interested in: #legal #privacy #data #analytics #ethics #technology #feminism #ADHD #cybersecurity #informationsecurity #security #cyber #infosec #digitaltransformation #ai #ml #digitalfutures

#TwitterMigration

What is it about?

#monocles offers ethically acceptable services and an online platform for individuals as well as for companies for a truly fair and secure digital life.

+ complete #opensource

+ 100% electricity from #renewable energy sources

+ no #tracking

+ highest possible #security

+ #independent of corporations and organizations, as completely privately funded

Check out more on https://monocles.eu/more

#monocles chat 1.7.9 is released on the playstore with a lot of updates and improvements! (See comments below)

https://play.google.com/store/apps/details?id=eu.monocles.chat

#xmpp #chat #privacy #security #messenger

Today we are proud to announce the launch of the world's first #postquantum secure email platform! 🥳🎉

With TutaCrypt your data is safe against quantum computer attacks at rest & in transit. ⚛️ 🔒

Learn more about this quantum leap in #security here: https://tuta.com/blog/post-quantum-cryptography

Okay, okay, at @nova's behest, an #introduction post:

Hi 👋🏻 I'm Emelia, from #berlin, #germany, I'm trans queer and kinky.

I'm a #tech princess 👸🏻 currently working most with #typescript, currently working on Fediverse Trust & Safety tooling

I'm most known for my work on #nodejs, and contribute to #mastodon & other fediverse software

In 2020, I became the #founder of Unobvious Technology, aiming to improve the safety, #security and profitability of #sexworkers and advance the #adultindustry

Hey! Let's talk about #SSH and #security!

If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.

The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.

This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.

A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24

Let's dive in. 🧵

#ActivityPub, #FediDev and #security question: If instances generally collect only one copy of each post and then share it with the users that need to see it, does that mean nonoriginating instances are trusted to not show that post to users the poster has blocked (or who shouldn't see it because they're not following etc depending on visibility)?

How do the collecting instances know who should see it? (A cached copy of the poster's follow list?)

And does #authorized_fetch change any of this?

I probably should do an #introduction too

I'm Joel, the #wifi -whacker, #network -noodler, #linux - licker, and #security -spooner. I also do a bunch of #electronics design and #embedded coding, while wondering why #3dPrinting still sucks so much.

There will be regular #DadLife and #CatsOfMastodon posts, and likely a lot of swearing as well

🥰 So fulfilling! 🥰 A friend just brought their little daughter over to my place, because she had a journal with a 3 wheel combination lock on it, and she'd forgotten the combo.

I showed her how to decode it, and eventually she got it open! We changed the combo and locked it again so she could practice more.

After a bit, she was asking about other kinds of locks, so I happily brought out an assortment of antique and miniature locks from my collection.

A couple hours later they had to leave, and she was beaming! Today she had picked 2 warded locks, a pair of police cuffs, raked open a 4-pin tumbler, and decoded a combination lock!

I sent her off with a smiley yellow binder clip and a minuscule warded lock to practice on.

They asked to come back next week to learn more. 💜

I feel like the Yoda of lock-sport. 🙂

---

Update: Friend just texted me to say their daughter is thinking of starting a YouTube channel to document her growth in lock-sport, and wanted advice on gear/setup stuff.

---

#LockSport #Locks #Adorable #Teaching #LockPicking #Security #Hobbies #GirlPower

Our Mastodon server has been mostly down for a week, and anything we posted during the brief uptime during the last week has been lost. Turns out our PostgresSQL container was hit by cryptojacking malware;

https://thehackernews.com/2024/05/kinsing-hacker-group-exploits-more.html

It doesn't seem like a targeted attack, I think we were just unlucky. I highly recommend admins review your security measures and harden your systems against automated attacks.

Is this something Reproducible Builds could help with?

#security #malware #CryptoJacking

Hello all 👋
Am a self-employed #security consultant of 10+ years via https://securit.ie/

I regularly enjoy live sports/music (likely to post about), I code #Python & #Rust and am unafraid of low-level / reverse engineering, builder, breaker, cocktail shaker. Lefty af ☭. An aspiring cyberterrorist armchair general on main
🤘😜👍 #Introduction

👋🏽 Hi Mastodon

(Redoing #introduction)

I am the same Avoid The Hack from Bird Site

Only news items and updates for https://avoidthehack.com are cross posted from Bird Site. Everything else is here (and only here) as I’m more active on Mastodon.

Most of this feed is related to #cybersecurity and #privacy. Sometimes I post advice. Sometimes I share articles I have written. Sometimes I share articles featuring Avoid The Hack. Sometimes there are memes.

#security #privacymatters #infosec #opsec

Bio was too big, and I didn't yet make an #Introduction:

Hi, I'm Leonard/Janis (like Cohen/Joplin respectively), I use they/them pronouns, he/him (Leo) and she/her (Janis).

