「 Finland, Sweden, Norway, Denmark and Estonia are rolling out offline card payment systems to provide a back-up if internet connections are lost, including due to sabotage, Bank of Finland board member Tuomas Valimaki said on Wednesday 」
Passwords must have a minimum length of 8 characters
Passwords must have a maximum length of 30 characters
Passwords must contain a minimum of 2 digits
Passwords must contain a minimum of 2 letters
Password must be different than the last one use…
Python now ships with 15,000 lines of verified cryptographic code from HACL*, covering all default hash and HMAC algorithms. The integration was seamless and automated, aiming to eliminate bugs like the 2022 SHA3 CVE. A major milestone for verified crypto in mainstream software.
In November 2022, I opened issue 99108 on Python’s GitHub repository, arguing that after a recent CVE in its implementation of SHA3, Python should embrace verified code for all of its hash-related infrastructure.
Outstanding and alarming reporting by @npr here on what appears to be major violations of security and data privacy protocol by the DOGE folks on National Labor Relations Board Data. Big props to the brave whistleblower, Daniel Berulis, who has come forward despite receiving threatening notes with personal information and pictures taken from overhead (drones?) of him walking his dog. npr.org/2025/04/15/nx-s1-53558… #cybersecurity #doge #privacy
🧠 Microsoft is reintroducing Recall in Windows 11 — a feature that captures screenshots every 3 seconds of your activity to create an AI-powered memory. What could go wrong?
It now includes: 🔐 Opt-in only 📍 Local device processing 🧑💻 Windows Hello authentication
But many still ask: is it a productivity boost or a privacy liability? 😳 Even with safeguards, the idea of your system quietly watching everything you do raises serious concerns about digital trust.
Tuta guarantees your data stays private for free & without ads. Quantum-resistant encryption makes Tuta the best secure technology solution to protect your privacy.
🛡️#Curl has been around for 26 years—and it’s still secure! How?
European Open Source Academy member, @bagder Stenberg, joined the latest episode of Security Weekly Productions, discussing how Curl and #libcurl have maintained security and reliability over decades.
A significant milestone for the European open source community was reached on January 30, 2025, when the European Open Source Awards (OSAwards 2025) celebrated the launch of the European Open Source Academy with the Inaugural Ceremony.
U.S. lawmakers say Google has refused to deny that it received a Technical Capability Notice from the U.K. — a mechanism to access encrypted messages that Apple reportedly received.
Will allow most passwords longer than 8 characters. Doesn't tell you there is a maximum length of 16 characters. Then forces you to type it with an on-screen keyboard with no capital letters.
Will allow most passwords longer than 8 characters. Doesn't tell you there is a
maximum length of 16 characters. Then forces you to type it with an on-screen keyboard
with no capital letters.
It is reported that the Home Office has ordered Apple to build a backdoor into its encrypted services so that they can get hold of content that any Apple user has upload to the cloud.
Encryption keeps our private information safe and secure.
Bipartisan US Congress Members want the secrecy around the UK's encryption-breaking order to be lifted.
"It is imperative that the UK's technical demands of Apple - and of any other US companies - be subjected to robust, public analysis and debate."
“Secret court hearings featuring intelligence agencies and a handful of individuals approved by them do not enable robust challenges on highly technical matters.”
UK MPs have joined the chorus of voices wanting the Apple case to be held in public.
"If the Home Office wants to have effectively unfettered access to the private data of the (innocent) general public, they should explain their case in front of the public."
🗣️ David Davis MP.
"People deserve to know what's happening to their private personal information."
A row between the tech giant and the government over customer data will reportedly move to London's High Court this week – but the hearing will be held behind closed doors.
An amendment to the “Narcotrafic” law is moving to the French National Assembly. Remind your legislators that a backdoor for the good guys only is not possible.
Hier könnt ihr unser aktuelles Spotlight-Interview mit @Tutanota, einer datenschutzfreundlichen E-Mail-, Kalender- und Kontaktlösung aus Deutschland lesen:
"BlackGirlsHack meets the #InfoSec needs left unmet by existing services by providing hands-on skills that are focused on people who are upskilling and reskilling in #cybersecurity."
BlackGirlsHack is the leading cybersecurity training nonprofit in the country. The nonprofit organization, which is open to all, provides training, career services, study groups, and resources people looking to upskill and reskill in technology and c…
"The consensus among cybersecurity experts could not be clearer:
There is no way to provide government access to end-to-end encrypted data without breaking end-to-end encryption, thus putting every user’s security and privacy at risk."
Join the voice of experts in the joint letter to stop the UK's order to break encryption – Sign and share our petition today ⬇️
It is reported that the Home Office has ordered Apple to build a backdoor into its encrypted services so that they can get hold of content that any Apple user has upload to the cloud.
