He now sleeps with gloves on. #lifeisblackmirror

Zak 
@zak@infosec.exchange
Here's your semi-regular reminder that if you work in open source, you and your team can get a 1Password Teams account for free.
@zak@infosec.exchange
Here's your semi-regular reminder that if you work in open source, you and your team can get a 1Password Teams account for free.
@GeorgWeissenbacher@fediscience.org
Want do do a PhD in Computer Science in the heart of Europe? We are hiring!
10 FWF-funded positions at TU Wien for doctoral students in our newly founded doctoral college on
Automated Reasoning (https://forsyte.at/docfunds/)
Come to Vienna (repeatedly ranked the world's most livable city) to work with an amazing team on on exciting topics at the intersection of security and artificial intelligence with Automated Reasoning at the core!
Deadline: May 18, 2025
Start: October 2025 (or soon after)
Details: https://forsyte.at/docfunds/
#phdposition #phd #hiring #automatedreasoning #security #artificial_intelligence #FWF
@Slimy9343@mastodon.social
I'm creating a list of #european #hardware and #software 🇪🇺, all of them with #security and #privacy in mind.
#Qubes_OS 🇵🇱 #poland https://www.qubes-os.org/
#novacustom 🇳🇱 #netherlands https://novacustom.com/
#yubico 🇸🇪 #sweden https://www.yubico.com/
#ledger 🇫🇷 #france https://www.ledger.com/
#nextcloud 🇩🇪 #germany https://nextcloud.com/
#linux kernel 🇫🇮 #finland, because its creator, Linus Torvalds, is Finnish.
Please help to expand the list
@Slimy9343@mastodon.social
I'm creating a list of #european #hardware and #software 🇪🇺, all of them with #security and #privacy in mind.
#Qubes_OS 🇵🇱 #poland https://www.qubes-os.org/
#novacustom 🇳🇱 #netherlands https://novacustom.com/
#yubico 🇸🇪 #sweden https://www.yubico.com/
#ledger 🇫🇷 #france https://www.ledger.com/
#nextcloud 🇩🇪 #germany https://nextcloud.com/
#linux kernel 🇫🇮 #finland, because its creator, Linus Torvalds, is Finnish.
Please help to expand the list
@james@expressional.social
A tool to anonymise those little yellow dots your colour laser printer is probably adding to every page it prints:
@thisismissem@hachyderm.io · Reply to Emelia 👸🏻's post
Like the Bluesky team wrote a tonne of code to prevent common node.js fetch() security bugs, including:
- SSRF attacks
- Disabling automatic following of redirects
- malicious protocols
- timeouts
- response size attacks
But somehow none of this is really ever considered by most folks when using fetch() in node.js
https://github.com/bluesky-social/atproto/blob/main/packages/internal/fetch-node/src/safe.ts
@thisismissem@hachyderm.io
Something I've never seen documented is how to actually do SSRF prevention with Node.js's fetch implementation.
Like you could resolve DNS before making the request, and assert the IP addresses are public IP addresses, but afaict, fetch() will do that too so you could theoretically get two different results (although unlikely)
Feels like Node.js should just ship an SSRF safe fetch implementation.
@james@expressional.social
A tool to anonymise those little yellow dots your colour laser printer is probably adding to every page it prints:
@hiramfromthechi@mastodon.social
Are you on Bluesky? Ads are coming for your feed: https://techcrunch.com/2025/04/16/bluesky-feed-builder-graze-raises-1m-rolls-out-ads/
Want an ad-free experience? Use Mastodon instead.
#mastodon #twitter #bluesky #fediverse #social #socialmedia #facebook #threads #ads #surveillance #surveillancecapitalism #privacy #security
@nborboen@social.epfl.ch
The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/
@nborboen@social.epfl.ch
The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/
@nborboen@social.epfl.ch
The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/
@nborboen@social.epfl.ch
The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/
@joeo10@mastodon.sdf.org
Sadly, this is only the beginning of a domino effect should it go into law.
@joeo10@mastodon.sdf.org
Sadly, this is only the beginning of a domino effect should it go into law.
@hiramfromthechi@mastodon.social
Are you on Bluesky? Ads are coming for your feed: https://techcrunch.com/2025/04/16/bluesky-feed-builder-graze-raises-1m-rolls-out-ads/
Want an ad-free experience? Use Mastodon instead.
#mastodon #twitter #bluesky #fediverse #social #socialmedia #facebook #threads #ads #surveillance #surveillancecapitalism #privacy #security
@nborboen@social.epfl.ch
The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/
@nborboen@social.epfl.ch
The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/
@nborboen@social.epfl.ch
The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/
@nborboen@social.epfl.ch
The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/
@brian_greenberg@infosec.exchange
🚨 Explosive allegations are hitting Elon Musk’s DOGE team.
A whistleblower says:
📂 10GB of NLRB data was exfiltrated
🔓 Security settings were disabled
📸 Photos of staff were used to intimidate
⚖️ Claims involve surveillance, union suppression, and cyber intrusion
Musk called it “insane,” but the NLRB is reportedly cooperating with federal investigations. Whether true or not — this underscores the growing overlap of cybersecurity, labor rights, and executive power.
#CyberSecurity #Whistleblower #ElonMusk #NLRB #DigitalEthics #security #privacy #cloud #infosec
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
@Nonilex@masto.ai · Reply to Nonilex's post
The employees grew concerned that the #NLRB's confidential #data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in #Russia [wtf?], acc/to the disclosure. Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing #security #breach or potentially #illegal removal of personally identifiable information.
@brian_greenberg@infosec.exchange
🚨 Explosive allegations are hitting Elon Musk’s DOGE team.
A whistleblower says:
📂 10GB of NLRB data was exfiltrated
🔓 Security settings were disabled
📸 Photos of staff were used to intimidate
⚖️ Claims involve surveillance, union suppression, and cyber intrusion
Musk called it “insane,” but the NLRB is reportedly cooperating with federal investigations. Whether true or not — this underscores the growing overlap of cybersecurity, labor rights, and executive power.
#CyberSecurity #Whistleblower #ElonMusk #NLRB #DigitalEthics #security #privacy #cloud #infosec
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
@andrewlock@hachyderm.io
Blogged: NetEscapades.AspNetCore.SecurityHeaders 1.0.0 has been released
https://andrewlock.net/netescapades-aspnetcore-securityheaders-1-0-0-released/
In this post I describe the recent major changes to NetEscapades.AspNetCore.SecurityHeaders, a NuGet package for adding security headers to your apps
@Nonilex@masto.ai · Reply to Nonilex's post
The employees grew concerned that the #NLRB's confidential #data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in #Russia [wtf?], acc/to the disclosure. Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing #security #breach or potentially #illegal removal of personally identifiable information.
@CuratedHackerNews@mastodon.social
Whistleblower details how DOGE may have taken sensitive NLRB data
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
@CuratedHackerNews@mastodon.social
Whistleblower details how DOGE may have taken sensitive NLRB data
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
@nixCraft@mastodon.social
LLMs can't stop making up software dependencies and sabotaging everything
Hallucinated package names fuel 'slopsquatting'
https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
@thias@mastodon.social
@nixCraft@mastodon.social
LLMs can't stop making up software dependencies and sabotaging everything
Hallucinated package names fuel 'slopsquatting'
https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
@thias@mastodon.social
@Jeremiah@alpaca.gold
I want to know the backstory of how long the hacker knew about this security vulnerability and their waiting for a moment of meaningful protest and civil disobedience
@Linux@mk.absturztau.be
On the topic of 2FA (2nd factor authentication), I really do need to find an alternative that:
1) Is cloud based sync service, but can also run locally
2) Does not require you to set up on your own server
3) Can be used on multiple devices
4) Is not limited to specific hardware.
5) Can export and import if needed.
6) Outside Us Jurisdiction
If I seem to be repeating my requirements, it is because there are so many unhelpful people, who believe they are being helpful, by ignoring all those requirements. - I said, what I said.
#2FA #2ndFactorAuthentication #Security #InfoSec #InformationSecurity
@Linux@mk.absturztau.be
On the topic of 2FA (2nd factor authentication), I really do need to find an alternative that:
1) Is cloud based sync service, but can also run locally
2) Does not require you to set up on your own server
3) Can be used on multiple devices
4) Is not limited to specific hardware.
5) Can export and import if needed.
6) Outside Us Jurisdiction
If I seem to be repeating my requirements, it is because there are so many unhelpful people, who believe they are being helpful, by ignoring all those requirements. - I said, what I said.
#2FA #2ndFactorAuthentication #Security #InfoSec #InformationSecurity
@chpietsch@fedifreu.de
Lately I've been doing more #SelfHosting again due to the current situation. Of course, I'm paying particular attention to power consumption and noise. After good experiences with the #ARM64 architecture, even with power-hungry applications such as Mastodon, I'm now using the smartphone technology for my homeservers, too.
There are #SBCs with more open hardware, but the #RaspberryPi is widely available, well documented, powerful and inexpensive. And it is available with up to 16 GB of RAM.
Anyone operating a server on the Internet must install #security updates quickly. However, many people forget to restart running software so that the new version runs instead of the old one. The #needrestart tool helps with this on Debian-based Linux systems, which unfortunately is usually not pre-installed.
On my Raspberry Pi 4, needrestart
always runs correctly (automatically after apt upgrade
). On my Raspberry Pi 5, however, I first had to create a configuration file as described by the main developer here:
https://github.com/liske/needrestart/blob/master/README.raspberry.md
Previously, the tool always claimed that a reboot was necessary because it thought an outdated Linux kernel was running.
Next, I want to activate #LUKS hard drive encryption on both raspis. Unfortunately, this is not as easy under #Raspbian or #RaspberryPiOS as on other Debian systems. If you have managed this: Please let me know how you did it!
#rpi #rpi5 #raspi #raspberrypi5 #homeserver #encryption #selfhost #selfhosted
@pitrh@mastodon.social
Still anticipating a major spring or autumn event, "You Have Installed OpenBSD. Now For The Daily Tasks." https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html now also points the user to rcctl for services housekeeping.
#openbsd #rcctl #unixlike #newrelease #devops #development #sysadmin #networking #security #sanity #qualitysoftware
@heisec@social.heise.de
ToddyCat: Malware nutzt Sicherheitsleck in Antivirensoftware
Statt Systeme vor Malware zu schützen, hat eine Lücke in Eset-Verenschutz zur Ausführung von Schadsoftware geführt.
@heisec@social.heise.de
ToddyCat: Malware nutzt Sicherheitsleck in Antivirensoftware
Statt Systeme vor Malware zu schützen, hat eine Lücke in Eset-Verenschutz zur Ausführung von Schadsoftware geführt.
@publicvoit@graz.social
If you're using #GMail and you've learned about their latest claim to introduce real end-to-end #encryption: it's a lie.
Google has the control and/or you can't do anything against that Google takes control any time.
Real #E2EE works differently: only the sender and receiver are able to access the protected content.
https://michal.sapka.pl/2025/gmail-e2e-is-as-terrible-as-expected/
#Meta also defined E2EE such that the message is encrypted from the sender to them, processed in clear text and re-encrypted for the transmission to the receiver.
Don't let them fool you with false claims and wrong definitions.
@publicvoit@graz.social
If you're using #GMail and you've learned about their latest claim to introduce real end-to-end #encryption: it's a lie.
Google has the control and/or you can't do anything against that Google takes control any time.
Real #E2EE works differently: only the sender and receiver are able to access the protected content.
https://michal.sapka.pl/2025/gmail-e2e-is-as-terrible-as-expected/
#Meta also defined E2EE such that the message is encrypted from the sender to them, processed in clear text and re-encrypted for the transmission to the receiver.
Don't let them fool you with false claims and wrong definitions.
@thisismissem@hachyderm.io
This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
@Nonilex@masto.ai · Reply to Nonilex's post
#Trump calling the #trade deficit a “national emergency” that threatens US #security, lays out his *legal* argument for his actions.
“They rip us off,”Trump says of the #EU, announcing a 20% #tariff on the 27-nation bloc.
Trump holds a chart showing reciprocal tariff rates for US trading partners & says he will charge half of that much? There is no explanation for the calculations that he is using to justify the #tariffs. Likely because they’re arbitrary revenge tactics.
@thisismissem@hachyderm.io
This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
@Nonilex@masto.ai · Reply to Nonilex's post
The use of #Gmail, a FAR LESS secure method of communication than the encrypted messaging app #Signal [which isn’t secure enough for these kinds of comms either], is the latest example of questionable #security practices by top #NationalSecurity ofcls already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for #military ops in Yemen.
#Signalgate #Signal #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
@thisismissem@hachyderm.io
This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
@thisismissem@hachyderm.io
This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
@thisismissem@hachyderm.io
This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
@thisismissem@hachyderm.io
This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
@thisismissem@hachyderm.io
This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
@esk@hachyderm.io
hey, fediverse friends - i'm excited that we're finally announcing our Fediverse Security Fund over at @nivenly to help make fedi software more secure.
we're starting off super small to see if the Fund is a thing that can help. along the way we'll learn and improve our intake/payout process. and if there's solid interest and we see good impact, we'll hold a member vote near the end of the experiment to decide if we'll renew/expand the program.
thanks to @thisismissem for her contributions and being the first disclosure to validate the process.
let's close some vulns!
@esk@hachyderm.io
hey, fediverse friends - i'm excited that we're finally announcing our Fediverse Security Fund over at @nivenly to help make fedi software more secure.
we're starting off super small to see if the Fund is a thing that can help. along the way we'll learn and improve our intake/payout process. and if there's solid interest and we see good impact, we'll hold a member vote near the end of the experiment to decide if we'll renew/expand the program.
thanks to @thisismissem for her contributions and being the first disclosure to validate the process.
let's close some vulns!
@thisismissem@hachyderm.io
This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
@yossarian@infosec.exchange
this makes me really happy: over 1/6th of the top (by download) Python projects are producing attestations!
that's a meteoric adoption rate, given that we only enabled attestation upload support on PyPI ~5 months ago!
tracker here: https://trailofbits.github.io/are-we-pep740-yet/
@Nonilex@masto.ai · Reply to Nonilex's post
The use of #Gmail, a FAR LESS secure method of communication than the encrypted messaging app #Signal [which isn’t secure enough for these kinds of comms either], is the latest example of questionable #security practices by top #NationalSecurity ofcls already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for #military ops in Yemen.
#Signalgate #Signal #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
@andrewlock@hachyderm.io
Blogged: Creating SBOM attestations in GitHub Actions
https://andrewlock.net/creating-sbom-attestations-in-github-actions/
In this post I show how you can create attestations for SBOM documents that you have created for your application or Nuget package
@melroy@mastodon.melroy.org
#Oracle Cloud is hacked. Another reason why I do not use the #cloud :)
https://techcrunch.com/2025/03/31/oracle-under-fire-for-its-handling-of-separate-security-incidents/
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
Encryption is essential for cybersecurity 🔐
The lack of protections for it in the UK Cyber Security Bill, coupled with the UK's encryption-breaching order against Apple, shows a lack of seriousness about the threats we face.
Sign and share our petition to send a message ⬇️
https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted
#e2ee #encryption #cybersecurity #cybersecuritybill #security #ukpolitics #ukpol
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
Encryption is essential for cybersecurity 🔐
The lack of protections for it in the UK Cyber Security Bill, coupled with the UK's encryption-breaching order against Apple, shows a lack of seriousness about the threats we face.
Sign and share our petition to send a message ⬇️
https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted
#e2ee #encryption #cybersecurity #cybersecuritybill #security #ukpolitics #ukpol
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
The UK Cyber Security and Resilience Bill is an opportunity to assess and reduce the UK’s dependence on large US corporations for vital government infrastructure.
Other countries, such as France and the Netherlands, are already debating how to do this, through open source software for example.
#cybersecurity #cybersecuritybill #ukpolitics #ukpol #security #OpenSource
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
“The UK cannot claim to be strengthening the country’s cyber defences while at the same time issuing notices to companies like Apple and demanding that they reduce the security of the services they offer."
🗣️ @JamesBaker – ORG Programme Manager.
#encryption #cybersecurity #cybersecuritybill #security #ukpolitics #ukpol #e2ee #apple
@openrightsgroup@social.openrightsgroup.org
NEW: The UK government has published its Cyber Security Bill and there are glaring holes.
Missing:
🔴 Protections for encryption.
🔴 Reduction of our dependence on US corporations for vital UK government infrastructure, such as through open source software.
Read our response ⬇️
https://www.openrightsgroup.org/press-releases/org-response-to-cyber-security-bill/
#cybersecurity #cybersecuritybill #security #encryption #opensource #ukpolitics #ukpol
@symcasolari@mastodon.social
After about a month of researching, documenting, and writing, this piece is out. Out of my brain, out of my soul.
Knowledge hurts sometimes. Acting consciously is so empowering though, and liberating.
Thanks @Ullilust and @Xeniax for allowing me to include your images and words.
My and @davidrevoy's illustrations in the article are CC-BY 4.0.
https://www.illugination.com/not-in-my-name/
#degoogle #notinmyname #surveillance #surveillancecapitalism #privacy #security #opensource #fediverse #movetothefediverse
@symcasolari@mastodon.social
After about a month of researching, documenting, and writing, this piece is out. Out of my brain, out of my soul.
Knowledge hurts sometimes. Acting consciously is so empowering though, and liberating.
Thanks @Ullilust and @Xeniax for allowing me to include your images and words.
My and @davidrevoy's illustrations in the article are CC-BY 4.0.
https://www.illugination.com/not-in-my-name/
#degoogle #notinmyname #surveillance #surveillancecapitalism #privacy #security #opensource #fediverse #movetothefediverse
@symcasolari@mastodon.social
After about a month of researching, documenting, and writing, this piece is out. Out of my brain, out of my soul.
Knowledge hurts sometimes. Acting consciously is so empowering though, and liberating.
Thanks @Ullilust and @Xeniax for allowing me to include your images and words.
My and @davidrevoy's illustrations in the article are CC-BY 4.0.
https://www.illugination.com/not-in-my-name/
#degoogle #notinmyname #surveillance #surveillancecapitalism #privacy #security #opensource #fediverse #movetothefediverse
@mailbox_org@social.mailbox.org
🖥️ Today is World Backup Day – a reminder to secure your data! At @mailbox_org you benefit from automatic server backups, encrypted storage, and high security standards in German data centers. Stay in control of your e-mails and files!
#WorldBackupDay #Privacy #Security #DigitalSovereignty #mailboxorg
@michabbb@vivaldi.net
In case you missed it: #ProtonVPN integrates with #Vivaldi browser for enhanced #privacy and #security.
Hide your IP address, access global content, and block malicious scripts with #opensource encryption standards.
@michabbb@vivaldi.net
In case you missed it: #ProtonVPN integrates with #Vivaldi browser for enhanced #privacy and #security.
Hide your IP address, access global content, and block malicious scripts with #opensource encryption standards.
@mailbox_org@social.mailbox.org
🖥️ Today is World Backup Day – a reminder to secure your data! At @mailbox_org you benefit from automatic server backups, encrypted storage, and high security standards in German data centers. Stay in control of your e-mails and files!
#WorldBackupDay #Privacy #Security #DigitalSovereignty #mailboxorg
@XenoPhage@infosec.exchange
Why is it that Home Depot has passkey support and my bank still wants me to answer those three questions?
@aral@mastodon.ar.al
So after listening to your feedback, I agree: let’s spend that money in the EU to create a publicly-owned, free and open ACME-compatible certificate authority.
See post quoted below, with links to Tom’s work as he’s already been thinking/working on this.
#EU #ACME #TLS #security #LetsEncrypt #technologyCommons #SmallTech https://mamot.fr/@tdelmas/114224564125819333
@jgoerzen@changelog.complete.org
As I write this in March 2025, there is a lot of confusion about Signal messenger due to the recent news of people using Signal in government, and subsequent leaks.
The short version is: there was no problem with Signal here. People were using it because they understood it to be secure, not the other way around.
Both the government and the Electronic Frontier Foundation recommend people use Signal. This is an unusual alliance, and in the case of the government, was prompted because it understood other countries had a persistent attack against American telephone companies and SMS traffic.
So let’s dive in. I’ll cover some basics of what security is, what happened in this situation, and why Signal is a good idea.
This post isn’t for programmers that work with cryptography every day. Rather, I hope it can make some of these concepts accessible to everyone else.
When most people are talking about secure communications, they mean some combination of these properties:
If you think about it, most people care the most about the first two. In fact, authentication is a key part of privacy. There is an attack known as man in the middle in which somebody pretends to be the intended recipient. The interceptor reads the messages, and then passes them on to the real intended recipient. So we can’t really have privacy without authentication.
I’ll have more to say about these later. For now, let’s discuss attack scenarios.
There are a number of ways that security can be compromised. Let’s think through some of them:
Let’s say you used no encryption at all, and connected to public WiFi in a coffee shop to send your message. Who all could potentially see it?
Back in the early days of the Internet, most traffic had no encryption. People were careful about putting their credit cards into webpages and emails because they knew it was easy to intercept them. We have been on a decades-long evolution towards more pervasive encryption, which is a good thing.
Text messages (SMS) follow a similar path to the above scenario, and are unencrypted. We know that all of the above are ways people’s texts can be compromised; for instance, governments can issue search warrants to obtain copies of texts, and China is believed to have a persistent hack into western telcos. SMS fails all four of our attributes of secure communication above (privacy, authentication, ephemerality, and anonymity).
Also, think about what information is collected from SMS and by who. Texts you send could be retained in your phone, the recipient’s phone, your phone company, their phone company, and so forth. They might also live in cloud backups of your devices. You only have control over your own phone’s retention.
So defenses against this involve things like:
You may see some other apps saying they use strong encryption or use the Signal protocol. But while they may do that for some or all of your message content, they may still upload your contact list, history, location, etc. to a central location where it is still vulnerable to these kinds of attacks.
When you think about anonymity, think about it like this: if you send a letter to a friend every week, every postal carrier that transports it – even if they never open it or attempt to peak inside – will be able to read the envelope and know that you communicate on a certain schedule with that friend. The same can be said of SMS, email, or most encrypted chat operators. Signal’s design prevents it from retaining even this information, though nation-states or ISPs might still be able to notice patterns (every time you send something via Signal, your contact receives something from Signal a few milliseconds later). It is very difficult to provide perfect anonymity from well-funded adversaries, even if you can provide very good privacy.
Let’s say you use an app with strong end-to-end encryption. This takes away some of the easiest ways someone could get to your messages. But it doesn’t take away all of them.
What if somebody stole your phone? Perhaps the phone has a password, but if an attacker pulled out the storage unit, could they access your messages without a password? Or maybe they somehow trick or compel you into revealing your password. Now what?
An even simpler attack doesn’t require them to steal your device at all. All they need is a few minutes with it to steal your SIM card. Now they can receive any texts sent to your number - whether from your bank or your friend. Yikes, right?
Signal stores your data in an encrypted form on your device. It can protect it in various ways. One of the most important protections is ephemerality - it can automatically delete your old texts. A text that is securely erased can never fall into the wrong hands if the device is compromised later.
An actively-compromised phone, though, could still give up secrets. For instance, what if a malicious keyboard app sent every keypress to an adversary? Signal is only as secure as the phone it runs on – but still, it protects against a wide variety of attacks.
Perhaps you are sending sensitive information to a contact, but that person doesn’t want to keep it in confidence. There is very little you can do about that technologically; with pretty much any tool out there, nothing stops them from taking a picture of your messages and handing the picture off.
Perhaps your device is secure, but a hidden camera still captures what’s on your screen. You can take some steps against things like this, of course.
Sometimes humans make mistakes. For instance, the reason a reporter got copies of messages recently was because a participant in a group chat accidentally added him (presumably that participant meant to add someone else and just selected the wrong name). Phishing attacks can trick people into revealing passwords or other sensitive data. Humans are, quite often, the weakest link in the chain.
So how can you protect yourself against these attacks? Let’s consider:
There are other methods besides Signal. For instance, you could install GnuPG (GPG) on a laptop that has no WiFi card or any other way to connect it to the Internet. You could always type your messages on that laptop, encrypt them, copy the encrypted text to a floppy disk (or USB device), take that USB drive to your Internet computer, and send the encrypted message by email or something. It would be exceptionally difficult to break the privacy of messages in that case (though anonymity would be mostly lost). Even if someone got the password to your “secure” laptop, it wouldn’t do them any good unless they physically broke into your house or something. In some ways, it is probably safer than Signal. (For more on this, see my article How gapped is your air?)
But, that approach is hard to use. Many people aren’t familiar with GnuPG. You don’t have the convenience of sending a quick text message from anywhere. Security that is hard to use most often simply isn’t used. That is, you and your friends will probably just revert back to using insecure SMS instead of this GnuPG approach because SMS is so much easier.
Signal strikes a unique balance of providing very good security while also being practical, easy, and useful. For most people, it is the most secure option available.
Signal is also open source; you don’t have to trust that it is as secure as it says, because you can inspect it for yourself. Also, while it’s not federated, I previously addressed that.
If you are a government, particularly one that is highly consequential to the world, you can imagine that you are a huge target. Other nations are likely spending billions of dollars to compromise your communications. Signal itself might be secure, but if some other government can add spyware to your phones, or conduct a successful phishing attack, you can still have your communications compromised.
I have no direct knowledge, but I think it is generally understood that the US government maintains communications networks that are entirely separate from the Internet and can only be accessed from secure physical locations and secure rooms. These can be even more secure than the average person using Signal because they can protect against things like environmental compromise, human error, and so forth. The scandal in March of 2025 happened because government employees were using Signal rather than official government tools for sensitive information, had taken advantage of Signal’s ephemerality (laws require records to be kept), and through apparent human error had directly shared this information with a reporter. Presumably a reporter would have lacked access to the restricted communications networks in the first place, so that wouldn’t have been possible.
This doesn’t mean that Signal is bad. It just means that somebody that can spend billions of dollars on security can be more secure than you. Signal is still a great tool for people, and in many cases defeats even those that can spend lots of dollars trying to defeat it.
And remember - to use those restricted networks, you have to go to specific rooms in specific buildings. They are still not as convenient as what you carry around in your pocket.
Signal is practical security. Do you want phone companies reading your messages? How about Facebook or X? Have those companies demonstrated that they are completely trustworthy throughout their entire history?
I say no. So, go install Signal. It’s the best, most practical tool we have.
This post is also available on my website, where it may be periodically updated.
@jgoerzen@changelog.complete.org
As I write this in March 2025, there is a lot of confusion about Signal messenger due to the recent news of people using Signal in government, and subsequent leaks.
The short version is: there was no problem with Signal here. People were using it because they understood it to be secure, not the other way around.
Both the government and the Electronic Frontier Foundation recommend people use Signal. This is an unusual alliance, and in the case of the government, was prompted because it understood other countries had a persistent attack against American telephone companies and SMS traffic.
So let’s dive in. I’ll cover some basics of what security is, what happened in this situation, and why Signal is a good idea.
This post isn’t for programmers that work with cryptography every day. Rather, I hope it can make some of these concepts accessible to everyone else.
When most people are talking about secure communications, they mean some combination of these properties:
If you think about it, most people care the most about the first two. In fact, authentication is a key part of privacy. There is an attack known as man in the middle in which somebody pretends to be the intended recipient. The interceptor reads the messages, and then passes them on to the real intended recipient. So we can’t really have privacy without authentication.
I’ll have more to say about these later. For now, let’s discuss attack scenarios.
There are a number of ways that security can be compromised. Let’s think through some of them:
Let’s say you used no encryption at all, and connected to public WiFi in a coffee shop to send your message. Who all could potentially see it?
Back in the early days of the Internet, most traffic had no encryption. People were careful about putting their credit cards into webpages and emails because they knew it was easy to intercept them. We have been on a decades-long evolution towards more pervasive encryption, which is a good thing.
Text messages (SMS) follow a similar path to the above scenario, and are unencrypted. We know that all of the above are ways people’s texts can be compromised; for instance, governments can issue search warrants to obtain copies of texts, and China is believed to have a persistent hack into western telcos. SMS fails all four of our attributes of secure communication above (privacy, authentication, ephemerality, and anonymity).
Also, think about what information is collected from SMS and by who. Texts you send could be retained in your phone, the recipient’s phone, your phone company, their phone company, and so forth. They might also live in cloud backups of your devices. You only have control over your own phone’s retention.
So defenses against this involve things like:
You may see some other apps saying they use strong encryption or use the Signal protocol. But while they may do that for some or all of your message content, they may still upload your contact list, history, location, etc. to a central location where it is still vulnerable to these kinds of attacks.
When you think about anonymity, think about it like this: if you send a letter to a friend every week, every postal carrier that transports it – even if they never open it or attempt to peak inside – will be able to read the envelope and know that you communicate on a certain schedule with that friend. The same can be said of SMS, email, or most encrypted chat operators. Signal’s design prevents it from retaining even this information, though nation-states or ISPs might still be able to notice patterns (every time you send something via Signal, your contact receives something from Signal a few milliseconds later). It is very difficult to provide perfect anonymity from well-funded adversaries, even if you can provide very good privacy.
Let’s say you use an app with strong end-to-end encryption. This takes away some of the easiest ways someone could get to your messages. But it doesn’t take away all of them.
What if somebody stole your phone? Perhaps the phone has a password, but if an attacker pulled out the storage unit, could they access your messages without a password? Or maybe they somehow trick or compel you into revealing your password. Now what?
An even simpler attack doesn’t require them to steal your device at all. All they need is a few minutes with it to steal your SIM card. Now they can receive any texts sent to your number - whether from your bank or your friend. Yikes, right?
Signal stores your data in an encrypted form on your device. It can protect it in various ways. One of the most important protections is ephemerality - it can automatically delete your old texts. A text that is securely erased can never fall into the wrong hands if the device is compromised later.
An actively-compromised phone, though, could still give up secrets. For instance, what if a malicious keyboard app sent every keypress to an adversary? Signal is only as secure as the phone it runs on – but still, it protects against a wide variety of attacks.
Perhaps you are sending sensitive information to a contact, but that person doesn’t want to keep it in confidence. There is very little you can do about that technologically; with pretty much any tool out there, nothing stops them from taking a picture of your messages and handing the picture off.
