theguardian.com/technology/202…

This article discusses how to protect privacy, amidst concerns of increased government surveillance.

The article is aimed at Asylum seekers & immigrants to the US, but it's solid advice for anyone, really.

Recommendations include using encrypted messaging apps like Signal, Apple iMessage, and WhatsApp, and setting messages to disappear.

It also recommends minimizing data sharing and deleting data when possible, particularly from Google.

#privacy #security

Opt out: how to stop tech companies spying on your phone as Trump promises mass deportations

There are no federal privacy regulations to protect your information – here’s how you can do it yourself

^{Johana Bhuiyan (The Guardian)}

Urgent Warning for Fedi Admins
We've discovered an ongoing Denial-of-Service attack against Misskey-based instances. The attacks exploit a zero-day vulnerability impacting Misskey, Sharkey, IceShrimp, and other related software. Patches are in progress and will be released ASAP. We encourage all admins to update immediately!

#Misskey #Sharkey #IceShrimp #FediAdmins #Security

Oha, das ist provokativ: Dieser Blogartikel sagt:

- Nutzt kein #PGP / #GPG
- Nutzt kein #XMPP + OMEMO
- Nutzt kein #Matrix (im Sinne: verlasst euch nicht auf die Verschlüsselung)
- E-Mails verschlüsseln ist sinnlos

Ich kenne den Autor nicht und würde ihn nicht erwähnen, würde der Artikel nicht in ernstzunehmenden ITSec-Newslettern zitiert

soatok.blog/2024/11/15/what-to…

Meinungen? #itsec #security

What To Use Instead of PGP - Dhole Moments

It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they s…

^{Dhole Moments}

I've seen a number of toots today advising people against scanning random #QRCodes because they can be used in a number of malicious ways.

There are a number of legitimate ways people can use such codes to trick others, and it can require some deeper understanding of how systems work to avoid them. For that reason, I'm not going to contradict that recommendation, but I will add to it.

QR codes are usually just URLs encoded in a visual, machine-readable form, so they aren't necessarily more dangerous than a link. The danger comes from the fact that most scanner apps will directly open whatever URL you scan without giving you the opportunity to consider whether that's a good idea.

You can reduce the risk of scanning such codes by installing a better app which requires manual interaction to open URLs after decoding them.

For android users I recommend "BinaryEye", since it's open-source, ad-free, and has a bunch of other useful features.

Its github page links to both F-Droid and the play store:

github.com/markusfisch/BinaryE…

#privacy #security

GitHub - markusfisch/BinaryEye: Yet another barcode scanner for Android

Yet another barcode scanner for Android. Contribute to markusfisch/BinaryEye development by creating an account on GitHub.

^GitHub

With the release of Parcelo 0.11.0, we've made some significant changes to our server infrastructure. App developers can now find the developer console at console.accrescent.app.

If you encounter any issues, please let us know ASAP through our socials or contacts on our site.

#security #privacy #android #appstore #accrescent

Thursday, November 7

Russia’s war against Ukraine

Consequences of a drone attack on Kyiv in the Pechersk district of the city, November 7, 2024. (Telegram/DSNS of Kyiv)

Zelensky congratulates Trump on US election victory. "I recall our great meeting with President Trump back in September, when we discussed in detail the Ukraine-U.S. strategic partnership, the Victory Plan, and ways to put an end to Russian aggression against Ukraine," Zelensky wrote.

Biden administration rushing to deliver $6 billion in remaining aid to Ukraine ahead of Trump's inauguration, Politico reports. Two administration officials told Politico that the White House plans to expedite the weapons delivery amid concerns that a future Trump administration would halt weapons shipments before they reach Kyiv.

Russian drone attack on Kyiv damages buildings, causes fires in five districts. Russia launched a drone attack on Kyiv overnight on Nov. 6, striking a residential building as well as an auto repair shop in the capital, the Kyiv City Military Administration reported.

Your contribution helps keep the Kyiv Independent going. Become a member today.

Ukraine's gas production highest since full-scale invasion's start. According to EXPRO’s calculations, gross natural gas production rose by 2.3% in October 2024 compared to the same month last year, reaching 1.663 billion cubic meters, the highest level since January 2022.

