Skip to main content

Search

Items tagged with: infoSec


The Macroeconomics Of Privacy and Dignity - Mike Hoye at the @matrix Conference 2024

"This is not your privacy this is OUR privacy this is the public good"

Love this. Very much agree with this thinking

youtube.com/watch?v=cs_V8Ns4gg…

#matrixconf #matrix #privacy #opsec #infosec #ethics


If your #blind, #signal does nothing to protect your #privacy. They use #hcaptcha, so if you can’t see the images, you have to enable cross site cookies and give them a valid email. And if you want to contact signal about it, sending your device info via unencrypted email is the only way. This is not how privacy or #security work. You’re better off with iMessage. Or even watsapp! At least they don’t hand your data over to a third party captcha provider. Or send your device info via unencrypted email. #infosec#a11y#accessibility


Hackers, #Infosec specialists and #privacy advocates are going to be very important in the months to come. Please read the EFF's surveillance self-defense guide ssd.eff.org/ and reduce as much as possible the information that companies like Google or Amazon collect about you. Fedi admins and moderators, help us keeping the people away from the online agressors. If possible, make sure the services you use are based in Europe. All hands on deck


Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…

#tor #infosec #cybersecurity #threatintel #privacy


🦾6 AI Tos Used by Hackers

🔹Poisongpt
🔹Wormgpt
🔹Speechif.ai
🔹Deepl.ai
🔹Freedom.ai
🔹Passgan.ai

🔖#infosec #cybersecurity #hacking #pentesting #security


ICYMI: Internet Archive hacked, data breach impacts 31 million users

1. Nobody is safe.

2. A non-profit is using bcrypt to hash passwords, no reason why your for-profit company can't do the same.

#cybersecurity #security #infosec

bleepingcomputer.com/news/secu…


American Water shuts down online services after #cyberattack

American Water is the largest water and wastewater treatment utility in the US…

OT systems not affected - so appears this only affects their IT systems. Suspected nation state activity (Russia).

(I encourage everyone sharing this with their friends because cyber attacks absolutely can have direct “real world” consequences.)

#cybersecurity #infosec #security

bleepingcomputer.com/news/secu…


T-Mobile reaches $31.5 million settlement with FCC over past data breaches

Apparently, T-mobile is now mandated to implement better cybersecurity controls, such as properly segmenting networks and using phishing resistant #MFA.

This settlement covers the breaches in 2021, 2022, and 2023. Will we get a 2024 special? 💀

#cybersecurity #infosec #databreach

cyberscoop.com/t-mobile-fcc-se…


ODF wholesome encryption is the default password (symmetric) encryption mode in LibreOffice 24.8.

Supports AES-256-GCM and Argon2id.

LibreOffice 24.2/24.8 is required to open the encrypted files.

Disable: Tools > Options > Load/Save > General > ODF Format Version > 1.3 (drop down menu) > Apply > OK

AES: en.wikipedia.org/wiki/Advanced…
GCM: en.wikipedia.org/wiki/Galois/C…
Argon2: en.wikipedia.org/wiki/Argon2

Website: libreoffice.org
Mastodon: @libreoffice

#LibreOffice #Encryption #InfoSec #Privacy #E2EE


Cybersecurity course: 𝗢𝗻𝗹𝗶𝗻𝗲, 𝗵𝗮𝗻𝗱𝘀-𝗼𝗻, 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹, 𝗮𝗻𝗱 𝗳𝗿𝗲𝗲!
Czech Technical Univeristy's "Introduction to Security" class opens online for free! 14 weeks of deep attacking and defending. Join us and register for free. Starting on Sep 26th. 
cybersecurity.bsy.fel.cvut.cz/
#cybersec #infosec #blueteam #redteam #education #security


Privacy-focused Tuta Mail Opens Second Office in Munich:

tuta.com/blog/tuta-in-munich

See how Tuta stacks up with other email providers in keeping your information private:

tuta.com/email-comparison

#infosec #cybersecurity #privacy


Ok, here's the deal on the "YubiKey cloning attack" stuff:

:eyes_opposite: Yes, a way to recover private keys from #YubiKey 5 has been found by researchers.