Perhaps your device is secure, but a hidden camera still captures what’s on your screen. You can take some steps against things like this, of course.
Sometimes humans make mistakes. For instance, the reason a reporter got copies of messages recently was because a participant in a group chat accidentally added him (presumably that participant meant to add someone else and just selected the wrong name). Phishing attacks can trick people into revealing passwords or other sensitive data. Humans are, quite often, the weakest link in the chain.
So how can you protect yourself against these attacks? Let’s consider:
There are other methods besides Signal. For instance, you could install GnuPG (GPG) on a laptop that has no WiFi card or any other way to connect it to the Internet. You could always type your messages on that laptop, encrypt them, copy the encrypted text to a floppy disk (or USB device), take that USB drive to your Internet computer, and send the encrypted message by email or something. It would be exceptionally difficult to break the privacy of messages in that case (though anonymity would be mostly lost). Even if someone got the password to your “secure” laptop, it wouldn’t do them any good unless they physically broke into your house or something. In some ways, it is probably safer than Signal. (For more on this, see my article How gapped is your air?)
But, that approach is hard to use. Many people aren’t familiar with GnuPG. You don’t have the convenience of sending a quick text message from anywhere. Security that is hard to use most often simply isn’t used. That is, you and your friends will probably just revert back to using insecure SMS instead of this GnuPG approach because SMS is so much easier.
Signal strikes a unique balance of providing very good security while also being practical, easy, and useful. For most people, it is the most secure option available.
Signal is also open source; you don’t have to trust that it is as secure as it says, because you can inspect it for yourself. Also, while it’s not federated, I previously addressed that.
If you are a government, particularly one that is highly consequential to the world, you can imagine that you are a huge target. Other nations are likely spending billions of dollars to compromise your communications. Signal itself might be secure, but if some other government can add spyware to your phones, or conduct a successful phishing attack, you can still have your communications compromised.
I have no direct knowledge, but I think it is generally understood that the US government maintains communications networks that are entirely separate from the Internet and can only be accessed from secure physical locations and secure rooms. These can be even more secure than the average person using Signal because they can protect against things like environmental compromise, human error, and so forth. The scandal in March of 2025 happened because government employees were using Signal rather than official government tools for sensitive information, had taken advantage of Signal’s ephemerality (laws require records to be kept), and through apparent human error had directly shared this information with a reporter. Presumably a reporter would have lacked access to the restricted communications networks in the first place, so that wouldn’t have been possible.
This doesn’t mean that Signal is bad. It just means that somebody that can spend billions of dollars on security can be more secure than you. Signal is still a great tool for people, and in many cases defeats even those that can spend lots of dollars trying to defeat it.
And remember - to use those restricted networks, you have to go to specific rooms in specific buildings. They are still not as convenient as what you carry around in your pocket.
Signal is practical security. Do you want phone companies reading your messages? How about Facebook or X? Have those companies demonstrated that they are completely trustworthy throughout their entire history?
I say no. So, go install Signal. It’s the best, most practical tool we have.
This post is also available on my website, where it may be periodically updated.
@Nonilex@masto.ai · Reply to Nonilex's post
In an EO, #Trump hit the elite firm w/many of the same penalties that he had applied to its competitors who had taken on cases or causes he did not like.
He directed the cancellation of all govt contracts w/ #WilmerHale, & the suspension of any #security clearances of its employees. The order also barred WilmerHale employees from federal buildings [Federal Court buildings fall into the category], banned them from communicating w/govt employees & prevented them from being hired at govt agencies.
@stefano@bsd.cafe
After the article from The Atlantic, I've seen a lot of misinformation circulating among journalists. I'm not getting into the political side of things, but many are focusing on the fact that Signal was used, claiming it's "not encrypted" or "not secure." This really saddens me because it spreads the wrong message.
#Signal #Privacy #Security #Encryption #Misinformation #TechNews #Journalism
@frontenddogma@mas.to
@zacchiro@mastodon.xyz
My team at Polytechnic Institute of Paris/Télécom #Paris school of engineering is looking for a research engineer to conduct development and empirical experiments in various fields, including: #software #security and #SoftwareEngineering.
Programming skills in #Rust are particularly welcome, but we are polyglots and would also welcome #C/#Java/#OCaml developers 😉
Permanent position (French "CDI"), on site in the south of Paris.
Full job description at: https://institutminestelecom.recruitee.com/l/en/o/ingenieure-ou-ingenieur-de-recherche-en-informatique
@aral@mastodon.ar.al
So after listening to your feedback, I agree: let’s spend that money in the EU to create a publicly-owned, free and open ACME-compatible certificate authority.
See post quoted below, with links to Tom’s work as he’s already been thinking/working on this.
#EU #ACME #TLS #security #LetsEncrypt #technologyCommons #SmallTech https://mamot.fr/@tdelmas/114224564125819333
@timb_machine@infosec.exchange
Interesting Git repos of the week:
Detection:
* https://github.com/tstromberg/ucd - hunt for unauthorised changes
* https://github.com/mnrkbys/fjta - check for anomalies in your FS timeline
Exploitation:
* https://github.com/hardenedlinux/tzram-audit - audit your TrustZone implementatation
Nerd:
* https://gist.github.com/halcy/b4f455ef05c4c36906107e9367b8dd63 the Fediverse in FUSE
@zacchiro@mastodon.xyz
My team at Polytechnic Institute of Paris/Télécom #Paris school of engineering is looking for a research engineer to conduct development and empirical experiments in various fields, including: #software #security and #SoftwareEngineering.
Programming skills in #Rust are particularly welcome, but we are polyglots and would also welcome #C/#Java/#OCaml developers 😉
Permanent position (French "CDI"), on site in the south of Paris.
Full job description at: https://institutminestelecom.recruitee.com/l/en/o/ingenieure-ou-ingenieur-de-recherche-en-informatique
@nixCraft@mastodon.social
Quick tip! You can actually see the changelog details for Debian/Ubuntu packages, which includes security info, CVEs, package urgency, and a short description. Super helpful for figuring out if you need to patch right away or schedule downtime, especially if you're working with clusters. For example, here is how to see info about the nginx:
apt changelog nginx
See https://www.cyberciti.biz/faq/debian-ubuntu-linux-show-package-changelog-command/ for more info.
@nixCraft@mastodon.social
Quick tip! You can actually see the changelog details for Debian/Ubuntu packages, which includes security info, CVEs, package urgency, and a short description. Super helpful for figuring out if you need to patch right away or schedule downtime, especially if you're working with clusters. For example, here is how to see info about the nginx:
apt changelog nginx
See https://www.cyberciti.biz/faq/debian-ubuntu-linux-show-package-changelog-command/ for more info.
@frontenddogma@mas.to
@timb_machine@infosec.exchange
Interesting Git repos of the week:
Detection:
* https://github.com/tstromberg/ucd - hunt for unauthorised changes
* https://github.com/mnrkbys/fjta - check for anomalies in your FS timeline
Exploitation:
* https://github.com/hardenedlinux/tzram-audit - audit your TrustZone implementatation
Nerd:
* https://gist.github.com/halcy/b4f455ef05c4c36906107e9367b8dd63 the Fediverse in FUSE
@scy@chaos.social
Oh, great. #Pixelfed had a broken implementation of "follower-only" posts, _and_ fucked up the disclosure / bugfix release process.
https://fokus.cool/2025/03/25/pixelfed-vulnerability.html
Summary of the bug: If you have a protected account (on Pixelfed, Mastodon, GTS, whatever) and a Pixelfed user followed you and got approved by you, _all_ users on that instance were now able to see your followers-only posts, not just the one you approved.
@Nonilex@masto.ai · Reply to Nonilex's post
#EdDavey, Ldr of the #UK’s Liberal Democrats:
“#JDVance & his mates clearly aren't fit to run a group chat, let alone the world's strongest #military force. It has to make our #security services nervous about the #intelligence we're sharing with them.”
“#Trump's #WhiteHouse can't be trusted. Their reckless approach to security means it's only a matter of time before British intelligence is leaked.
“The Govt must urgently review our intelligence-sharing arrangements with the US.”
@teleclimber@social.tchncs.de
Uh, is it normal for an automated #security scanner to be unaware of #debian patched packages?
Like how OpenSSH 9.2p1 is vulnerable to CVE-2023-38408 but the Debian version 1:9.2p1-2+deb12u5 is patched. But the security scanner sees the "9.2p1" string and sounds the alarm.
https://security-tracker.debian.org/tracker/CVE-2023-38408
Is this a common problem for people running Debian servers?
@reallylazybear@mastodon.social
This is a pretty cool yet somewhat creepy website lol.
#chrome #firefox #brave #duckduckgo #microsoft #microsoftedge #edge #opera #operagx #safari #vivaldi #chromium #ungoogle #torbrowser #mullvad #mullvadbrowser #librewolf #cromite #firefoxfocus #yandex #privacy #security #ungoogledchromium #linux #windows #ios #android #mac #macos
@reallylazybear@mastodon.social
This is a pretty cool yet somewhat creepy website lol.
#chrome #firefox #brave #duckduckgo #microsoft #microsoftedge #edge #opera #operagx #safari #vivaldi #chromium #ungoogle #torbrowser #mullvad #mullvadbrowser #librewolf #cromite #firefoxfocus #yandex #privacy #security #ungoogledchromium #linux #windows #ios #android #mac #macos
@andrewlock@hachyderm.io
Blogged: Creating a software bill of materials (SBOM) for an open-source NuGet package
https://andrewlock.net/creating-a-software-bill-of-materials-sbom-for-an-open-source-nuget-package/
In this post I discuss several tools you can use to create a software bill of materials (SBOM) for an application or a NuGet package
@mattburgess@infosec.exchange
Hi all, been lurking for a few days but introducing myself now! I'm Matt and a #security reporter at WIRED. Like many others here, I'm coming to Mastodon after the chaos at the bird site in the last week.
The things I cover on a regular basis are #privacy, cybersecurity, #surveillance, internet freedom, #tech and human rights, and a bunch more things in the wider security realm.
I'm based in #London—and have lived here for the last decade—so I'm often reporting on issues from across Europe. When not writing words for the web, I'm often found #running and have been dabbling in the #ultramarathon a few times over the last few years #introduction (edited to add introduction hashtag)
@GeorgWeissenbacher@fediscience.org
Want do do a PhD in Computer Science in the heart of Europe? We are hiring!
10 FWF-funded positions at TU Wien for doctoral students in our newly founded doctoral college on
Automated Reasoning (https://forsyte.at/docfunds/)
Come to Vienna (repeatedly ranked the world's most livable city) to work with an amazing team on on exciting topics at the intersection of security and artificial intelligence with Automated Reasoning at the core!
Deadline: May 18, 2025
Start: October 2025 (or soon after)
Details: https://forsyte.at/docfunds/
#phdposition #phd #hiring #automatedreasoning #security #artificial_intelligence #FWF
@jw@social.lol
I kept seeing people misunderstanding the differences between privacy, security, and anonymity. So I created a video at @privacyguides to educate people on the differences between them!
It's essential to know the distinction between them so you can make educated decisions on what tools to utilise for your situation. 🔒
➡️ Watch it here: https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/
@jw@social.lol
I kept seeing people misunderstanding the differences between privacy, security, and anonymity. So I created a video at @privacyguides to educate people on the differences between them!
It's essential to know the distinction between them so you can make educated decisions on what tools to utilise for your situation. 🔒
➡️ Watch it here: https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/
@jw@social.lol
I kept seeing people misunderstanding the differences between privacy, security, and anonymity. So I created a video at @privacyguides to educate people on the differences between them!
It's essential to know the distinction between them so you can make educated decisions on what tools to utilise for your situation. 🔒
➡️ Watch it here: https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/
@digitalcourage@digitalcourage.social
Herzlichen Glückwunsch! 🎉 Denn wenn du das hier lesen kannst, hast du sehr vieles richtig gemacht. Das unabhängige #Fediverse geht aber noch weit über Mastodon hinaus. In unserem kurz&mündig Band 16 erfährst du mehr über das dezentrale Social-Media-Universum
Band 16 der Reihe kurz&mündig
Autor.innen: Leena Simon 🔗 muendigkeit.digital und Christian Pietsch
A6, 28 Seiten, ISBN 978-3-934636-45-3
5 Euro, https://shop.digitalcourage.de
#digitalcourage #kurzundmündig #kum #wissenfürdiehosentasche #digitalmündig #datenschutz #freiheit #freedom #humanrights #privacy #security #grundrecht
@digitalcourage@digitalcourage.social
Herzlichen Glückwunsch! 🎉 Denn wenn du das hier lesen kannst, hast du sehr vieles richtig gemacht. Das unabhängige #Fediverse geht aber noch weit über Mastodon hinaus. In unserem kurz&mündig Band 16 erfährst du mehr über das dezentrale Social-Media-Universum
Band 16 der Reihe kurz&mündig
Autor.innen: Leena Simon 🔗 muendigkeit.digital und Christian Pietsch
A6, 28 Seiten, ISBN 978-3-934636-45-3
5 Euro, https://shop.digitalcourage.de
#digitalcourage #kurzundmündig #kum #wissenfürdiehosentasche #digitalmündig #datenschutz #freiheit #freedom #humanrights #privacy #security #grundrecht
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Zoom In On This
https://talkingpointsmemo.com/edblog/zoom-in-on-this
"DOGE went to the private #security contractor working for #USIP ...said, you don’t have a clear #legal or ethical ability to do this. But if you don’t want to lose all your federal contracts, you have to. And they did...
There are a lot of very large federal security contractors who wield #violence & force on behalf of the #US govt... those contractors are also extremely vulnerable to #DOGE because DOGE can make contracts disappear"
@privacyguides@mastodon.neat.computer
This week we’re tackling some common misconceptions with privacy, security, and anonymity!
Often privacy and anonymity are used interchangeably. However, there are distinct differences between the two. In our latest video, we aim to explain and discuss the differences, so you can make better decisions on your privacy and security journey.
https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Elon Musk’s Starlink Takes Over the White House
The world’s richest man now has control over the internet at the White House.
https://newrepublic.com/post/192855/elon-musk-white-house-starlink-internet
"numerous #conflicts of interest & #ethics issues. #Musk already collects billions of dollars through his #government contracts, & controls #Starlink. If #WhiteHouse employees are using the #internet service, he could have access to their #data... questions as to how secure Starlink’s #network is."
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Elon Musk’s Starlink Expands Across White House Complex
#Trump admn officials said the company donated the #internet service, saying the gift had been vetted by the lawyer overseeing ethics issues in the #WhiteHouse Counsel’s Office.
https://www.nytimes.com/2025/03/17/us/politics/elon-musk-starlink-white-house.html
" #Musk... controls Starlink...
the White House “was aware of DOGE’s intentions...” and that it “did not consider this matter a security incident or #security breach.”
#ElonMusk #Coup #Corruption #GOP #Politics #USPol #News #US #USA
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Elon Musk’s DOGE Guts U.S. Nuclear Agency
DOGE cuts have hit some of the country’s top nuclear scientists.
https://newrepublic.com/post/192825/elon-musk-doge-cuts-nuclear-scientists
"Several #nuclear scientists, bomb engineers, & #safety experts critical to #NationalSecurity were among the cuts...
the wanton, haphazard budget cuts championed by #Musk & the #GOP... Many people who left the agency held top-secret #security clearances, and it will be tough to train replacements."
#ElonMusk #Doge #Trump #Politics #USPol #Science #News #US #USA
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔐✨
by me:
If you want to keep your password manager local-only, KeePassXC is a great solution!
It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc
Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/
#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS
@skinnylatte@hachyderm.io
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔐✨
by me:
If you want to keep your password manager local-only, KeePassXC is a great solution!
It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc
Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/
#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔐✨
by me:
If you want to keep your password manager local-only, KeePassXC is a great solution!
It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc
Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/
#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔐✨
by me:
If you want to keep your password manager local-only, KeePassXC is a great solution!
It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc
Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/
#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS
@andrewlock@hachyderm.io
Blogged: Creating provenance attestations for NuGet packages in GitHub Actions
https://andrewlock.net/creating-provenance-attestations-for-nuget-packages-in-github-actions/
In this post I discuss software provenance, what attestations say about your software, how they work, how to create an attestation for a NuGet package, and why that doesn't really work 😅
@mattburgess@infosec.exchange
Mastodon friends, I've heard a few suggestions of companies moving from US cloud providers to those based in the EU, due to risks with the Trump administration/Cloud Act, etc.
Has anyone come across any businesses that have made the leap recently? Feel free to DM or message on Signal, mattburgess.20
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
DOGE Cuts Reach Key Nuclear Scientists, Bomb Engineers & Safety Experts
Firings & buyouts hit the top-secret National Nuclear Safety Admn amid a major effort to upgrade America’s #nuclear arsenal. Critics say it shows the consequences of heedlessly cutting the federal work force.
https://www.nytimes.com/2025/03/17/us/politics/federal-job-cuts-nuclear-bomb-engineers-scientists.html
"Officials had initially expected that the nuclear agency’s #NationalSecurity mission would protect it from layoffs."
#ElonMusk #Musk #Doge #Trump #GOP #USPol #Politics #Security #News #USA
@mattburgess@infosec.exchange
Mastodon friends, I've heard a few suggestions of companies moving from US cloud providers to those based in the EU, due to risks with the Trump administration/Cloud Act, etc.
Has anyone come across any businesses that have made the leap recently? Feel free to DM or message on Signal, mattburgess.20
@pitrh@mastodon.social
I thought I had seen it all when it comes to mail delivery and security issues.
But this morning I was introduced to the fact that there are Exchange admins who will implement a rule that all incoming mail from outside their own organization should be flagged as potentially dangerous and presented to the user with the option to block sender and no option to mark the message or the sender as valid.
Yes, that for every single message.
@pitrh@mastodon.social
I thought I had seen it all when it comes to mail delivery and security issues.
But this morning I was introduced to the fact that there are Exchange admins who will implement a rule that all incoming mail from outside their own organization should be flagged as potentially dangerous and presented to the user with the option to block sender and no option to mark the message or the sender as valid.
Yes, that for every single message.
@Em0nM4stodon@infosec.exchange
New Privacy Guides video 📺✨
by @jw
If you've wondered about
the difference between:
Privacy,
Security,
and Anonymity
And why some privacy-focused
services are worth using even when they don't provide perfect anonymity, watch this!
It's truly an amazing short video!
Everyone should watch it 👇
https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/
@ilgrosso@fosstodon.org
@ilgrosso@fosstodon.org
@ilgrosso@fosstodon.org
@ilgrosso@fosstodon.org
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
The battle for encryption happens TODAY. Your right to privacy and security will be decided behind your back.
We call for the hearing to be made public.
Encryption must be protected from this slippery slope.
Sign and share our petition to have your say ⬇️
https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted
#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #tech #Apple
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
The battle for encryption happens TODAY. Your right to privacy and security will be decided behind your back.
We call for the hearing to be made public.
Encryption must be protected from this slippery slope.
Sign and share our petition to have your say ⬇️
https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted
#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #tech #Apple
@openrightsgroup@social.openrightsgroup.org
"This is a significant test for the battle between law enforcement and technology.”
Holding the Apple case in secret makes the legal process more cloak and dagger, less scales and sword.
It makes it harder to challenge the UK government's order to break encryption and creates a dangerous precedent.
This case sets the stage for more shady encryption-breaking orders to be made.
#encryption #e2ee #Apple #ukpolitics #ukpol #privacy #security #tech #cybersecurity
@privacyguides@mastodon.neat.computer
This week we’re tackling some common misconceptions with privacy, security, and anonymity!
Often privacy and anonymity are used interchangeably. However, there are distinct differences between the two. In our latest video, we aim to explain and discuss the differences, so you can make better decisions on your privacy and security journey.
https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/
@skinnylatte@hachyderm.io
@skinnylatte@hachyderm.io
@w3cdevs@w3c.social
Based on the @w3c workshop "Secure the Web Forward” and thanks to work taking place in the W3C Security Web Application Guidelines (SWAG) #CommunityGroup, we are happy to release 6 videos that address the complexities of Content Security Policy and Trusted Types, by introducing open-source tooling that reduce uncertainty and complexity of configuring web #security mitigations against XSS.
▶️ https://www.w3.org/blog/2025/how-to-protect-your-web-applications-from-xss/
cc @simone @torgo
🎬 Security at W3C playlist: https://www.youtube.com/playlist?list=PLNhYw8KaLq2Wr27HLfSTD4d6JpC3G0PVr
@openrightsgroup@social.openrightsgroup.org
Whisper it, the showdown over Apple encryption is THIS WEEK ⏱️
🤐 A secret tribunal will hear the appeal against the UK government’s order to carve a backdoor into Apple’s encrypted services.
🛑 Our cybersecurity and privacy shouldn’t be decided in the shadows.
#encryption #Apple #privacy #cybersecurity #security #e2ee #ukpolitics #ukpol
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
In response to the State's demand for insecurity, Apple withdrew its encrypted services from the UK and appealed.
A secret tribunal now decides 🤫
This hearing MUST happen in public.
It starts with Apple... the UK government will chomp away encryption to a rotten core.
https://www.digit.fyi/apple-to-battle-uk-gov-over-encryption-in-secret-tribunal/
#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
In response to the State's demand for insecurity, Apple withdrew its encrypted services from the UK and appealed.
A secret tribunal now decides 🤫
This hearing MUST happen in public.
It starts with Apple... the UK government will chomp away encryption to a rotten core.
https://www.digit.fyi/apple-to-battle-uk-gov-over-encryption-in-secret-tribunal/
#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
History is a set of lies agreed upon.
The UK government took to revisionist tactics and wiped its advice for lawyers and barristers to use Apple encrypted services.
Putting victims of crime at a greater risk of harm so you don't contradict yourself isn't a good look 🤷♂️
https://techcrunch.com/2025/03/06/uk-quietly-scrubs-encryption-advice-from-government-websites/
#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
The UK Home Office issued a secret order under the Investigatory Powers Act to make Apple put a backdoor in its encrypted services.
This is so the government can access what's uploaded to the cloud... them and hackers alike.
Too sly sly, hush hush spy to spy.
#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
The story so far...
The Investigatory Powers Act was widened last year to:
🔴 Prevent companies from rolling out encryption.
🔴 Have the UK government approve any security updates to tech products.
Surveillance first 👁️, security be damned 🗑️
#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple
@openrightsgroup@social.openrightsgroup.org
Make it rain 🌧️
The UK government’s demand for a spy hole makes your iCloud storage leaky.
All your pics, docs, finances and more are up for grabs. Hackers, blackmailers and predators will have a field day.
Sign our petition to save Apple encrypted services!
➡️ https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted
#encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol #apple
@Tutanota@mastodon.social
🚨BREAKING🚨 The French National Assembly removed the backdoor section from the amendment to the #Narcotrafic law.
Read here how Politicians tried to undermine everybody's #security: https://tuta.com/blog/france-surveillance-nacrotrafic-law
🙏 And thank you for fighting against this with us. This is a great win for privacy, yet, the battle is not over. Together we are strong! 💪
@Tutanota@mastodon.social
🚨BREAKING🚨 The French National Assembly removed the backdoor section from the amendment to the #Narcotrafic law.
Read here how Politicians tried to undermine everybody's #security: https://tuta.com/blog/france-surveillance-nacrotrafic-law
🙏 And thank you for fighting against this with us. This is a great win for privacy, yet, the battle is not over. Together we are strong! 💪
@openrightsgroup@social.openrightsgroup.org
Whisper it, the showdown over Apple encryption is THIS WEEK ⏱️
🤐 A secret tribunal will hear the appeal against the UK government’s order to carve a backdoor into Apple’s encrypted services.
🛑 Our cybersecurity and privacy shouldn’t be decided in the shadows.
#encryption #Apple #privacy #cybersecurity #security #e2ee #ukpolitics #ukpol
@openrightsgroup@social.openrightsgroup.org
Whisper it, the showdown over Apple encryption is THIS WEEK ⏱️
🤐 A secret tribunal will hear the appeal against the UK government’s order to carve a backdoor into Apple’s encrypted services.
🛑 Our cybersecurity and privacy shouldn’t be decided in the shadows.
#encryption #Apple #privacy #cybersecurity #security #e2ee #ukpolitics #ukpol
@openrightsgroup@social.openrightsgroup.org
Save Encryption. Save the World 🌐
Only by blocking message scanning technology on messaging apps can we ensure online safety!
End-to-end encryption prevents predators and hackers from weeding their way into our private lives.
We must #PracticeSafeText 💬
https://www.openrightsgroup.org/blog/the-case-for-encryption/
#e2ee #encryption #onlinesafety #onlinesafetyact #ukpolitics #ukpol #privacy #security #cybersecurity #ofcom #whatsapp #signal
@thisismissem@hachyderm.io
Mixing up Public and Private Keys in OpenID Connect deployments - Hanno's Blog:
@w3cdevs@w3c.social
Based on the @w3c workshop "Secure the Web Forward” and thanks to work taking place in the W3C Security Web Application Guidelines (SWAG) #CommunityGroup, we are happy to release 6 videos that address the complexities of Content Security Policy and Trusted Types, by introducing open-source tooling that reduce uncertainty and complexity of configuring web #security mitigations against XSS.
▶️ https://www.w3.org/blog/2025/how-to-protect-your-web-applications-from-xss/
cc @simone @torgo
🎬 Security at W3C playlist: https://www.youtube.com/playlist?list=PLNhYw8KaLq2Wr27HLfSTD4d6JpC3G0PVr
@openrightsgroup@social.openrightsgroup.org
Carpe DM 👁️🗨️?
End-to-end encryption = online safety. It keeps what we send on messaging apps secure from hackers and predators.
🚫 Tell Ofcom NOT to implement message scanning powers in their consultation.
⏰ You have until 5pm TODAY!
https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text
#e2ee #encryption #onlinesafety #onlinesafetyact #ukpolitics #ukpol #privacy #security #cybersecurity #ofcom #whatsapp #signal
@openrightsgroup@social.openrightsgroup.org
Carpe DM 👁️🗨️?
End-to-end encryption = online safety. It keeps what we send on messaging apps secure from hackers and predators.
🚫 Tell Ofcom NOT to implement message scanning powers in their consultation.
⏰ You have until 5pm TODAY!
https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text
#e2ee #encryption #onlinesafety #onlinesafetyact #ukpolitics #ukpol #privacy #security #cybersecurity #ofcom #whatsapp #signal
@frankie@infosec.exchange
The State of Personal Online Security and Confidentiality | SXSW LIVE
By @Mer__edith , President Signal Foundation
A brilliant discussion on Signal, human rights, surveillance, and security. 🥳
#Signal #SXSW #Privacy #OpenSource #FOSS #MeredithWhittaker #BigTech #Security
@sleepycat@infosec.exchange
@openrightsgroup@social.openrightsgroup.org
Save Encryption. Save the World 🌐
Only by blocking message scanning technology on messaging apps can we ensure online safety!
End-to-end encryption prevents predators and hackers from weeding their way into our private lives.
We must #PracticeSafeText 💬
https://www.openrightsgroup.org/blog/the-case-for-encryption/
#e2ee #encryption #onlinesafety #onlinesafetyact #ukpolitics #ukpol #privacy #security #cybersecurity #ofcom #whatsapp #signal
@sleepycat@infosec.exchange
@openrightsgroup@social.openrightsgroup.org
🚨 Time is Running Out to Save Encryption 🔐
Ofcom is consulting on implementing message scanning powers in the UK Online Safety Act.
This would break end-to-end encryption on the messaging apps we all use!
⏰ CLOSES Monday 10 March, 5pm.
Use our tool to tell Ofcom #PracticeSafeText 💬
ACT NOW ⬇️
https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text
#e2ee #encryption #OnlineSafetyAct #ukpolitics #ukpol #privacy #ofcom #security #cybersecurity #whatsapp #signal
@openrightsgroup@social.openrightsgroup.org
🚨 Time is Running Out to Save Encryption 🔐
Ofcom is consulting on implementing message scanning powers in the UK Online Safety Act.
This would break end-to-end encryption on the messaging apps we all use!
⏰ CLOSES Monday 10 March, 5pm.
Use our tool to tell Ofcom #PracticeSafeText 💬
ACT NOW ⬇️
https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text
#e2ee #encryption #OnlineSafetyAct #ukpolitics #ukpol #privacy #ofcom #security #cybersecurity #whatsapp #signal
@LorenzoAncora@ieji.de
GNU Emacs: new critical remote shell injection vulnerability.
Red Hat discovered a command injection flaw in the text editor Emacs. It allows a remote, unauthenticated attacker to execute any command on your computer. The vulnerability is activated when you visit a malicious website or link.
https://www.cve.org/CVERecord?id=CVE-2025-1244
---
#news #software #gnu #emacs #security #hacking #terminal #linux #cve #opensource #freesoftware
---
Mitigation: uninstall/update immediately.
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔑✨
by me:
If you are using a YubiKey,
you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.
This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.
I hope you find it helpful!
https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/
#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔑✨
by me:
If you are using a YubiKey,
you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.
This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.
I hope you find it helpful!
https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/
#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔑✨
by me:
If you are using a YubiKey,
you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.
This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.
I hope you find it helpful!
https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/
#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA
@ProfessorCode@fosstodon.org · Reply to Professor Code's post
I can't believe that Mozilla is choosing to take Firefox down this road of seemingly trying to harvest and sell their users' data, when there is already a proven method to increase their revenue with one of their own products.
Thunderbird has already proven that people are willing to support open source, privacy-friendly and well-maintained projects, especially if it's a critical part of their workflow. Just build a product that people want to use.
@ProfessorCode@fosstodon.org
Since Firefox requires a "nonexclusive, royalty-free, worldwide license" to my personal data, I've finally decided to move away to another browser.
https://www.youtube.com/watch?v=Rc96ISKh2OM
The problem appears to be, though, that I'm not sure which browser to use now. Most of the alternatives seem to have questionable privacy or security.
@proscience@toot.community
Very interesting food for thought:
"Managing the Transatlantic Divorce: A roadmap towards a European way of war"
Warning: May make an uncomfortable read but IMHO we have to face reality as is, not as we wish it to be.