Zelensky to visit Hungary for European Political Community Summit. "We will discuss security challenges in Europe, as well as new opportunities for all partners," President Volodymyr Zelensky said.

Russia's Dagestan claims to intercept drone, airport halts flights. The downing of a drone in Dagestan comes shortly after an unprecedented drone strike against a Russian military academy in neighboring Chechnya on Oct. 29.

The Kyiv International Economic Forum (KIEF) — one of the largest international forums in Eastern Europe — will take place on Nov. 7, with the Kyiv Independent as a media partner.

KIEF brings together representatives of business, government, and society to promote Ukraine's integration into the global community.

Register here: **forumkyiv.org/en/**

Read our exclusives

With Trump back in White House, can Ukraine opt for nuclear deterrence?

With the looming risk that U.S. President-elect Donald Trump may pull the plug on Washington's support for Ukraine, Kyiv has flirted with the option of nuclear deterrence.

Photo: Mykhaylo Palinchak/SOPA Images/LightRocket via Getty Images

What we know about Trump's plans for ending Russia’s war against Ukraine

Trump has repeatedly said he could end Russia's war "in 24 hours." What is his plan?

Photo: Anna Moneymaker/Getty Images

This is what Ukrainians in Kyiv think about Trump’s election victory

As Donald Trump triumphs in the U.S. presidential election, Ukrainians brace themselves for what it means for their nation.

Photo: The Kyiv Independent

Ukraine state-owned enterprises weekly — Special issue on state-owned railway company Ukrzaliznytsia

In this special issue, Oleksandr Lysenko and Andriy Boytsun highlight several events illustrating failures in the corporate governance of Ukrzaliznytsia.

Photo: Stanislav Ivanov/Global Images Ukraine via Getty Images

Trump wins US 2024 presidential election – what this means for Ukraine.

Republican candidate Donald Trump claims victory in the 2024 U.S. presidential elections, foreign leaders issue messages, congratulating the former president on returning the White House.

The Republican Party will also take control of the U.S. Senate. The House election results are still being counted. This will impact how — if at all — any future aid arrives in Kyiv from Washington.

Photo: Chip Somodevilla/Getty Images

Human cost of war

Russian attacks against Ukraine injure 37, kill 9 over past day. Russia launched 63 Shaheds and other drones overnight, as well as two Kh-59 and Kh-31P guided missiles. Ukrainian air defenses shot 38 drones over nine regions while 22 were "lost," the Air Force said.‌‌

Russia has executed at least 124 Ukrainian POWs on battlefield, Prosecutor General's Office says. Denys Lysenko, head of the department focused on war-related crimes, said that 49 criminal investigations were underway regarding the execution of Ukrainian POWs.

Opinions and insights

Opinion: Biden's foreign policy missteps weakened the West and undermined Harris' path to the presidency.

History will likely judge U.S. President Joe Biden poorly. He set himself a singular mission: to save democracy. But the risk is that his own ego may have jeopardized that very cause — not only in the U.S. but across the West, writes Timothy Ash, Associate Fellow at Chatham House.

Photo: Kevin Dietsch/Getty Images

International response

Orban congratulates Trump on victory, calls it biggest comeback in US political history. "The biggest comeback in U.S. political history! Congratulations to President Donald Trump on his enormous win. A much needed victory for the World!" Viktor Orban posted.

Georgian PM hopes for 'restart' of ties with US after Trump's reelection. "I am confident that President Trump’s leadership will promote peace globally and in our region as well as ensure restart in U.S.-Georgia relations," Georgian Prime Minister Irakli Kobakhidze said on X.

Russia-Ukraine war can't be stopped overnight**, Kremlin reacts to Trump.** "We have repeatedly said that the United States of America can help end the conflict in Ukraine. This, of course, cannot be done overnight," Kremlin spokesperson Dmitry Peskov said.

Europe must take responsibility for its security, Polish FM says after Trump's win. "The winds of history are blowing ever more strongly. Poland's leadership will rise to the occasion," Polish Foreign Minister Radoslaw Sikorski said, urging European countries to boost defense spending.

Updated: Russian officials cautiously cheer on Trump's victory. "Trump has one quality that is useful to us: as a businessman to the core, he hates spending money on freeloaders, on idiotic allies, charity projects, and greedy international organizations," former Russian President Dmitry Medvedev said.

