🛡️#Curl has been around for 26 years—and it’s still secure! How?
European Open Source Academy member, @bagder Stenberg, joined the latest episode of Security Weekly Productions, discussing how Curl and #libcurl have maintained security and reliability over decades.
A significant milestone for the European open source community was reached on January 30, 2025, when the European Open Source Awards (OSAwards 2025) celebrated the launch of the European Open Source Academy with the Inaugural Ceremony.
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
U.S. lawmakers say Google has refused to deny that it received a Technical Capability Notice from the U.K. — a mechanism to access encrypted messages that Apple reportedly received.
Will allow most passwords longer than 8 characters. Doesn't tell you there is a maximum length of 16 characters. Then forces you to type it with an on-screen keyboard with no capital letters.
Will allow most passwords longer than 8 characters. Doesn't tell you there is a
maximum length of 16 characters. Then forces you to type it with an on-screen keyboard
with no capital letters.
It is reported that the Home Office has ordered Apple to build a backdoor into its encrypted services so that they can get hold of content that any Apple user has upload to the cloud.
Encryption keeps our private information safe and secure.
Bipartisan US Congress Members want the secrecy around the UK's encryption-breaking order to be lifted.
"It is imperative that the UK's technical demands of Apple - and of any other US companies - be subjected to robust, public analysis and debate."
“Secret court hearings featuring intelligence agencies and a handful of individuals approved by them do not enable robust challenges on highly technical matters.”
UK MPs have joined the chorus of voices wanting the Apple case to be held in public.
"If the Home Office wants to have effectively unfettered access to the private data of the (innocent) general public, they should explain their case in front of the public."
🗣️ David Davis MP.
"People deserve to know what's happening to their private personal information."
A row between the tech giant and the government over customer data will reportedly move to London's High Court this week – but the hearing will be held behind closed doors.
An amendment to the “Narcotrafic” law is moving to the French National Assembly. Remind your legislators that a backdoor for the good guys only is not possible.
Hier könnt ihr unser aktuelles Spotlight-Interview mit @Tutanota, einer datenschutzfreundlichen E-Mail-, Kalender- und Kontaktlösung aus Deutschland lesen:
"BlackGirlsHack meets the #InfoSec needs left unmet by existing services by providing hands-on skills that are focused on people who are upskilling and reskilling in #cybersecurity."
BlackGirlsHack is the leading cybersecurity training nonprofit in the country. The nonprofit organization, which is open to all, provides training, career services, study groups, and resources people looking to upskill and reskill in technology and c…
"The consensus among cybersecurity experts could not be clearer:
There is no way to provide government access to end-to-end encrypted data without breaking end-to-end encryption, thus putting every user’s security and privacy at risk."
Join the voice of experts in the joint letter to stop the UK's order to break encryption – Sign and share our petition today ⬇️
It is reported that the Home Office has ordered Apple to build a backdoor into its encrypted services so that they can get hold of content that any Apple user has upload to the cloud.
Encryption keeps our private information safe and secure.
ORG and over 150 signatories call on the UK government to RESCIND its demand to create a backdoor to Apple encryption.
It "jeopardises the security and privacy of millions, undermines the UK tech sector, and sets a dangerous precedent for global cybersecurity."
"The world’s second-largest provider of mobile devices would be built on top of a systemic security flaw, putting all of its users’ security and privacy at risk."
On 13 February 2025, 109 civil society organizations, companies, and cybersecurity experts, including Global Encryption Coalition members, published a joint letter to the British Home Secretary Yvette Cooper calling on the UK Home Office to rescind i…
#Musk’s US #DOGE Service have fed sensitive data from across the #Education Dept into #ArtificialIntelligence software to probe the agency’s programs & spending…. The AI probe includes data w/personally identifiable info for people who manage grants, & sensitive internal financial data…
This is what I think about whenever infosec wonks on here start telling people they should use matrix or xmpp+omemo or whatnot instead of signal
To be fair, I understand the arguments and to a large extent I agree with the critiques. However, I think anyone making these recommendations is vastly underestimating the capacity or appetite for most people to deal with the user experiences presented by these alternatives.
User experience is the ultimate force multiplier. For anything that requires network effects to function (ie most anything involving communication), if it doesn't *just work* then you've lost 90% of your audience.
Most (somewhere around 90 percent) of the top Websites?