@proscience@toot.community
Very interesting food for thought:
"Managing the Transatlantic Divorce: A roadmap towards a European way of war"
Warning: May make an uncomfortable read but IMHO we have to face reality as is, not as we wish it to be.
@openrightsgroup@social.openrightsgroup.org
LGBTQ people need online communities for support 🏳️🌈 🌐
End-to-end encryption underpins this essential lifeline with the safety of confidentiality.
It's a matter of survival, particularly for people who live with unsupportive families or in oppressive societies.
Save encryption. #PracticeSafeText 💬
https://www.openrightsgroup.org/blog/queercryption-safety-in-numbers/
#e2ee #encryption #lgbtq #lgbtqia #lgbt #queer #privacy #security #queercryption
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
“Strong encryption strengthens the foundation of trust online and ensures that our digital spaces remain ones where individuals can live authentically and without fear.”
Shae Gardner from LGBT Tech explains why encryption is so important for the LGBTQ community 🏳️🌈
#e2ee #encryption #lgbt #lgbtq #lgbtqia #privacy #security #queer #queercryption
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
“Strong encryption strengthens the foundation of trust online and ensures that our digital spaces remain ones where individuals can live authentically and without fear.”
Shae Gardner from LGBT Tech explains why encryption is so important for the LGBTQ community 🏳️🌈
#e2ee #encryption #lgbt #lgbtq #lgbtqia #privacy #security #queer #queercryption
@openrightsgroup@social.openrightsgroup.org · Reply to Open Rights Group's post
LGBTQ people are core users of the Internet 🏳️🌈 🌐
80% participate in social networking, compared to 58% of the general public.
Messaging apps that use end-to-end encryption help to keep LGBTQ people safe.
Read more from LGBT Tech ⬇️
https://www.lgbttech.org/post/2019/11/22/lgbt-tech-release-encryption-one-sheet
#e2ee #encryption #queercryption #privacy #security #lgbt #lgbtq #lgbtqia #queer
@openrightsgroup@social.openrightsgroup.org
LGBTQ people need online communities for support 🏳️🌈 🌐
End-to-end encryption underpins this essential lifeline with the safety of confidentiality.
It's a matter of survival, particularly for people who live with unsupportive families or in oppressive societies.
Save encryption. #PracticeSafeText 💬
https://www.openrightsgroup.org/blog/queercryption-safety-in-numbers/
#e2ee #encryption #lgbtq #lgbtqia #lgbt #queer #privacy #security #queercryption
@sleepycat@infosec.exchange
@applsec@infosec.exchange
🧪 NEW BETA RELEASES 🧪
📱 iOS 18.4 beta 2 (22E5216h)
📱 iPadOS 18.4 beta 2 (22E5216h)
💻 macOS 15.4 beta 2 (24E5222f)
📺 tvOS 18.4 beta 2 (22L5234e)
🥽 visionOS 2.4 beta 2 (22O5215f)
⌚ watchOS 11.4 beta 2 (22T5228e)
@Tutanota@mastodon.social
France is about to pass the worst surveillance law in the EU.
Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law
@bespacific@newsie.social
@psuPete Recommends - Weekly highlights on cyber security issues, 03/01/25 https://www.llrx.com/2025/03/pete-recommends-weekly-highlights-on-cyber-security-issues-march-1-2025/ Five posts from this week: #Trump has purged government websites; The Wayback Machine trying to preserve the record; Turn off your read receipts. They’re a #security risk; You can now easily remove personal info from #Google Search results; Google plans to end #SMS verification in favor of #QR codes; and #Verizon isn’t doing enough to protect customers from #robocall scams. #cybercrime #privacy
@bespacific@newsie.social
@psuPete Recommends - Weekly highlights on cyber security issues, 03/01/25 https://www.llrx.com/2025/03/pete-recommends-weekly-highlights-on-cyber-security-issues-march-1-2025/ Five posts from this week: #Trump has purged government websites; The Wayback Machine trying to preserve the record; Turn off your read receipts. They’re a #security risk; You can now easily remove personal info from #Google Search results; Google plans to end #SMS verification in favor of #QR codes; and #Verizon isn’t doing enough to protect customers from #robocall scams. #cybercrime #privacy
@applsec@infosec.exchange
🧪 NEW BETA RELEASES 🧪
📱 iOS 18.4 beta 2 (22E5216h)
📱 iPadOS 18.4 beta 2 (22E5216h)
💻 macOS 15.4 beta 2 (24E5222f)
📺 tvOS 18.4 beta 2 (22L5234e)
🥽 visionOS 2.4 beta 2 (22O5215f)
⌚ watchOS 11.4 beta 2 (22T5228e)
@thinkberg@tetrax.de
Von wegen #Arbeitsagentur: Wer nen schoenen #Job hat, darf mich gerne anpingen. Mit #ubirch hab ich 8 Jahre als #CTO gewerkelt. Dabei war Hardware (#Calliope mini, #Trackle), Software (embedded, Blockchain, #security, #cryptography, #trust) - speziell der elektonische #Impfnachweis und am Ende #ESG greenhouse gas accounting. Ich helfe Teams mit ihren Aufgaben zu wachsen und stabile Produkte zu produzieren.
@thinkberg@tetrax.de
Von wegen #Arbeitsagentur: Wer nen schoenen #Job hat, darf mich gerne anpingen. Mit #ubirch hab ich 8 Jahre als #CTO gewerkelt. Dabei war Hardware (#Calliope mini, #Trackle), Software (embedded, Blockchain, #security, #cryptography, #trust) - speziell der elektonische #Impfnachweis und am Ende #ESG greenhouse gas accounting. Ich helfe Teams mit ihren Aufgaben zu wachsen und stabile Produkte zu produzieren.
@Nonilex@masto.ai · Reply to Nonilex's post
“It is unsurprising that allies in #Europe are gathering in London this weekend & equally unsurprising that the #UK is being taken much more seriously in Brussels & capitals,” Ashton said.
And yet there are limits to #Starmer’s #diplomacy. He was unable to extract any #security guarantees from #Trump for #Ukraine, despite an exaggerated show of deference to the president. That included Starmer hand-delivering an invitation for a state visit from #KingCharles….
@Nonilex@masto.ai · Reply to Nonilex's post
The #summit meeting has thrust #Starmer into an unaccustomed place for a British prime minister: at the heart of #Europe during a crisis. >8 years after the country voted to leave the #EU, the rapidly changing #security landscape is driving #Britain closer to the continent.
Catherine Ashton, a Briton who served as the EU’s high representative for #ForeignAffairs & security policy, said Starmer’s successful meeting w/ #Trump had reinforced his credentials as a leader for Europe.
@biznisbox@fosstodon.org
🚀 BiznisBox v2 is here! 🎉
After 6+ months of development, we’re bringing you a major upgrade with:
🔐 2FA & Login Notifications – Enhanced security for safer access
🔗 Webhook Support – Seamless third-party integrations
🛠️ New Support Ticket Module – Streamlined issue tracking
📜 New Contracts Module – Better document organization
🎨 Complete UI Redesign – Modern, intuitive & sleek
Upgrade now & experience the future of business management! 🚀
@Tutanota@mastodon.social
France is about to pass the worst surveillance law in the EU.
Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law
@biznisbox@fosstodon.org
🚀 BiznisBox v2 is here! 🎉
After 6+ months of development, we’re bringing you a major upgrade with:
🔐 2FA & Login Notifications – Enhanced security for safer access
🔗 Webhook Support – Seamless third-party integrations
🛠️ New Support Ticket Module – Streamlined issue tracking
📜 New Contracts Module – Better document organization
🎨 Complete UI Redesign – Modern, intuitive & sleek
Upgrade now & experience the future of business management! 🚀
@timkmak@journa.host
Good morning to readers; Kyiv remains in Ukrainian hands.
#Zelenskyy said a deal with #Russia is pointless w/o #security #guarantees.
Here’s why: #Kyiv made this mistake before.
#Moscow broke ceasefire after #Minsk agreements. International lawyer Oleksandr watched it all unfold.
@timkmak@journa.host
Good morning to readers; Kyiv remains in Ukrainian hands.
#Zelenskyy said a deal with #Russia is pointless w/o #security #guarantees.
Here’s why: #Kyiv made this mistake before.
#Moscow broke ceasefire after #Minsk agreements. International lawyer Oleksandr watched it all unfold.
@peterrenshaw@ioc.exchange · Reply to ☮ ♥ ♬ 🧑💻's post
“Principle 4. Individuals’ #security and #privacy on the internet are fundamental and must not be treated as optional.”
“The Mozilla #Manifesto Addendum
Pledge for a Healthy #Internet
The open, global internet is the most powerful communication and collaboration resource we have ever seen. It embodies some of our deepest hopes for human progress. It enables new opportunities for learning, building a sense of shared humanity, and solving the pressing problems facing people everywhere.
Over the last decade we have seen this promise fulfilled in many ways. We have also seen the power of the internet used to magnify divisiveness, incite violence, promote hatred, and intentionally manipulate fact and reality. We have learned that we should more explicitly set out our aspirations for the human experience of the internet. We do so now.”
Lol 🤪 Principles
@LorenzoAncora@ieji.de
GNU Emacs: new critical remote shell injection vulnerability.
Red Hat discovered a command injection flaw in the text editor Emacs. It allows a remote, unauthenticated attacker to execute any command on your computer. The vulnerability is activated when you visit a malicious website or link.
https://www.cve.org/CVERecord?id=CVE-2025-1244
---
#news #software #gnu #emacs #security #hacking #terminal #linux #cve #opensource #freesoftware
---
Mitigation: uninstall/update immediately.
@GrapheneOS@grapheneos.social
GrapheneOS version 2025022700 released:
https://grapheneos.org/releases#2025022700
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/20369-grapheneos-version-2025022700-released
@Frederik_Borgesius@akademienl.social
'The EU’s chat control legislation is reportedly back on the table... Polish officials have now tabled a new proposal, which is open for feedback until 20 February.'
#law #eu #privacy #surveillance #csam #encryption #security #cybersecurity https://secure.dialog-mail.com/v/145667/1/Wdn4xzHFg8/99136250
@Tutanota@mastodon.social
France is about to pass the worst surveillance law in the EU.
Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law
@Tutanota@mastodon.social
France is about to pass the worst surveillance law in the EU.
Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law
@openrightsgroup@social.openrightsgroup.org
❌ You can't trade privacy to prevent crime.
⚠️ Message scanning tech punches a hole in everyone's security. Surveillance organisations, hackers, scammers and predators alike will be able to creep into your life.
Read our longread on the need to protect end-to-end encryption ⬇️
#PracticeSafeText #e2ee #encryption #OnlineSafetyAct #privacy #security
https://www.openrightsgroup.org/blog/the-case-for-encryption/
@heisec@social.heise.de
LibreOffice: Manipulierte Dokumente können in Windows Befehle einschleusen
In LibreOffice können Angreifer unter Windows eine Lücke missbrauchen, durch die Dateien nach Klick auf Links ausgeführt werden.
@heisec@social.heise.de
LibreOffice: Manipulierte Dokumente können in Windows Befehle einschleusen
In LibreOffice können Angreifer unter Windows eine Lücke missbrauchen, durch die Dateien nach Klick auf Links ausgeführt werden.
@presidentbeef@ruby.social
I am hiring a Senior Privacy Engineer at Gusto: https://job-boards.greenhouse.io/gusto/jobs/6527585
Preferring candidates in Denver, but can hire (remote) in Atlanta, Austin, Chicago, Los Angeles, Miami, Toronto.
More roles coming soon...
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
OPM’s Own Guidance Says Fed Employees Never Have to Respond to the Elon Emails
https://talkingpointsmemo.com/edblog/opms-own-guidance-says-fed-employees-never-have-to-respond-to-the-elon-emails
"new system [created by #Doge] was given the name Government-Wide Email System (GWES). On February 5th, 2025... OPM published this document... in sections 4.2 and 4.3, federal government employees are never obligated to respond to any GWES emails and are under no obligation to share any information."
#ElonMusk #Musk #5Bullets #email #GWES #OPM #Privacy #Security #Government #News #USA
@Linux_Is_Best@misskey.de
Someone really should start another not self-hosted, non-US-based, Password Manager. I only know of two:
1) Heylogin
2) pCloud
(1Password, is owned by a Canadian company, owned by a US company).
1) Heylogin - Sucks.
It is completely tired to your phone. Using their web browser extension? Check your phone. Want to log in to a site? Check your phone. Want to update a login details? Check your phone.
You ever lose or damage your phone, you're f-cked. It is not designed for multiple devices either.
2) pCloud
It is indeed outside US-jurisdiction. The company is not owned by any business in the USA. It does not own any businesses itself in the USA. But they do resell services in the USA, and the only way you can avoid not being assigned to one of those US Servers is to use a VPN so you'll be forwarded to their Europe Servers.
From their own documentation:
" As a consequence API calls have to be made to the correct API host name depending were the user has been registered – api.pcloud.com for United States and eapi.pcloud.com for Europe. "
#PasswordManager #Password #Security #Privacy
@openrightsgroup@social.openrightsgroup.org
❌ You can't trade privacy to prevent crime.
⚠️ Message scanning tech punches a hole in everyone's security. Surveillance organisations, hackers, scammers and predators alike will be able to creep into your life.
Read our longread on the need to protect end-to-end encryption ⬇️
#PracticeSafeText #e2ee #encryption #OnlineSafetyAct #privacy #security
https://www.openrightsgroup.org/blog/the-case-for-encryption/
@openrightsgroup@social.openrightsgroup.org
❌ You can't trade privacy to prevent crime.
⚠️ Message scanning tech punches a hole in everyone's security. Surveillance organisations, hackers, scammers and predators alike will be able to creep into your life.
Read our longread on the need to protect end-to-end encryption ⬇️
#PracticeSafeText #e2ee #encryption #OnlineSafetyAct #privacy #security
https://www.openrightsgroup.org/blog/the-case-for-encryption/
@BjornW@mastodon.social
Thought experiment:
@letsencrypt offers certificates to encrypt the traffic between a website & your browser.
They reside in the US & thus are subject to the judiciary system of the US.
What are the possible risks for websites outside the US, given the current unstable political situation & administration? What type of damage could an executive order do? How could this be mitigated?
Boosts appreciated.
#Politics #Security #GeoPolitics #Encryption #LetsEncrypt #CyberSecurity #Tech
@kuketzblog@social.tchncs.de
Apple entfernt seine höchste »Sicherheitsstufe« für Nutzerdaten in UK, nachdem die Regierung Zugriff auf Daten forderte. Die »Advanced Data Protection« (ADP) stellt durch Ende-zu-Ende-Verschlüsselung sicher, dass nur Kontoinhaber auf ihre gespeicherten Fotos oder Dokumente zugreifen können. Das gilt nun nicht mehr.
@notesnook@fosstodon.org
Notesnook v3.0.27 is out with an all new command palette, quick open, support for pasting markdown directly, and much more!
Read the full release notes here: https://blog.notesnook.com/notesnook-v3.0.27
#notesnook, #notetaking, #privacy, #security, #productivity, #encryption
@paka@mastodon.scot
European Court of Human Rights Confirms: Weakening Encryption Violates Fundamental Rights
In a milestone judgment—Podchasov v. Russia—the #European Court of #HumanRights ( #ECtHR) has ruled that weakening of #encryption can lead to general and indiscriminate #surveillance of the #communications of all users and violates the #HumanRight to #privacy.
#security #freedom #authoritarian #backdoors #hackers #IdentityTheft #banking
@blog@shkspr.mobi
https://shkspr.mobi/blog/2025/02/the-least-secure-totp-code-possible/
If you use Multi-Factor Authentication, you'll be well used to scanning in QR codes which allow you to share a secret code with a website. These are known as Time-based One Time Passwords (TOTP0).
As I've moaned about before, TOTP has never been properly standardised. It's a mish-mash of half-finished proposals with no active development, no test suite, and no-one looking after it. Which is exactly what you want from a security specification, right?!
So let's try to find some edge-cases and see where things break down.
This is possibly the least secure TOTP code I could create. Scan it and see whether your app will accept it.
What makes it so crap? There are three things which protect you when using TOTP.
abcdefghijklmno
- OK, that's not the easiest thing to guess, but it isn't exactly complex.If you were thick enough to use this1, an attacker would have a 1/10 chance of simply guessing your MFA code. If they saw you type it in, they'd have a couple of minutes in which to reuse it.
Can modern TOTP apps add this code? I crowdsourced the answers.
Surprisingly, a few apps accept it! Aegis, 1password, and BitWarden will happily store it and show you a 1 digit code for 120 seconds.
A few reject it. Authy, Google Authenticator, and OpenOTP claim the code is broken and won't add it.
But, weirdly, a few interpret it incorrectly! The native iOS app, Microsoft Authenticator, and KeepassXC store the code, but treat it as a 6 digit, 30 second code.
What is the right thing to do in this case? The code is outside the (very loosely defined) specification. Postel's Law tells us that we should try our best to interpret malformed data - which is what Aegis and BitWarden do.
But, in a security context, that could be dangerous. Perhaps rejecting a dodgy code makes more sense?
What is absolutely daft2 is ignoring the bits of the code you don't like and substituting your own data! Luckily, in a normal TOTP enrolment, the user has to enter a code to prove they've saved it correctly. Entering in a 6 digit code where only 1 is expected is likely to fail.
A one-digit code is ridiculous. But what about the other extreme? Would a 128-digit code be acceptable? For a human, no; it would be impossible to type in correctly. For a machine with a shared secret, it possibly makes sesne.
On a high-latency connection or with users who may have mobility difficulties, a multi-minute timeframe could be sensible. For something of extremely high security, sub-30 seconds may be necessary.
But, again, the specification hasn't evolved to meet user needs. It is stagnant and decaying.
There's an draft proposal to tighten up to TOTP spec which has expired.
It would be nice if the major security players came together to work out a formal and complete specification for this vital piece of security architecture. But I bet it won't ever happen.
So there you have it. We're told to rely on TOTP for our MFA - yet the major apps all disagree on how the standard should be implemented. This is a recipe for an eventual security disaster.
How do we fix it?
@blog@shkspr.mobi
https://shkspr.mobi/blog/2025/02/the-least-secure-totp-code-possible/
If you use Multi-Factor Authentication, you'll be well used to scanning in QR codes which allow you to share a secret code with a website. These are known as Time-based One Time Passwords (TOTP0).
As I've moaned about before, TOTP has never been properly standardised. It's a mish-mash of half-finished proposals with no active development, no test suite, and no-one looking after it. Which is exactly what you want from a security specification, right?!
So let's try to find some edge-cases and see where things break down.
This is possibly the least secure TOTP code I could create. Scan it and see whether your app will accept it.
What makes it so crap? There are three things which protect you when using TOTP.
abcdefghijklmno
- OK, that's not the easiest thing to guess, but it isn't exactly complex.If you were thick enough to use this1, an attacker would have a 1/10 chance of simply guessing your MFA code. If they saw you type it in, they'd have a couple of minutes in which to reuse it.
Can modern TOTP apps add this code? I crowdsourced the answers.
Surprisingly, a few apps accept it! Aegis, 1password, and BitWarden will happily store it and show you a 1 digit code for 120 seconds.
A few reject it. Authy, Google Authenticator, and OpenOTP claim the code is broken and won't add it.
But, weirdly, a few interpret it incorrectly! The native iOS app, Microsoft Authenticator, and KeepassXC store the code, but treat it as a 6 digit, 30 second code.
What is the right thing to do in this case? The code is outside the (very loosely defined) specification. Postel's Law tells us that we should try our best to interpret malformed data - which is what Aegis and BitWarden do.
But, in a security context, that could be dangerous. Perhaps rejecting a dodgy code makes more sense?
What is absolutely daft2 is ignoring the bits of the code you don't like and substituting your own data! Luckily, in a normal TOTP enrolment, the user has to enter a code to prove they've saved it correctly. Entering in a 6 digit code where only 1 is expected is likely to fail.
A one-digit code is ridiculous. But what about the other extreme? Would a 128-digit code be acceptable? For a human, no; it would be impossible to type in correctly. For a machine with a shared secret, it possibly makes sesne.
On a high-latency connection or with users who may have mobility difficulties, a multi-minute timeframe could be sensible. For something of extremely high security, sub-30 seconds may be necessary.
But, again, the specification hasn't evolved to meet user needs. It is stagnant and decaying.
There's an draft proposal to tighten up to TOTP spec which has expired.
It would be nice if the major security players came together to work out a formal and complete specification for this vital piece of security architecture. But I bet it won't ever happen.
So there you have it. We're told to rely on TOTP for our MFA - yet the major apps all disagree on how the standard should be implemented. This is a recipe for an eventual security disaster.
How do we fix it?
@blog@shkspr.mobi
https://shkspr.mobi/blog/2025/02/the-least-secure-totp-code-possible/
If you use Multi-Factor Authentication, you'll be well used to scanning in QR codes which allow you to share a secret code with a website. These are known as Time-based One Time Passwords (TOTP0).
As I've moaned about before, TOTP has never been properly standardised. It's a mish-mash of half-finished proposals with no active development, no test suite, and no-one looking after it. Which is exactly what you want from a security specification, right?!
So let's try to find some edge-cases and see where things break down.
This is possibly the least secure TOTP code I could create. Scan it and see whether your app will accept it.
What makes it so crap? There are three things which protect you when using TOTP.
abcdefghijklmno
- OK, that's not the easiest thing to guess, but it isn't exactly complex.If you were thick enough to use this1, an attacker would have a 1/10 chance of simply guessing your MFA code. If they saw you type it in, they'd have a couple of minutes in which to reuse it.
Can modern TOTP apps add this code? I crowdsourced the answers.
Surprisingly, a few apps accept it! Aegis, 1password, and BitWarden will happily store it and show you a 1 digit code for 120 seconds.
A few reject it. Authy, Google Authenticator, and OpenOTP claim the code is broken and won't add it.
But, weirdly, a few interpret it incorrectly! The native iOS app, Microsoft Authenticator, and KeepassXC store the code, but treat it as a 6 digit, 30 second code.
What is the right thing to do in this case? The code is outside the (very loosely defined) specification. Postel's Law tells us that we should try our best to interpret malformed data - which is what Aegis and BitWarden do.
But, in a security context, that could be dangerous. Perhaps rejecting a dodgy code makes more sense?
What is absolutely daft2 is ignoring the bits of the code you don't like and substituting your own data! Luckily, in a normal TOTP enrolment, the user has to enter a code to prove they've saved it correctly. Entering in a 6 digit code where only 1 is expected is likely to fail.
A one-digit code is ridiculous. But what about the other extreme? Would a 128-digit code be acceptable? For a human, no; it would be impossible to type in correctly. For a machine with a shared secret, it possibly makes sesne.
On a high-latency connection or with users who may have mobility difficulties, a multi-minute timeframe could be sensible. For something of extremely high security, sub-30 seconds may be necessary.
But, again, the specification hasn't evolved to meet user needs. It is stagnant and decaying.
There's an draft proposal to tighten up to TOTP spec which has expired.
It would be nice if the major security players came together to work out a formal and complete specification for this vital piece of security architecture. But I bet it won't ever happen.
So there you have it. We're told to rely on TOTP for our MFA - yet the major apps all disagree on how the standard should be implemented. This is a recipe for an eventual security disaster.
How do we fix it?
@ianonymous3000@mastodon.social
@orhun@fosstodon.org
Breaking news for the crab people 🚨
🦀 Ring, a widely used Rust cryptography library, is now unmaintained.
🔐 Security advisory: https://rustsec.org/advisories/RUSTSEC-2025-0007
➡️ Details: https://github.com/briansmith/ring/discussions/2414
@orhun@fosstodon.org
Breaking news for the crab people 🚨
🦀 Ring, a widely used Rust cryptography library, is now unmaintained.
🔐 Security advisory: https://rustsec.org/advisories/RUSTSEC-2025-0007
➡️ Details: https://github.com/briansmith/ring/discussions/2414
@orhun@fosstodon.org
Breaking news for the crab people 🚨
🦀 Ring, a widely used Rust cryptography library, is now unmaintained.
🔐 Security advisory: https://rustsec.org/advisories/RUSTSEC-2025-0007
➡️ Details: https://github.com/briansmith/ring/discussions/2414
@aral@mastodon.ar.al
Today I learned that the alarm system that came with our house – a very popular one here in Ireland – can be disarmed via Siri.
The default command?
“Hey, Siri, disarm.”
I shit you not.
#security #smartHome #youGottaBeFuckingKiddingMe #siri #openSesame
@aral@mastodon.ar.al
Today I learned that the alarm system that came with our house – a very popular one here in Ireland – can be disarmed via Siri.
The default command?
“Hey, Siri, disarm.”
I shit you not.
#security #smartHome #youGottaBeFuckingKiddingMe #siri #openSesame
@kuketzblog@social.tchncs.de
Apple entfernt seine höchste »Sicherheitsstufe« für Nutzerdaten in UK, nachdem die Regierung Zugriff auf Daten forderte. Die »Advanced Data Protection« (ADP) stellt durch Ende-zu-Ende-Verschlüsselung sicher, dass nur Kontoinhaber auf ihre gespeicherten Fotos oder Dokumente zugreifen können. Das gilt nun nicht mehr.
@j12t@j12t.social
A family member has a Mac that appears compromised. It behaves strangely, runs with higher load than it should and macOS produced some error messages that imply it quarantined some code. I think the machine should be wiped completely and rebuilt.
#Security people: how would you go about this without inadvertently carrying bad stuff over to another Mac or the rebuilt Mac? There are many files, email etc that need to be preserved.
@Nonilex@masto.ai · Reply to Nonilex's post
#Russia's main demands to stop the fighting include a withdrawal of Kyiv's troops from Ukrainian territory Moscow [illegally] claims & an end to #Ukraine's ambitions to join #NATO. Ukraine says Russia must withdraw from its territory, & wants #security guarantees from the West. The #Trump admin says Ukraine has unrealistic, "illusionary" goals.
@beardedtechguy@infosec.exchange
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Trump Guts Crucial OPM Team as Elon Musk Gains Even More Power
The Office of Personnel Management has just limited access to certain government records on #ElonMusk and his #DOGE minions.
https://newrepublic.com/post/191663/elon-musk-opm-privacy-team
"The Trump administration has fired members of the “privacy team” at the #OPM, a move that will hinder #public access & scrutiny over #government records related to the #security clearances of #ElonMusk & Doge."
#Musk #Coup #Trump #Corruption #Politics #Privacy #USPol #News #US #USA
@mookie@chow.fan
Point of view always matters.
@threatresearch@infosec.exchange
This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz
@melroy@mastodon.melroy.org
I wrote a new blog post about DNS (part 1)!
Learn how DNS works in more depth and I even provide you will some useful terminal commands you can try yourself:
https://blog.melroy.org/2025/dns-part-1/
#dns #security #linux #unbound #bind #linux #recursive authoritative# server #nsd #dig #zone #domain #name #system
@threatresearch@infosec.exchange
This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz
@Linux_Is_Best@misskey.de
My list of digital service providers outside the jurisdiction of the United States of America. 😉
https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction
The list is now hosted on Codeberg, an alternative to GitHub or GitLab, but based out of Germany. 😉
#Vpn #Dns #Cdn #WebHosting #Email #PasswordManager #WebSearch #Privacy #Security #Project2025 #Fascism #Nazis
@securedrop@freedom.press
We’ve seen significant interest in newsrooms setting up SecureDrop to better protect whistleblowers, so we've put together a quick list of 5 key things you should know before setting it up:
https://securedrop.org/news/five-things-to-know-about-securedrop/
@securedrop@freedom.press
We’ve seen significant interest in newsrooms setting up SecureDrop to better protect whistleblowers, so we've put together a quick list of 5 key things you should know before setting it up:
https://securedrop.org/news/five-things-to-know-about-securedrop/
@Linux_Is_Best@misskey.de
Microsoft and the United States Government have a working partnership. You should consider try using Linux.
For a newbie, I would suggest Ultramarine Linux (KDE Plasma) or MX Linux (KDE Plasma). But ultimately, your goal should be to try using Linux.
If you need to keep a copy of Windows for gaming, that's fine. But still try using Linux too.
#Project2025 #Fascism #Nazis #DonaldTrump #Trump #ElonMusk #Musk #Privacy #Security #UsJurisdiction
@Linux_Is_Best@misskey.de
Microsoft and the United States Government have a working partnership. You should consider try using Linux.
For a newbie, I would suggest Ultramarine Linux (KDE Plasma) or MX Linux (KDE Plasma). But ultimately, your goal should be to try using Linux.
If you need to keep a copy of Windows for gaming, that's fine. But still try using Linux too.
#Project2025 #Fascism #Nazis #DonaldTrump #Trump #ElonMusk #Musk #Privacy #Security #UsJurisdiction
@privacyguides@mastodon.neat.computer
We're Privacy Guides, a non-profit project & community focused on personal data security and privacy. 👋
Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. Privacy is a human right, inherent to all of us, that we are entitled to (without discrimination).
You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. Everyone has something to protect. Privacy is something that makes us human.
We're on a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity.
@Linux_Is_Best@misskey.de
My list of digital service providers outside the jurisdiction of the United States of America. 😉
https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction
The list is now hosted on Codeberg, an alternative to GitHub or GitLab, but based out of Germany. 😉
#Vpn #Dns #Cdn #WebHosting #Email #PasswordManager #WebSearch #Privacy #Security #Project2025 #Fascism #Nazis
@Christian_Freiherr_von_Wolff@defcon.social
For every obvious reason and then some, I'm not linking to anything here; I refer herein and throughout to the adult video website that functionally everyone knows exists.
What they want you to believe is that they've made the decision to geo-block U.S. states requiring users to verify their age, specifically because they care about their users' privacy, supposedly.
Adult websites don't need government issued IDs on file to de-anonymize and track people; they already do that, and already do so very well.
