Search

Items tagged with: Security

Nutzt ihr Antivirus-Apps auf eurem Android? Spart euch den unnötigen Ballast – sie bieten nur trügerische Sicherheit und sind oft voller Tracker. 👇

kuketz-blog.de/truegerische-si…

#android #security #google #tracking #virus #antivirus #app


Trügerische Sicherheit: Virenscanner-Apps sind schlichtweg überflüssig

Die Sicherheitsarchitektur von Android/iOS schränkt die Funktionsweise von Virenscanner-Apps stark ein und macht sie im Grunde nutzlos. Schlimmer: Die vermeintlichen Sicherheits-Apps sind Datenschleudern.
www.kuketz-blog.de
#android #app #google #security #tracking #virus #antivirus

🚨BREAKING🚨 The French National Assembly removed the backdoor section from the amendment to the #Narcotrafic law.

Read here how Politicians tried to undermine everybody's #security: tuta.com/blog/france-surveilla…

🙏 And thank you for fighting against this with us. This is a great win for privacy, yet, the battle is not over. Together we are strong! 💪

#backdoor #encryption #privacy #security

Remind Legislators: "A backdoor for the good guys only is not possible."

France is about to pass the worst surveillance law in the EU. We must stop them now! | Tuta

An amendment to the “Nacrotrafic” law is moving to the French National Assembly. Remind your legislators that a backdoor for the good guys only is not possible.
Tuta
#privacy #encryption #security #backdoor #narcotrafic

#linux #privacy #gpg #encryption #security #cybersecurity #pgp #gnupg

#security #encrypted #2fa #passwordmanagers #trinity @Bitwarden

#privacy #encryption #security #backdoor

Here are some of our main takeaways from the EU Open Source Policy Summit 2025:💡 👨‍💻

— Open and collaborative innovation solves the dilemma of #competitiveness and #sovereignty
— Now is the time to invest in open source #maintenance and #security
— Building sustainable open source ecosystems remains challenging but necessary
— Open source is being increasingly regulated in Europe, and the new challenge is #implementation and #compliance

Read more in our new blog: 👇 🔗

openforumeurope.org/the-eu-ope…

#security #maintenance #compliance #competitiveness #sovereignty #implementation

#foss #opensource #security #libreoffice #ui #Customization #officesuite #documentfoundation @LibreOffice @The Document Foundation

#android #privacy #security #AppStore #accrescent

Tuta email, located in Germany, Europe, now uses quantum computers to encrypt their emails.

(Technically, they are using algorithms determined to be safe against attacks from quantum computers. And they don't actually have a quantum computer running 24/7, but that is good enough for me.)

#Tuta #Email #QuantumComputers #Quantum #Privacy #Security

#email #privacy #security #quantum #tuta #quantumcomputers

I tried to find when #Signal has published the most recent #security audit, and it turns out they either never published an audit or their code was never audited at all.

The closest thing I found is the list
community.signalusers.org/t/ov…
which only cites research papers and some evidence that in 2018 Signal paid Doyensec, but nothing got published as the result. Even then, it looks like the apps were not audited for more than 5 years since then.


Overview of third-party security audits

Let’s collect past security audits here: Formal audits Year Auditor(s) Sponsor App/Component Published Link Last update / extended 2013 iSEC Partners (NCC Group) Open Technology Fund RedPhone and TextSecure ❌ Blog post 2014 Frosch et al.
Signal Community
#signal #security

The world needs secure communication more than ever, as a bulwark against the surveillance, authoritarianism, and oppression increasingly enabled by Big Tech. Matrix seeks to meet that need, as an open source, decentralised, encrypted comms protocol.

But Trust & Safety is more difficult in a decentralised environment. How are we building a safer Matrix?

matrix.org/blog/2025/02/buildi…

#Matrix #Security #Privacy #TrustAndSafety #OpenSource #FOSS


Building a Safer Matrix

Matrix, the open protocol for secure decentralised communications
Jim Mackenzie, VP Trust & Safety — The Matrix.org Foundation (matrix.org)
#foss #matrix #opensource #privacy #security #TrustAndSafety

#privacy #security #biometrics #article #privacyguides

"The UK’s war on encryption affects all of us" via @verge.

Indeed, the UK's actions imperil security across the globe.