Russian war in 'stalemate,' needs to be brought to end, Republican senator says. "That doesn't mean we celebrate what Vladimir Putin did or are excited about it, but I think there has to be some common sense here. We are funding a stalemate that's costing lives... and Ukraine is going to take 100 years to rebuild with everything they're facing," Rubio said.

Ukraine, US have 'potential for stronger cooperation,' Zelensky says following Trump victory. "On defense, on the economy, and on the future after the war – we have the potential for stronger cooperation," President Volodymyr Zelensky said. "This is what will make Ukraine, America, and the entire free world more successful."

Zelensky holds call with Trump to congratulate him on election victory. President Volodymyr Zelensky held a phone call with President-elect Donald Trump on Nov. 6 to congratulate him on his presidential election victory, Zelensky said on social media.

U.S. presidential election

Trump wins battleground state Pennsylvania. Pennsylvania, a pivotal swing state with a large Ukrainian population, has played a key role in the 2024 U.S. presidential election. The candidates have campaigned aggressively in the state, with both Trump and Harris holding dueling rallies there the night before election day.

Trump wins Wisconsin, cementing his election victory. Donald Trump is projected to win the swing state of Wisconsin, putting him safely across the benchmark needed for victory with 277 electoral votes.

‘I’m going to stop the wars’ – Trump says**, as he claims victory.** "They said ‘he will start a war.’ I’m not going to start a war, I’m going to stop the wars," said Donald Trump during a speech in which he claimed victory in the 2024 presidential elections.

‘It will not be like before’: Ukrainian politicians respond to Trump’s win with caution, uncertainty. With Republican candidate Donald Trump set to become the next U.S. president, Ukrainian politicians have reacted carefully – congratulating the former-turned-future president and emphasizing the need for diplomacy and cooperation, while also expressing uncertainty about what his victory means for Ukraine.

This newsletter is open for sponsorship. Boost your brand's visibility by reaching thousands of engaged subscribers. Contact partnerships@kyivindependent.com for more details.

Today’s Ukraine Daily was brought to you by Martin Fornusek, Boldizsár Győri, Chris York, Kateryna Hodunova, and Dmytro Basmat.

If you’re enjoying this newsletter, consider joining our membership program_**. Start supporting independent journalism today.**_

Great to see you're adopting some of the #security features we've implemented earlier this year at #IzzyOnDroid @fdroidorg! Maybe you want to check our documentation on them?

android.izzysoft.de/articles/n…

* it's SIGNING blocks, not FROSTING blocks
* MEITUAN is about payload, not metadata
* there's no fixed number of blocks as your code assumes (gitlab.com/fdroid/fdroidserver…)

The article you link to (bi-zone.medium.com/easter-egg-…) tells you the same :wink:

That's why we publish all our apps on @fdroidorg ❤️

🔒 Get the new calendar app now! 🔒
👉 tuta.com/blog/tuta-calendar-fd…

#FOSS #OpenSource #Encryption #Security #Calendar

"Okta has revealed that its system had a vulnerability that allowed people to log into an account without having to provide the correct password. Okta bypassed password authentication if the account had a username that had 52 or more characters. Further, its system had to detect a "stored cache key" of a previous successful authentication, which means the account's owner had to have previous history of logging in using that browser"
engadget.com/apps/okta-vulnera…

#security #idiots

🔐 Sending a password-protected email to anyone is easy with Tuta Mail! 🔐

Check out our latest guide on how to send encrypted, password-protected emails here 👇👇👇
tuta.com/blog/how-to-password-…

#encryption #security #privacy #email

@Tutanota I just realised that all the comments I have added to my contacts over the years, including family-related and medical important information, are gone...

github.com/tutao/tutanota/issu…

Bugs are becoming more common recently, and this one made me lose data. I'm quite disappointed.

#Email #OpenSource #FOSS #Security #Privacy

Lost all my contact comments on Android · Issue #7818 · tutao/tutanota

This is not a feature request (existing functionality does not work, not missing functionality). I will request features on forum or via support. I've searched and did not find a similar issue. Bug...