So:
"These Terms of Service, your use of this Website, and the relationship between you and us shall be governed by the laws of the Republic of Cyprus, without regard to conflict of law rules. Nothing contained in these Terms of Service shall constitute an agreement to the application of the laws of any other nation to this Website. You agree that this Website shall be deemed a passive Website that does not give rise to personal jurisdiction over us, either specific or general, in jurisdictions other than the Republic of Cyprus. The sole and exclusive jurisdiction and venue for any action or proceeding arising out of or related to these Terms of Service shall be in an appropriate court located in Limassol, Cyprus. You hereby submit to the jurisdiction and venue of said Courts."
They are a business and nothing else, they always care only about their own profit and never about anything else, and it's simply a technical matter that to comply with age verification laws outside of the jurisdiction in which they already hide everything, would nullify the above quoted legally binding contract between themselves, their users, and their precious tax haven.
It is absolutely in their financial best interest to lose a certain number of existing customers when the only alternative necessitates that they stop evading taxes and getting away with it; Al Capone, eat your heart out.
They do not care at all about anyone's privacy, whatsoever.
@britter@chaos.social
Option | Voters |
---|---|
One key per email address | 6 (86%) |
Subkeys | 1 (14%) |
@jonisuikeli@mementomori.social
@jonisuikeli@mementomori.social
@ZzyzxProton@mastodon.social
The #traitor #OrangeIdiot in the #WhiteHouse is a #ManchurianCandidate. And the #ApartheidScum is the #handler and a #RussianAgent. They are actively #stripping the country's #security apparatus and #TraitorGOP is #silent. This will not end well.
#felonPresident
#felon
#MAGATraitor
https://www.yahoo.com/news/doge-reversal-firings-us-nuclear-235315700.html
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Elon Musk’s DOGE Shares Classified U.S. Intel With Entire World
Elon Musk’s minions posted classified data on their website for anyone to see.
https://newrepublic.com/post/191580/elon-musk-doge-classified-us-intel-data-website
"this incident doesn’t speak well of the pseudo-agency’s #security procedures. The website has already been hacked by Thursday evening thanks to #coding vulnerabilities. And since #DOGE has gotten into all kinds of sensitive #data, every #American could be at risk."
#ElonMusk #Coup #Musk #GOP #Politics #News #USPol #Press #USA
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Elon Musk’s DOGE Shares Classified U.S. Intel With Entire World
Elon Musk’s minions posted classified data on their website for anyone to see.
https://newrepublic.com/post/191580/elon-musk-doge-classified-us-intel-data-website
"this incident doesn’t speak well of the pseudo-agency’s #security procedures. The website has already been hacked by Thursday evening thanks to #coding vulnerabilities. And since #DOGE has gotten into all kinds of sensitive #data, every #American could be at risk."
#ElonMusk #Coup #Musk #GOP #Politics #News #USPol #Press #USA
@threatresearch@infosec.exchange
This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz
@privacyguides@mastodon.neat.computer
We're Privacy Guides, a non-profit project & community focused on personal data security and privacy. 👋
Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. Privacy is a human right, inherent to all of us, that we are entitled to (without discrimination).
You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. Everyone has something to protect. Privacy is something that makes us human.
We're on a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity.
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
DOGE’s .gov site lampooned as coders quickly realize it can be edited by anyone
DOGE site is apparently not running on government servers.
https://arstechnica.com/tech-policy/2025/02/doges-gov-site-lampooned-as-coders-quickly-realize-it-can-be-edited-by-anyone/
"DOGE appears to have skipped #security steps that are expected of #government websites. That pattern is troubling some federal workers...
makes it possible for bad actors to alter official databases of government information."
#ElonMusk #Musk #Doge #Programming #Tech #Data #Fail #News #US #USA
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
DOGE software approval alarms Labor Dept employees
Elon Musk’s #DOGE subordinates received approval to use #software at the Labor Dept that could be used to transfer large amounts of #data...
https://www.nbcnews.com/tech/security/doge-software-approval-alarms-labor-department-employees-data-security-rcna191583
"The approval for Musk’s team to use the remote-access and file-transfer software, known as PuTTY, has alarmed... #Labor Dept’s career employees...
“This is completely opposite of what we’d do to protect #privacy.”"
#Musk #Doge #Coup #Corruption #Tech #Security #News #USA #US
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Does DOGE Pose a National Security Risk?
Uncertainty About Access & Authority Will Worry Allies and Tempt Adversaries
https://www.foreignaffairs.com/united-states/elon-musk-does-doge-pose-national-security-risk
"what the #intelligence agencies of US allies & adversaries see when [ #Trump] grants sweeping access... to a team of young people who have no #government experience... and who work for an unelected figure w/extensive personal financial interests... American adversaries surely see an espionage & blackmail bonanza."
@matrix@mastodon.matrix.org
The world needs secure communication more than ever, as a bulwark against the surveillance, authoritarianism, and oppression increasingly enabled by Big Tech. Matrix seeks to meet that need, as an open source, decentralised, encrypted comms protocol.
But Trust & Safety is more difficult in a decentralised environment. How are we building a safer Matrix?
https://matrix.org/blog/2025/02/building-a-safer-matrix/
#Matrix #Security #Privacy #TrustAndSafety #OpenSource #FOSS
@ilumium@eupolicy.social
European Parliament #security advice after #China hacked #US infrastructure: Use plaintext #Microsoft Teams and only use encrypted @signalapp if Teams is unavailable. 🤷
Politico: "Parliament’s email reminded lawmakers they should use (...) Teams and #Jabber when possible and only #Signal if the two are unavailable."
“The use of Signal is proposed as a safe alternative in cases where no equivalent corporate tool is available,” the Parliament’s press service said in a statement.
@ilumium@eupolicy.social
European Parliament #security advice after #China hacked #US infrastructure: Use plaintext #Microsoft Teams and only use encrypted @signalapp if Teams is unavailable. 🤷
Politico: "Parliament’s email reminded lawmakers they should use (...) Teams and #Jabber when possible and only #Signal if the two are unavailable."
“The use of Signal is proposed as a safe alternative in cases where no equivalent corporate tool is available,” the Parliament’s press service said in a statement.
@hiramfromthechi@mastodon.social
Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.
#privacy #privacymatters #security #infosec #cybersecurity #cybersec #amazon #amazonecho #surveillance
@hiramfromthechi@mastodon.social
Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.
#privacy #privacymatters #security #infosec #cybersecurity #cybersec #amazon #amazonecho #surveillance
@hiramfromthechi@mastodon.social
Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.
#privacy #privacymatters #security #infosec #cybersecurity #cybersec #amazon #amazonecho #surveillance
@ianonymous3000@mastodon.social
@andrewlock@hachyderm.io
Blogged: Preventing client-side cross-site-scripting vulnerabilities with Trusted Types
In this post I describe how the Trusted Types feature in a Content-Security-Policy can protect you against cross-site-scripting attacks
@nat@partyon.xyz
IMPORTANT PSA FOR ALL IPHONE USERS
Siri is "reading" all of your apps. Note, you must INDIVIDUALLY turn this feature off for every single app ***even if you have Siri completely disabled.***
#apple #iphone #security #cybersecurity #phone #safety #siri #fascism
@bespacific@newsie.social
Compromised? In this interview, https://www.muellershewrote.com/p/a-fork-in-the-road-is-federal-employee I speak to a systems security specialist who found privacy problems surrounding the HR@opm.gov email servers #IT #security #natsec #nationalsecurity #cybercrime #cybersecurity #hacking #surveillance #malware #email #DOGE #Musk #treasury #OPM #FAA #FEMA #education #privacy #PII
@bespacific@newsie.social
Compromised? In this interview, https://www.muellershewrote.com/p/a-fork-in-the-road-is-federal-employee I speak to a systems security specialist who found privacy problems surrounding the HR@opm.gov email servers #IT #security #natsec #nationalsecurity #cybercrime #cybersecurity #hacking #surveillance #malware #email #DOGE #Musk #treasury #OPM #FAA #FEMA #education #privacy #PII
@openrightsgroup@social.openrightsgroup.org
“The government want to be able to access anything and everything, anywhere, any time.
Their ambition to undermine basic security is frightening, unaccountable and would make everyone less safe.
It is straightforward bullying.”
🗣️ ORG’s @JamesBaker on the UK government’s order to break Apple’s encryption for millions.
#e2ee #encryption #Apple #ukpolitics #ukpol #privacy #security
@Foxboron@chaos.social
My talk on `ssh-tpm-agent` I held at #FOSDEM has been released!
Abstract: https://fosdem.org/2025/schedule/event/fosdem-2025-5544-hardware-backed-ssh-keys-ssh-tpm-agent/
Slides: https://pub.linderud.dev/talks/Hardware-backed-SSH-keys.pdf
@Foxboron@chaos.social
My talk on `ssh-tpm-agent` I held at #FOSDEM has been released!
Abstract: https://fosdem.org/2025/schedule/event/fosdem-2025-5544-hardware-backed-ssh-keys-ssh-tpm-agent/
Slides: https://pub.linderud.dev/talks/Hardware-backed-SSH-keys.pdf
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Trump Has Disturbing Response to DOGE’s Massive Overreach of Power:
Donald Trump admitted that Elon Musk’s agency has access to too much sensitive data.
https://newrepublic.com/post/191322/donald-trump-elon-musk-doge-overreach-power
"“Why does #DOGE need all of that?” asked one reporter.
“Well, it doesn’t, but they get it very easily,” Trump admitted. “I mean, we don’t have very good #security in our country, & they get it very easily.”
#Trump appeared completely unbothered by the massive intrusion on the #privacy of #US citizens"
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Elon Musk’s #DOGE Is Expected to Examine Another #Treasury System Next Week:
The new target, sources said, is a sensitive database that tracks the flow of money across the #government.
https://www.propublica.org/article/elon-musk-doge-cars-treasury-examine
"The #data in the system, known as the Central Accounting Reporting System, or #CARS, is considered sensitive...
People who work with the system have in the past been briefed that the #database may be of interest to foreign #intelligence agencies"
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Musk’s DOGE Teen Was Fired By #Cybersecurity Firm for Leaking Company Secrets:
Edward Coristine posted online that he had retained access to the firm’s servers. Now he has access to sensitive govt information.
https://archive.is/1v8FG#selection-1405.0-1411.136
“I can confirm that #EdwardCoristine 's brief contract was terminated after the conclusion of an internal investigation into the #leaking of proprietary company information"
#ElonMusk #Tech #Coup #Musk #DOGE #Politics #Government #Data #Security #News #US #USA
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
The Government’s Computing Experts Say They Are Terrified:
Four IT professionals lay out just how destructive Elon Musk’s incursion into the US govt could be.
https://www.theatlantic.com/technology/archive/2025/02/elon-musk-doge-security/681600/
"“This is the largest data breach & the largest #IT #security breach in our country’s #history—at least that’s publicly known”...
nobody yet knows which info #DOGE has access to, or what it plans to do with it...
“I don’t think the public quite understands the level of danger.”"
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Musk’s rats:
They’re burrowing into every #data system in the federal govt, although many wouldn’t pass a #security test
https://robertreich.substack.com/p/doge-poop
"Sure, there’s some waste & fraud in #government. That’s why every department had an #InspectorGeneral to find & stop it — until #Trump fired most of them. In addition, before Musk’s rats tunneled into the General Services Administration, accountants oversaw every department’s & agency’s spending.
In other words, the #coup continues."
@aral@mastodon.ar.al
If Apple complies with this, the UK government will gain access to all iCloud data globally. The only way Apple comes out of this with any integrity is to leave the UK market. If they give in to this, every regime in the world will demand the same thing. And that’s before we even get to the fact that there’s no such thing a “backdoor” for just so-and-so. Either there is a door or there isn’t and if there is, anyone who obtains the key can use it.
#apple #backdoor #UK #encryption #privacy #security #personhood #data #democracy #humanRights #iCloud
@fedora@fosstodon.org
Looking for opportunities to harden your Fedora system? Here's one way to make your VPN use more secure with NetworkManager.
➡️ https://fedoramagazine.org/protect-your-vpn-from-tunnelvision-attacks-with-networkmanager/
#Fedora #Privacy #Security #Linux #OpenSource #NetworkManager
@kushal@toots.dgplug.org
@Jeremiah@alpaca.gold · Reply to Jeremiah Lee's post
Passkey Ready is a free analytics tool from 1Password for anonymously measuring what percentage of your users are ready for passkeys. It also suggests a rollout strategy for passwordless auth in your product.
@Jeremiah@alpaca.gold · Reply to Jeremiah Lee's post
Do passkeys have some growing pains?
Are they being addressed?
Should products start prompting users to sign in with passkeys today? Yes.
Should products keep existing email+password+OTP authentication? Yes, for now.
Should products try to sign up new users with passkeys and fall back to email+password+OTP? Yes.
@phil@fed.bajsicki.com
Of public interest:
At least 15,000 people fully, without limits, irrevocably, licensed their personal information, public image, name and all data that reached loops.video infrastructure... to @dansup@mastodon.social 's loops.video platform.
Had they known they're entirely losing control of everything, would they be using the platform?
Explanation in the renote, and here:
https://bajsicki.com/blog/loops-video-terms/
Is this what we, as a #society, want?
#mastodon #admin #dataprivacy #datasecurity #fediverse #federation #ActivityPub #privacy #security #copyright #consent #instagram #tiktok #pixelfed #loopsvideo
RE: https://fed.bajsicki.com/notes/a349itz9il
@phil@fed.bajsicki.com
How about no?
You're way overstepping with this, poisoning the entire ActivityPub ecosystem.
Let me break this down for you...
https://bajsicki.com/blog/loops-video-terms/
In short: if you really intend to federate, respect your users and their data.
Implementing federation while keeping these terms is a severe breach of trust, and would poison the entirety of the network in an way which will cripple ActivityPub, and undermine the very foundation of what AP stands for with regard to privacy, data ownership, and control over what we post to the network.
Hopefully that's not your intention. Is it?
#mastodon #admin #dataprivacy #datasecurity #fediverse #federation #ActivityPub #privacy #security #copyright #consent #instagram #tiktok #pixelfed #loopsvideo
RE: https://mastodon.social/users/dansup/statuses/113841956808397142
@TheEvilSkeleton@treehouse.systems
At last, the USB portal originally authored by @refi64 in 2021, later continued by Georges Stavracas in 2023, and finalized by @hub and @swick, has been merged!
The USB portal allows sandboxed formats like Flatpak to access USB devices without poking holes in the sandbox. This is great for security, as accessing USB devices will now need to be explicitly granted by the user.
Now we just need to wait for implementers to implement them in their respective portal implementations, starting with GNOME: https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/merge_requests/159
The documentation for the USB portal is available on the xdg-desktop-portal website: https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.freedesktop.portal.Usb.html
@Jeremiah@alpaca.gold
Passkeys should be the default sign up/in method for every consumer app.
OpenID Connect should be the default for organization-managed user accounts.
Email+password+OTP is legacy.
Sign in with XYZ is legacy.
Get with the times, apps.
Change the defaults.
Migrate users.
Remove the insecure login.
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Musk’s Takeover Of The Government’s Computer Systems Needs To Be Understood As A Cyberattack, Or Worse
https://www.techdirt.com/2025/02/03/musks-takeover-of-the-governments-computer-systems-needs-to-be-understood-as-a-cyberattack-or-worse/
"These systems #Musk and his “team” have accessed are among the most sensitive and critical to the running of the #USA...
Yet here is Musk, a man who regularly chats with Vladimir #Putin, with access to it all, if not also outright control."
#ElonMusk #Coup #Tech #Technology #CyberSecurity #Security #NationalSecurity #Treasury #OPM #Russia #China #Trump #News #US
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Musk’s Takeover Of The Government’s Computer Systems Needs To Be Understood As A Cyberattack, Or Worse
https://www.techdirt.com/2025/02/03/musks-takeover-of-the-governments-computer-systems-needs-to-be-understood-as-a-cyberattack-or-worse/
"These systems #Musk and his “team” have accessed are among the most sensitive and critical to the running of the #USA...
Yet here is Musk, a man who regularly chats with Vladimir #Putin, with access to it all, if not also outright control."
#ElonMusk #Coup #Tech #Technology #CyberSecurity #Security #NationalSecurity #Treasury #OPM #Russia #China #Trump #News #US
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Musk’s Takeover Of The Government’s Computer Systems Needs To Be Understood As A Cyberattack, Or Worse
https://www.techdirt.com/2025/02/03/musks-takeover-of-the-governments-computer-systems-needs-to-be-understood-as-a-cyberattack-or-worse/
"These systems #Musk and his “team” have accessed are among the most sensitive and critical to the running of the #USA...
Yet here is Musk, a man who regularly chats with Vladimir #Putin, with access to it all, if not also outright control."
#ElonMusk #Coup #Tech #Technology #CyberSecurity #Security #NationalSecurity #Treasury #OPM #Russia #China #Trump #News #US
@TheEvilSkeleton@treehouse.systems · Reply to TheEvilSkeleton's post
As we're aware, the USB portal was merged a few months ago. All that's needed is for apps and desktops to implement them, so we can use them inside sandboxes without compromising security.
Just today, the USB portal implementation for xdg-desktop-portal-gnome was merged! Apps that use the USB portal will be able to request specific USB devices without giving unfiltered access to all your USB devices.
https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/merge_requests/159
@qiita@rss-mstdn.studiofreesia.com
@TheEvilSkeleton@treehouse.systems · Reply to TheEvilSkeleton's post
As we're aware, the USB portal was merged a few months ago. All that's needed is for apps and desktops to implement them, so we can use them inside sandboxes without compromising security.
Just today, the USB portal implementation for xdg-desktop-portal-gnome was merged! Apps that use the USB portal will be able to request specific USB devices without giving unfiltered access to all your USB devices.
https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/merge_requests/159
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
The War at Home:
Elon Musk and The Security State's Uvalde Moment:
“We have a Constitutional crisis, period," says NSA whistleblower Tom Drake, who can't help but notice how the three-letter agencies that went after him aren't stopping this
https://www.forever-wars.com/elon-musk-and-the-security-states-uvalde-moment/
"The danger to the #Constitution is running amok inside govt buildings. But the #Security State stands outside, deterred, & will present any number of rationalizations about how this isn't their job."
@ErikJonker@mastodon.social
Made me think about #cybersecurity , this Doom game running inside (!) a PDF file, by @j0hnnyxm4s
https://doompdf.pages.dev/doom.pdf
@simplenomad@rigor-mortis.nmrc.org
On a slightly lighter topic, there is a Netflix limited series entitled "Zero Day" which from the trailer (https://www.youtube.com/watch?v=FOfBiiPdQPI) looks to be slightly "exaggerated" from a pure technical perspective. The IMDB listing does not show any infosec-related technical advisor. I am wondering how shit this is going to be. On the plus side, a hell of a talented cast!
@ErikJonker@mastodon.social
Made me think about #cybersecurity , this Doom game running inside (!) a PDF file, by @j0hnnyxm4s
https://doompdf.pages.dev/doom.pdf
@qiita@rss-mstdn.studiofreesia.com
@Rhababerbarbar@tux.social · Reply to Mozilla's post
Finally! This will allow better process #sandboxing, and make the #flatpak and #android app finally an option?
https://bugzilla.mozilla.org/show_bug.cgi?id=1756236
@onrust@infosec.exchange · Reply to onrust 🍉's post
Principles for a New Security Industry, as per noah's article:
Some principles have further annotations, they're in the full article fyi: https://covid.tips/fluconf-post/
@onrust@infosec.exchange · Reply to onrust 🍉's post
@onrust@infosec.exchange · Reply to onrust 🍉's post
@onrust@infosec.exchange · Reply to onrust 🍉's post
Proper security works best when using multiple 'layers' of intervention. Preferably a combination of technical tooling and social (education/policy) steps to protect one another.
Yet that's not what we're doing at all right now, noah comments.
Today, technical tools and messaging are ...
used to protect profits at the expense of our being able to live truly self-actualised lives.
We are told that masks are scary, that security is “too hard”, that companies or government entities that use pandemic-driven-eugenics or New Cold War driven weakening/distorting of digital security processes have our best interests at heart.
So, people working in security: "[are we] willing to let that stand"?
@onrust@infosec.exchange · Reply to onrust 🍉's post
Love this point:
security is a “force multiplier”, not a blocker — that by taking action now, by making digital security a habit, we can make it harder for disaster to strike later.
And also, if and when disaster might strike, the impact can be reduced compared to when you hadn't taken any measures at all
@onrust@infosec.exchange · Reply to onrust 🍉's post
If your threat is that the Mossad is gonna do Mossad things to your email account, try as you might, YOU'RE STILL GONNA BE MOSSAD'ED UPON
(sorry for shouting)
@onrust@infosec.exchange · Reply to onrust 🍉's post
The result?
If you're in security and are making light of infectious diseases, happily infecting coworkers and others, then:
we indicate that our commitment to security stops once our paycheque or fame or particular social mode of interacting is on the line.
@onrust@infosec.exchange
Next up at#FluConf is noah (@text) with:
The Swiss Cheese Model: How Infosec Must Learn From Pandemic Response
Read it here: https://covid.tips/fluconf-post/
The article's blurb:
As a digital security professional and a pandemic activist it has been tremendously revealing to me to see how my professional community has responded to the pandemic. After a brief year of "safe mode" conferences and online trainings, the "back to normal" urge overrode many people's threat models and notable figures in the community began joking about getting covid at conferences, or client engagements, or work trips and so on. This proposal is something of a manifesto aimed at reminding the security community (and indeed the technology community) about our commitments to Defence in Depth, and drawing comparisons between still-successful pandemic interventions and how we can apply these same techniques to information security...and a plea for a new kind of cybersecurity community, one that aims to work in solidarity with our users rather than in spite of them, one that strives to prevent digital as well as physical social murder.
this resonates so strongly here 😬 😭
@michelin@hachyderm.io
@michelin@hachyderm.io
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
"Wyden Demands Answers Following Report of Musk Personnel Seeking Access to Highly Sensitive U.S. Treasury Payments System:
In New Letter to Treasury Secretary Bessent, Wyden Warns That Political Meddling in Treasury Payments Risks Severe Economic Damage, Calls Out Dangerous Conflicts of Interest Stemming from Elon Musk’s Close Business Ties to the Chinese Government
https://www.finance.senate.gov/chairmans-news/wyden-demands-answers-following-report-of-musk-personnel-seeking-access-to-highly-sensitive-us-treasury-payments-system
#ElonMusk #Treasury #Coup #Musk #China #Corruption #Trump #Politics #Economy #Security #US #USA
@ZhiZhu@newsie.social · Reply to Zhi Zhu 🕸️'s post
Exclusive: Musk aides lock government workers out of computer systems at US agency, sources say
https://www.reuters.com/world/us/musk-aides-lock-government-workers-out-computer-systems-us-agency-sources-say-2025-01-31/
"Aides to #ElonMusk charged with running the US #government human resources agency have locked career civil servants out of computer systems that contain the personal data of millions of federal employees...
"We have no visibility into what they are doing with the computer and data systems," one of the officials said."
@adbenitez@mastodon.social
📢 BREAKING NEWS!!!
🎉 #ArcaneChat got public on #GooglePlay some hours ago!!! 🔥
https://play.google.com/store/apps/details?id=com.github.arcanechat
also check the official website:
https://arcanechat.me
TIP: getting it from #fdroid or direct download is recommended, but if you have friends that only know how to install from Google Play, now it is possible for them!
Thanks a lot to the ArcaneChat beta-testers that made this milestone possible! you rock!!!! 🤩
#DeltaChat #decentralization #encryption #security #whatsapp #alternative
@adbenitez@mastodon.social
📢 BREAKING NEWS!!!
🎉 #ArcaneChat got public on #GooglePlay some hours ago!!! 🔥
https://play.google.com/store/apps/details?id=com.github.arcanechat
also check the official website:
https://arcanechat.me
TIP: getting it from #fdroid or direct download is recommended, but if you have friends that only know how to install from Google Play, now it is possible for them!
Thanks a lot to the ArcaneChat beta-testers that made this milestone possible! you rock!!!! 🤩
#DeltaChat #decentralization #encryption #security #whatsapp #alternative
@stefano@bsd.cafe
A few days ago, a client of mine asked me to install an open-source software (which I won’t name for now). The software has only one official installation method: Docker. This is because, as they themselves admit, it has a huge number of dependencies - some quite outdated - that need to be carefully managed and forced into place; otherwise, nothing works.
I tried replicating the same setup on FreeBSD but didn’t succeed, as some dependencies either aren’t compatible or simply refuse to run. I could try finding workarounds, but I can already picture the chaos every time an update is needed.
So, I decided to build it via Docker to get a better sense of what we’re dealing with. The sheer number of dependencies that Node pulls in is impressive, but even more staggering is the number of warnings and errors it spits out: deprecated and unsupported packages, security vulnerabilities, generic warnings- you name it, and there’s plenty of it.
Since my client needs to launch this service but is subject to audits, they want to be fully compliant and ensure security. Given their substantial budget, they offered financial support to the developers (a company, not just a group of hobbyists) to help improve the project either by making it FreeBSD - compatible or, at the very least, by reducing dependencies with critical vulnerabilities. The client was willing to pay a significant sum, and since the improvements would be open-source, everyone would benefit.
The response from the team? A flat-out refusal. They claimed they couldn’t accept any amount of money because many of these dependencies are "necessary and irreplaceable, as parts of the code relying on them were written by people who no longer work on the project, and we can’t rewrite the core of the software.” Then came the part that really got under my skin: they stated they would rather deal directly “with my client, not with me, because in the end, my concerns are just useless and irrational paranoia.”
Translation? Just pay, and you’ll pass compliance checks - never mind the fact that underneath, it’s a tangled mess of outdated and insecure components. And don’t make a fuss about it.
While I can understand some of the challenges the team faces, I might have accepted this response if it had come from a group of volunteers or hobbyists. But if you’re a company whose sole business revolves around a single software product (with no real competition at the moment), this approach is not just short-sighted - it’s outright dangerous for your users’ security and for your own survival as a business.
The result? They lost a paying client who was ready to invest a significant budget into their software. That budget will now go elsewhere. My client is considering hiring developers to build a similar project with better security (they have both the time and the money for it). I’ll do my best to convince them to release it as open-source - at which point, a new “competitor” will emerge in the market.
@kur0den0010@chpk.kur0den.net
『Cloudflare WAFのLeaked Credentials Checkを国内最速?で検証する #Security - Qiita』 - https://qiita.com/kanish/items/32d30bb0d6e5ef868cf2
@Natanox@chaos.social
Irregular reminder that https://european-alternatives.eu/alternatives-to exists, a great list of service providers from Europe (including the exact nation as well as tags to know what's FOSS *AND* Self-hostable) that will enable you to move away from services hosted within and governed by the upcoming US Regime laws.
#privacy #security #Europe #USA #Safety
@SpaceLifeForm@infosec.exchange · Reply to The Tor Project's post
@Natanox@chaos.social
Irregular reminder that https://european-alternatives.eu/alternatives-to exists, a great list of service providers from Europe (including the exact nation as well as tags to know what's FOSS *AND* Self-hostable) that will enable you to move away from services hosted within and governed by the upcoming US Regime laws.
#privacy #security #Europe #USA #Safety
@nixCraft@mastodon.social
Meta (Facebook) is no longer banning Distrowatch and discussion of Linux allowed again. https://lwn.net/Articles/1006859/ (adding screenshot in case it is taken down)
@ChrisMayLA6@zirk.us
Q. will Greenland be the litmus test for how Europe responds to Trump?
Nathalie Tocci, thinks it reveals that:
'Europeans are scared. They fear Trump & their fear is paralysing. It freezes their actions & quiets their rhetoric. The more Trump confirms their fears through his repeated threats, the less they are inclined to react. Trump presumably smells the fear & like all bullies revels in it, upping the ante'!
Time to toughen up?
#politics #security #Greenland
https://www.theguardian.com/commentisfree/2025/jan/30/greenland-europe-donald-trump-us-threats
@ChrisMayLA6@zirk.us
Q. will Greenland be the litmus test for how Europe responds to Trump?
Nathalie Tocci, thinks it reveals that:
'Europeans are scared. They fear Trump & their fear is paralysing. It freezes their actions & quiets their rhetoric. The more Trump confirms their fears through his repeated threats, the less they are inclined to react. Trump presumably smells the fear & like all bullies revels in it, upping the ante'!
Time to toughen up?
#politics #security #Greenland
https://www.theguardian.com/commentisfree/2025/jan/30/greenland-europe-donald-trump-us-threats
@Some_Emo_Chick@mastodon.social
DeepSeek collects keystroke data and more, storing it in Chinese servers
You might want to learn about DeepSeek's privacy policy before you sign up.
https://mashable.com/article/deepseek-ai-privacy-policy-keystroke-data-chinese-servers
@heisec@social.heise.de
Elektronische Patientenakte: Gematik hielt Sicherheitslücke für "akzeptabel"
Die Gematik nahm die Sicherheitslücken bei der E-Patientenakte wohl erst nach Kenntnis von gültigen, auf Kleinanzeigen käuflichen Praxisidentitäten ernst.
#DigitalHealth #elektronischePatientenakteePA #Security #news
@yossarian@infosec.exchange
zizmor v1.3.0 is released!
this release brings a new audit (overprovisioned-secrets), plus a handful of bugfixes/enhancements to existing audits.
notes here: https://github.com/woodruffw/zizmor/releases/tag/v1.3.0
@skinnylatte@hachyderm.io
Human Rights Watch is hiring a Director of Information Security
https://job-boards.greenhouse.io/humanrightswatch/jobs/7833377002
@skinnylatte@hachyderm.io
Human Rights Watch is hiring a Director of Information Security
https://job-boards.greenhouse.io/humanrightswatch/jobs/7833377002
@yossarian@infosec.exchange
zizmor v1.3.0 is released!
this release brings a new audit (overprovisioned-secrets), plus a handful of bugfixes/enhancements to existing audits.
notes here: https://github.com/woodruffw/zizmor/releases/tag/v1.3.0
@LabPlot@floss.social
Today is the Data Privacy (Protection) Day! So let us remind you that in #LabPlot, an open-source data analysis and visualization software, Your Data is Yours!