But the attack *requires*:

👉 *physically opening the YubiKey enclosure*

👉 physical access to the YubiKey *while it is authenticating*

👉 non-trivial electronics lab equipment

I cannot stress this enough:

✨ In basically every possible scenario you are safer using a YubiKey or a similar device, than not using one. ✨

#InfoSec #YubiKey5


Tu je niekoľko populárnych hashtagov týkajúcich sa rôznych tém v oblasti kybernetickej bezpečnosti:

  1. #CyberSecurity - General cybersecurity topics
  2. #InfoSec - Information security
  3. #PenTesting - Penetration testing
  4. #OSINT - Open-source intelligence
  5. #ThreatHunting - Identifying and responding to threats
  6. #MalwareAnalysis - Analyzing and understanding malware
  7. #IncidentResponse - Responding to cyber incidents
  8. #ZeroDay - Zero-day vulnerabilities and exploits
  9. #CyberThreats - Cyber threat intelligence
  10. #EthicalHacking - Hacking for ethical purposes
  11. #RedTeam - Offensive security testing
  12. #BlueTeam - Defensive security operations
  13. #CloudSecurity - Securing cloud environments
  14. #IoTSecurity - Security for Internet of Things devices
  15. #DataProtection - Protecting sensitive data
  16. #SOC - Security Operations Center practices
  17. #Phishing - Phishing attacks and prevention
  18. #Ransomware - Ransomware threats and defenses
  19. #CryptoSecurity - Cryptography and encryption
  20. #AppSec - Application security
  21. #BugBounty - Programs for finding and reporting security bugs
  22. #DigitalForensics - Investigating cyber crimes
  23. #Privacy - Protecting personal and organizational privacy
  24. #CISO - Chief Information Security Officer topics
  25. #GDPR - General Data Protection Regulation compliance

Môžete ich používať na platformách sociálnych médií, aby ste objavili obsah, zapojili sa do diskusií a zostali informovaní o najnovších poznatkoch v oblasti kybernetickej bezpečnosti.


they're accepting public comments until October 7th, 2024.

I'm not American, nor do I have any particular industry experience with facial recognition other than a broad knowledge that biometric authentication is very often a terrible idea.

Perhaps someone on fedi who has a bigger stake in this wants to draft some open letter or something? I will happily add my signature to anything that raises these concerns in a well-considered manner.

I'll probably write something short if nothing substantial is organized before that deadline, but it would probably be more effective coming from a broader coalition.

#NIST #infosec


I can't even find the words. Like, just stop being weird to women.

#tech #infosec #technology


Замедление YouTube с технической стороны

#network #security #infosec #proxy #vless #vmess #youtube #roscompozor #ntc_party

Готовые средства обхода. Waujito написал своё решение под линукс (github.com/Waujito/youtubeUnbl…), которое направлено только на ютуб.
Также для Windows существует GoodbyeDPI от ValdikSS (github.com/ValdikSS/GoodbyeDPI), под линукс еще есть zapret (github.com/bol-van/zapret).
Существует ByeDPI (github.com/hufrea/byedpi), который работает как прокси (Windows/Linux). Также есть версия ByeDPI под андроид (github.com/dovecoteescapee/Bye…), работает как "фейковый впн".

Советую прочитать подробный комментарий от ValdikSS о том, как использовать эти средства. (github.com/yt-dlp/yt-dlp/issue…)

Если есть желание погрузиться глубже в эту тему, вот тут можно посмотреть подробнее: https://ntc.party/t/замедление-youtube-в-россии/8055/ and https://ntc.party/t/обсуждение-замедление-youtube-в-россии/8074/

Комменты как обычно бурлят.

habr.com/ru/articles/832678/


I learned about secure software development on the job, but like ethical computing (which I've talked about before), this should also be included in formal education. Because of the current threat models, topics like security by design and zero-trust frameworks are critical when developing Internet systems. linuxfoundation.org/press/linu…

#securitybydesign #security #softwaredevelopment #zerotrust #infosec #cybersecurity #education


This dumb password rule is from SecureAccess Washington.

Central authentication for all Washington State services
(DoL, ESD, etc).

Password must have *exactly* 10 characters, but form happily
lets you enter more and only throws errors after submit,
providing no useful feedback.

dumbpasswordrules.com/sites/se…

#password #passwords #infosec #cybersecurity #dumbpasswordrules


🔐 C++ Must Become Safer — Andrew Lilley Brinker — Software Supply Chain Security

「 If a cheap-to-maintain legacy system is faced with the proposition of an expensive rewrite, it may instead be eliminated. The externalities of this kind of change are difficult to consider in advance and in general 」

alilleybrinker.com/blog/cpp-mu…

#C #CPP #Rust #MemorySafety #Infosec


This dumb password rule is from Virgin Media.

Your password needs to be between 8 and 10 characters long, with no
spaces, and must contain only numbers and letters. The first character
must be a letter.

Feb 2020 Update: policy remains the same but the description is hidden
leaving you to guess the acceptable length/chars. Users are now lef...

dumbpasswordrules.com/sites/vi…

#password #passwords #infosec #cybersecurity #dumbpasswordrules


This dumb password rule is from Banque de Tahiti.

You have to enter your password using this *very* Frenchy keypad. You don't have lowercase letters, the blanks are not spaces but just non-clickable gaps, but as a compensation you have some weird symbols that your keyboard does not have a key for (e.g. `µ`).