^GitHub

🦾6 AI Tos Used by Hackers

🔹Poisongpt
🔹Wormgpt
🔹Speechif.ai
🔹Deepl.ai
🔹Freedom.ai
🔹Passgan.ai

🔖#infosec #cybersecurity #hacking #pentesting #security

There Is Just One Way To Do Open Source Security: Together: thenewstack.io/there-is-just-o… via @TheNewStack & @sjvn

When we work together, said HackerOne CEO Mårten Mickos, we can secure #opensource software. #security

There Is Just One Way To Do Open Source Security: Together - The New Stack

HackerOne CEO Mårten Mickos highlights how open source can address security issues.

^{Steven J. Vaughan-Nichols (The New Stack)}

Accrescent 0.25.0 is out with Android 15 app archiving support, Private Space support, and settings UI improvements!

We also forgot to announce that since 0.24.0, Accrescent supports in-app predictive back!

Check out the release notes below 👇

github.com/accrescent/accresce…

#privacy #security #appstore #android #accrescent #opensource

Release 0.25.0 · accrescent/accrescent

This release adds initial app archiving support on Android 15, makes Accrescent show up as an installer in Private Space, and improves the settings UI! We also forgot to mention that since 0.24.0, ...

^GitHub

Accrescent recently surpassed 1,000 stars on GitHub 🥳! Thank you to everyone for your continued support!

If you'd like to help us grow, check out accrescent.app/faq#contributin…. There are lots of ways to contribute even if you can't code!

github.com/accrescent/accresce…

#security #privacy #appstore #accrescent #android

Accrescent Frequently Asked Questions

Answers to frequently asked questions about Accrescent.

^Accrescent

ICYMI: Internet Archive hacked, data breach impacts 31 million users

1. Nobody is safe.

2. A non-profit is using bcrypt to hash passwords, no reason why your for-profit company can't do the same.

#cybersecurity #security #infosec

bleepingcomputer.com/news/secu…

Hungary keeps pushing for Chat Control. Here’s why they must be stopped:

👉 tuta.com/blog/opposition-again…

#chatcontrol #Fight4privacy #encryption #security

American Water shuts down online services after #cyberattack

American Water is the largest water and wastewater treatment utility in the US…

OT systems not affected - so appears this only affects their IT systems. Suspected nation state activity (Russia).

(I encourage everyone sharing this with their friends because cyber attacks absolutely can have direct “real world” consequences.)

#cybersecurity #infosec #security

bleepingcomputer.com/news/secu…

#AIagent promotes itself to #sysadmin , trashes #boot sequence

Fun experiment, but yeah, don't pipe an #LLM raw into /bin/bash

Buck #Shlegeris, CEO at #RedwoodResearch, a nonprofit that explores the risks posed by #AI , recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine.
#security #unintendedconsequences

theregister.com/2024/10/02/ai_…

AI agent promotes itself to sysadmin, trashes boot sequence

Fun experiment, but yeah, don't pipe an LLM raw into /bin/bash

^{Thomas Claburn (The Register)}

I hope to hear from @Tutanota very soon. Lack of key verification is a major flaw in the technical design of the platform, allowing a malicious Tuta server to read end-to-end encrypted exchanges (both emails and shared calendars).

github.com/tutao/tutanota/issu…

The issue has been opened 6 years ago.

#Security #Privacy #Crypto #Cryptography #Email #FOSS

Accrescent 0.24.0 is out with settings menu accessibility improvements, target SDK 35 (Android 15), and LOTS of translation and dependency updates! 🎉

Download it from our website at accrescent.app or read the changelog below 👇

github.com/accrescent/accresce…

#accresent #security #privacy #appstore #android

New blog post: Post-OCSP certificate revocation in the Web PKI.

With OCSP in all forms going away, I decided to look at the history and possible futures of certificate revocation in the Web PKI. I also threw in some of my own proposals to work alongside existing ones.

I think this is the most comprehensive current look at certificate revocation right now.

