Skip to main content

Search

Items tagged with: infosec


There's been a huge increase in malicious ads on Google lately. In some cases the first 4-5 search results for certain pieces of software have all been malicious ads leading to info stealers.

More details:
https://updatedsecurity.com/topic/291-huge-increase-in-malicious-advertising-on-google/?a=1
#infosec #cybersecurity #malware


Guess how often your PC connects to #Google servers? :blobcatscared:

I created a #Python version of Googerteller by @bert_hubert using his list of Google servers & scapy sniffer. It beeps and prints all Google IPs your computer connects to.

Go turn it on and surf around 😎​👍​ It's ridiculous just how much of the web connects you to Google at some point. Given your IP, it's a piece of cake to profile your traffic with that data. #infosec

Here on #github: https://github.com/luzmediach/googertellerpy


Hey so if you have harassment or stalking, there are about zero tools on Masto to protect you.

Mute and block only works if they stick to one account, which they don't. Mine has about 10 that I know of so far.

Instance blocking helps on occasion, but again, you can register accounts on many instances.

Can you filter words, sure.

Telling me to stay off socials is not a productive or useful answer. Thanks.

I am simply speaking up because others are experiencing prolonged and targeted harassment too and I want you to know it exists here.

Please read all the comments some are useful, many are not. 😅

Here are my links if you'd like to support my work or join my email list:

I work to protect privacy, profit & peace of mind. Need a consult? https://lockdownyourlife.as.me

Being stalked/harassed: https://lockdownyourlife.com/7-steps-protect/

Join the email list: https://lockdownyourlife.mykajabi.com/thetwitter

Support my work: https://ko-fi.com/lockdownyourlife

#harassment #stalking #infosec #WomenInTech #techie #InformationSecurity


💡 Idea: we need a privilege similar to attorney-client privilege, but between techies and people they support.

Journalists, refugees, people at-risk and from marginalized groups, and we all, really, need to *know* that tech people supporting them cannot be legally forced to disclose the (often very personal or sensitive) data they gain access to while providing tech support.

Data that is shared with them in confidence, and which is often necessary to render tech help at all.

#InfoSec #Legal


🤔 It's shocking to me the number of #infosec professionals that perpetuate the myth that a company is required in order to use a password manager.

#OpenSource #passwordManager #LastPass

cc @keepassxc


I'm seeing a lot of hot takes on #LastPass, from people in #infosec coming to the conclusion that LastPass transparently disclosing breaches, or near breaches, or any incidents, is a sign of something terrible.

I think those people have not been at this long.

All companies eventually get hacked. All companies eventually will be breached, and it's not if; it's when.

And if you are a company storing millions of passwords, you better believe you are being attacked constantly.

Given that world, I want a company that:
  • is transparent and lets their users know immediately when something is up and gives as many details as they can.
  • can actually detect incidents and has a solid process to follow in dealing with them and communicating about them
If you think a company that never says, "hey, we had an incident," is more secure. .. oh boy.

It merely means they either a) can't detect incidents or b) are hiding them from you

If you are using a password manager that is silent about breaches, near misses, incidents, etc., That should be cause for concern.


Content warning: birdsite, threat actors, reputation


It looks like we have in our usual argumentative and verbose way agreed at least on using #ThreatIntel to tag informational CTI posts accordingly. #cybersecurity #infosec


With almost 6k instances of #mastodon I'm pretty sure some #scam is already free in the wild. Choose your instance wisely, be aware of the e-mail account you use and - as always - use a unique password.
#infosec #newtoots #password


#Introduction time! I'm rysiek. On fedi since before it was fedi ­— I see you, old StatusNet guard!

Did information security and infrastructure for #PanamaPapers journalists, fought #ACTA on the streets and in meetings, helped write the book on #NetNeutrality, started a hackerspace and a half, and wrote a bunch of code.

Media literacy is a human right. Protocols, not platforms. Communities, not customers. User-Authored Works, not user-generated content.

#Privacy #InfoSec #FreeCulture #FLOSS


WiPri (WiFi Privacy) Updated Today (any Linux):

Many custom/classic options: unique mac address spoof + hostname + signal strength + SSID (including customized boot options added today) w/unique settings (including multiple types of continual changing randomization or device/brand mimic randomization) + protection checks from leaks (on static settings) (Continued...)

#Privacy #HumanRights #Linux #WiPri #metadata #anonymous #Infosec

Tor Download: http://gg6zxtreajiijztyy5g6bt5o6l3qu32nrg7eulyemlhxwwl6enk6ghad.onion/RightToPrivacy/WiPri/archive/master.tar.gz

Opening screenshots:


Why can't we have nice things?

Microsoft. Microsoft is why we can't have nice things.


Be safe out there, folks. #Pride #LGBTQ #InfoSec


In light of the latest data breach at T-Mobile in US, may I remind everyone and their dog of this little gem from 2018:
https://web.archive.org/web/20180429220059if_/https://twitter.com/tmobileat/status/982187919061303296

#InfoSec #TMobile
screenshot of the thread linked to in the toot

tl;dr: a security researcher points out to T-Mobile Austria that storing cleartext passwords in their database is a no-no, T-Mobile Austria responds in a very cocky way


If you're in the EU and #Facebook leaked your data, you're eligible to join Digital Rights Ireland in suing the fuckers. DRI have a phone-number checker for you to see if you were affected:
https://www.digitalrights.ie/facebook/
#privacy #security #infosec


I realized today that some applications out there still use #BBCode for non-legacy reasons. I really have no idea why anybody would do that in year 2020. It’s a very questionable decision security-wise, and it has no usability benefits either. #infosec #security #XSS


Fancy, finally an alternative to Let's encrypt!

https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/

It's always good to have alternatives around. ZeroSSL appears to be a European company that now provides free TLS certificates using the ACME protocol.

#TLS #SSL #CA #infosec #letsencrypt


On the privacy of online login forms inputs


A Twitter poll started by @MrPetovan asks in the context of online web forms whether login and password should be considered private or just the password. The three people who responded chose login and password.

I'm surprised but not shocked by this result. It seems to me that many people are confused about why online login forms have two fields but only one of them hides the input.

On one hand, if all the credentials are meant to be private, why not add a third or a fourth input field with more private stuff? This would be more secure, right? On the other hand, if someone is using a weak password, what is the likelihood their login is easily guessable as well?

I personally believe online login forms have two fields for two different kind of data: an identifier that shouldn't be considered private, because the password/phrase field is already there for that specific purpose. As a result, I fully support letting users fill the login field with as many different identifiers they can have, including email addresses and public usernames, because it is massively more convenient without compromising on security since there is a password.

#infosec #security


I'm surprised but not shocked by this result. It seems to me that many people are confused about why online login forms have two fields but only one of them hides the input.
#infosec #security

#infosec #security question: When it comes to online credentials, which piece(s) of information should be private according to you:



Friends, enemies, I bought this a couple of months ago and have really enjoyed the content so far - highly recommended if you're interested in #infosec