Mozilla: "In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"

blog.mozilla.org/netpolicy/202…
#france #browser #cybersecurity #mozilla #security #surveillance

France’s browser-based website blocking proposal will set a disastrous precedent for the open internet - Open Policy & Advocacy

Article 3 (para II and III) of the SREN Bill would force providers to create the means to mandatorily block websites on a government provided list encoded into the browser.

^{Udbhav Tiwari (Open Policy & Advocacy)}

This dumb password rule is from MySwissLife.

User ID *has to* be 8 characters exactly, password *has to be* 8 characters and numbers only.

dumbpasswordrules.com/sites/my…

#password #passwords #infosec #cybersecurity #dumbpasswordrules

MySwissLife - Dumb Password Rules

^{dumbpasswordrules.com}

Is #Gmail killing independent email?

"Is it okay that Gmail has the power to decide whether a business is sending spam or not?"

Gmail has rigged the email game imo. It makes running a self-hosted email server hard, even after properly configuring DKIM, DMARC, and SPF.

#cybersecurity #privacy #technology

tutanota.com/blog/posts/gmail-…

Is Gmail killing independent email?

People report that self-hosted emails always end up in Gmail spam. Is there anything Google can do about it?

^Tutanota

Stay strong: Desperate governments worldwide want to downright criminalize #privacy and #encryption now, using laughable pretexts like #cybersecurity causing #childabuse to literally put everyone on the planet under a permanent wiretapping mandate like we're common criminals by default.

Smartphones are especially susceptible to surveillance, and among those devices we have the least control over instead of corporations merely renting them to us: It's time for that to change!

Minecraft clones stealthily load ads on millions of Android devices.

grahamcluley.com/minecraft-clo…

#cybersecurity #adware #minecraft #google #googleplay #android

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

This dumb password rule is from Banco Mercantil.

8 to 15 chars. No special chars allowed but requires special chars. Also
requires lowercase, uppercase, and numbers. Consecutive chars are
prohibited. Did I mention the page hangs while you type? That eye icon
tho.

dumbpasswordrules.com/sites/ba…

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Banco Mercantil - Dumb Password Rules

8 to 15 chars. No special chars allowed but requires special chars. Also requires lowercase, uppercase, and numbers. Consecutive chars are prohibited. Did I mention the page hangs while you type? That eye icon tho.

^{dumbpasswordrules.com}

Yours truly is looking for an #InfoSec / #Cybersecurity job in a safer state than Florida. I do pretty much all things security... like consulting, malware analysis, auditing, compliance, blue team, red team, purple team, SecDev, SecOps, SecDevOps, etc.

My kids are all grown now, so I am more than willing to travel / relocate. If you have any leads or tips on some good companies, please let me know.

#GetFediHired
[matrix] • [SimpleX]

Matrix - Decentralised and secure communication

You're invited to talk on Matrix. If you don't already have a client this link will help you pick one, and join the conversation. If you already have one, this link will help you join the conversation

^matrix.to

Microsoft Authenticator prompts the user to accept sharing analytics during the first launch. The prompt only dismisses when the user taps on "Accept." In fact, the app starts sending analytics even before accepting the privacy statement.🤦‍♂️

In this video, we downloaded the authenticator app from the App Store and we opened it as we monitored the iPhone network traffic. While the app was showing the permission prompt, we captured at least 3 calls made by the app sending diagnostics to Microsoft. The app sent 14 KB of analytics even before accepting the prompt.

The message on the prompt actually says that Microsoft needs to collect diagnostic data in order to keep Authenticator secure and up to date. 😵‍💫

#Privacy #Cybersecurity #2FA #InfoSec #Security #Microsoft

youtu.be/r5456XXG6v0

Privacy: Microsoft Authenticator sends analytics even before accepting the privacy statement

When opening Microsoft Authenticator for the first time after downloading it from the App Store, it prompts the user to accept sharing diagnostics with Micro...

^YouTube

Time it takes for a hacker to brute force your password.

#Cybersecurity

Good to know: Tutanota checks your password upon signup and makes sure it's strong enough. Secure your emails now: mail.tutanota.com/signup

Of course, we also support 2FA on all clients.

Stay secure! 😍

I had quite a scary discussion with #Bing Chat which was hijacked by German security researchers and transformed into a pirate chatbot. Seconds later it asked for my personal information and sent it to the attacker. The thing is: Everyone can hijack Bing chat this way right now. It’s not even hard - you don't have to be a hacker.
Microsoft told me they had heard of the attack - and obviously weren't able to stop it from happen. My article (+German):

zeit.de/digital/2023-03/cybera…
#cybersecurity #ITSec

Please boost! We are *hiring* for *two* jobs in information security! Come work with our amazing team building solutions for the security have-nots in our world!

Red Queen Dynamics needs 1) a leader for engineering/cloud infrastructure, and 2) a product designer. We are a remote-first security company and we welcome people from all backgrounds and life journeys. #infosec #infosecjobs #hiring #cybersecurity

You can apply here! Tech Lead: linkedin.com/jobs/view/3475289…

Product Designer: linkedin.com/jobs/view/3475289…

Or stay up to date with all our job postings on our website: rqdn.io/career-opportunities

Tutanota: U2F support is now also available on #Android and #iOS

U2F keys are now supported on all @Tutanota clients.

(Tutanota is also an avoidthehack recommended encrypted email provider).

#mfa #2fa #privacy #cybersecurity #infosec #infosecurity

tutanota.com/blog/posts/app-up…

U2F support is now also available on Android and iOS.

Celebrate with us the new release of Tutanota!

^Tutanota

#getfedihired #Dragos, industrial #cybersecurity
jobs.lever.co/dragos

Senior Pen Tester - Remote US
Principal Detection Engineer - Remote US
Senior Reverse Engineer - Remote US
Senior OT Engineering - Remote UK

Salaries are in postings.

Dragos Inc. jobs

Job openings at Dragos Inc.

^{jobs.lever.co}

Do you spot the trick?

This is a cookie banner shown before using Google search in some countries.

"Reject all" is a straightforward option. It appears in the same size and color as "accept all." It uses bullets, simple and concise language, and visualization. It has links for further info. So far, so good.

But there is a trick. Do you spot what is it?

#privacy #cybersecurity #securityawarenessmonth #google

Firefox Kills Another Tracking Cookie Workaround

#News #Firefox #Mozilla #privacy #cookies #infosec #Cybersecurity
theregister.com/2022/06/30/fir…

Firefox kills another tracking cookie workaround

URL query parameters won't work in version 102 of Mozilla's browser

^{Brandon Vigliarolo (The Register)}

We need your help! 👋

Bitwarden is evaluating a new product tailored for developers and DevOps teams, to understand how they manage developer and infrastructure-oriented secrets, such as API keys, certificates, etc.

If you would like to participate, please fill out this short screener:

docs.google.com/forms/d/e/1FAI… #DevOps #developer #cybersecurity

Developer vault - Research Study Screener Survey

Thanks for your interest in participating in user research with Bitwarden! Please fill out this short screener survey, and we will reach out to you for scheduling if you qualify for the study.

^{Google Docs}