#security #WebPKI #LetsEncrypt #TLS #OCSP

fyi to linux users, the unofficial signal desktop flatpak doesnt use the freedesktop Secrets API no matter what you do and leaves your keys completely unencrypted

you can just dump ~/.var/apps/org.signal.Signal and read everything stored

if you're concerned, you should probably use the native package

#linux #flatpak #signal #Security

Was ist euer größter Security-Fail? Meiner war, als ich mit ca. 15 Jahren eine Software auf einen Windows-95-Rechner geladen habe, ohne die Quelle ausreichend zu überprüfen. Das Ende vom Lied: Die komplette Festplatte wurde gelöscht. Seitdem interessiere ich mich für IT-Sicherheit. 🧙‍♂️

#security #fail #beginner #sicherheit

NGI Assure, the program aimed at improving trust in our digital society, successfully concluded after its 4 year run.

[1]152 teams contributed to a more trustworthy & secure internet with their Free and Open Source projects. Thank you all!

We've made a book showcasing all the projects which you can download from the link below. There are also paper copies, so ask for those when you see us IRL.

[2][1] nlnet.nl/news/2024/20240919-NG…
[2] nlnet.nl/media/NGIAssure-bookl…
(1/2)

#FOSS #NGI #NGI0 #Trust #Security

Tor insists its #network is safe after German cops convict CSAM dark-web admin

Kind of boils down to opsec fail here. Using outdated software, which in this case didn’t properly secure Tor connections.

Timing attacks are still viable (especially with hostile nodes), but this reads as an #opsec fail to me.

Remember: a major part of anonymity is maintaining great opsec.

Obligatory: Tor is not “just for criminals,” despite one getting caught in this case (glad he did tbh). Regular people use Tor everyday.

#cybersecurity #security #privacy

theregister.com/2024/09/19/tor…

Tor insists its network is safe after German cops convict CSAM dark-web admin

Outdated software blamed for cracks in the armor

^{Iain Thomson (The Register)}

In opsec, duress (“rubber-hose”) attacks are famously hard to address. Cryptographic keys that cannot be lost have poor protections against duress.

Travelers can leave key fobs at home should they be accosted. A victim of a break-in can conveniently “lose” or smash a hardware key, erasing any encrypted data. Yes, I know about cold-boot attacks; I don’t recommend at-risk people to leave things decrypted for long durations. I like the idea of spring-loaded key fobs that can’t be left plugged in.

People talking about key fob body implants don’t usually plan for removing them in seconds with plausible deniability.

Originally posted on seirdy.one: See Original (POSSE). #Security #OpSec

Some thoughts on the YubiKey EUCLEAK Vulnerability by @Edent
shkspr.mobi/blog/2024/09/some-…

#security #hack

Authentication is almost always the most frustrating step of interacting with a service. Matrix is no different, but Quentin is about to dramatically improve the situation.

Get a glimpse of all the goodness awaiting to be unlocked once his project lands!

youtu.be/dmUi4ZoYRWc

#authentication #ux #security

Замедление YouTube с технической стороны

#network #security #infosec #proxy #vless #vmess #youtube #roscompozor #ntc_party

Готовые средства обхода. Waujito написал своё решение под линукс (github.com/Waujito/youtubeUnbl…), которое направлено только на ютуб.
Также для Windows существует GoodbyeDPI от ValdikSS (github.com/ValdikSS/GoodbyeDPI), под линукс еще есть zapret (github.com/bol-van/zapret).
Существует ByeDPI (github.com/hufrea/byedpi), который работает как прокси (Windows/Linux). Также есть версия ByeDPI под андроид (github.com/dovecoteescapee/Bye…), работает как "фейковый впн".

Советую прочитать подробный комментарий от ValdikSS о том, как использовать эти средства. (github.com/yt-dlp/yt-dlp/issue…)

Если есть желание погрузиться глубже в эту тему, вот тут можно посмотреть подробнее: https://ntc.party/t/замедление-youtube-в-россии/8055/ and https://ntc.party/t/обсуждение-замедление-youtube-в-россии/8074/

Комменты как обычно бурлят.

habr.com/ru/articles/832678/

Замедление YouTube с технической стороны: ограничение и обход

Привет, Хабр!В последнее время замечаю огромное количество информации по поводу замедления Великого, но очень мало где видел конкретику о том, как именно это раб...

^{Vadim Vetrov (Habr)}

As dating goes digital, concerns for online privacy are more relevant than ever. ❤️

Is it possible to meet someone and still keep your privacy intact? 🤔

💘 Let’s find out 👉 tuta.com/blog/private-dating-a…

#privacy #dating #safety #security