@labplot@lemmy.kde.social @opensource @libre_software @privacy
Boosts appreciated! 🙂 🚀
#DataSecurity #DataProtection #DataPrivacy #Privacy #Ownership #InfoSec #DataAnalysis #DataScience #Analytics #Data #DataAnalytics #DataViz #FOSS #FLOSS #SoftwareLibre #OpenSource #OpenScience #Science #Engineering #KDE #Business #Security #Orwell
@volla@mastodon.social
Es gibt Neuigkeiten zum Versandstatus des Volla Tablets!
Hier gehts zum Blog Artikel:
https://volla.online/de/blog/files/tablet-shipping-startet.html
-----------------
Shipping of Volla Tablet has started. Find the blog article here:
https://volla.online/en/blog/files/tablet-shipping-started.html
#volla #vollaos #opensource #software #hardware #vollatablet #opensourcehardware #tablet #peertopeer #innovation #freedom #privacy #security
@volla@mastodon.social
Es gibt Neuigkeiten zum Versandstatus des Volla Tablets!
Hier gehts zum Blog Artikel:
https://volla.online/de/blog/files/tablet-shipping-startet.html
-----------------
Shipping of Volla Tablet has started. Find the blog article here:
https://volla.online/en/blog/files/tablet-shipping-started.html
#volla #vollaos #opensource #software #hardware #vollatablet #opensourcehardware #tablet #peertopeer #innovation #freedom #privacy #security
@qiita@rss-mstdn.studiofreesia.com
@Seven@pixelfed.art
@Seven@pixelfed.art
@hollo@hollo.social
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@yossarian@infosec.exchange
TIL: GitHub Actions is surprisingly case-insensitive
https://yossarian.net/til/post/github-actions-is-surprisingly-case-insensitive/
@yossarian@infosec.exchange
TIL: GitHub Actions is surprisingly case-insensitive
https://yossarian.net/til/post/github-actions-is-surprisingly-case-insensitive/
@markwyner@mas.to
Are passkeys really better than passwords? And what happens when you no longer have access to the authentication device?
I keep reading up on this. But I find few answers. Is anyone willing to elaborate?
@anthroposamu@mastodon.social
almost_pwned.md
https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4
g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.
#security
@anthroposamu@mastodon.social
almost_pwned.md
https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4
g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.
#security
@otakubinary@sakurajima.moe
Seems that Crunchyroll had a breach. You should change your password.
The option to change the password in menu settings (logged in) didn't work throws an error.
Log out or try in another browser and select forgot password in login menu this will send you a link to reset the password
https://animehunch.com/crunchyroll-premium-login-details-leaked-users-at-high-risk/
@jw@social.lol
You need to protect your communication, not only for your own sake but for those around you. I produced a video at @privacyguides to raise awareness around the insecurity of SMS and to push people towards more secure alternatives. #privacy #encryption #security
@jw@social.lol
You need to protect your communication, not only for your own sake but for those around you. I produced a video at @privacyguides to raise awareness around the insecurity of SMS and to push people towards more secure alternatives. #privacy #encryption #security
@triciakickssaas@infosec.exchange
Features aren't always innocent 😉
In the most recent publication by Akamai Technologies' Security Intelligence Group, Tomer Peled found yet -a n o t h e r- vuln in K8s. this time in Log Query, and it can do some big bad.
Did you know that out of the 12 vulns found in Kubernetes since 2023, Tomer has found 4 of them?!?!? i work with the coolest people
anyway, couldn't resist a britney parody sooooooo
https://www.akamai.com/blog/security-research/2024-january-kubernetes-log-query-rce-windows
#kubernetes #k8s #vulnerability #security #cybersecurity #parody
@triciakickssaas@infosec.exchange
Features aren't always innocent 😉
In the most recent publication by Akamai Technologies' Security Intelligence Group, Tomer Peled found yet -a n o t h e r- vuln in K8s. this time in Log Query, and it can do some big bad.
Did you know that out of the 12 vulns found in Kubernetes since 2023, Tomer has found 4 of them?!?!? i work with the coolest people
anyway, couldn't resist a britney parody sooooooo
https://www.akamai.com/blog/security-research/2024-january-kubernetes-log-query-rce-windows
#kubernetes #k8s #vulnerability #security #cybersecurity #parody
@otakubinary@sakurajima.moe
Seems that Crunchyroll had a breach. You should change your password.
The option to change the password in menu settings (logged in) didn't work throws an error.
Log out or try in another browser and select forgot password in login menu this will send you a link to reset the password
https://animehunch.com/crunchyroll-premium-login-details-leaked-users-at-high-risk/
@privacyguides@mastodon.neat.computer
If you’re going to participate in a protest or other form of activism, you need to keep yourself protected.
Your smartphone can be an essential tool, but it also represents a huge risk to your privacy and security. If you decide to bring a phone along, understanding these best practices when it comes to securing it will help keep you and your data safe.
https://www.privacyguides.org/articles/2025/01/23/activists-guide-securing-your-smartphone/
@privacyguides@mastodon.neat.computer
If you’re going to participate in a protest or other form of activism, you need to keep yourself protected.
Your smartphone can be an essential tool, but it also represents a huge risk to your privacy and security. If you decide to bring a phone along, understanding these best practices when it comes to securing it will help keep you and your data safe.
https://www.privacyguides.org/articles/2025/01/23/activists-guide-securing-your-smartphone/
@kur0den0010@chpk.kur0den.net
ポリシーによってはドメイン部以外もリファラとして送信されるのね
『主要ブラウザのReferrer Policyについて調べてみた #Security - Qiita』 - https://qiita.com/n3_x/items/c2bafd5872af61147c89
@kur0den0010@chpk.kur0den.net
ポリシーによってはドメイン部以外もリファラとして送信されるのね
『主要ブラウザのReferrer Policyについて調べてみた #Security - Qiita』 - https://qiita.com/n3_x/items/c2bafd5872af61147c89
@privacyguides@mastodon.neat.computer
If you’re going to participate in a protest or other form of activism, you need to keep yourself protected.
Your smartphone can be an essential tool, but it also represents a huge risk to your privacy and security. If you decide to bring a phone along, understanding these best practices when it comes to securing it will help keep you and your data safe.
https://www.privacyguides.org/articles/2025/01/23/activists-guide-securing-your-smartphone/
@jonah@neat.computer
I was feeling inspired to write this morning after looking through a lot of this type of article and noticing they all omitted kind of important information. This includes all of the basics, and the stuff I thought was under-discussed, for example: AirDrop's privacy problems, and the importance of security patches in this specific scenario.
I hope someone finds this useful, and if I'm still missing anything or could explain something better, please let me know!
https://www.privacyguides.org/articles/2025/01/23/activists-guide-securing-your-smartphone/
@nickbearded@mastodon.social
The website is live!
#linux #bashcore #cli #nogui #debian #security #pentesting #education #bash
@briankrebs@infosec.exchange
Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.
"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.
Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:
Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.
After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."
@briankrebs@infosec.exchange
Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.
"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.
Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:
Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.
After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."
@heisec@social.heise.de
Cisco: Kritische Sicherheitslücke in Meeting Management
Cisco warnt vor einer kritischen Sicherheitslücke in Meeting Management sowie Schwachstellen in Broadworks und ClamAV.
@briankrebs@infosec.exchange
Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.
"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.
Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:
Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.
After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."
@qiita@rss-mstdn.studiofreesia.com
【メモ】セキュリティインシデントを調べるときに参考になるサイトまとめ
https://qiita.com/koinunopochi/items/413246b8466ba3505bc8?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
@heisec@social.heise.de
Cisco: Kritische Sicherheitslücke in Meeting Management
Cisco warnt vor einer kritischen Sicherheitslücke in Meeting Management sowie Schwachstellen in Broadworks und ClamAV.
@metin@graphics.social
Signal is a secure messenger, but there are interesting alternatives, such as @matrix , @session , @delta , @simplex or XMPP …
If you’d like to learn more about these options, have a look at the responses to this toot.
#matrix #session #signal #XMPP #messenger #decentralized #tech #technology #OpenSource #FOSS #WhatsApp #security #InfoSec #data #safety
@itsecbot@schleuss.online
Cloudflare CDN flaw leaks user location data, even through secure chat apps - A security researcher discovered a flaw in Cloudflare's content delivery network (CDN), w... https://www.bleepingcomputer.com/news/security/cloudflare-cdn-flaw-leaks-user-location-data-even-through-secure-chat-apps/ #security
@Branedy@mastodon.social
@Branedy@mastodon.social
@qiita@rss-mstdn.studiofreesia.com
@qiita@rss-mstdn.studiofreesia.com
@hollo@hollo.social
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@Lockdownyourlife@infosec.exchange
Are you on Signal or Wire yet? Go do that. Gently move your friends/fam over to one of the platforms. Set disappearing messages on both sides of the conversation. Be careful what you say in group chats, know who you trust, and who are your Vault people. For REAL sensitive stuff, in-person, no phones.
Normalize going places without your phones, leave them at home now and again to establish a pattern.
Please understand anyone who works in advocacy, healthcare (esp reproductive rights/women's healthcare), journalists, some gov officials, marginalized groups will likely be targeted.
If this doesn't fit your threat model/risk profile, you know someone who will be impacted by oversight, surveillance or someone snitching
#tech #infosec #security #safety #privacy #security #community #education
@SnowshadowII@beige.party
🇺🇸 🇺🇸 🇺🇸
Go back to any old social media profiles that you don’t use anymore and delete those accounts.
Delete/erase old email accounts/inboxes that are defunct.
Strip any information about your family or where you live from blogs or company websites.
Use a service like Delete Me or Aura to systematically go through the internet and remove personally identifiable information.
@Lockdownyourlife@infosec.exchange
Are you on Signal or Wire yet? Go do that. Gently move your friends/fam over to one of the platforms. Set disappearing messages on both sides of the conversation. Be careful what you say in group chats, know who you trust, and who are your Vault people. For REAL sensitive stuff, in-person, no phones.
Normalize going places without your phones, leave them at home now and again to establish a pattern.
Please understand anyone who works in advocacy, healthcare (esp reproductive rights/women's healthcare), journalists, some gov officials, marginalized groups will likely be targeted.
If this doesn't fit your threat model/risk profile, you know someone who will be impacted by oversight, surveillance or someone snitching
#tech #infosec #security #safety #privacy #security #community #education
@SnowshadowII@beige.party
🇺🇸 🇺🇸 🇺🇸
Go back to any old social media profiles that you don’t use anymore and delete those accounts.
Delete/erase old email accounts/inboxes that are defunct.
Strip any information about your family or where you live from blogs or company websites.
Use a service like Delete Me or Aura to systematically go through the internet and remove personally identifiable information.
@maximum_mew@indieweb.social
I learned about the Opt Out Project's Cyber-Cleanse by @cyberlyra here on Mastodon. So grateful for a roadmap to regaining some of my online privacy.
https://maryewarner.com/2025/01/20/diving-deep-on-the-opt-out-cyber-cleanse/
@hollo@hollo.social
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@hollo@hollo.social
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@hollo@hollo.social
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@hollo@hollo.social
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@hollo@hollo.social
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@hollo@hollo.social
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@fedify@hollo.social
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
A security researcher identified multiple security issues in Fedify's lookupWebFinger()
function that could be exploited to:
The security updates implement the following fixes:
To update to the latest secure version:
# For npm users
npm update @fedify/fedify
# For Deno users
deno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
@gnh1201@catswords.social · Reply to 어둠사자's post
@markheftler@esq.social
2025 kicks off with A Modest Divestment, a deliberate effort to reduce my reliance on US-based big tech. Canceling 365, switching to #Startmail & #Internxt, and exploring #OnlyOffice. Saying goodbye to #Meta and tightening up #privacy protections. Here's to a secure, private, and independent year ahead.
@Linux_Is_Best@misskey.de
List of service providers outside the United States jurisdiction. 😉
🤫 VPN =
* iVPN, located in Gibraltar, Europe (UK territory)
https://www.ivpn.net
* Mullvad VPN, located in Sweden, Europe
https://mullvad.net
* Goose VPN, located in the Netherlands, Europe
https://goosevpn.com
* Xeovo VPN, located in Finland, Europe
https://xeovo.com
🌐 Managed DNS =
* AdGuard DNS, located in Cyprus, Europe
https://adguard-dns.io
* ClouDNS, located in Bulgaria, Europe
https://www.cloudns.net
* deSEC, located in Germany, Europe
https://desec.io
🌐 Public DNS =
* CIRA Canadian Shield, located in Canada, North America
https://www.cira.ca/en/canadian-shield/configure/
* Mullvad DNS, located in Sweden, Europe
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
🔏 Privacy focused e-mail =
* Tuta, located in Germany, Europe
https://tuta.com
* Soverin, located in the Netherlands, Europe
https://soverin.com
* Startmail, located in the Netherlands, Europe
https://www.startmail.com
* Mailfence, located in Belgium, Europe
https://mailfence.com
🌍 Domain Registration / Web Hosting =
* Scalewy, located in France, Europe
https://www.scaleway.com
* OVH, located in France, Europe
https://www.ovhcloud.com
* Netcup, located in Germany, Europe
https://www.netcup.com
* Glesys, located in Sweden, Europe
https://glesys.com
🌍 CDN =
* OVH, located in France, Europe
https://www.ovhcloud.com/en/web-hosting/options/cdn/
* Key CDN, located in Switzerland, Europe
https://www.keycdn.com
#Project2025 #DonaldTrump #Trump #Facism #Fedi #Fediverse #ActivityPub #Email #Vpn #Domain #WebHosting #DNS #CDN #Privacy #Security #FreedomOfSpeech #UnitedStates #America #Usa
@yossarian@infosec.exchange
i've released `zizmor` v1.2.0!
some key changes:
- there's a new `bot-conditions` audit, which can detect spoofable `github.actor` checks!
- precision/accuracy improvements to the `unpinned-uses` and `excessive-permissions` audits!
- bugfixes for the `template-injection` and `artipacked` audits!
- more general bugfixes, including a (hopeful) improvement to the SARIF output behavior and fixes to our parsing of some workflow/expression edge cases
and from a sustainability perspective: many thanks to https://astral.sh/ for being our first logo-level sponsor!
full release notes here:
@yossarian@infosec.exchange
i've released `zizmor` v1.2.0!
some key changes:
- there's a new `bot-conditions` audit, which can detect spoofable `github.actor` checks!
- precision/accuracy improvements to the `unpinned-uses` and `excessive-permissions` audits!
- bugfixes for the `template-injection` and `artipacked` audits!
- more general bugfixes, including a (hopeful) improvement to the SARIF output behavior and fixes to our parsing of some workflow/expression edge cases
and from a sustainability perspective: many thanks to https://astral.sh/ for being our first logo-level sponsor!
full release notes here:
@kagihq@mastodon.social
Kagi mentioned as one of the key ways you can keep your family safe online:
"Mogull plans to make it the default search engine for all his relatives."
https://www.scworld.com/resource/five-cybersecurity-tips-to-keep-your-extended-family-safe-online
@phil@fed.bajsicki.com
Of public interest:
At least 15,000 people fully, without limits, irrevocably, licensed their personal information, public image, name and all data that reached loops.video infrastructure... to @dansup@mastodon.social 's loops.video platform.
Had they known they're entirely losing control of everything, would they be using the platform?
Explanation in the renote, and here:
https://bajsicki.com/blog/loops-video-terms/
Is this what we, as a #society, want?
#mastodon #admin #dataprivacy #datasecurity #fediverse #federation #ActivityPub #privacy #security #copyright #consent #instagram #tiktok #pixelfed #loopsvideo
RE: https://fed.bajsicki.com/notes/a349itz9il
@phil@fed.bajsicki.com
How about no?
You're way overstepping with this, poisoning the entire ActivityPub ecosystem.
Let me break this down for you...
https://bajsicki.com/blog/loops-video-terms/
In short: if you really intend to federate, respect your users and their data.
Implementing federation while keeping these terms is a severe breach of trust, and would poison the entirety of the network in an way which will cripple ActivityPub, and undermine the very foundation of what AP stands for with regard to privacy, data ownership, and control over what we post to the network.
Hopefully that's not your intention. Is it?
#mastodon #admin #dataprivacy #datasecurity #fediverse #federation #ActivityPub #privacy #security #copyright #consent #instagram #tiktok #pixelfed #loopsvideo
RE: https://mastodon.social/users/dansup/statuses/113841956808397142
@qiita@rss-mstdn.studiofreesia.com
@phil@fed.bajsicki.com
How about no?
You're way overstepping with this, poisoning the entire ActivityPub ecosystem.
Let me break this down for you...
https://bajsicki.com/blog/loops-video-terms/
In short: if you really intend to federate, respect your users and their data.
Implementing federation while keeping these terms is a severe breach of trust, and would poison the entirety of the network in an way which will cripple ActivityPub, and undermine the very foundation of what AP stands for with regard to privacy, data ownership, and control over what we post to the network.
Hopefully that's not your intention. Is it?
#mastodon #admin #dataprivacy #datasecurity #fediverse #federation #ActivityPub #privacy #security #copyright #consent #instagram #tiktok #pixelfed #loopsvideo
RE: https://mastodon.social/users/dansup/statuses/113841956808397142
@dansup@mastodon.social
Regardless of what happens with TikTok, I'm still focused on shipping https://loops.video to the world, and open sourcing the entire platform!
History has proven that technology like this is best used when the people have control, and can build their own communities.
@kur0den0010@chpk.kur0den.net
『安全なウェブサイトの作り方に学ぶセッション管理 #Security - Qiita』 - https://qiita.com/kujira_engineer/items/133af11f9386957a052c
@heisec@social.heise.de
WordPress-Plug-in W3 Total Cache: Potenziell 1 Millionen Websites attackierbar
Stimmen die Voraussetzungen, können Angreifer Websites mit dem WordPress-Plug-in W3 Total Cache ins Visier nehmen. Ein Sicherheitspatch ist verfügbar.
#Patchday #Security #Sicherheitslücken #Updates #Wordpress #news
@heisec@social.heise.de
WordPress-Plug-in W3 Total Cache: Potenziell 1 Millionen Websites attackierbar
Stimmen die Voraussetzungen, können Angreifer Websites mit dem WordPress-Plug-in W3 Total Cache ins Visier nehmen. Ein Sicherheitspatch ist verfügbar.
#Patchday #Security #Sicherheitslücken #Updates #Wordpress #news
@phlogiston@mastodon.nz
I was wondering ... as #email encryption via PGP/GnuPG is not suitable for true and ongoing end-to-end confidentiality. But what about authenticity of mails? I dislike S/MIME for its corporate nature, and #PGP via PGP/MIME is well enough supported by many (free) mail clients.
What's the #cryptography or #security community's view on PGP for signing emails? Or what would a suitable alternative be? I haven't come across any, though.
1/2
@qiita@rss-mstdn.studiofreesia.com
@nixpkgssecuritychanges@social.gerbet.me
@TeddyTheBest@framapiaf.org
Defensive #Linux #Security
Picture found at https://darkwebinformer.com/defensive-linux-security/
@nixCraft@mastodon.social
The rsync utility in Linux, *BSD, and Unix-like systems are vulnerable to multiple security issues, including arbitrary code execution, arbitrary file upload, information disclosure, and privilege escalation. Hence, you must patch the system ASAP https://www.cyberciti.biz/linux-news/cve-2024-12084-rsyn-security-urgent-update-needed-on-unix-bsd-systems/
@Prainbow@mastodon.social
"Data privacy advocates have long warned of the risks that data brokers pose to individuals’ privacy and national security. Researchers with access to the sample of Gravy Analytics’ location data posted by the hacker say that the information can be used to extensively track people’s recent whereabouts."
#Privacy #Security #Tracking #DataBreach
https://techcrunch.com/2025/01/13/gravy-analytics-data-broker-breach-trove-of-location-data-threatens-privacy-millions/
@nixCraft@mastodon.social
The rsync utility in Linux, *BSD, and Unix-like systems are vulnerable to multiple security issues, including arbitrary code execution, arbitrary file upload, information disclosure, and privilege escalation. Hence, you must patch the system ASAP https://www.cyberciti.biz/linux-news/cve-2024-12084-rsyn-security-urgent-update-needed-on-unix-bsd-systems/
@nixCraft@mastodon.social
The rsync utility in Linux, *BSD, and Unix-like systems are vulnerable to multiple security issues, including arbitrary code execution, arbitrary file upload, information disclosure, and privilege escalation. Hence, you must patch the system ASAP https://www.cyberciti.biz/linux-news/cve-2024-12084-rsyn-security-urgent-update-needed-on-unix-bsd-systems/
@qiita@rss-mstdn.studiofreesia.com
@matt@lqx.net
@mailbox_org@social.mailbox.org
👋 Goodbye spam and viruses! 📩
Keep your inbox clean and safe with spam and virus protection from mailbox.org!
✔️ Top filter technology
✔️ Customisable to your needs
✔️ Data protection first and foremost
👉 Switch now and mail stress-free
@qiita@rss-mstdn.studiofreesia.com
@qiita@rss-mstdn.studiofreesia.com
@Natanox@chaos.social
Irregular reminder that https://european-alternatives.eu/alternatives-to exists, a great list of service providers from Europe (including the exact nation as well as tags to know what's FOSS *AND* Self-hostable) that will enable you to move away from services hosted within and governed by the upcoming US Regime laws.
#privacy #security #Europe #USA #Safety
@stefano@bsd.cafe
UPDATE: I haven't seen Recall in action there. I was just asking the doctor how they'll deal with it.
This morning, I went to the doctor for a scheduled appointment. While she was looking at the results of blood tests from two years ago on the screen (and suggested repeating them for a follow-up), I realized she was using Windows 11. A detail came to mind. The doctor is extremely polite and friendly, so I asked her, "How do you handle the feature called Recall?" The doctor was taken aback and had no idea what I was talking about. I was about to drop the conversation, but she, being a serious professional, immediately called the technicians who manage their PCs to ask for clarification. They downplayed it, saying it's not an issue and that it's a feature "on all PCs, so we can't do anything about it." She started to express that she didn’t like it and wanted it deactivated. No luck: they won’t proceed because, according to them, even deactivating it is "a hack that could compromise future updates." She’s furious and will talk to her colleagues and the decision-makers. She wants secure systems because "there’s patient data involved."
In reality, patient data is stored on servers (which I haven't investigated), but everything that appears on the screen is, in my opinion, at risk.
I’ve offered to help them find a solution—because, if I'm right, all they need is LibreOffice and a browser. In that case, I’ll suggest one of the *BSD or Linux systems and do it for free.
I don’t want to make money off my doctor. I just want patient data to be (sufficiently) secure.
#IT #Recall #Windows #OwnYourData #Security #Privacy #RunBSD #Linux
@kagihq@mastodon.social
@jcrabapple@dmv.community
@qiita@rss-mstdn.studiofreesia.com
@rdpsnitch@infosec.exchange
2025-01-08 RDP #Honeypot IOCs - 350 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
68.183.88.109 - 200
185.42.12.81 - 16
185.170.144.198 - 16
Top ASNs:
AS14061 - 226
AS396982 - 24
AS59425 - 18
Top Accounts:
hello - 254
Administr - 24
Domain - 18
Top ISPs:
DigitalOcean, LLC - 226
Chang Way Technologies Co. Limited - 24
Google LLC - 24
Top Clients:
Unknown - 350
Top Software:
Unknown - 350
Top Keyboards:
Unknown - 350
Top IP Classification:
hosting - 248
Unknown - 64
proxy - 24
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/7emQHvAD
@joschi@hachyderm.io
Hey #AWS peeps,
are there any published checksums (or better: signed artifacts) for the AWS certificate bundles listed at https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesDownload?
I'd like to be sure I'm adding the right certificates into my certificate store. 😅
@qiita@rss-mstdn.studiofreesia.com
@bkuhlmann@mastodon.social
Last year I mentioned you should enable global Bundler 2.6.0's support for checksums in your Gemflile.lock for enhanced security:
`bundle config --global lockfile_checksums true`
Well, Maciej has a write up on why this is important that goes into much more detail: https://mensfeld.pl/2025/01/the-silent-guardian-why-bundler-checksums-are-a-game-changer-for-your-applications/
Please enable if you haven't already!
@chris_hayes@fosstodon.org
If anyone is looking at #Jobs, particularly in #privacy and #security, #1Password has more than a few openings - https://jobs.lever.co/1password
@azuresaipan@defcon.social
On Mobile Phone Security
https://www.kicksecure.com/wiki/Mobile_Phone_Security
#SS7 and #baseband #vulnerabilities
What about #mobian hardening on a #MechaComet with a cellular hat? Then there's only carrier protocol weaknesses...
If ISPs use microwave relays (the hated 'air' - remember Max Headroom) and NSA access points, is domestic broadband really secure either? But the cable or fiber doesn't have 'carrier' vulns.
https://www.kicksecure.com/wiki/Router_and_Local_Area_Network_Security
#kicksecure #whonix #docs #security-misc
@XenoPhage@infosec.exchange
So, #security folks, how are you handling all of these job scams? Specifically, we're seeing a lot of folks coming to us who were "hired" by us, but the hiring process was a scam. ie, we had nothing to do with it.
I'm not sure there's much of anything we *can* do, but maybe I'm incorrect? Thoughts?
@qiita@rss-mstdn.studiofreesia.com
@bkuhlmann@mastodon.social
Last year I mentioned you should enable global Bundler 2.6.0's support for checksums in your Gemflile.lock for enhanced security:
`bundle config --global lockfile_checksums true`
Well, Maciej has a write up on why this is important that goes into much more detail: https://mensfeld.pl/2025/01/the-silent-guardian-why-bundler-checksums-are-a-game-changer-for-your-applications/
Please enable if you haven't already!
@qiita@rss-mstdn.studiofreesia.com
@qiita@rss-mstdn.studiofreesia.com
@scott@tams.tech
I just brought up a new, bespoke service. New subdomain, freshly minted LetsEncrypt cert. I hit it once for testing, and then within seconds comes a barrage of requests for common paths... /config.json, /.vscode/sftp.json (lol), /.DS_Store, /.env
of course my service had nothing of interest on these paths (phew) but how the hell did someone enumerate that fresh subdomain so quickly!? How did they know to hit it?
@PrivacyDigest@mas.to
Time to check if you ran any of these 33 malicious #Chrome extensions
At least 33 #browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices.
#privacy #security #chromeextensions
@PrivacyDigest@mas.to
Time to check if you ran any of these 33 malicious #Chrome extensions
At least 33 #browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices.
#privacy #security #chromeextensions
@Some_Emo_Chick@mastodon.social
Asking some reasonable questions about Elon Musk's "help" with the Cybertruck bombing case
#news #tech #technology #security #privacy #cybertruck #tesla #elonmusk #bombing
@Some_Emo_Chick@mastodon.social
Asking some reasonable questions about Elon Musk's "help" with the Cybertruck bombing case
#news #tech #technology #security #privacy #cybertruck #tesla #elonmusk #bombing
@yossarian@infosec.exchange
@yossarian@infosec.exchange
@untrusem@merveilles.town
Finally joined merveilles. So, here I go again, again
I am Moksh / untrusem, A kid with questions, from #India.
I am firm believer in #privacy and #security and also practice #permacomputing, My other shenanigans include #emacs, #bsd, #lisp, *nix and learning about #solarpunk. But I delve into so much things to write all of them down.
I also likes esoteric things. I try to program but a novice in that.
I will use my time here to steal knowledge from you amazing people, so watch out :)
@cloudflare@noc.social
In his most recent article, Cloudflare Field CTO John Engates shares how, despite the cloud revolution in IT service delivery, a critical piece remains elusive: IT still lacks sufficient visibility and control over #Networking and #Security. https://cfl.re/3DBYwZn
@qiita@rss-mstdn.studiofreesia.com
OAuth 2.0の認可エンドポイントにおける脆弱な実装例と対策について考える
https://qiita.com/task4233/items/3af1b3d2690b44979659?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
@bflipp@vmst.io
I made the mistake of engaging with a thread over the weekend where an obvious paranoid schizophrenic decided to start replying to me.
I’ve muted them on my PC but the fact that mutes are only client side means my notifications are likely a god damn minefield and I’m avoiding looking at them on my phone. This is a REALLY STUPID DESIGN.
@neatchee@urusai.social
🚨 SECURITY PSA - 7ZIP VULN🚨
Update your 7zip, folks
https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/
#cybersecurity #zeroday #7zip #malware #security #it #infosec
@qiita@rss-mstdn.studiofreesia.com
@Frederik_Borgesius@akademienl.social
‘the VW [Volkswagen] Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end. The breach impacts fully electric models across Audi, VW, Seat, and Skoda brands, affecting vehicles not just in Germany but throughout Europe and other parts of the world.’ https://databreaches.net/2024/12/27/massive-vw-group-data-leak-exposed-800000-ev-owners-movements-from-homes-to-brothels/ #privacy #security #surveillance #cybersecurity
@Frederik_Borgesius@akademienl.social
‘the VW [Volkswagen] Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end. The breach impacts fully electric models across Audi, VW, Seat, and Skoda brands, affecting vehicles not just in Germany but throughout Europe and other parts of the world.’ https://databreaches.net/2024/12/27/massive-vw-group-data-leak-exposed-800000-ev-owners-movements-from-homes-to-brothels/ #privacy #security #surveillance #cybersecurity
@qiita@rss-mstdn.studiofreesia.com
@majorlinux@toot.majorshouse.com
You may want to hold off on installing Windows 11 for a bit.
A weird Windows 11 bug won’t let some people install any security updates
#Windows11#Bug #Security #Updates #OperatingSystem #Microsoft #Tech
@qiita@rss-mstdn.studiofreesia.com
@qiita@rss-mstdn.studiofreesia.com
@rasterweb@mastodon.social
Can scanning a QR code do this? I want to call bullshit because I’ve seen two (non-techie) friends share this. Can a computer security expert weigh in on this?
> “There is a QR code to scan, and once scanned, all the information from that phone will be sent to scammers. They receive all access to the phone. All personal and financial information is accessible to the scammers and often the victim's bank accounts are drained.”