I'm a #genderqueer #hacker from #Berlin. I'm a professional procrastinator, don't expect me to stick to one project :'-)

Outside of computing I love #running, #handball and #rollerblades, adore cats, have a passion for #teaching and spend too much time following politics. I listen to #Blues but my musical taste has since widened to also embrace R'n'B, Rock, Funk, and a lot of modern stuff. I read classic #fiction and my favorite authors are Terry #Pratchett, Douglas Adams, J.R.R. #Tolkien, Robert Harris, and Sjöwall & Wahlöö (rather male dominated, send recommendations!).

I'm politically left #AssignedCatAtBirth but not settled on the specific question of government.

I'm a #privacy and #security fetishist (these aren't the same, sometimes even oblique). Some see a gray space here, I consider the right to data self-determination a fundamental right. Also, free #housing, #publicTransport and a livable environment are fundamental. #Learning and #teaching are crucial for individuals and society. Tech won't solve our core problems, merely highlight them and perhaps provide tools for change we can use.

Pretty huge news from Canonical yesterday!

"Today, Canonical announced a 12 year LTS for any open source Docker image!"

https://canonical.com/blog/canonical-offers-12-year-lts-for-any-open-source-docker-image

#Canonical #Ubuntu #Docker #Security

Ab sofort gibt es Desinfec’t 2024 auf einem USB-Stick zum Kauf

Mit dem c’t-Sicherheitstool entfernen Sie Windows-Trojaner und greifen auf nicht mehr startenden PCs auf Ihre Daten zu.

https://www.heise.de/news/Ab-sofort-gibt-es-Desinfec-t-2024-auf-einem-USB-Stick-zum-Kauf-9763278.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Download #Security #Trojaner #Virenscanner #Windows #news

Let’s hope this #security-conscious *choice* in the Kia EV9 is the start of a trend. They didn’t have to give us this. In a real button, no less — you can connect or disconnect the data from your phone while #USB-charging it in your car. From MKBHD https://youtu.be/CRhjL9X2yKA

Don't have time for a banner grab but still interested in basic info about a server?

Well taking advantage of a server's inability to process '%' b/c it expects two hex digits to follow; in many cases it errors

Preventing this from happening is actually easy

It requires an essential secure programming principle: verify, validate, and sanitize your input

This principle should be applied to EVERY input, and yes the URL is input

#infosec #security #it #sysadmin #tech #development #programming

So glad to be on floss.social! Time for another introduction. Hello from #Sheffield, #SouthYorkshire, UK! We're a #NonProfit initiative founded back in 2010, focused on helping people use #technology in a way that is more financially, environmentally, and socially #sustainable, regardless of knowledge or skill level – using and promoting primarily #FOSS to provide personalised learning. We particularly love #Linux, #RaspberryPi, #privacy and #security! Feel free to spread the word. Thanks!

Sometimes logical isolation isn't enough

#Physical #Isolation #Security #Shit

My four-month-late #Introduction :
Work: #WordPress #hosting & #Security, #music #festival #IT, #Editor / #Filmmaker, #SmallBusiness

Life: #horror movies, music, #camping, curious and loves to learn, social justice, and to my surprise, a #runner who has #run 15,477 KM Jan 2020 - Dec 2022.

If you stop and look at something the more closely you examine it, the more amazing it becomes.

Married to the wonderful @TAV for over 25 years, furdad to Sprocket the #MinPin, (he/him) #Ottawa, #Canada

Since this is what's done on #mastodon - I am a middle age recovering fandom nerd, still active #security and #tech nerd, and someone who has amateur hour opinions on lots of things. My ideal vacation is reading terrible sci-fi in a nice hotel room.

Strongly in favor of #socialjustice #lgbt #prochoice #acab and I seem to be getting more radical as I get older.

I'll probably post about: #travel #smut #monsters #linux #whiskey #film #scifi #gaming #newwave

(Originally posted on mastodon.lol)

I've archived all my old tweets (except RTs) here:
https://vegard.github.io/twitter/

Almost everything has been tagged by subject/topic in case you are only interested in something specific.

Lots of #LinuxKernel, #Programming, #Security, #Fuzzing, #Git, etc. posts.

Now that the dust has settled, I can finally get to an #introduction

I’m based in Melbourne/Narrm, and live with my family (and dog!) a short walk from one of the loveliest beaches around.

I work as an #IT consultant, mostly specialising in #Microsoft technologies, system architecture, #security and #automation . I’ve also worked as a #journalist , an #educator , a public speaker and an #author

I have one technical book under my belt, but am aspiring to #write #fiction and am enjoying being part of the #AusWrites community

Hi friends! Now that it seems like the fediverse is sticking around, finally figured I should make an introduction post (on my fourth account don't mind me).

I'm into #security, #infosec, #homelab, #hardware and making things better to use for everyone.😀

#introduction