Talk of Meta's own internal infrastructure?
What an absolutely asinine thing to do. Linux is incredibly prevalent in the technology landscape today. Yes, #linux on the desktop is a small percentage of the overall devices on the market today. However, linux usage in #embedded, #server, and #appliance applications is to a level where censoring references to it is insanity.
The irony of all of this? Zuckerfaces recent pull back of moderation on Meta's sites.... Meaning it's now okay to bash socially vulnerable populations, spread tons of mis-information on many social and political topics... But linux?"Oh no! That's a #CyberSecurity threat!"
This reeks of political #tomfoolery. I won't be surprised if it's eventually revealed that our new overlords put pressure on #Meta to #censor linux.
EVs, batteries, lidar, drones, robotics, smartphones, AI. China's progress across a range of overlapping industries creates a mutually reinforcing feedback loop.
Thinking about a new Linux laptop to run Linux on? Going with Linux laptop vendors can be a good option as they offer seamless hardware-software integration, pre-installed Linux distros, and guaranteed driver compatibility. Here are available Linux laptop vendors 😎👇
Explore high-quality infographics on Linux, cybersecurity, and networking. Perfect for certifications, technical knowledge, and tech career upskilling.
Free office suite – the evolution of OpenOffice. Compatible with Microsoft .doc, .docx, .xls, .xlsx, .ppt, .pptx. Updated regularly, community powered.
Think twice before scanning QR codes: 60% of them are spam. Be careful when travelling for business, too - scammers are even putting fake QR codes on parking meters. Stay cautious to protect your business data
Let’s not fool ourselves, Musk will use all Tesla and X data for his goals in Europe. Every Tesla is collecting video and location information all the time, information that can be (mis)used by Elon . #cybersecurity #privacy #tesla #musk
Important reminder, if you own a domain name and don't use it for sending email.
There is nothing to stop scammers from sending email claiming to be coming from your domain. And the older it gets, the more valuable it is for spoofing. It could eventually damage your domain's reputation and maybe get it blacklisted, unless you take the steps to notify email servers that any email received claiming to come from your domain should be trashed.
Just add these two TXT records to the DNS for your domain: TXT v=spf1 -all TXT v=DMARC1; p=reject;
The first says there is not a single SMTP server on earth authorized to send email on behalf of your domain. The second says that any email that says otherwise should be trashed.
If you do use your domain for sending email, be sure to add 3 records: SPF record to indicate which SMTP server(s) are allowed to send your email. DKIM records to add a digital signature to emails, allowing the receiving server to verify the sender and ensure message integrity. DMARC record that tells the receiving email server how to handle email that fails either check.
You cannot stop scammers from sending email claiming to be from your domain, any more than you can prevent people from using your home address as a return address on a mailed letter. But, you can protect both your domain and intended scam victims by adding appropriate DNS records.
UPDATE: The spf and the dmarc records need to be appropriately named. The spf record should be named "@", and the dmarc record name should be "_dmarc".
Here's what I have for one domain.
One difference that I have is that I'm requesting that email providers email me a weekly aggregated report when they encounter a spoof. gmail and Microsoft send them, but most providers won't, but since most email goes to Gmail, it's enlightening when they come.
It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.
The issue has existed in the curl source code for almost twenty-five years.
Repeat offenders drive bulk of tech support scams via #Google #Ads
"Search engines, and Google’s in particular, are our gateway to the web. Yet, that door sometimes opens up to unsavory places thanks to sponsored search results, AKA ads."
This is part of the reason I recommend using an #adblocker (whether in browser, on device, or network-based.)
Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!
> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!
So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.
So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…
Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).
It would be hard to explain to Verizon I run Tor relays since they technically don't allow servers. I hope I'm not forced onto AT&T Internet Air as my particular co-op rental unit won't let met get Spectrum even when other units can, not that I wante…
Happy birthday to ARPANET, the forerunner of the modern internet! 53 years ago, the first message was sent over this pioneering network, paving the way for a world of interconnection and innovation.
As a tech enthusiast, I am constantly amazed by the ways the internet has transformed our lives, allowing us to communicate, learn and share ideas across boundaries and borders. From social media to e-commerce, from telemedicine to remote work, the internet has become an essential part of our daily routines, enabling us to connect with others and access a wealth of information at our fingertips.