@sovtechfund@mastodon.social · Reply to Sovereign Tech Fund's post
The Sovereign Tech Agency is looking for an experienced and innovative expert in #opensource #security to lead the Sovereign Tech Resilience program.
https://www.sovereign.tech/jobs/cybersecurity-program-lead #fossjobs #getfedihired
@PrivacyDigest@mas.to
#Tracker firm #Hapn spilling names of thousands of #GPS #tracking customers | TechCrunch
A #security researcher alerted TechCrunch in late November to customer names and affiliations — such as the name of their workplace — spilling from one of Hapn’s servers, which TechCrunch has seen.
#privacy #surveillance
@nibushibu@vivaldi.net
@PrivacyDigest@mas.to
#SupremeCourt to Hear TikTok’s Challenge to Law That Could Ban It
The company and its Chinese parent invoked the #FirstAmendment in urging the justices to step in before a Jan. 19 deadline to sell or be shut down.
#China #tiktok #scotus #privacy #security
https://www.nytimes.com/2024/12/18/us/politics/supreme-court-tiktok-ban.html
@nchprgmng@hackers.town
Good day netizens. Blue has returned after 10 years in tech, once again on the job hunt. I have worked a variety of roles from hands-on computer repair to NOC tech to Sys admin and more. In that time, I have accrued several certifications including the #Swimlane Certified #SOAR Administrator, #CompTIA #Network+, #Security+, #Pentest+, #CertifiedNetworkVulnerabilityProfessional, and #CASP+. I'm currently looking for #remotework for anywhere in the #US . I'm targeting #cybersecurity roles, since that is what I am passionate about and my certifications are focused in, but I am also open to other IT roles such as software engineer, dev ops, etc. I'm a #transgender woman trying to provide for her #LGBTQIA family and any pay would greatly help us make ends meet as we try to survive in this refuge state where the cost of living is so much higher than back home. Boosts and sharing is welcome, thanks for your time and help. #getfedihired #breakingintoinfosec #infosec #informationtechnology #sysadmin #netadmin #redteam #pentest
@meziantou@hachyderm.io
Generating SBOM for NuGet packages #NuGet #dotnet #security https://www.meziantou.net/generating-sbom-for-nuget-packages.htm?utm_medium=social&utm_source=mastodon
@arihak@techhub.social
Ad blockers are becoming essential #security tools:
Threat actors often abuse ad networks - Even #Facebook ads or #Google’s Search sponsored results aren’t immune to malvertising.
“Ad networks have proven exceptionally successful; they are fine-tuned machines built from the ground up to distribute traffic on a massive scale,” the Guardio Labs explain in the new report.
https://cybernews.com/security/fake-captchas-reaching-millions-malvertising-mayhem/
@WPalant@infosec.exchange
I just replied to a blog comment, and I thought that I post my reply here as well:
I think that I have good reasons to be “against Avast,” having published seven articles on them so far. The security issues alone are bad enough. But Avast abused their position to collect and sell users’ browsing profiles. After they were caught they claimed the data to be anonymized, they claimed to only sell aggregated data – and they continue lying to this day, despite there being conclusive evidence to the contrary. While the company has been bought, it’s still the same people in charge. This sort of undermines any trust in them for anything related to security.
As the security of antivirus software goes, I’m not very fond of any as the articles in the “antivirus” category of my blog show. With Kaspersky it wasn’t only the security issues but also how they handled them, pushing out half-hearted fixes only for these to be circumvented shortly afterwards. McAfee and BullGuard had massive security issues stemming from being careless about security and not following best practices.
I’ve found a critical security issue in Bitdefender’s solution as well, but with them I at least had the impression that they were trying. Unfortunately, that’s currently the bar in the antivirus industry – at least trying to make their product secure.
Security-wise, one good thing about Windows Defender is that it only needs to do one job. It doesn’t need all the extra functionality as a selling argument. It doesn’t need to be a banking browser, it doesn’t need to be a phishing protection, it only needs to be an antivirus solution. It can keep a very small attack surface compared to all those antivirus suites, and so it does (yes, I checked).
#antivirus #security #avast #McAfee #BullGuard #Bitdefender #WindowsDefender
@yamanoku@mastodon.social
セキュリティエンジニアって200職あんねん(分類とキャリアの話) #Security - Qiita
@qiita@rss-mstdn.studiofreesia.com
@qiita@rss-mstdn.studiofreesia.com
@Yuvalne@433.world
the biggest update to #Signal since usernames - fully encrypted, fully secure cloud backups - are coming soon!
the first part of it - message syncing to a new secondary device - is now in pre-beta testing!
go and help test it out!
https://community.signalusers.org/t/help-us-test-desktop-history-syncing/65452?u=rassilon1963
@Some_Emo_Chick@mastodon.social
@ls@social.lsnet.eu
@dansup This doesn't seem like a good idea to me. On the one hand, transcoding uses up a lot of battery power, and on the other hand, simpler smartphones may not be able to cope with it, or it takes a long time and the device gets pretty warm.
But I see the bigger problem in #security: If the encoding is done on the client side, an attacker can prepare the video in such a way that it crashes the decoder on other phones or use security vulnerabilities to execute code, with #Loops as a multiplicator.
@mysk@mastodon.social
The severity level of this bug is critical, 9.8 out of 10. Upgrade your devices.
#iOS #iPhone #security #infosec #Apple #cybersecurity
https://mastodon.social/@mysk/113636630798700926
@davidbisset@phpc.social
@yossarian@infosec.exchange
zizmor 0.9.0 is released!
some key changes:
* bugfixes/precision improvements around a handle of safe template patterns (e.g. `runner.temp`)
* precision improvements to our handling of matrices and matrix expansions, thanks to @ubiratansoares
* the terminal interface has been reworked to use tracing spans internally, making it even more responsive
full release notes here: https://github.com/woodruffw/zizmor/releases/tag/v0.9.0
@turris@fosstodon.org
Hi #Fediverse, let's start our journey here with our #introduction. We are #Turris project by #CZNIC. We develop and produce #opensource #wifi #router with focus on #security running #Linux distribution based on #OpenWrt. Of course, we provide automatic #updates and #root accounts. We have a #network of #honeypots running on our devices and create a dynamic #firewall based on the data.
@Foxboron@chaos.social
I'm mind blown you can compromise a release CI/CD system with two malicious branch names. Like how.
@TheEvilSkeleton@treehouse.systems
At last, the USB portal originally authored by @refi64 in 2021, later continued by Georges Stavracas in 2023, and finalized by @hub and @swick, has been merged!
The USB portal allows sandboxed formats like Flatpak to access USB devices without poking holes in the sandbox. This is great for security, as accessing USB devices will now need to be explicitly granted by the user.
Now we just need to wait for implementers to implement them in their respective portal implementations, starting with GNOME: https://gitlab.gnome.org/GNOME/xdg-desktop-portal-gnome/-/merge_requests/159
The documentation for the USB portal is available on the xdg-desktop-portal website: https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.freedesktop.portal.Usb.html
@FreeBSDFoundation@mastodon.social
FreeBSD 14.2 is here! New ZFS, Firecracker VMM, AIM for UDP, rtw89(4) driver, & AddressSanitizer. Explore performance & security updates! 🔗https://buff.ly/4f5bZG5
#FreeBSD #OpenSource #Networking #Virtualization #Security #Performance
@sethmlarson@fosstodon.org
I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:
https://sethmlarson.dev/slop-security-reports?utm_campaign=mastodon
@veronica@mastodon.online
Someone told me yesterday of a minutes app for meetings they'd found. Knowing how these apps work, I checked the security policy. I got my fears confirmed. It collects data and share it with 8 third parties, including use for ads & analysis.
I showed her this, and said she should probably get consent from others when using the app. Today she told me she'd uninstalled it and thanked me for the warning!
We can't expect people to figure this out. We need better regulation.
@Tutanota@mastodon.social
At Tuta, we believe that best security must be free for everyone.
We are happy to announce that in December all existing Tuta accounts will be upgraded to quantum-safe encryption! 🥳🎉
With TutaCrypt your data is safe - now and in the future. ⚛️ 🔒
Learn more about this quantum leap in #security: https://tuta.com/blog/post-quantum-cryptography
@heisec@social.heise.de
Helldown-Ransomware: Einbruch durch Sicherheitslücke in Zyxel-Firewalls
IT-Forscher beobachten, dass die Helldown-Ransomware nach Einbruch in Netze durch Sicherheitslücken Zyxel-Firewalls zuschlägt.
@heisec@social.heise.de
Wordpress-Plug-in Anti-Spam by Cleantalk gefährdet 200.000 Seiten
Im Wordpress-Plug-in Anti-Spam by Cleantalk klaffen gleich zwei Sicherheitslücken, durch die nicht authentifizierte Angreifern Instanzen kompromittieren können.
@miketheman@hachyderm.io
I wrote a report on a recent #Python #malware package uploaded to #PyPI over here: https://blog.pypi.org/posts/2024-11-25-aiocpa-attack-analysis/
@Heitec@mastodon.social
Signal Is Now a Great Encrypted Alternative to Zoom and Google Meet
And Signal app is FREE 😁
#security #encrypted #message
https://lifehacker.com/tech/signal-is-now-a-great-encrypted-alternative-to-zoom-google-meet
@yossarian@infosec.exchange
PyPI's support for PEP 740 now includes GitLab, extending support beyond the initial scope (which was GitHub). that means that, if you're a GitLab CI/CD user, you can now upload attestations to PyPI and the index will verify and re-serve them!
docs here: https://docs.pypi.org/attestations/producing-attestations/#gitlab-cicd
@hazelnoot@enby.life
Urgent Warning for Fedi Admins
We've discovered an ongoing Denial-of-Service attack against Misskey-based instances. The attacks exploit a zero-day vulnerability impacting Misskey, Sharkey, IceShrimp, and other related software. Patches are in progress and will be released ASAP. We encourage all admins to update immediately!
Note: this is a different vulnerability from the ones that were recently announced! You should update today and again tomorrow at the scheduled time.
Update: Sharkey version 2024.9.2 has been released with a patch. You can get the update here: https://activitypub.software/TransFem-org/Sharkey/-/releases/2024.9.2
#Misskey #Sharkey #IceShrimp #FediAdmins #Security
@Some_Emo_Chick@mastodon.social
Let's Encrypt is 10 years old today!
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Huge thanks to everyone involved in making HTTPS available to everyone for free
#tech #technology #security #privacy #encryption #https #letsencrypt #ISRG
@Haydar@social.tchncs.de
Oha, das ist provokativ: Dieser Blogartikel sagt:
- Nutzt kein #PGP / #GPG
- Nutzt kein #XMPP + OMEMO
- Nutzt kein #Matrix (im Sinne: verlasst euch nicht auf die Verschlüsselung)
- E-Mails verschlüsseln ist sinnlos
Ich kenne den Autor nicht und würde ihn nicht erwähnen, würde der Artikel nicht in ernstzunehmenden ITSec-Newslettern zitiert
@yossarian@infosec.exchange
Security means securing people where they are
https://blog.yossarian.net/2024/11/18/Security-means-securing-people-where-they-are
@paka@mastodon.scot
US senators urge investigation into Musk
Senators argued #Musk’s involvement in #SpaceX programs should be reviewed for potential debarment & exclusion due to the alleged contacts. Debarment would bar him from certain contracts and privileges.
Relationships between well-known US #adversary & Musk, beneficiary of billions in US govt funding, is serious risk regarding #Musk’s reliability as contractor & #SecurityClearance holder
@cloudflare@noc.social
Election infrastructure is vital to global democracies. Find out how the Internet plays its part, in this conversation with Cloudflare and Accenture. Watch the full Modern Security episode here >> https://cfl.re/48HUZnR
@BenjaminHCCarr@hachyderm.io
Le Monde used #Strava to track the movements of world leaders. They don’t use tracking devices, but their #bodyguards do.
#EmmanuelMacron: https://www.lemonde.fr/en/france/article/2024/10/27/how-emmanuel-macron-can-be-tracked-watch-the-first-episode-of-stravaleaks_6730708_7.html
#Biden and #Trump: https://www.lemonde.fr/en/united-states/article/2024/10/28/biden-and-trump-put-in-danger-by-secret-service-agents-watch-the-second-episode-of-stravaleaks_6730825_133.html
#Putin: https://www.lemonde.fr/en/international/article/2024/10/29/putin-s-bodyguards-go-on-runs-near-palace-he-denies-owning-stravaleaks-episode-3_6730915_4.html
#StravaLeaks #Security
@nixkelley@blog.housewayreth.org · Reply to Nix Kelley's post
#security tip:
unless you know your chats or audio/video calls are secure, DON'T say anything that you wouldn't say around an unsafe person.
does this restrict your speech? yes it fucking does. but only in certain spaces.
be the annoying person who suggests over and over again to set up a secure group chat with your fellow community members. almost every service is free to use.
remember that #Discord is not secure comms. remember that #Instagram chats, and activity there, is not secure comms. remember that anything owned by Meta is not secure comms no matter what the company says.
be too careful. it's better to be too careful than careless for a moment.
@agturcz@circumstances.run
Is there any European body giving recommendations/requirements about It security, similar to NIST? Especially I'm looking for an organisation giving recommendations for passwords related policies. Preferably a widely scoped, but if there is anything reasonable in a particular industry, I'd be glad to know it as well.
#itsecurity #itsec #opsec #security
@aud@fire.asta.lgbt
Hey everyone! A couple good things to remember:
Signal is your friend! https://signal.org/
Be careful about what you post on corporate and federated social media. You don't need to self censor but you should take extra spicy discussions to something like Signal!
(people: please feel free to add hot tips for helping people keep things private!)
EDIT: It's definitely worth pointing out what I mean about "spicy". Expressing frustration in a way that could easily be misinterpreted by law enforcement? That's spicy! Planning a safe, legal protest? I'd argue that's spicy! That's the sort of thing I mean by this. No encryption or software is perfect; consider the level of risk when utilizing the tools.
But broadcasting stuff on social media can carry a lot of risk, so just... you know.
#security #secureCommunications
@Olly42@nerdculture.de
Apple creates Private Cloud Compute VM to let Researchers find Bugs.
The company also seeks to improve the system's security and has expanded its security bounty program to include rewards of up to [$1 Million] for vulnerabilities that could compromise “the fundamental security and privacy guarantees of PCC”.
https://security.apple.com/blog/pcc-security-research
#apple #pcc #vm #securityresearch #bug #bounty #programming #ai #it #security #privacy #engineer #media #tech #news
@heisec@social.heise.de
Change Healthcare: Größtes Datenleck im US-Gesundheitswesen
Nach einem Cyberangriff auf Change Healthcare Anfang des Jahres gibt es Gewissheit. Krankendaten von fast einem Drittel der US-Bevölkerung wurden geleakt.
@me@social.jlamothe.net
@joaocosta@mastodon.social
"Russia’s Central Bank raised its key #InterestRate from 19% to a historic 21% on Friday"
"seasonally adjusted price growth last month rose to 9.8% year-on-year from 7.5% in August. Core #inflation increased to 9.1% from 7.7% over the same period."
"russia has faced volatile prices since it sent troops into #Ukraine in February 2022"
"#russia is set to spend almost 9% of its GDP on #defense and #security this year"
@pedro@mastodon.pepicrft.me
There should be a SOC 2 version for companies that are just getting started. The amount of work required to be compliant can kill companies… #security
@midtsveen@social.linux.pizza
Your average free spirit, boosting psychedelics, complaining about North Korea, ranting about mobile security, and reminding you why @pir matters!
If you’re really curious, check out my website: https://midtsveen.github.io
#Monero #GrapheneOS #FreeKorea #Psychedelics #Cannabis #Privacy #DigitalFreedom #OpenSource #Security #Freedom #FreeSpirit
@XenoPhage@infosec.exchange
BSides Delaware parking and hotel information is up on the website now! https://bsidesdelaware.com/2024-venue/
If you don't have your tickets yet, WHAT ARE YOU WAITING FOR! Come join us!
https://www.eventbrite.com/e/security-bsides-delaware-2024-registration-1007007766337
AND SPEAK! CFP is open and waiting for your amazing submissions!
@membook@rigcz.club
@xoron@infosec.exchange
Decentralized Encrypted P2P Chat
Blog: https://positive-intentions.com/blog/introducing-decentralized-chat
GitHub: https://github.com/positive-intentions/chat
Demo: https://chat.positive-intentions.com
Follow for more!
#cryptography #p2p #decentralized #webrtc #cybersecurity #privacy #security
@Jeremiah@alpaca.gold
Grant Negotiation and Authorization Protocol (GNAP), the successor to OAuth 2, became RFC 9635 yesterday!
GNAP is easier to use than OAuth 2.0, with best practices as defaults and clearly articulated uses cases.
@quad9dns@mastodon.social
We're excited to announce the receipt of critical funding from @craignewmark Philanthropies to continue and further our work on improving the #security and stability of the Internet through our #DNS services, as part of CNP's commitment to #CyberCivilDefense.
@nixCraft@mastodon.social
There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a "backdoor for good guys" is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There's no safe way to create a backdoor that can't be exploited by malicious actors. #privacy #security #infosec
@FirewallDragons@mastodon.social
@tbroyer@piaille.fr · Reply to Thomas Broyer's post
And another one published simultaneously: Why are JWT?
about why you don't actually want to add them to your application, and certainly not as a kind of session token
@tbroyer@piaille.fr
New blog post: Beyond the login page
about why authentication is much more than just a login page and password storage and verification
@harris@social.coop
Fresh #introduction!
Hi, I'm Harris.
Professionally I work for Freedom of the Press Foundation (https://freedom.press/) managing our web team and @dangerzone. I'm a web developer learning to put my skills to good use.
My posts are likely to be about #security #privacy #webdev #dataviz #design #ux #ml and, lately, some self-conscious #epidemiology epistemic trespassing.
I also do a lot of social dance #baking #cooking and #cocktail making—maybe I'll try posting about those a bit more often!
@kuketzblog@social.tchncs.de
Fennec und Mull sind besonders für datenschutzbewusste Nutzer interessant, aber wegen der verzögerten Updates nicht für jeden geeignet. Teil 5 der Artikelserie »Sichere und datenschutzfreundliche Browser«. 👇
#fennec #mull #browser #firefox #brave #mozilla #datenschutz #sicherheit #privacy #security
@madargon@is-a.cat
How I see attempts to force #backdoors in E2E #encryption...
@fuzzychef@m6n.io
Red Hat Open Source Practice Office (#OSPO) is hiring not one, not two, but three new staff! If you're into working 100% on community #OpenSource, one of these jobs may be for you.
All positions are attached to either the Ireland or Czech office.
Security Community Architect: work in our Verticals Team identifying, boosting, and participating in #OSS #Security communities: https://redhat.wd5.myworkdayjobs.com/en-US/jobs/jobs/details/Security-Community-Architect_R-041442-1?a=04a05835925f45b3a59406a2a6b72c8a
#FediHired (1/2)
@madeindex@mastodon.social
✔ @torproject & @tails are going to strengthen their collaboration by merging¹! 👍
✔ #Tor has also released a new alpha
✔ It seems this #update does not address any of the potential #security issues, recently suspected after #German #lawenforcement claims to have used #timinganalysis to unmask Tor users.
✔ Potential solutions: timing delays, cover traffic...
¹https://blog.torproject.org/tor-tails-join-forces/
²https://blog.torproject.org/tor-is-still-safe/
#Torproject #Tails #Privacy #Surveillance #Freedom #Germany #Tech #Internet #Gov #IT
@Nonilex@masto.ai
MVP #KamalaHarris speaking soon in #Pittsburgh, #Pennsylvania about building an #economy that will work for all Americans.
#OpportunityEconomy #MiddleClass #labor #unions #protection #security #education #training #infrastructure
#Vote for #KamalaHarris & Gov #TimWalz to protect our fundamental freedoms & defeat #Trump & the #MAGA #Republicans this #election.
#VoteBlue
#HarrisWalz2024
https://www.youtube.com/watch?v=XokApnr_Cak
@JohnBarentine@astrodon.social
"The team used a DJI Phantom 4 Pro drone as a stand-in for such an aircraft for an experiment. Using a ground-based radar system, the team spotted the tiny drone thanks to the radiation emitted by a Starlink #satellite, which was flying over the Philippines at the time."
https://futurism.com/the-byte/chinese-researchers-detect-stealth-aircraft-starlink
@ovid@fosstodon.org
Have you ever heard of SS7? It's the backbone of most of our phone system and it's extremely insecure. Here's Veritasium exposing how easy it is to intercept your calls and texts without your knowledge.
#security #phone #veritasium #ss7 #CyberSecurity #hacking
https://www.youtube.com/watch?v=wVyu7NB7W6Y&ab_channel=Veritasium
@alexshoup@mastodon.social
I guess I should probably do an #introduction
- IT professional
- #Ohio born and raised
- Lifelong fan of #OhioState football.
- Advocate of #OpenSource, #Privacy, and #Security.
- #Linux user (btw, I use #Arch)
- Building experience with my #Homelab
@chris@mstdn.chrisalemany.ca
Any security/privacy experts have any thoughts about Apple’s Private Relay service through their iCloud+ subscription?
Good?
Bad?
Irrelevant?
I won’t be getting rid of my iCloud account anytime soon, so unless there is some other compelling reason not to, it seems worth using it.
Edit: Ironically, I couldn’t send this post from my local server because, I think, of my local DNS so… Private Relay off now. 😆
#Apple #Firewall #security #privacy #icloud
@maxeddy@infosec.exchange
I never did an #introduction!
Hi, I'm Max. I live in #NYC and do #journalism at PCMag where I cover #infosec, #security, and #privacy. I also write reviews of #VPN and professionally complain about #capitalism. I'm the Unit Chair of the ZDCG #union and moonlight as a #labor organizer. If you want to learn about how to unionize your workplace, plz DM me. I play #banjo badly and think about #medieval literature. I'm spending too much money on #fountainpens.
@mysk@mastodon.social
🚨🎬 🧵 1/4
Here is what happens when you insert an unlocked SIM card into a locked iPhone:
- The #iPhone accepts the SIM card and connects to the internet 😳
- Apple immediately adds the phone number of the SIM card to the Apple ID of the iPhone owner 😲
- #Apple accepts the new phone number as a username to sign in with the Apple ID of the iPhone owner 😱
- iOS activates the new phone number for iMessage 🤯
The video:
@mysk@mastodon.social
🚨🎬 Privacy Concerns about Apple Push Notifications
TL;DR: data-hungry apps use push notifications as a trigger to send app analytics and device information to their remote servers, even if the apps aren't running at all on your iPhone. Such apps include TikTok, Facebook, FB Messenger, Instagram, Threads, X, and many more.
Watch this video to see it in action:
https://youtu.be/4ZPTjGG9t7s
🧵 1/9
#Privacy #Security #Cybersecurity #Apple #iPhone #Facebook #TikTok #InfoSec #iOS
@joaocosta@mastodon.social
Bilateral #security agreements signed with 🇺🇦#Ukraine
1️⃣ 12/1🇬🇧#UK
2️⃣ 16/2🇩🇪#Germany
3️⃣ 16/2🇫🇷#France
4️⃣ 23/2🇩🇰#Denmark
5️⃣ 24/2🇨🇦#Canada
6️⃣ 24/2🇮🇹#Italy
7️⃣ 02/3🇳🇱#Netherlands
8️⃣ 03/3🇫🇮#Finland
9️⃣ 11/4🇱🇻#Latvia
1️⃣0️⃣ 28/5🇪🇸#Spain
1️⃣1️⃣ 28/5🇧🇪#Belgium
1️⃣2️⃣ 28/5🇵🇹#Portugal
1️⃣3️⃣ 31/5🇸🇪#Sweden
1️⃣4️⃣ 31/5🇳🇴#Norway
1️⃣5️⃣ 31/5🇮🇸#Iceland
1️⃣6️⃣ 13/6🇺🇸#US
1️⃣7️⃣ 13/6🇯🇵#Japan
1️⃣8️⃣ 27/6🇪🇪#Estonia
1️⃣9️⃣ 27/6🇱🇹#Lithuania
2️⃣0️⃣ 27/6🇪🇺#EU
2️⃣1️⃣ 08/7🇵🇱#Poland
2️⃣2️⃣ 10/7🇱🇺#Luxembourg
2️⃣3️⃣ 11/7🇷🇴#Romania
2️⃣4️⃣ 18/7🇨🇿#Czechia
2️⃣5️⃣ 18/7🇸🇮#Slovenia
2️⃣6️⃣ 04/9🇮🇪#Ireland
2️⃣7️⃣ 11/9🇱🇹#Lithuania
@BjornW@mastodon.social
Here's my #introduction:
I live in The Netherlands, Europe. I work as a self-employed tech consultant & software developer. I like to tinker & have way too many interests :)
Likely to toot about:
#technology #techpolicy, #opensource #openstandards #opencontent #publicdomain #creativecommons #copyright #sustainability #diy #infosec #security #data #privacy #accessibility #ui #ux #interactiondesign #ethics #webdevelopment #devops #sysadmin #climatecrisis #food #music #linux #debian #ubuntu
@homlett@mamot.fr
→ #Google's reCAPTCHA v2 just labor #exploitation, boffins say
https://www.theregister.com/2024/07/24/googles_recaptchav2_labor/
“The conclusion can be extended that the true purpose of #reCAPTCHA v2 is a #free image-labeling #labor and #tracking #cookie farm for advertising and #data #profit masquerading as a #security service”
@reclaimyourtech@assemblag.es
(1/2)
Announcing the launch of a new blog, Reclaim Your Tech (https://reclaimyour.tech).
This blog was founded on the premise that digital infrastructure should be owned by individuals, their families, and their communities. Being user first, it will provide technical guides, open-source tools, software recommendations, essays, and discussion.
#blog #techblog #security #privacy #enshittification #opensource #foss #linux
@LukaszOlejnik@mastodon.social
My book “PROPAGANDA: from disinformation and influence to operations and information warfare” treats the subject adequately, comprehensively, broadly, expertly. How does information influence work? Offence & defence. Expert arrangement of the subject.
#cybersecurity #propaganda #disinformation #book #books #security https://blog.lukaszolejnik.com/propaganda-my-book-on-information-security/
@JefTek@infosec.exchange
With the ever increasing attacks on users, moving to #multifactorauthentication is a must in order to reduce the attack surface of just relying on a password to secure access to resources. Implementing #MFA that is enforced all the time relies on also having a good user experience, which gave rise to mobile authenticator apps since many users always have their phones with them. However it also gave rise to #mfabombing and griefing to get those users to approve. With the recent GA of #microsoftauthenticator #azuread orgs can enable number match and context for the push notification to further improve the #security of the users by avoiding the blind approval of a push notification.
🔥 See the post on the AzureAD blog here and go enable these settings for your organization https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/advanced-microsoft-authenticator-security-features-are-now/ba-p/2365673 #microsoft #office365 #o365 #cloudsecurity
@heiseonline@social.heise.de
Faktencheck: Telegram ist weniger privat als andere Messenger
Die Annahme, Telegram sei besonders sicher, scheint sich hartnäckig zu halten. Fakt ist: In puncto Verschlüsselung ist Telegram der Konkurrenz unterlegen.
@Nonilex@masto.ai · Reply to Nonilex's post
Pummel #Starlink out of the sky? Impossible; as David Burbach, #NationalSecurity affairs prof at the #US Naval War College,…[said], “Nobody has enough anti-satellite weapons to come anywhere near shooting that down.”
& Starlink, which currently operates in 75 countries, is only getting bigger. A new batch of #satellites went up today. #SpaceX has already received approval from #US regulators [🤬] to launch thousands more,
#ElonMusk #power #Security #law #regulation #Tech #internet #access
@Nonilex@masto.ai · Reply to Nonilex's post
The #Brazil fiasco may have led to #ElonMusk backing down, but it has also revealed just how easily he can serve #Starlink users whatever #content HE may want. #Musk’s fame, the omnipresence of his many businesses, & his growing attention to #politics does not automatically translate to #ForeignPolicy expertise [ya think? He’s a #Putin fanboy FFS]. But what could Brazil—or any nation—really do to curb his control?
#power #Security #law #regulation #Tech #internet #access #information
@Nonilex@masto.ai · Reply to Nonilex's post
Since #ElonMusk took over #Twitter, he has made it a cozy home for #FarRight provocateurs, reinstated the accounts of previously banned bad actors, promoted #ConspiracyTheories, & made the website worse at separating fact from fiction. And yet, #Musk believes that #X is the “number 1 source of news in the world.” [🤦🏼♀️] For a part of the world that relies on #Starlink, Musk could, if he wanted, make it the ONLY #news source.[😱]
#Security #Tech #law #power #regulation #internet #access #information
@Nonilex@masto.ai · Reply to Nonilex's post
Other companies are working on their own #internet constellations, incl’g #Amazon, but they’re lagging far behind—& none of their leaders owns prominent #SocialMedia companies, where they can [personally] govern the flow of #information.
Compared w/ #SpaceX, the world’s town square, as #Musk calls #X, is a cauldron of #chaos, especially for users.
#ElonMusk #Security #Tech #law #power #regulation #access #Starlink
@Nonilex@masto.ai · Reply to Nonilex's post
At the time of this writing—& that’s important to note, because #SpaceX launches a fresh batch nearly every week—more than 6k operational #Starlink #satellites are circling Earth, accounting for >½ of all functioning satellites in orbit.
Starlink has grown so large in part because SpaceX is simply the most prolific #space company in the world.
#ElonMusk #Security #Tech #law #power #regulation #internet #access #information
@Nonilex@masto.ai · Reply to Nonilex's post
The deal resembled agreements between #Israel & other world powers for #HumanitarianAid, but as far as we know, the #UnitedStates, where #SpaceX is registered, did not send #Musk to the #MiddleEast to broker it. He flew over on his private jet.
#Starlink is what’s known in the #satellite business as a #megaconstellation.
@Nonilex@masto.ai · Reply to Nonilex's post
#Musk toured a kibbutz that #Hamas had attacked, dressed in a suit instead of his trademark occupy mars T-shirt, & offered #Starlink’s services to the Israeli govt. #Israel has imposed #internet blackouts & destroyed #telecommunications #infrastructure in #Gaza…. This summer, after lengthy negotiations, Israeli authorities allowed #SpaceX to activate #Starlink in one hospital in Gaza, w/more service on the way.