It's worth highlighting that open source comms tools, like @matrix and @signalapp, empower researchers and users: you'll _see_ if a backdoor is added.

Not so with proprietary tools. Do you really trust Meta, Apple, or Google not to roll over on you?

theverge.com/policy/612136/uk-…

#FOSS #SoftwareFreedom #OpenSource #Security #Privacy #Encryption


The UK’s war on encryption affects all of us

The UK is using its Investigatory Powers Act to demand backdoor access to iCloud users’ encrypted backups worldwide.
Gaby Del Valle (The Verge)
#foss #opensource #privacy #encryption #security #softwarefreedom @The Matrix.org Foundation @The Verge @Signal

If Apple complies with this, the UK government will gain access to all iCloud data globally. The only way Apple comes out of this with any integrity is to leave the UK market. If they give in to this, every regime in the world will demand the same thing. And that’s before we even get to the fact that there’s no such thing as a “backdoor” for just so-and-so. Either there is a door or there isn’t and if there is, anyone who obtains the key can use it.

theguardian.com/technology/202…

#apple #backdoor #UK #encryption #privacy #security #personhood #data #democracy #humanRights #iCloud


UK demands ability to access Apple users’ encrypted data

Expert says government has ‘lit the blue touch paper on a truly enormous fight’ as it challenges firm’s privacy stance
Dan Milmo (The Guardian)
#apple #privacy #encryption #security #uk #HumanRights #democracy #data #personhood #icloud #backdoor

Six times so far ... is how often important parts of #deltachat were independently #security audited and analyzed. Thanks to IncludeSecurity, Cure53, Applied Crypto Team at ETH Zuerich and Radical Open Security.

Last audit is from December 2024 covering @rpgp , the minimal #OpenPGP Rust library that is gaining traction with others projects as well.
Shout-out to dignifiedquire and @hko for their excellent maintenance! For more info on Delta Chat related security audits: delta.chat/en/help#security-au…


Delta Chat: FAQ

What is Delta Chat? Delta Chat is a reliable, decentralized and secure messaging app, available for mobile and desktop platforms. Delta Chat feels like Whatsapp or Telegram but you can also use and...
delta.chat
#openpgp #security #deltachat @Heiko @rPGP

Unbelievable

#ElonMusk’s US #DOGE Service are feeding sensitive data into #AI software via #Microsoft’s #cloud

#Musk’s US #DOGE Service have fed sensitive data from across the #Education Dept into #ArtificialIntelligence software to probe the agency’s programs & spending….
The AI probe includes data w/personally identifiable info for people who manage grants, & sensitive internal financial data…

#law #security #InfoSec #CyberSecurity #NationalSecurity #Trump #TrumpCoup
washingtonpost.com/nation/2025…

#infosec #Trump #security #microsoft #AI #law #education #cybersecurity #cloud #musk #elonmusk #artificialintelligence #nationalsecurity #doge #trumpcoup

Mit Verlaub, das mag hart klingen, aber für so etwas sollte ein Verantwortlicher zur Rechenschaft gezogen werden – mit Konsequenzen, die sicherstellen, dass er nie wieder eine solche Verantwortung übernehmen darf. Solche »Sicherheitslücken« sind grob fahrlässig. 👇

heise.de/news/Datenleck-in-Reh…

#datenleck #security #sicherheit


Datenleck in Reha-Kliniken: Hunderttausende Patienten betroffen

Ein Datenleck betrifft potenziell hunderttausende Patienten der ZAR-Reha-Kliniken in ganz Deutschland. Abrufbar waren unter anderem hochsensible Patientendaten.
Ronald Eikenberg (heise online)
#security #sicherheit #datenleck

Dear #Android #App #Developers, as it still happens far too often (no naming, no shaming! 💩 happens to everyone of us) a reminder to take good care of your #signing keys – and also take precautions for the case that your keystore might get lost. Please take a look at: f-droid.org/2023/09/03/reprodu… where I outline this topic.

Thanks!

