Skip to main content

Search

Items tagged with: security


ICD #34 - Co jeśli nie Facebook, Instagram i reszta? Fediverse!


Content warning: #aplikacje #apple #bezpieczeństwo #big #czas #działać #facebook #fediverse #firefox #google #internet #kontrola #korporacje #linux #media #mozilla #nowoczesne #opensource #Podcast #prawa #privacy #prywatność #security #social #tech #technologia #technolog


< ORIGINAL STATEMENT >
Smartphones using the Snapdragon 630 chip were found to call home to Qualcomm without the consent of the user, bypassing the whole operating system. […]
< SEE ATTACHMENT >

EDIT / UPDATE:
Martijn Braam took a look and provides a valuable counterstatement. Thx @bart
https://blog.brixit.nl/nitrokey-dissapoints-me/
Still without the actual data that gets transmitted though. Unless someone does it first I'll replicate the test setup myself tomorrow and post my findings here.
#privacy #security
Screenshot of original toot:

Smartphones using the Snapdragon 630 chip were found to call home to Qualcomm without the consent of the user, bypassing the whole operating system. Data includes unique hardware ID, current IP, country, your ISP, list of installed apps and other data.

It is send unencrypted and gets combined with data broker profiles.
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker

As usual, big IT companies don't give a flying fart about any laws, their customers or ethics in general. Who would've guessed. 😔 #privacy #security


☣️ This is why you should never trust your important information (like passwords!) to proprietary software like @1password.

#OpenSource #FreeSoftware #privacy #security #infosec

🤡 #1Password becomes #spyware:

https://blog.1password.com/privacy-preserving-app-telemetry/


Curated /etc/host



U.S. sues Google for abusing dominance over online ad market

https://www.bleepingcomputer.com/news/security/us-sues-google-for-abusing-dominance-over-online-ad-market/

#Security


LastPass Sibling Company GoTo Loses Encrypted Backups to Hackers

The hacker also stole an encryption key for a portion of the encrypted backups by accessing a cloud storage database shared by both LastPass and GoTo.

#news #tech #technology #security #privacy #Lastpass #breach #hacking

https://www.pcmag.com/news/lastpass-sibling-company-goto-loses-encrypted-backups-to-hackers


Which free software password manager do you use?

Please share your recommendation. Boost is very appreciated.

#PasswordManager #Security #FreeSoftware #OpenSource #Poll

  • KeePass / X / XC (49%, 672 votes)
  • Bitwarden (34%, 471 votes)
  • KDE's / GNOME's one (2%, 28 votes)
  • Other, please comment (14%, 194 votes)
1365 voters. Poll end: 1 year ago


Just a #reminder, the #LastPass data #leak happened despite all the military grade and government verified as well as standardized encryption 🔐

#Encryption alone is not #security, but its implementation, and some do it better and others just badly. If the single point of #failure is vulnerable, the rest is usually useless 😉

Please do not fall for #buzzwords and the associated #advertising promises 🙏


TikTok pushes potentially harmful content to users as often as every 39 seconds, study says

#TikTok recommends self-harm and eating disorder content to some users within minutes of joining the platform, according to a new report published Wednesday by the Center for Countering Digital Hate ( #CCDH ).

#news #technology #tech #security #china

https://www.cbsnews.com/news/tiktok-pushes-potentially-harmful-content-to-users-as-often-as-every-39-seconds-study/


Wait, what?… you don’t mean that your all-important secret for your Small Web site is going to be… A STRING OF EMOJI?!*

(Why yes, yes it is…) :awesome:

* Or, if you want to take all the fun out of it, a base256 encoding of your ed25519 private key that is purposefully impractical to write down somewhere or type in so you’ll be forced to practice good security hygiene and store it in your password manager.

#design #security #privacy #cryptography #kitten #SmallWeb #SmallTech
Screenshot of Kitten running an app at ~/sandbox/kitten-auth-test-1 (git main branch, 62 changes). Alongside the normal output there is a highlighted box labelled IMPORTANT! that reads: “This line of emoji is your secret <line of emoji follows> It will not be shown again. Please save your secret in your password manager.”


This week on the #osspodcast @joshbressers and @kurtseifried discuss #factorio and then #usability vs #security https://opensourcesecurity.io/2022/11/27/episode-351-is-security-or-usability-a-law-of-the-universe/ TL;DR: THE ADMINS CAN READ THESE TOOTS!!!! EVEN THE PRIVATE TOOTS!!!!

Also, we managed to avoid discussing CISA, Twitter, and all the other things on fire.