@Nonilex@masto.ai · Reply to Nonilex's post
As one undersecretary told @NewYorker’s Ronan Farrow, “Even though #Musk is not technically a diplomat or statesman, I felt it was important to treat him as such, given the #influence he had on this issue.”
Last year, when #Israel’s PM Benjamin #Netanyahu hosted #ElonMusk for a visit, the billionaire looked—& [cos]played—the part of a world leader traveling to a war zone.
#Security #Tech #law #power #regulation #Starlink #internet #access
@Nonilex@masto.ai · Reply to Nonilex's post
Soon, #Musk found himself w/ immense decision-making #power, as #Ukraine authorities pleaded w/him to activate #Starlink over a port city in #Crimea, apparently so that they could conduct a surprise drone attack on #Russia’s fleet anchored there. By the end of the war’s first year, when #SpaceX no longer wanted to foot the bill for Starlink ops, the #Pentagon jumped to take over the job before SpaceX could cut off access.
@Nonilex@masto.ai · Reply to Nonilex's post
#Musk dispatched terminals to places reeling from natural disasters, & then to the front lines of war. When #Russia invaded #Ukraine in early 2022, it hacked the #satellite provider that the Ukrainian military relied on for communications. Ukrainian ofcls appealed to #ElonMusk for help, & #SpaceX dispatched truckloads of #Starlink terminals to the besieged country, for free.
@Nonilex@masto.ai · Reply to Nonilex's post
Not only can #ElonMusk now determine who gains traction on a small but #influential corner of the web; in certain corners of the #globe, he can also determine WHO has #access to the #internet at all, & #regulate WHAT people encounter when they use it.
For a service that took off only about 5 yrs ago, #Starlink has become impressively ubiquitous, available for use on all 7 continents.
@Nonilex@masto.ai · Reply to Nonilex's post
This particular feud has crystallized an unsettling truth that is growing more apparent each day: #Musk is becoming an #internet god [oh he’s gonna love that 🤢]. #Space-based internet & #SocialMedia are a potent combination, & their #control by a single person is quite unprecedented—& alarming in the same manner as a federal govt restricting online speech via sweeping decree.
@Nonilex@masto.ai · Reply to Nonilex's post
(& pursue #legal action over assets). But in other ways, the debacle is a microcosm of fraught, ongoing debates over #FreeSpeech & #internet #regulation around the world [& businesses abiding by the laws of the countries in which they operate]
…[#Musk’s] actions could be seen as a…corrective to govt overreach. But they seem less magnanimous when you consider that the alternative to govt overreach is…a World Wide Web governed by the whims of the world’s richest man.
@Nonilex@masto.ai · Reply to Nonilex's post
The fight reached a boil in recent days, when #deMoraes instructed #internet providers in #Brazil to cut off access to #X altogether & #Musk refused to block the site on #Starlink until the latter business got its accounts back.
In some ways, this is classic Musk, scuffling w/ govt agencies when he believes they’re infringing on HIS enterprises. “What a scumbag!” Musk posted about de Moraes yesterday, after Starlink reversed course & agreed to block X….
@Nonilex@masto.ai · Reply to Nonilex's post
#ElonMusk, the CEO of #SpaceX, received a medal from the Brazilian govt. But now #Starlink’s Brazilian service is tangled in a mess of #political tensions, #CourtOrders, personal #insults, & #threats to revoke the company’s license to operate in the country. And this drama all started because of another #Musk business that links strangers around the globe: #X, née #Twitter.
@Nonilex@masto.ai
#ElonMusk Has the Off Switch
With both #X & #Starlink under his control, the world’s richest man wields unprecedented #power.
By Marina Koren
Since Starlink first beamed down to Brazil 2yrs ago, hundreds of communities in the Amazon that were previously off the grid found themselves connected to the rest of the world. Here was the purest promise of SpaceX’s #satellite #internet—to provide #connectivity in even the most remote places on Earth—fulfilled.
#Security #Tech
https://www.theatlantic.com/technology/archive/2024/09/elon-musk-brazil-starlink-x/679711/
@44CON@infosec.exchange
44CON 2024 - Want to become a pro reverser? Get good - https://44con.com/2024/09/05/unlock-reverse-engineering-mastery-at-44con-the-ultimate-training/
@fwaggle@moodoo.org
#introduction as I can tag now.
I'm fwaggle, and have been for ages. If you've been around for 20+ years and you're thinking "hey, I think I know that guy" then you're probably right. If you thought I was a dickhead 20 years ago, you're almost certainly right... I'm trying to do better now though.
I do #security things for a WordPress host, which is good fun.
@nixCraft@mastodon.social
Microsoft has confirmed that Windows 11 users will not be able to uninstall the controversial “Recall” feature, despite earlier reports suggesting otherwise. Recall, part of the Copilot+ suite announced in May, automatically captures screenshots of user activity on the operating system including sensitive information such as passwords or financial data https://digitalmarketreports.com/news/25091/microsoft-recall-feature-on-windows-11-not-removable-after-all/ Do yourself a favor and get rid of Windows from your life—enough of these greedy companies. #privacy #security
@matrix@mastodon.matrix.org
Authentication is almost always the most frustrating step of interacting with a service. Matrix is no different, but Quentin is about to dramatically improve the situation.
Get a glimpse of all the goodness awaiting to be unlocked once his project lands!
@joaocosta@mastodon.social
We should be arming #Ukraine, not "for as long as it takes", but TO WIN.
Why? Because, to begin with, we are seriously struggling to keep #democracy afloat "for as long as it takes" and, in order to defend democracy, we must achieve a resounding Ukrainian #victory.
That's why oligarchs, terrorists, extremists and dictators are ALL so invested in stopping war-time investment in European #security in the Ukrainian front.
Focus. Act decisively. Act now.
@PrivacyDigest@mas.to
#California Legislature Approves A.I. Safety Bill
The California bill has spurred a fierce debate over how to regulate the new technology, which both technologists and lay people have hyped for its potential benefits and harms to humanity.
#ai #security #privacy
https://www.nytimes.com/2024/08/28/technology/california-ai-safety-bill.html
@nibushibu@vivaldi.net
怖いな、これ :vivaldi_red: #Vivaldi も影響あるのかな
@randomcruft@mastodon.sdf.org
a list of #hashtags for my #introduction
#technology / #computer #geek (#security pays the bills)
#music / #musician (#drummer for fun but not profit... learning other #instruments)
#weather (it's both awesome and scary)
#health / #fitness (however, will not turn down #chocolate)
#gaming newbie (#fantasian / #ffxiv occupy my time currently)
#anime (#SAO, #attackontitan, #psychopass, #RWBY, etc. etc.)
#DIY projects (if / as needed)
it's difficult writing #introductions 😅
@terri@social.afront.org
CVE Binary Tool 3.3 is released! (At long last!)
This is my work open source project that lets you scan for known vulnerabilities in your binaries, package lists and SBOMs. It's meant to make it easier (and cheaper!) to make secure open source software.
3.3 has new features from our Google Summer of Code 2023 contributors including EPSS metrics to help users assess risks associated with vulnerabilities, a new GitHub Action to make scanning easier, and a mirror of the NVD data backed by the same servers that do Linux distro mirroring so you don't have to deal with rate limits, downtime, and servers only located in the US.
Release notes: https://github.com/intel/cve-bin-tool/releases/tag/v3.3
And get the code on pypi:
https://pypi.org/project/cve-bin-tool/3.3/
Boosts appreciated!
@hq@socialhome.network
We noticed a similar vulnerability in #Socialhome that had been found in #Mastodon and various other projects, ie https://arcanican.is/excerpts/cve-2024-23832/discovery.htm
This should hopefully now be mitigated and anyone running a #Socialhome instance should update asap.
Other changes:
@alltechpacks@mastodon.social
#tech #coding #hack #security #cybersecurity #programmer #linux #kalilinux #ubuntu #linuxmint
@blog@shkspr.mobi
Falsehoods programmers believe about... Biometrics
https://shkspr.mobi/blog/2021/01/falsehoods-programmers-believe-about-biometrics/
(For the new reader, there is a famous essay called Falsehoods Programmers Believe About Names. It has since spawned a long list of Falsehoods Programmers Believe About....)
The BBC has a grim tale of a family with a genetic mutation which means they have no fingerprints. It details the issues they have getting official ID.
In 2010, fingerprints became mandatory for passports and driver's licences. After several attempts, Amal was able to obtain a passport by showing a certificate from a medical board. He has never used it though, partly because he fears the problems he may face at the airport. And though riding a motorbike is essential to his farming work, he has never obtained a driving licence. "I paid the fee, passed the exam, but they did not issue a licence because I couldn't provide fingerprint," he said. The family with no fingerprints
Even if this genetic issue didn't exist, it should be obvious that not everyone has fingers, or hands. Some people are born without hands, some people lose them later in life.
Policy is about the edge-cases. It's easy to design something which works for the majority of people - the real challenge is how we deal with the fringes.
Ever heard of twins, dumbass?
OK, it is a little bit more complicated than that.
Even if you assumed that everyone has ten fingers - that means you can only change your ID 9 times. If you're using iris recognition, that's one change you're permitted before you have to grow new eyeballs.
Back in 2002, Tsutomu Matsumoto copied fingerprints using Gummy Bears.
Researchers can consistently fool iris scanners
3D printed facemasks can defeat facial recognition systems.
The thing about biometrics is that they are not secret. You leave your fingerprints everywhere. If a camera can read your face, it can copy your details.
Will having a "nose job" stop your iPhone from recognising you? Probably not. But there are a range of surgical procedures which can be done.
People who have Facial Feminisation Surgery can be given a letter from a doctor to explain to border guards why a person's face may no longer match their biometrics.
Biometrics are not passwords. Nor are they a universal 2nd factor. Biometrics are, at best, usernames.
For the average user, it's probably fine to use your fingerprint or face to unlock your phone. If you think an enemy state is going to devote considerable resources to steal copies of your biometrics, consider changing to a different password mechanism.
Or, if you have kids.


Or if you're cheating on your spouse.
A Qatar Airways pilot was forced to make an emergency landing after a passenger found out her husband was cheating on her and had a violent reaction in midair. The woman reportedly used her sleeping husband's finger to unlock his phone and discovered his cheating ways. Eyewitness News
In a safe-ish environment, biometrics are a good convenience mechanism. If your phone is snatched by an opportunistic thief, they're unlikely to have the means to spoof your ID.
But they are not a perfect security measure.
https://shkspr.mobi/blog/2021/01/falsehoods-programmers-believe-about-biometrics/
@masukomi@connectified.com
@heisec@social.heise.de
Noch kein Patch: Sicherheitsforscher beraubt Windows sämtlicher Schutzfunktionen
Stimmen die Voraussetzungen, können Angreifer Windows Update manipulieren, um beliebige Windows-Komponenten durch veraltete, angreifbare Vorgänger zu ersetzen.
@gehrke_test@libranet.de
"75 Prozent der Server des Standorts waren anfällig für Cyberangriffe. [...]Die Daten der Server blieben vier Jahre lang ungeschützt, berichtet der Guardian unter Verweis auf die NDA."
#Atomkraft #Kernkraft #Sellafield #security #PoweredByRSS
Atomkraft: Sellafield räumt massive Versäumnisse bei Cybersicherheit ein
@pasimako@mastodon.social
Fraudsters can expose fake 2G networks (carried in a backpack) and easily trick mobile phones to connect to them. Make sure to disable 2G if you got the option in Android as it is an insecure network that was designed in the 80s. 3G/4G/5G have enough coverage these days.
https://security.googleblog.com/2024/08/keeping-your-android-device-safe-from.html
@purism@librem.one
Hardware kill switches: Empowering users in the digital age. Our latest blog explores how physical control over your device builds trust, respects autonomy, and offers unparalleled protection. Discover how Purism is putting privacy at the forefront of mobile tech.
https://puri.sm/posts/the-evolution-of-smartphone-security/
#UserPrivacy #Purism #PureOS #Security
@majorlinux@toot.majorshouse.com
@arraybolt3@theres.life
#Ventoy Security Concerns (please boost for visibility)
Ventoy is a popular utility for making USB drives containing multiple operating systems in the form of bootable image files. While very useful in theory, the source tree contains numerous binary blobs without source code. This issue has been brought up to the authors multiple times, have not been corrected, and have even gotten worse (more blobs have been added to the code over time). This is a potential malware vector, similar to the "test files" in the xz-utils backdoor catastrophe.
Recently the author has ignored a very lengthy thread raising security concerns because of these binary blobs. Given the amount of attention the thread has gotten, this seems strange, especially given that the authors have been active since then. https://github.com/ventoy/Ventoy/issues/2795
Stranger yet still, a video by Veronica Explains (@vkc) on how to create bootable USB flash drives got flooded by comments heavily suggesting the use of Ventoy and even being somewhat accusing because Veronica didn't advertise Ventoy. This is... not anything I've seen users of ANY open-source project do, and it feels similar to the social engineering done against Lasse Collin that convinced him to add Jia Tan as a maintainer, thus compromising xz-utils. See the comments of https://www.youtube.com/watch?v=QiSXClZauXA&t=3s
If you're using Ventoy, you may want to consider ceasing its use for the time being out of an abundance of caution. If you truly need its functionality, you might look into something like the IODD SSD Enclosure (https://www.iodd.shop/HDD/SSD-Enclosure) which can emulate an optical drive and allows you to select an ISO saved to the drive to boot from.
@h3artbl33d@exquisite.social
Exquisite supports DANE, even while not every browser supports it. The 3-1-2 hash (domain issued certificate, SPKI, SHA-512) is:
6a9976657f0e85aa59e2954db3bd342c04f5e33ea166a70147fd6bb54bbafe23c11be8db582671e4d169be794ff2174ee99227e78ccd3961c84b53e20dad13b0
This goes for 443/tcp.
@heiseonline@social.heise.de
Minister Wissing: IT-Pannen werden zunehmen
Crowdstrike hat gezeigt, wie verwundbar weltweite Vernetzung machen kann. Der Digitalminister sieht Deutschland gut gerüstet, auch für andere Szenarien.
@Nonilex@masto.ai · Reply to Nonilex's post
Thursday’s prisoner swap, which saw American #journalists & a #security consultant, & a group of some of #Russia’s most prominent #dissidents & #PoliticalPrisoners, exchanged for a Russian group including a state #assassin, #spies & #hackers, was the biggest & most complex switch since the Cold War.
It took place at a time of #war, w/ #GlobalRelations between the #UnitedStates & Russia as bad as they have ever been.
#MafiaState #Hostages #ForeignPolicy #diplomacy #alliances #geopolitics #law
@eingfoan@infosec.exchange
I started to try a #comparison with all mainstream #FIDO2 #security #keys.
Here Is the comparison:
https://docs.google.com/spreadsheets/d/1o_l6ieNRgf4IDYFcTNuw2st96VjrB-djtT2BMRhRDbI/edit?usp=sharing
it is really hard to compare since vendors are super unstructured
please #boost for more reach
contributors welcome
https://docs.google.com/spreadsheets/d/1o_l6ieNRgf4IDYFcTNuw2st96VjrB-djtT2BMRhRDbI/edit?usp=sharing
@eingfoan@infosec.exchange
#Authentication strength #maturity #model for #security
#conumerVersion
Original source:
@dymaxion@infosec.exchange
A few #introductions:
I run Systems Structure Ltd., a US consultancy that provides fractional CISO services for pre-A to post-C round #startups, along with #threatmodeling training and #securityarchitecture reviews.
I've been working in #security since 2003 and did a spell in NGOland from ~2011 to 2016, working with NGOs and news organizations targeted by states and on tools they use, including the #briar messaging app. The field work I did then fundamentally reshaped my approach to security, and I recommend that everyone in the field learn about the reality of being a high-risk user.
I live in #Helsinki the days, although in the before times (and hopefully soon again) I spent a fair bit of time in #NYC and #London. I run a #queer performance space out of my home, along with my partner, called The Attic (@theatticfi on insta), where we make space for #drag, #burlesque, #performanceart, and music, along other things. Before I moved here, I spent six or so years traveling full time.
I have written various essays over the years, which you can see on dymaxion.org, and I'm slowly writing a book. While security pays the bills, I spend a lot of my time thinking about #complexsystems, and in particular how the human and technical bits mesh, how they fail, and how to redesign them to fail better. In practice, this has meant everything from consulting on a constitution to thinking about what comes after the #climate apocalypse. The "recruiting barbarians" in my bio refers to being more comfortable outside of institutions, but I'm starting to think more about community and infrastructure building now that I live somewhere.
I'm also an #artist; I paint and am slowly learning my way around a #synthesizer, and I've been accused of being an #architect. I'm active in the #nordiclarp scene, where we take larp serious as a dramatic form and do everything from a reworking of Hamlet played at the actual Elsinore castle to a larp about the early days of the HIV crisis. I'm primarily a theorist and critic there, as well as player, and I've edited two books and written a number of essays. Nordic larp has the best toolkit I've seen anywhere for analyzing the human parts of complex systems and especially for building new systems; it's heavily influenced my security work, along with my #designfutures thinking.
@kushal@toots.dgplug.org
I wrote about #MFA #2FA #FIDO2 #authentication on #django applications. https://kushaldas.in/posts/multi-factor-authentication-in-django.html #python #security
@mdione@en.osm.town
Intro:
#python #linux #Sysadmin #developer #bash :sad_face: #sre #security #osm #OpenStreetMap #photography #astrophotography #hiking #bouldering #science enthusiast (most of them) #diy (not much of it) #ebike
Father of two, make my own maps and computer tools, have my own home server, fix as many things as I can myself, love to drive and travel by car but not for the city, and much more.
Mostly boosts, in several languages, including some I can't speak, write or read.
@solenepercent@bsd.network
Full-featured email server running OpenBSD
https://dataswamp.org/~solene/2024-07-24-openbsd-email-server-setup.html
gemini://perso.pw/blog/articles/openbsd-email-server-setup.gmi
#nocloud #selfhosting #openbsd #security
@doyensec@infosec.exchange
We're proud our testing helps ensure the security of Thinkst's OSS Canary Tokens! As part of their transparency efforts, you can read the results of our latest round of testing here:
https://www.doyensec.com/resources/Doyensec_ThinkstCanaryTokensOSS_Report_Q22024_WithRetesting.pdf
@SecureOwl@infosec.exchange
Fediverse Competition time!
I have two signed copies of my book 'Security Operations in Practice', which is all about building effective Security Operations teams, to give away to my Fediverse friends.
To enter - all you have to do is boost this toot before 12pm PT on Thursday July 25th, and I'll randomly select two of the boosters to receive the copies.
You can find out more about this book, and my other releases at https://infosecdiaries.com. Thanks, and good luck!
@shortridge@hachyderm.io · Reply to Kelly Shortridge's post
this is why I’ve side eyed any federal document about software #security, quality, or #resilience that demonizes open source software while touting the virtues of commercial cybersecurity products
as if those products aren’t notorious for deep access + flimsy quality…
I’ve written about this concern in two separate RFIs to CISA et al (with co-conspirator @rpetrich)
1) on OSS security https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/
2) on secure by design https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/
@davidaugust@mastodon.online
Did you know #Project2025 calls for “the entirety of the CISA #Cybersecurity Advisory Committee should be dismissed on Day One.” (page 155).
If you like being able to use computers (or do anything with organizations that use computers, including have your vote counted in elections) that’s a very bad idea.
@vam103@mathstodon.xyz
Apparently NS&I (the old UK National Savings, as they put it "the government savings bank") have launched two factor authentication, which is good.
Except, it told me to expect a code, you would think through SMS. But no, its a phone call. To make matters worse its from France according to my phone! So of course I thought it had been compromised and wrote to them.
No, apparently they use a French company to do the OTP codes and then mask this with the UK number normally, except when it messes up or I guess your security is so high it does not show it. Actually the reply seemed annoyed that I did not just accept that the UK government bank would use a French company to do their security.
So I do not think much of the " improved security " until I can register a FIDO key or the local code generator as a call from France seems to have lots of points of failure. (Its not that its France specifically, just that it is another country.) Also they should mention this on their website! (Unless missed it).
https://www.nsandi.com/get-to-know-us/security/improved-security
@techlore@social.lol
Welcome to the world of #privacy, #security, and #anonymity in 2023!📅
This thread covers what we’re doing to spread privacy to the masses ⬇️⬇️
@michabbb@vivaldi.net
Test your prompting skills to make Gandalf reveal secret information.
Gandalf is an exciting #game designed to challenge your ability to interact with large language models (LLMs).
@Tutanota@mastodon.social
What's the main difference between Tuta Mail and Gmail? 😎 PRIVACY 🔐
Get your #FREE Tuta Mail account now: https://app.tuta.com/signup
#Tuta #Germany #privacy #freedom #bestemail #encryption #security #PrivacyMatters #FREE #SecureEmail #privacyfirst #encrypted
@opensuse@fosstodon.org
The Release Candidate 3 of Aeon #Desktop will include Full Disk #Encryption to boost data #security. Get more details! #DataSecurity #AeonDesktop #Encryption https://news.opensuse.org/2024/07/12/aeon-desktop-intros-fde/
@sarahjamielewis@mastodon.social
Some exciting news: Over the past few months I have been working on founding a new organization: Blodeuwedd Labs (@blodeuweddlabs)
We are now in a position to offer subsidized security assessments (and other services) for open source projects.
(In addition to a whole array of analysis, development, and custom research offerings for everyone else)
Announcement (and more info): https://blodeuweddlabs.com/news/open-source-review-announce/
@bane@exploit.social
I am working on starting a project under fiscal sponsorship to teach underserved youth cybersecurity and provide them pathways to careers. I have received the application and budget projection template to fill out. I am looking for partnerships and potential donors. I am also looking for anyone who would be willing to join an advisor board. Please share if you think of anyone who would be interested in either!
@mattburgess@infosec.exchange
Hi all, been lurking for a few days but introducing myself now! I'm Matt and a #security reporter at WIRED. Like many others here, I'm coming to Mastodon after the chaos at the bird site in the last week.
The things I cover on a regular basis are #privacy, cybersecurity, #surveillance, internet freedom, #tech and human rights, and a bunch more things in the wider security realm.
I'm based in #London—and have lived here for the last decade—so I'm often reporting on issues from across Europe. When not writing words for the web, I'm often found #running and have been dabbling in the #ultramarathon a few times over the last few years #introduction (edited to add introduction hashtag)
@jsrailton@mastodon.social
STAGGERING: Nearly all #ATT customers' text & call records breached.
An unnamed entity now has an NSA-level view into Americans' lives.
Damage isn't limited to AT&T customers.
But everyone they interacted with.
Also a huge national security incident given government customers on the network.
And of course, third party #Snowflake makes an appearance.
https://www.cnn.com/2024/07/12/business/att-customers-massive-breach/index.html
#infosec #cybersecurity #telco #cellular #privacy #security #breach
@adamsdesk@fosstodon.org
Little Bits: Issue #14
Uncover the accumulation of little bits I’ve found over the the past month on the topics of design, hardware, open source, privacy, security and more.
@monkeyflower@infosec.exchange
Hackvists release two gigabytes of Heritage Foundation data
"Self-described “gay furry hackers,” SiegedSec said it released the data in response to Heritage Foundation’s Project 2025, a set of proposals that aim to give Donald Trump a set of ready-made policies to implement if he wins this fall’s election. Its authors describe it as an initiative “to lay the groundwork for a White House more friendly to the right.”
The data, reviewed by CyberScoop, includes Heritage Foundation blogs and material related to The Daily Signal, a right-wing media site affiliated with Heritage. The data was created between 2007 and November 2022.
The group says it gained access to the data on July 2 and released it to provide “transparency to the public regarding who exactly is supporting heritage (sic),” a spokesperson for the group who goes by the online handle “vio” told CyberScoop in an online chat Tuesday."
https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/
#hackers #opsec #infosec #databreach #politics #ethics #furry #furries #altright #gay #uspoli #project2025 #security #privacy #transtights #fascism #hacktavists
@fedify@hollo.social
We released #Fedify 0.9.2, 0.10.1, and 0.11.1, which patched the last reported #vulnerability, CVE-2024-39687, but the vulnerability of SSRF attacks via DNS rebinding still exists, so we released Fedify 0.9.3, 0.10.2, and 0.11.2, which fixes it.
If you are using an earlier version, please update as soon as possible.
Thanks to @benaryorg for reporting the vulnerability!
@nonlinear@mastodon.nz
@spv@spv.sh
hi, i'm spv. call me spv, or james if you want to be slightly weird without knowing me
here's an #introduction post because i don't think i've made one yet.
info to know about me: 17 from BFE, NY
i'm #autistic, and have too many other conditions to list. woooo!
i do #programming on occasion
#homelab on the regular
i like to work with #security, but i don't do it enough
getting a degree in #Computer Security & #Forensics from SUNY Broome (starting in august)
warning: i use a lot of #hashtags
@hollo@hollo.social
To #Hollo users: please update your #Hollo to 0.1.0-dev.46, a #security patch which addresses @fedify's #vulnerability CVE-2024-39687, as soon as possible!
https://hollo.social/@fedify/019080c7-c784-755d-a6f2-d1f91f2c5709
@ilumium@eupolicy.social
The @EUCommission wastes our tax payer money to team up with #Microsoft the #gatekeeper and notorious #antitrust villain and sue the EU data protection agency @EDPS because the Commission wants to continue to use the #M365 software #security shitshow.
How low can this institution sink?
https://digitalcourage.social/@echo_pbreyer/112722381771336529
@anderseknert@hachyderm.io
Announced yesterday, Regal is a new linter for #Rego, with the ambitious goal of both catching bugs/mistakes in policy code, *and* to help people learn the language! If you ever work with #OPA, I’m sure you’ll find it useful. Check it out, and if you’d like to help kick-start the project by giving at star ⭐️ I’d be overjoyed!
https://github.com/StyraInc/regal/
#CloudNative #Linter #Code #Development #CodeQuality #Security
@kushal@toots.dgplug.org
Do you know about http://verybad.kushaldas.in:8000/ experiment? This web application has a lot of #security holes, and I tried to secure it using only #systemd. Feel free to do a round of #pentest, #attack the box. Remember to let me know what did you find.
The box is up from April end 2022.
Please boost so that your other security minded friends see this. I try to make sure that any learning from this goes back to systemd upstream.
@campuscodi@mastodon.social
Halycon researchers have discovered a new ransomware operator named Volcano Demon that is currently distributing versions of the LukaLocker ransomware.
Halycon says the group engages in targeted ransomware attacks but does not operate a dedicated dark web leak site.
The group is also known for calling a company's executives to extort and negotiate payments.
@kcarruthers@mastodon.social
Follow me if you’re interested in:
Pics of my #chihuahua #dog Mr Maxi & pics from walks in #Sydney #Australia (it’s kind of a puppy spam account, but he’s adorbs)
stuff about #disinformation #terrorism #radicalization & modern #warfare #drones #uavs #history
Topics I’m interested in: #legal #privacy #data #analytics #ethics #technology #feminism #ADHD #cybersecurity #informationsecurity #security #cyber #infosec #digitaltransformation #ai #ml #digitalfutures
@monocles@monocles.social
What is it about?
#monocles offers ethically acceptable services and an online platform for individuals as well as for companies for a truly fair and secure digital life.
+ complete #opensource
+ 100% electricity from #renewable energy sources
+ no #tracking
+ highest possible #security
+ #independent of corporations and organizations, as completely privately funded
Check out more on https://monocles.eu/more
@monocles@monocles.social
#monocles chat 1.7.9 is released on the playstore with a lot of updates and improvements! (See comments below)
https://play.google.com/store/apps/details?id=eu.monocles.chat
@Tutanota@mastodon.social
Today we are proud to announce the launch of the world's first #postquantum secure email platform! 🥳🎉
With TutaCrypt your data is safe against quantum computer attacks at rest & in transit. ⚛️ 🔒
Learn more about this quantum leap in #security here: https://tuta.com/blog/post-quantum-cryptography
@thisismissem@hachyderm.io
Okay, okay, at @nova's prompting, an #introduction post:
Hi 👋🏻 I'm Emelia, from #berlin, #germany, I'm trans, queer, and kinky.
I'm a #tech princess 👸🏻 currently working on Fediverse Trust & Safety tooling and contributing to various Fediverse projects. I'm on the infrastructure team for @hachyderm
I was tech lead at @iftas (Nov 2023 – Sep 2024), I'm currently independent, funded by you and grants.
In 2020, I became the #founder of Unobvious Technology, aiming to improve the safety, #security and profitability of #sexworkers and advance the #adultindustry
p.s., the tech princess thing is a joke because I think it's fun to wear ballgowns to tech conferences.
@ricci@discuss.systems
Hey! Let's talk about #SSH and #security!
If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.
The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.
This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.
A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24
Let's dive in. 🧵
@ml@social.mitexleo.one
@tokyo_0@mas.to
#ActivityPub, #FediDev and #security question: If instances generally collect only one copy of each post and then share it with the users that need to see it, does that mean nonoriginating instances are trusted to not show that post to users the poster has blocked (or who shouldn't see it because they're not following etc depending on visibility)?
How do the collecting instances know who should see it? (A cached copy of the poster's follow list?)
And does #authorized_fetch change any of this?
@jpm@aus.social
I probably should do an #introduction too
I'm Joel, the #wifi -whacker, #network -noodler, #linux - licker, and #security -spooner. I also do a bunch of #electronics design and #embedded coding, while wondering why #3dPrinting still sucks so much.
There will be regular #DadLife and #CatsOfMastodon posts, and likely a lot of swearing as well
@alice@lgbtqia.space
🥰 So fulfilling! 🥰 A friend just brought their little daughter over to my place, because she had a journal with a 3 wheel combination lock on it, and she'd forgotten the combo.
I showed her how to decode it, and eventually she got it open! We changed the combo and locked it again so she could practice more.
After a bit, she was asking about other kinds of locks, so I happily brought out an assortment of antique and miniature locks from my collection.
A couple hours later they had to leave, and she was beaming! Today she had picked 2 warded locks, a pair of police cuffs, raked open a 4-pin tumbler, and decoded a combination lock!