#security


Reproducible builds, signing keys, and binary repos | F-Droid - Free and Open Source Android App Repository

Earlier this year, we reported about our progress concerning reproduciblebuilds. Meanwhile,more and more apps are using this; you can find some statisticsher...
f-droid.org
#android #app #security #developers #signing

Wer eine so gravierende Sicherheitslücke wie d-trust zu verantworten hat, sollte die Fehler eingestehen, statt mit Cyber-Rhetorik vom eigenen Versagen abzulenken. Datenlecks durch Schlamperei sind inakzeptabel, ebenso wie die Kriminalisierung von Sicherheitsforschern. Verantwortung, Entschuldigung, Konsequenzen – jetzt!

ccc.de/de/updates/2025/dont-tr…

#security #sicherheit #schwachstelle #verantwortung

CCC | 5-Punkte-Plan für d(on't)-trust

Der Chaos Computer Club ist eine galaktische Gemeinschaft von Lebewesen für Informationsfreiheit und Technikfolgenabschätzung.
www.ccc.de
#security #sicherheit #schwachstelle #verantwortung

Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.

"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.

Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:

Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.

Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.

Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.

Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.

After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."

samcurry.net/hacking-subaru#in…

#cars #security #subaru @starlink


Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel

On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United States, Canada, and Japan.
samcurry.net
#security #cars #subaru

Signal is a secure messenger, but there are interesting alternatives, such as @matrix , @session , @delta , @simplex or XMPP …

➡️ matrix.org

➡️ getsession.org

➡️ delta.chat

➡️ simplex.chat

➡️ xmpp.org

If you’d like to learn more about these options, have a look at the responses to this toot.

#matrix #session #signal #XMPP #messenger #decentralized #tech #technology #OpenSource #FOSS #WhatsApp #security #InfoSec #data #safety


Session | Send Messages, Not Metadata. | Private Messenger

Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.
Session
#xmpp #foss #matrix #opensource #infosec #signal #whatsapp #technology #security #messenger #decentralized #tech #data #session #Safety @The Matrix.org Foundation @Delta Chat (39c3) @Session @SimpleX Chat

Really good article. My experience with "security experts" is that most actually have very limited knowledge in the field. And lack critical thinking. This leads to an almost blind trust in these tools that spit out reports on CVSS scores that can easily be exported to nice looking spreadsheets.

Unfortunately, those tend to be taken as gospel by management. Because management never have a clue about anything.

#security #infosec

#infosec #security

Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: "We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause." 😵👇

github.com/obfusk/fdroid-fakes…

#fdroid #security #privacy #certpinning #signature


GitHub - obfusk/fdroid-fakesigner-poc: F-Droid Fake Signer PoC

F-Droid Fake Signer PoC. Contribute to obfusk/fdroid-fakesigner-poc development by creating an account on GitHub.
GitHub
#privacy #fdroid #security #certpinning #signature

just discovered some very cool new projects:
git.deuxfleurs.fr/Deuxfleurs/b…
aerogramme.deuxfleurs.fr/

aerogramme is a proxy for imap and caldav that offers encryption and some security guarantees

bagage is webdav with an s3 backend

this is all based on garage which works great on commodity hardware. you could rent a $5/mo/tb vps from hosthatch and have decently good secure, open source, cloud storage of all the above

#privacy #openSource #security #s3 #garage


bagage

Bagage is the bridge between our users and garage, it enables them to synchronize files that matter for them from their computer to garage through WebDAV
Gitea: git with a cup of coffee
#opensource #privacy #security #s3 #garage

Elektronische Patientenakte: Lauterbach verspricht einen Start „ohne Restrisiko“
netzpolitik.org/2025/elektroni…

Na ja, man wird sich ja mal versprechen dürfen...

#epa #security


Elektronische Patientenakte: Lauterbach verspricht einen Start „ohne Restrisiko“

In wenigen Tagen beginnt die Pilotphase für die elektronische Patientenakte. Gesundheitsminister Lauterbach versichert, dass bis zu ihrem bundesweiten Start sämtliche Sicherheitsprobleme gelöst sind. Mit Gewissheit überprüfen lässt sich das nicht.
netzpolitik.org
#security #epa

#foss #opensource #privacy #encryption #security #givingback

#privacy #security #grapheneos

#security #izzyondroid

Should someone stumble upon the security vulnerability disclosure at openwall.com/lists/oss-securit… – be assured the patches have already been applied at #IzzyOnDroid (and also that androguard is already aware: github.com/androguard/androgua…)

