Skip to main content

Items tagged with: infosec

Search

Items tagged with: infosec


it's #WorldDayAgainstCyberCensorship and did you know that you can help keep people safer—people like freedom fighters, political dissidents, journalists, and regular people simply seeking medical information or services, like abortions, HRT, sex ed, therapy, or psychiatric medications—by becoming a @torproject Snowflake?

you can even run it in your browser or on your phone via @guardianproject's Orbot app

here's an explainer by @eff:

https://www.eff.org/deeplinks/2022/10/snowflake-makes-it-easy-anyone-fight-censorship

#Censorship #activism #organizing #MoSec #MovementSecurity #OPSEC #infosec #protest #TeslaTakedown #Gaza #genocide #StopCopCity #Climate #ClimateCrisis


Content warning: death threats, violence, update on fedi spam


NEW: WhatsApp will soon make it possible to chat with people who use other messaging apps. It's revealed some more details on how that will work.

— Apps will need to sign an agreement with Meta, then connect to its servers.
— Meta wants people to use the Signal Protocol, but also says other encryption protocols can be used if they can meet WhatsApp's standards
— WhatsApp has been testing with Matrix in recent months, although nothing is agreed yet. Swiss app Threema says it won't become interoperable

https://www.wired.com/story/whatsapp-interoperability-messaging/ #tech #whatsapp #dma #infosec #news #technology


Fuck it. #YOLO

#Bluesky continues to be entirely non-responsive to the numerous security vulnerabilities I've reported to them, so I spent the evening writing up a nice README and a framework with exploit modules, and just made it all public.

Have fun.

https://github.com/qwell/bsky-exploits

#infosec #security


🚨 cuidado con las urls de sitios apócrifos

Este caso de suplantación de sitio del #sat 👇

#infosec #cibersecurity #ciberseguridad

🇲🇽 Cuidado, sitio activo suplantando la identidad de #SATMX

El sitio distribuye malware para realizar ataques Man-in-the-Browser, es decir, intercepta y manipula la info/actividades del usuario en el navegador infectado
Archivo descargado: SAT_Complemento_Seguridad.zip

vía hiramcoop en ✖️ antes 🐦


If companies like #Microsoft keep sending out emails with big login buttons in them, how do they expect people to learn not to click buttons and links in #phishing emails. Corporate marketing people need to be fired for sending emails like this. Period. No second chances. Send a link in an email, lose your job. Immediately.

#infosec #marketing


I've always questioned how much more secure this is than emailing files, for outbound documents. It limits the opportunity window of an attacker when the first document is sent, rather than the file sitting on various mail servers. But if an attacker can intercept the email, then that attacker can sign in to Nextcloud and access the file. Ideally, you would do some sort of identity proofing or non-email communication of initial credentials before exchanging files.
#security #infosec


#Intel Deploys Undisclosed #Microcode Security Update For CPUs Going Back To Coffee Lake (2017 launched CPUs)

Intel released CPU microcode updates for processors all the way back to Coffee Lake on Friday afternoon. Unfortunately, the changelog doesn't delve into details other than that the new microcode fixes an undisclosed security issue.

#InfoSec
https://www.tomshardware.com/news/intel-microcode-security-update


So Google is now preventing people from removing location data from photos taken with Pixel phones.

Remember when Google's corporate motto was "don't be evil?"

Obviously, accurate location data on photos is more useful to a data mining operation like Google.

From Google: "Important: You can only update or remove estimated locations. If the location of a photo or video was automatically added by your camera, you can't edit or remove the location."

It's enshitification in action.

Source: https://support.google.com/photos/answer/6153599?hl=en&sjid=8103501961576262529-AP

#technology #tech @technology #business #enshitification #Android #Google @pluralistic #infosec


Hey there -- we're Let's Encrypt, the free and open certificate authority serving over 300 million websites worldwide. We're new to Mastodon and are excited to get to know the infosec community in this new space!

https://letsencrypt.org/

#opensource #TLS #PKI #infosec


TOTP and U2F/WebAuthn keys work for free and are much more secure. Everyone should stop using SMS 2FA. More info in this great article. https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/ #infosec


Excellent story on Wired about Telegram's problems with supposedly being "private" and secure, and how Russia is exploiting it https://www.wired.com/story/the-kremlin-has-entered-the-chat/

IMO Telegram should be treated like Facebook: if you're registered there, don't leave any details, configure all chats to self-delete (especially non-private ones), and FFS do not use it for group chats, whether they're open or closed, as they're not encrypted at all.

#Telegram #Privacy #Security #UkraineRussiaWar #InfoSec #Encryption #Messenger


In the unlikely event that the #FTC bans #noncompete clauses, the #infosec industry is going to go bonkers.

This legal tactic is used constantly to scare people into not leaving to escape toxic work environments, find better pay or get better benefits (be it flexible hours, remote work, health care, retirement contributions, paid time off, etc.).

I hope they decide to do it.

https://www.wsj.com/articles/ftc-proposes-banning-noncompete-clauses-for-workers-11672900586


Lo, thar be cookies on this site to keep track of your login. By clicking 'okay', you are CONSENTING to this.