#geek #security
Getting an #SSL #certificate from #LetsEncrypt (or possibly anywhere) results _immediate_ #attack's on the host. It seems bots constantly monitoring new certs.
Keep in mind when pulling up new services.


Another instance, another #introduction - here's hoping that I'll settle here for good!

I'm matchboxbananasynergy, AKA Banana, That Banana Guy, Bananaman... you get the point.

My main interests are #privacy and #security - with an extra focus on #android

I've previously contributed to privacy and security resources, and I am currently doing community moderation for various privacy and security related open-source projects.

Feel free to say hi! 👋​


I share unique scripts, public #tutorials (+blog) in both writing/video, on various topics, mostly #Linux / #FOSS related, #security, #privacy, #cybersecurity, #HumanRights.

Check out my posts, organized by category and fully searchable (by title), here:
https://www.buymeacoffee.com/politictech/posts



The Hive #ransomware gang now also encrypts #Linux and #FreeBSD using new #malware variants specifically developed to target these platforms.
https://www.bleepingcomputer.com/news/security/hive-ransomware-now-encrypts-linux-and-freebsd-systems/?&web_view=true
#security



Leave no trace: how a teenage hacker lost himself online | Hacking | The Guardian

Edwin Robbe had a troubled life, but found excitement and purpose by joining an audacious community of hackers. Then the real world caught up with his online activities
A longish, but interesting read.

#technology #tech #security #privacy #hacking #malware

https://www.theguardian.com/technology/2021/oct/14/leave-no-trace-how-a-teenage-hacker-lost-himself-online?CMP=fb_a-technology_b-gdntech



How Hackers Used #Slack to Break into #EA #Games

A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA.
...
The hackers then requested a multifactor #authentication token from EA IT support to gain access to EA's corporate #network. The representative said this was successful two times.

Once inside EA's network, the hackers found a service for EA developers for compiling games. They successfully logged in and created a virtual machine giving them more visibility into the network, and then accessed one more service and downloaded #game #source #code.
more here: https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack

#security #hack #hacker #news #details #story #cookie #login


RT @ilumium@twitter.com

@Andreas_Schwab@twitter.com @1Br0wn@twitter.com @FantaAlexx@twitter.com @EP_SingleMarket@twitter.com When you control whole markets & 2+ billion users, being a digital silo is not an option. Way too dangerous for us and our democracies.

(Also: #interoperability does not break #security or #privacy. Ask @ara4n@twitter.com & the folks at @matrixdotorg@twitter.com. They know a thing or two about this.)

🐦🔗: https://twitter.com/ilumium/status/1401922257564450827


If you're in the EU and #Facebook leaked your data, you're eligible to join Digital Rights Ireland in suing the fuckers. DRI have a phone-number checker for you to see if you were affected:
https://www.digitalrights.ie/facebook/
#privacy #security #infosec



'Spy pixels in emails have become endemic' | BBC News

The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request.
#technology #tech #security #privacy


No, <website>, I do not want to mark this device as "trusted". I enabled two-factor authentication exactly because I do not trust my devices. #security


I realized today that some applications out there still use #BBCode for non-legacy reasons. I really have no idea why anybody would do that in year 2020. It’s a very questionable decision security-wise, and it has no usability benefits either. #infosec #security #XSS


On the privacy of online login forms inputs


A Twitter poll started by @MrPetovan asks in the context of online web forms whether login and password should be considered private or just the password. The three people who responded chose login and password.

I'm surprised but not shocked by this result. It seems to me that many people are confused about why online login forms have two fields but only one of them hides the input.

On one hand, if all the credentials are meant to be private, why not add a third or a fourth input field with more private stuff? This would be more secure, right? On the other hand, if someone is using a weak password, what is the likelihood their login is easily guessable as well?

I personally believe online login forms have two fields for two different kind of data: an identifier that shouldn't be considered private, because the password/phrase field is already there for that specific purpose. As a result, I fully support letting users fill the login field with as many different identifiers they can have, including email addresses and public usernames, because it is massively more convenient without compromising on security since there is a password.

#infosec #security


I'm surprised but not shocked by this result. It seems to me that many people are confused about why online login forms have two fields but only one of them hides the input.
#infosec #security

#infosec #security question: When it comes to online credentials, which piece(s) of information should be private according to you:


No, #PayPal, if I set up two-factor authentication, it wasn't so that you give me the choice between using a token or sending it by SMS to my number!
It was precisely so that who has access to my phone number (rather than my phone itself) would be irrelevant!
#security #fail #2FA


Any grassroot suggestion for a simple two factor authentication plugin for #Wordpress ?

#2fa #security