No accessible version available.

dumbpasswordrules.com/sites/ba…

#password #passwords #infosec #cybersecurity #dumbpasswordrules


A recap: We've covered a number of things on this channel so far, from an @elementary review to a look at code editors, datascience tools, screen readers, hacking tools like Burp Suite and platforms like TryHackMe, all from a screen raeder user's perspective. I'm only just getting started though, intending to cover a wide variety of different things, from more #FOSS tools, audio/video editing, programming and hacking tools etc.
Today's stream will be more #tryHackMe content, with a look at #HackTheBox Academy next week. Anyone who wants this kind of feedback, and doesn't mind constructive, but thorough, feedback, come talk to me :) We'll be going live today at 3 PMeST over at https;//twitch.tv/ic_null and youtube.com/@lindlyCoding #infoSEc #cybersecurity #accessibility #selfPromo #twitch #youtube #streaming


STAGGERING: Nearly all #ATT customers' text & call records breached.

An unnamed entity now has an NSA-level view into Americans' lives.

Damage isn't limited to AT&T customers.

But everyone they interacted with.

Also a huge national security incident given government customers on the network.

And of course, third party #Snowflake makes an appearance.

cnn.com/2024/07/12/business/at…

#infosec #cybersecurity #telco #cellular #privacy #security #breach


Do you want to help secure GNOME and get a reward? 🏅

We are testing a new program in which people get a payment for reporting and/or solving vulnerabilities.

yeswehack.com/programs/gnome-b…

From €500 to €10,000 depending on criticality 💶

For now only GLib is in scope but we will expand the list of modules and advertise as the program grows.

In partnership with @yeswehack and @sovtechfund

#GNOME #infosec #FreeSoftware #security #bugBounty #OpenSource #cybersecurity


In-Process is out, featuring all the news on NVDA 2024.2 AND the newly released NVDA 2024.3 Beta 1 plus info on our new Code Signing Certificate, a thank you to our donors, and we remember community contributor, Austin Pinto.

Catch up on everything here: nvaccess.org/post/in-process-3…

#NVDA #NVDAsr #ScreenReader #News #Blog #Newsletter #InfoSec #PreRelease #Beta #FOSS


qualys.com/regresshion-cve-202…

#CVE_2924_6387

Unauthenticated RCE in SSH.

Happy Monday.

18 year old regression. Sigh.

#infosec


Hey everyone. I'm promoting a new YouTube channel hosted by a friend and her family. I'm loving the content she's putting out there. Consider subscribing!
#infosec #training
youtube.com/@cyberchristy911


If anyone out there is looking for some #infosec / #cybersecurity-related training, feel free to peruse this giant list I've been putting together over time ⬇️

shellsharks.com/online-trainin…

Know of a training that isn’t listed here? Let me know about it and I can add!

We're truly in a golden age of resources for learning infosec/IT, the hardest part becomes choosing the best thing!

#mondayblogs #mentorshipmonday


We've been doing this a while. Let's SWING for the big leagues.
Tomorrow, we're doing a deep dive on #burpSuite from a #screenReader perspective. It will be mostly #blind (as in playthrough) as I've not looked at this program for a few years, and fully blind (as in sight) given ... well ... screenReader user :)

I've learned more, and hey who knows, maybe they've improved ......
If it turns out they haven't, we'll look at @zaproxy next as a more viable, generally more #accessible alternative. See you tomorrow at 3 EST over at twitch.tv/ic_null #infosec #cybersecurity #zaproxy #portswigger #java #programming


Great story of how good the scammers are getting. I suggest most folks read, even us #infosec folks.
threadreaderapp.com/thread/179…


Hey, look at that. Mainly through efforts from you lot, I was able to get IC_Null to #twitch Affiliate status in under a month. This allows me to make even better, more varied and interesting content for you all. Thanks for sharing, watching and showing me your interest everyone ... we've only just gotten started :) #infoSec #cybersecurity #streaming


Microsoft published a report last month acknowledging the existence of a long running honeypot operation running on code.microsoft[.]com.

techcommunity.microsoft.com/t5…

#microsoft #infosec #threatintel


Ok wtf was that?!

Went to a webpage and it said "verifying that you are human" and a thingy was spinning...

I braced for a captcha...

Nothing. It moved on to loading the page.

Apparently I passed.

How did it verify me?

No really, how?

#infosec #ThisIsANewOne

Link: journals.asm.org/doi/10.1128/c…


Patch tuesday be upon us once more. That means another IC_Null stream at 3 PM EST/9 PM CEST today. Today we cover more #TryHackMe content in the #webHacking category. SOme announcements about the channel as well. Next week, we'll take a break from pure #THM to go full ham on #burpSuite #accessibility ... or the lack there of. Let's see how long it takes for us to be forced onto the far superior #zaproxy :) See you all tonight at twitch.tv/ic_null #infoSec #cybersecurity #blind #screenReader #a11y #twitch