Encryption keeps our private information safe and secure.
ORG and over 150 signatories call on the UK government to RESCIND its demand to create a backdoor to Apple encryption.
It "jeopardises the security and privacy of millions, undermines the UK tech sector, and sets a dangerous precedent for global cybersecurity."
"The world’s second-largest provider of mobile devices would be built on top of a systemic security flaw, putting all of its users’ security and privacy at risk."
On 13 February 2025, 109 civil society organizations, companies, and cybersecurity experts, including Global Encryption Coalition members, published a joint letter to the British Home Secretary Yvette Cooper calling on the UK Home Office to rescind i…
#Musk’s US #DOGE Service have fed sensitive data from across the #Education Dept into #ArtificialIntelligence software to probe the agency’s programs & spending…. The AI probe includes data w/personally identifiable info for people who manage grants, & sensitive internal financial data…
This is what I think about whenever infosec wonks on here start telling people they should use matrix or xmpp+omemo or whatnot instead of signal
To be fair, I understand the arguments and to a large extent I agree with the critiques. However, I think anyone making these recommendations is vastly underestimating the capacity or appetite for most people to deal with the user experiences presented by these alternatives.
User experience is the ultimate force multiplier. For anything that requires network effects to function (ie most anything involving communication), if it doesn't *just work* then you've lost 90% of your audience.
Most (somewhere around 90 percent) of the top Websites?
Talk of Meta's own internal infrastructure?
What an absolutely asinine thing to do. Linux is incredibly prevalent in the technology landscape today. Yes, #linux on the desktop is a small percentage of the overall devices on the market today. However, linux usage in #embedded, #server, and #appliance applications is to a level where censoring references to it is insanity.
The irony of all of this? Zuckerfaces recent pull back of moderation on Meta's sites.... Meaning it's now okay to bash socially vulnerable populations, spread tons of mis-information on many social and political topics... But linux?"Oh no! That's a #CyberSecurity threat!"
This reeks of political #tomfoolery. I won't be surprised if it's eventually revealed that our new overlords put pressure on #Meta to #censor linux.
EVs, batteries, lidar, drones, robotics, smartphones, AI. China's progress across a range of overlapping industries creates a mutually reinforcing feedback loop.
Thinking about a new Linux laptop to run Linux on? Going with Linux laptop vendors can be a good option as they offer seamless hardware-software integration, pre-installed Linux distros, and guaranteed driver compatibility. Here are available Linux laptop vendors 😎👇
Explore high-quality infographics on Linux, cybersecurity, and networking. Perfect for certifications, technical knowledge, and tech career upskilling.
Free office suite – the evolution of OpenOffice. Compatible with Microsoft .doc, .docx, .xls, .xlsx, .ppt, .pptx. Updated regularly, community powered.
Think twice before scanning QR codes: 60% of them are spam. Be careful when travelling for business, too - scammers are even putting fake QR codes on parking meters. Stay cautious to protect your business data
Let’s not fool ourselves, Musk will use all Tesla and X data for his goals in Europe. Every Tesla is collecting video and location information all the time, information that can be (mis)used by Elon . #cybersecurity #privacy #tesla #musk
Important reminder, if you own a domain name and don't use it for sending email.
There is nothing to stop scammers from sending email claiming to be coming from your domain. And the older it gets, the more valuable it is for spoofing. It could eventually damage your domain's reputation and maybe get it blacklisted, unless you take the steps to notify email servers that any email received claiming to come from your domain should be trashed.
Just add these two TXT records to the DNS for your domain: TXT v=spf1 -all TXT v=DMARC1; p=reject;
The first says there is not a single SMTP server on earth authorized to send email on behalf of your domain. The second says that any email that says otherwise should be trashed.
If you do use your domain for sending email, be sure to add 3 records: SPF record to indicate which SMTP server(s) are allowed to send your email. DKIM records to add a digital signature to emails, allowing the receiving server to verify the sender and ensure message integrity. DMARC record that tells the receiving email server how to handle email that fails either check.
You cannot stop scammers from sending email claiming to be from your domain, any more than you can prevent people from using your home address as a return address on a mailed letter. But, you can protect both your domain and intended scam victims by adding appropriate DNS records.
UPDATE: The spf and the dmarc records need to be appropriately named. The spf record should be named "@", and the dmarc record name should be "_dmarc".
Here's what I have for one domain.
One difference that I have is that I'm requesting that email providers email me a weekly aggregated report when they encounter a spoof. gmail and Microsoft send them, but most providers won't, but since most email goes to Gmail, it's enlightening when they come.
It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.
The issue has existed in the curl source code for almost twenty-five years.