I sent her off with a smiley yellow binder clip and a minuscule warded lock to practice on.
They asked to come back next week to learn more. 💜
I feel like the Yoda of lock-sport. 🙂
---
Update: Friend just texted me to say their daughter is thinking of starting a YouTube channel to document her growth in lock-sport, and wanted advice on gear/setup stuff.
---
#LockSport #Locks #Adorable #Teaching #LockPicking #Security #Hobbies #GirlPower
@strypey@mastodon.nzoss.nz · Reply to Strypey's post
Our Mastodon server has been mostly down for a week, and anything we posted during the brief uptime during the last week has been lost. Turns out our PostgresSQL container was hit by cryptojacking malware;
https://thehackernews.com/2024/05/kinsing-hacker-group-exploits-more.html
It doesn't seem like a targeted attack, I think we were just unlucky. I highly recommend admins review your security measures and harden your systems against automated attacks.
Is this something Reproducible Builds could help with?
@ciaranmak@mastodon.ie
Hello all 👋
Am a self-employed #security consultant of 10+ years via https://securit.ie/
I regularly enjoy live sports/music (likely to post about), I code #Python & #Rust and am unafraid of low-level / reverse engineering, builder, breaker, cocktail shaker. Lefty af ☭. An aspiring cyberterrorist armchair general on main
🤘😜👍 #Introduction
@avoidthehack@mastodon.social
👋🏽 Hi Mastodon
(Redoing #introduction)
I am the same Avoid The Hack from Bird Site
Only news items and updates for https://avoidthehack.com are cross posted from Bird Site. Everything else is here (and only here) as I’m more active on Mastodon.
Most of this feed is related to #cybersecurity and #privacy. Sometimes I post advice. Sometimes I share articles I have written. Sometimes I share articles featuring Avoid The Hack. Sometimes there are memes.
@ljrk@todon.eu
Bio was too big, and I didn't yet make an #Introduction:
Hi, I'm Leonard/Janis (like Cohen/Joplin respectively), I use they/them pronouns, he/him (Leo) and she/her (Janis).
I'm a #genderqueer #hacker from #Berlin. I'm a professional procrastinator, don't expect me to stick to one project :'-)
Outside of computing I love #running, #handball and #rollerblades, adore cats, have a passion for #teaching and spend too much time following politics. I listen to #Blues but my musical taste has since widened to also embrace R'n'B, Rock, Funk, and a lot of modern stuff. I read classic #fiction and my favorite authors are Terry #Pratchett, Douglas Adams, J.R.R. #Tolkien, Robert Harris, and Sjöwall & Wahlöö (rather male dominated, send recommendations!).
I'm politically left #AssignedCatAtBirth but not settled on the specific question of government.
I'm a #privacy and #security fetishist (these aren't the same, sometimes even oblique). Some see a gray space here, I consider the right to data self-determination a fundamental right. Also, free #housing, #publicTransport and a livable environment are fundamental. #Learning and #teaching are crucial for individuals and society. Tech won't solve our core problems, merely highlight them and perhaps provide tools for change we can use.
@jnsgruk@hachyderm.io
Pretty huge news from Canonical yesterday!
"Today, Canonical announced a 12 year LTS for any open source Docker image!"
https://canonical.com/blog/canonical-offers-12-year-lts-for-any-open-source-docker-image
@goldfishlaser@fosstodon.org
I will be presenting "Open Hardware Design for BusKill Cord" Demo Lab at DEF CON 32.
When: Sat Aug 10
Time: 12PM - 1:45PM
Room: W303 - Third Floor - LVCC West Hall
@heisec@social.heise.de
Ab sofort gibt es Desinfec’t 2024 auf einem USB-Stick zum Kauf
Mit dem c’t-Sicherheitstool entfernen Sie Windows-Trojaner und greifen auf nicht mehr startenden PCs auf Ihre Daten zu.
@martijn@noisesfrom.space
Tooting into space here, hello 👋
I'm 30 year old programmer from the Netherlands. I fiddle with hardware, mostly keyboards and I'm finding my way back into #security.
Besides this I'm pretty active by doing swimming, bouldering and playing padel. Interested in going to #concerts and #music.
Never really got into Twitter but Mastodon seems more like my thing, don't be shy to connect and I will do the same
@nixCraft@mastodon.social
the talk. credit ig https://www.instagram.com/peter.conrad.comics/ #infosec #security #microsoft #technology
@kubikpixel@chaos.social
Dark Visitors - A List of Known AI Agents on the Internet
Insight into the hidden ecosystem of autonomous chatbots and data scrapers crawling across the web. Protect your website from unwanted AI agent access.
#ai #internet #block #LLMs #chatbots #it #security #datascraping #protection #web
@ataner@hachyderm.io
New instance, new #intro post!
OHAI! I am Renata (it's pronounced heh-NA-ta and I am very particular about it) - I am a Manager of Solutions Architecture in Toronto, Canada. I work with #Cloud, #DevOps, #Security and all their relatives.
I am super invested in ID&E, social issues, I am an avid #cyclist, I #run, do #yoga, and still find time to find some random new hobby that I will completely ignore six months later. It is what it is.
I also love #cats! Hello!
@Di_Libu@mstdn.plus
Hello #Mastodon!
#New #Introduction!
I #changed #instances. Most of my #info can be found on my #profile. I'm a #simple #guy with a #dynamic #outlook. I am a self proclaimed #artist. I like to listen to and make #music (Mainly #EDM & #HipHop). In my free time I like to surf the #Internet or #play #games. I love #cats and #dogs of all breeds. I have #studied #business #admission and #law. I have work background in #Security and #Managment. I hope to meet many #interesting people while on here.
@eric@social.coop · Reply to Eric Maugendre's post
"As a result of the DMA the tech giant allows to install other browsers as defaults. Apple ensured that these browsers can no longer use WebKit because it would make them faster than Safari. To this end, the tech giant blocked the WebKit API in iOS 17.4."
https://www.techzine.eu/news/privacy-compliance/116980/apples-changes-to-comply-with-the-dma-opens-new-european-antitrust-investigation/
#Apple #iPhone #DMA #WebKit #Web #rendering #FrontEnd #WebDev #PWA #Sideloading #AppleStore #browsers #monopoly #EU #Europe #privacy #security #Safari #iOS #iOS174 #competition #AntiCompetitive
@whophd@ioc.exchange
Let’s hope this #security-conscious *choice* in the Kia EV9 is the start of a trend. They didn’t have to give us this. In a real button, no less — you can connect or disconnect the data from your phone while #USB-charging it in your car. From MKBHD https://youtu.be/CRhjL9X2yKA
@maugendre@hachyderm.io · Reply to Eric Maugendre's post
• unmigrated accounts on legacy browser—such as #Safari
• pro liaison on a browser approved by your organization
• consuming, online streaming, on the all-purpose browser: #Firefox (then Settings > Privacy)
• social media on a speedy browser—such as #unGoogled (but you must update)
• online banking, health, sysadmin & sensitive stuff on a hardened browser—such as #LibreWolf or #Mullvad's browser
#privacy #browsers #compartmentalisation #compartmentalization #safety #security #diversity #infoSec
@estelle@techhub.social
How the UK Security Services neutralised the country’s leading liberal newspaper:
(2019) https://www.declassifieduk.org/how-the-uk-security-services-neutralised-the-countrys-leading-liberal-newspaper/
#TheGuardian #Assange #Corbyn #MI5 #MI6 #LabourParty #Labour #England #Britain #UK #centreLeft #leftOfCentre #elections #UKPol #politics #SocialDemocracy #SocDem #media #security #manipulation #coOpting #conflation #confusion #antisemitism #Guardian #DumpTheGuardian #manufacturingConsent
@ekis@mastodon.social
Don't have time for a banner grab but still interested in basic info about a server?
Well taking advantage of a server's inability to process '%' b/c it expects two hex digits to follow; in many cases it errors
Preventing this from happening is actually easy
It requires an essential secure programming principle: verify, validate, and sanitize your input
This principle should be applied to EVERY input, and yes the URL is input
#infosec #security #it #sysadmin #tech #development #programming
@hiramfromthechi@mastodon.social
Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.
#privacy #privacymatters #security #infosec #cybersecurity #cybersec #amazon #amazonecho #surveillance
@subm3rge@infosec.exchange
About me:
Soft-spoken #security old guy. Multi-industry, always #infosec, often IT/OT, sometimes physical/personal. I can find a policy, a pentest, or a bulletproof vest that suits your needs.
I mostly write like I prefer my coffee - dark, bitter, scalding.
https://justmytoots.com/@subm3rge@infosec.exchange
@ExiledKing@mastodon.gamedev.place
I never wrote an #introduction or at least don't remember.
I'm Tim - a dedicated #gamer #streamer and #linux enthusiast. I dream of doing #gamedev but tend to lose focus and drive early on.
Things I will post about:
- #memes lots of them
- #gaming - my backlog makes dragons jealous
- #manga #anime #japan
- #cyberpunk
- #comics
- #books as I work through my backlog
- #security
- #python #programmer
- #archlinux #linux
*Probably not an actual King
@freetechproject@floss.social
So glad to be on floss.social! Time for another introduction. Hello from #Sheffield, #SouthYorkshire, UK! We're a #NonProfit initiative founded back in 2010, focused on helping people use #technology in a way that is more financially, environmentally, and socially #sustainable, regardless of knowledge or skill level – using and promoting primarily #FOSS to provide personalised learning. We particularly love #Linux, #RaspberryPi, #privacy and #security! Feel free to spread the word. Thanks!
@neptune22222@kolektiva.social
I fight for the users.
I love programming and thinking and talking about thinking. I have an education (BS, MS, PhD) focused on artificial intelligence and neuroscience.
I'm an advocate of the public academic pursuit of knowledge, the scientific process, peer review, and I see open source software and hardware as an essential part of the scientific process.
I see software user rights, including security and privacy, to be protected mainly by free open source software, specifically software with a copyleft license, i.e. GPL or Mozilla.
I see the democratizing effects of the Internet, including distributed journalism and social networking, to be largely the effect of the collaborative development of free and open source software.
I am interested in free and open source manufacturing, including open source 3D printers and CNC machines. I believe open source manufacturing will be important for distributed manufacturing, allowing local manufacturing and local labor.
I see worker-owned coops as the way to safely transition from a non-democratic authoritarian top-down power structure of a traditional corporation to a democratic work environment, where the workers own the company and elect the board of directors, transitioning to democracy in the workplace.
I believe that socialism is a regulatory response to capitalism.
I believe that laws, money, corporations, and government are social agreements, and I'm in favor of democratic social agreements.
I believe in the organized non-violent boycott as a way to control capitalists and change corrupt systems.
I am a pacifist. I am against violence. I am against citizens keeping guns in cities and towns with children. I am against war.
I try to eat plant-based / vegan foods to boycott the animal industry, to help with the climate crisis, to improve my health, to avoid animal cruelty, and to avoid the extinction of species of plants, animals and ecosystems.
I have been diagnosed with Retinitus Pigmentosa, which is a disease of progressive retinal degeneration. I am legally blind, although I have about 5-degrees of vision remaining in my fovea. I'm interested in researching and developing BCIs (Brain-Computer Interfaces), specifically BCIs that function as vision prostheses that may help with conditions like RP, or the more common degenerative retinal disease AMD (Age-related Macular Degeneration).
I enjoy playing computer games like Age of Empires and Rimworld. I used to program computer games when I was younger and would like to get back to it one day.
I love playing music, especially bass guitar. I've been listening to a lot of Rage Against the Machine and Enya recently.
I enjoy reading books, mostly non-fiction.
I enjoy studying religions. I've found a lot of value in Buddhism, and I meditate often daily.
Nina and I have recently had our first baby, a boy we call Tyoma.
I'm currently working at Apple on the Vision Pro headset team.
I'm sober.
#users #fightforusers #userrights #programming #thinking #thinkingaboutthinking #ai #artificialintelligence #neuroscience #journalism #science #scientificprocess #peerreview #foss #fosh #flosh #floss #freeandopensource #freedomsoftware #libresoftware #copyleft #gpl #agpl #mozilla #license #ls #academia #privacy #security #democracy #internet #socialnetwork #distributed #cnc #3dprinting #locallabor #localmanufacturing #coop #workerowned #democracyatwork #regulation #laws #money #corporations #government #socialagreement #boycott #controlcapital #nonviolent #pacifist #antivolence #antigun #noguns #schoolshooting #antiwar #plantbased #vegan #climatecrisis #animalindustry #animalcruelty #extinction #animal #plant #ecosystem #environment #retinituspigmentosa #rp #agerelatedmaculardegeneration #amd #blind #lowvision #bci #games #computergames #ageofempires #rimworld #gamedev #music #bassguitar #rageagainstthemachine #enya #religion #reading #books #readingbooks #buddhism #baby #apple #visionpro #sober
@itisiboller@infosec.exchange
Sometimes logical isolation isn't enough
@RTP@fosstodon.org
Thunderbird & 🔐 PGP Setup Tutorial
(I2Pmail Example)
Did you know I2P offers email!? 😀
you@mail.i2p & you@i2pmail.org
Let's set this up today. It'll be fun!
Watch on #Peertube
*Post updated to instance offering vid space
#email #thunderbird #mozilla #I2P #mail #communication #infosec #cybersecurity #privacy #journalism #security #PGP #gpg #OpenPGP #FOSS #anonymity #anonymous #education #I2Pmail #postman
@WTL@mastodon.social
My four-month-late #Introduction :
Work: #WordPress #hosting & #Security, #music #festival #IT, #Editor / #Filmmaker, #SmallBusiness
Life: #horror movies, music, #camping, curious and loves to learn, social justice, and to my surprise, a #runner who has #run 15,477 KM Jan 2020 - Dec 2022.
If you stop and look at something the more closely you examine it, the more amazing it becomes.
Married to the wonderful @TAV for over 25 years, furdad to Sprocket the #MinPin, (he/him) #Ottawa, #Canada
@SpiderMonkey@mastodon.social
We are a little late to the party. How about we do an #introduction?
Hi Fediverse, we are SpiderMonkey, @mozilla’s #opensource engine for #JavaScript and #WebAssembly.
SpiderMonkey is used in Firefox, Servo and various other projects.
This account is run by our engineers, and none of us know how social media works. We were told to use hashtags.
#firefox #opensource #compilers #wasm #foss #privacy #security #performance #community
Nice to meet you!
@lewdmachines@mastodon.social
Since this is what's done on #mastodon - I am a middle age recovering fandom nerd, still active #security and #tech nerd, and someone who has amateur hour opinions on lots of things. My ideal vacation is reading terrible sci-fi in a nice hotel room.
Strongly in favor of #socialjustice #lgbt #prochoice #acab and I seem to be getting more radical as I get older.
I'll probably post about: #travel #smut #monsters #linux #whiskey #film #scifi #gaming #newwave
(Originally posted on mastodon.lol)
@dsp@social.sdf.org
#introduction i guess?
I'm a physicist who spent most of his time at school, in the datacenter. Then i somehow found myself in 'computer science research' labs writing software. For the past couple of years doing the security thing cause it's fun. Into #openbsd #plan9 #scheme #golang #C #security . When AFK i enjoy #cavediving #trailrunning #bicycletouring #mathematics . As always thank you #sdf for hosting us. It's nice to meet you all :).
@log4jmc@infosec.exchange
I've been enjoying infosec.exchange for the last month or so but have been putting off an #Introduction because I'm awkward and anxious (#privacy am I right?). I feel more comfortable talking about my cat than myself or my work on social media, so you'll probably mostly see him amongst my boosts and replies. He's a little hacker who tricks me into FaceID unlocking my iPad for him or hides my pouch of physical security keys to remind me not to be careless with them.
See how I just went on about the cat? Yeah... I feel imposter syndrome about belonging in #InfoSec. I'm an IT #security and #operations focused #SysAdmin (#BlueTeam) whose been fascinated/working with computers since I was 3, and have been doing it professionally for over 10 years now. Does that make me #SecOps? I honestly don't know. I love this community though and want to make an effort to share what I do know more often besides the cat pics or conversations or boosting #ThreatIntel and news I think to share.
If I had to sum up in a few hashtags and such, I know securing #Windows and #ActiveDirectory best but I use/protect #Linux and #macOS if you'll forgive me for using #PowerShell there too. I love #scripting and #automation, the #OSINT and #ThreatIntel and #IOCs we share, #infrastructure and #firewall stuff, #logging and #DFIR, and reading/writing reports just as much as code. I'm not super passionate about the #cloud but that's not a hill I'd die on and #Azure is pretty cool.
Did I mention I have one of the best #CatsOfInfoSec ever?
Anyway, "it's me, hi!"
@wamserma@hachyderm.io
Hello World.
I'm a consultant/developer for Embedded Systems Security.
Every now and then I contribute to #NixOS and #nixpkgs
I tried blogging a few times before, but either the service went out of business after a few posts or I ran out of time for longer posts.
Expect #Security and or #Nix orientended content from me.
Ocassional ramblings on random things, too.
@fabianlucchi@infosec.exchange
Time for my own intro, I think.
Born and raised in Switzerland on #milk, #cheese and #chocolate. Still there today.
Using computers since #ZX spectrum, always enjoyed technical stuff, programming, network and hardware. Deeply interested in BBS and demoscene (Unreal, futurecrew).
Co-started my own company, #Infomaniak, in 1994 with an associate. We were first selling home-assembled computers for endusers. Then we had our own first internet dialup POP by the end of the same year and each customer was granted free access (except for local call rates). We also ran one of the first websites in Geneva, Switzerland, around that time (still found in archive.org, look for infomaniak.ch).
We then splitted the company and started providing professional web/mail hosting when it was still pretty unusual. I built that company from scratch and my associate kept running the computer shop on one side, and doing strategic thinking for the hosting business. The shop was eventually sold in 2000/2001 and we 100% focused on hosting.
At first, I was involved in every step : network design, hardware choice, mail/web servers, routing/transit, building/maintaining IT racks, staff, programming our own management tools, Delphi at that time ; still programming with Embarcadero today. And it was rapidly too overwhelming. The staff grew, we enrolled people with better skills than we had, and I focused primarily on management, legal and accounting. But it was not what I loved to do every day.
In 2017, my associate and I divorced (a 25 years long coworking is *really* like a marriage) ; I was kicked out :(
By then, Infomaniak staff was +60 people (support staff, sysadmin, devs and office admin).
I took that opportunity to better focus on what matters to me : #data #security and #IT #support for small to very small companies. Those left alone with their too complicated technological problems and they do the best they can. Ourdays, this is obviously not sufficient.
So I started again from scratch, with IT-Awareness. My main objective was being able to provide better comfort with #technology for all non technical people, focused on #data #backups and all related matters. Due to the first customers I met, I'm now mostly helping #praticians in all #medical environments.
I'm still alone in my company (it takes time... so much time...) but I nonetheless received a huge project to build a secure mail system for all practicians in Geneva area (~3,000). "Secure" meaning "with confidentiality guaranteed" following Swiss laws requirements. A case study has been done by Synology : https://www.synology.com/en-us/company/case_study/Geneva_Doctors_Association
Prior to this new secured mail system, practicians were mostly using public services like gmail, aol and local telco mail systems, which is absolutely forbidden due to the sensitivity of data they're exchanging. They're now secure, compliant with the law and patients are better protected. But this is of course only part of the long way they still have to go.
I provide a lot of IT support for small medical centers ; they don't know a thing with technology and don't have time. They need things to be done, they need confidence. I try to bring both.
Interested in all #infosec matters for so many years I can't remember, I followed a lot of incredible people with deep knowledge that shared their insight on Twitter.
And like every one of you, migrated to infosec.exchange Mastodon instance (which I proudly sponsor, @jerry thank you so much for your work and dedication, this place is what we really need, our home).
I'm always open to discuss anything with anybody, sharing knowledge and experience.
@druid@ioc.exchange
#introduction: two weeks late.
Aspiring Gaeilgeoir, recreational cyclist, hiker, dog wrangler. I like traffic lights.
I've worked as a developer, architect, consultant, chief technologist and various types of management, almost always focused on data systems. Post sabbatical, I am contemplating looking for work in security/privacy/digital rights.
Happy to connect and talk.
#IrishLanguage, #cycling, #dogsofmastodon, #privacy #opensource #security
@vegard@mastodon.social
I've archived all my old tweets (except RTs) here:
https://vegard.github.io/twitter/
Almost everything has been tagged by subject/topic in case you are only interested in something specific.
Lots of #LinuxKernel, #Programming, #Security, #Fuzzing, #Git, etc. posts.
@cirriustech@infosec.exchange
Introduction
Redoing my #introduction as it was a bit of a sparse one when I joined.
I am a lifelong #technology enthusiast, having worked in Financial Services IT for more than 25 years, across multiple disciplines including:
* #Unisys #MCP-based #mainframe platforms (A17/A19/HMP NX 6800/Libra 180/Libra 6xx/Libra 890)
* #EMC #Symmetrix storage arrays (DMX 3/4 and most recently VMAX) including experience of #SRDF(S), SRDF(A), BCV
* #WindowsServer (2000 through 2019) including #ActiveDirectory
* Various #Linux/ #Unix OSes (#HPUX/ #RHEL/ #Centos/ #Ubuntu/ #Raspbian) including experience of #GFS/#GFS2 SAN storage clustering
* Virtual Tape Server technology (B&L/Crossroads/ETI Net SPHiNX, #TSM)
* Automation/Scripting (#PowerShell, #NT #Batch, #DOS, #Bash, #OPAL)
* #Security (#PrivilegedAccessManagement, #LeastPrivilege, #IAM, #Firewalls, #EDR)
* #BusinessContinuity/#DisasterRecovery (Design/Implementation/Operations)
I’m focused on learning and getting hands-on with #RaspberryPi at home and #cloud computing solutions both at work and at home.
I moved into a #SecurityEngineering role in 2020, so a lot of my focus is now more security focussed across all tech stacks.
My main focus at present when it comes to cloud is predominately #Microsoft #Azure, with Google and AWS of interest also, as well as other cloud infrastructure services such as those provided by CloudFlare, though I’m planning a move away from them due to their moral/ethical choices.
Away from work and tech, I love to #travel the world with my wife and enjoy very amateur #photography to record our adventures.
I also love most genres of #music, live in concert when I can, with a particular love of #Rock/ #Metal and also #Trance (coincidentally, given the profession of a somewhat more well known namesake of mine!).
@jamesbannan@aus.social
Now that the dust has settled, I can finally get to an #introduction
I’m based in Melbourne/Narrm, and live with my family (and dog!) a short walk from one of the loveliest beaches around.
I work as an #IT consultant, mostly specialising in #Microsoft technologies, system architecture, #security and #automation . I’ve also worked as a #journalist , an #educator , a public speaker and an #author
I have one technical book under my belt, but am aspiring to #write #fiction and am enjoying being part of the #AusWrites community
@mkeierleber@journa.host
#introduction Greetings, Mastodonians! (is that a thing?) I’m a #journalist focused on #schoolsafety and #civilrights. I love writing about – and discussing – #surveillance #privacy #security #tech #k12cybersecure #edtech #databreach #ai #foia
@GFH_oheffllc@mastodon.social
As my first post on mastodon, here's an image of a comic strip that formed in my head while working on something else (I was writing an article for Bob Ambrogi's site at https://directory.lawnext.com/library/an-alternative-calendar-and-contact-program-for-your-law-office-time-and-chaos/ ) Here are some tags: #lawyer #apps #security
@alexjcord@infosec.exchange
A bit late to the fediverse party, but here's my #introduction:
I'm a software engineer in the SF Bay Area working on #secureboot architecture and #bringup at a major tech company. Interested in #security (obviously, on this server) and extreme #homeautomation. Also enjoy #hiking, #cooking with my wonderful wife, the #oxfordcomma, and #lotr. Go #Illini! 🔶🔷
@jack@social.lol
@dostalcody@infosec.exchange
I decided I need to re-do my #introduction post. Why? I didn't know that full-text search wasn't really a thing on Mastodon (well, particularly cross-instance), so I need to hashtag it. If you've read it before, feel free to move on, or read again. Anything goes!
I’ve seen a few others do introductory posts so I figured why not for me too. It’s unlikely I was known on #infosec Twitter because I didn’t post much on Twitter. I hope to change that here.
I’ve worked in #SystemAdministration, #VulnerabilityManagement, #NetworkSecurity, and/or #SystemofSystems #Security for around 8 years. My experience has been solely within the world of #DOD, first as a civilian and then as a contractor. I’m currently a Senior SA/Deupty PM for Broadleaf-inc, a government contractor.
Along with that, I’ve been teaching infosec for around two years for a university. I developed many courses, Network Security, OS Security, #VulnerabilityAssessment and #PenetrationTesting, #OSINT, IDS & IPS, #CyberthreatIntelligence, as well as an Introduction to IT and a CCNA course. I’ll be developing an Advanced Penetration Testing and a Digital Forensics course this upcoming year.
I am an advocate for helping those with no existing experience and fresh graduates find positions in #Cybersecurity, truly entry level positions. I help run a discord that focuses on that, #SecurityNewbs, as well working on free university-style courses that people can take to learn these skills. Those aren’t ready yet, but my first free course will be Introduction to Cybersecurity.
On my off-time, I'm a huge #gamer. You'll generally find me on the Xbox Series X, although once in a while I'll be on PS5. I generally play #destiny2, probably a little too much. I have 4 kids, 5 cats, and 2 dogs. It can be a hectic house.
That’s me. Fin.
@raptor@infosec.exchange
Hey everyone, here's my mastodon #introduction.
I'm a seasoned offensive #security researcher with 20+ years of experience.
As a professional #hacker and polyglot programmer of weird machines, basically I study how things can go wrong.
Some examples:
http://phrack.org/issues/70/13.html#article
https://vimeo.com/335197685
https://vimeo.com/474793702
https://youtu.be/Nc9ZLTb2hQ8
Hack the planet! 🏴☠️🌎
@andreagrandi@mastodon.social
@b3cft@infosec.exchange
I guess everyone else is, so I'll do an #introduction as well.
I'm Andy, but most people, especially online, know me as Bob (due to a manager at Yahoo! in the late 90's playing a practical joke and it stuck).
I've actually been on here since 2019 but mostly kept lurking occasionally.
I have a wife and 13yo son. Like fiddling with #3dPrinting and #microcontrollers and #robotics. I'm also a #marksman shooting in county rifle teams for full-bore and small-bore.
I'm not officially in #infosec but have been working in networking and sysadmining since token ring networks were the latest hotness and the Internet consisted of telnet, ftp, gopher and email.
I currently work as an #cloud #infrastructure #architect for an #ecommerce startup and am notionally in charge of #security as no one else is interested.
I follow #infosec where I can and keep having ideas about stuff I'd like to research.
@cirriustech@infosec.exchange
In my latest post in the Security Bytes series, I talk about a term you probably hear a lot, but perhaps haven’t stopped to think about what it is - Least Privilege.
#SecurityBytes #Security #InfoSec #CyberSecurity #CyberSec #LeastPrivilege #CirriusTech
https://www.cirriustech.co.uk/blog/secbytes-least-privilege-pt2/
@OneiricBotcelot@digitalcourage.social
Ich bin seit Sommer 2021 auf Mastodon, aber nach meinem Umzug von social.tchncs.de #neuhier auf dieser Instanz. Nachdem ich schon seit längerem Fördermitglied bei @digitalcourage bin, war es einfach an der Zeit.
Beruflich und von den meisten Interessen her bin ich in der #IT beheimatet. In den letzten Jahren stelle ich vermehrt die Entwicklung unserer Gesellschaft im digtalen Zeitalter in Frage und habe für mich einige Schlüsse daraus gezogen. So besitze ich weder ein Konto bei #Microsoft und #Google noch nutze ich irgendeinen Service aus dem Universum des Konzerns #Meta. Die Nutzung von #Amazon habe ich weitestgehend eingestellt.
Themen für die ich mich u.a. interessiere: #Netzpolizik, #Mainframe, #Datenschutz, #FLOSS, #Security, #Privacy, #Selfhosting, #Linux, #CSGO, #OpenStreetMap, #Wandern, #GrapheneOS, #Klima, #Überwachungskapitalismus, #Hardstyle.
Bleibt nur noch zu sagen: Ich freue mich auf (weiterhin) einen tollen Austausch im #Fediverse!
@RDBinns@someone.elses.computer
#introduction post!
I'm an interdisciplinary researcher, mainly in #computerscience but also a bit of #law, #philosophy, and a pinch of #STS. I study #privacy, #dataprotection, algorithmic decision-making, 'fair' ML/AI, #decentralisation, #security, #regulation of and by technology; hoping to gradually add #climatejustice to my bag of interests.
I build #Enigma machines. I don't know why (https://www.reubenbinns.com/blog/enigma-machine-version-2/)
I live in London and work in Oxford.
Love #TottenhamHotspur
@raboof@merveilles.town
Hi there! Been on the fediverse since 2018 but time for an #introduction update:
As #software developer from #Deventer, the #Netherlands I love #opensource, @nixos_org and @reproducible_builds , maintain #tiling #x11 wm @notion and helped organize @mch2022camp. I'm active at @hack42 and volunteer at Museum @EICAS.
Job: ex-#akka team at #lightbend, now self-employed and available for contracts on FLOSS things next to my part-time engagement as #Security Response Program Manager for #Apache .
@blinkygal@sunny.garden
Hi I’m new to and I see #introduction is a fun thing to do.
I enjoy #modernart, #abstractart, #paintings, #photographs. I love listening to #music including #drumandbass, #dance, #classical, #pop, #punk, #ska, and #alternative. I am learning #crochet and #piano and into sports like #skateboarding, #rollerderby, #squash, and #hockey. I love #learning and #science.
Have a #MSc in #compsci. I make internet #software have better #security. I enjoy #rust but do research with #cpp too.
❤️
@MichaelAltfield@mastodon.social
Presenting #BusKill: A $20 #DeadManSwitch triggered by someone physically yanking your laptop away from you.
#opsec #infosec #CyberSecurity #travel #saftey #TravelSecurity #security #privacy
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/