Also see the toot by the original finder: tech.lgbt/@obfusk/113765201775…

#security


Invalid regexp for the certificate · Issue #1097 · androguard/androguard

See: https://www.openwall.com/lists/oss-security/2025/01/03/1 Seems a good idea to patch ;) The regex in question -- ^META-INF/..(DSA|EC|RSA)$ -- is supposed to match all filenames that start with ...
GitHub
#security #izzyondroid

Jetzt ist auch die deutschsprachige Version unseres "Jahresberichts" online:

Ein Blick zurück, ein Blick voraus: Wie war 2024 bei #IzzyOnDroid? Was mag Euch 2025 hier bringen, woran arbeiten wir?

android.izzysoft.de/articles/n…

Und wenn Euch jemand sagt, #security oder #reproducibleBuilds wären (einmal aufgesetzt) reine Selbstläufer: Lacht sie laut aus. Software entwickelt sich weiter – und so auch ihre Risiken und Threats…


Rückblick auf 2024 und Ausblick auf 2025: Reproducible Builds, Sicherheitsmaßnahmen, und mehr

2024 winkt zum Abschied, 2025 klopft an die Tür: Was haben wir 2024 erreicht, und was sind unsere Pläne und Hoffnungen für 2025? Werft mit uns einen Blick zurück auf die eingeführten Sicherheitsmaßnahmen, auf die Fortschritte bei Reproducible Builds …
IzzyOnDroid
#security #reproduciblebuilds #izzyondroid

A look back, a look ahead: How was 2024 at IzzyOnDroid? What might 2025 bring you there, what are we working on?

android.izzysoft.de/articles/n…

And if anybody ever tells you #security or #reproducibleBuilds are "set-and-forget", laugh straight into their faces. Software evolves, and so do their threats and risks…

German readers: Die Deutsche Version folgt in Kürze…

#IzzyOnDroid


Review of 2024 and Outlook for 2025: Reproducible Builds, Security Measures and more

2024 waves goodbye, 2025 knocks at the door: what did we achieve in 2024, and what are our plans and hopes for 2025? Join us to take a look back at security measures established, at progress with Reproducible Builds – and for a look ahead of what mig…
IzzyOnDroid
#security #reproduciblebuilds #izzyondroid

#webdev #security #ui #memes

#security #supplychainsecurity

At last, the USB portal originally authored by @refi64 in 2021, later continued by Georges Stavracas in 2023, and finalized by @hub, has been merged!

The USB portal allows sandboxed formats like Flatpak to access USB devices without poking holes in the sandbox. This is great for security, as accessing USB devices will now need to be explicitly granted by the user.

Now we just need to wait for implementers to implement them in their respective portal implementations, starting with GNOME: gitlab.gnome.org/GNOME/xdg-des…

The documentation for the USB portal is available on the xdg-desktop-portal website: flatpak.github.io/xdg-desktop-…

#Flatpak #Security #GNOME


Usb

Description: Portal for USB device access This interface lets sandboxed applications monitor and request access to connected USB devices. Applications should prefer specialized portals for specific...
XDG Desktop Portal
#security #gnome #Flatpak @re:fi.64 @Hubert Figuière

Repeat offenders drive bulk of tech support scams via #Google #Ads

"Search engines, and Google’s in particular, are our gateway to the web. Yet, that door sometimes opens up to unsavory places thanks to sponsored search results, AKA ads."

This is part of the reason I recommend using an #adblocker (whether in browser, on device, or network-based.)

#cybersecurity #scams #security #privacy

malwarebytes.com/blog/scams/20…


Repeat offenders drive bulk of tech support scams via Google Ads | Malwarebytes

Consumers are getting caught in a web of scams facilitated by online ads often originating from the same perpetrators.
Jérôme Segura (Malwarebytes)
#google #privacy #security #cybersecurity #scams #adblocker #ads

I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:

#oss #opensource #security

sethmlarson.dev/slop-security-…


New era of slop security reports for open source

I'm on the security report triage team for CPython, pip, urllib3, Requests, and a handful of other open source projects. I'm also in a trusted position such that I get "tagged in" to other open sou...
sethmlarson.dev
#opensource #oss #security

Synapse 1.120.2 was just released with several security fixes: github.com/element-hq/synapse/…
You should really update now and while the last 2 CVEs say, they were fixed on 1.106, to my knowledge that is only true if you enabled authenticated media, which only became the default in 1.120, so you really want to update even for those or at least update your config.

Thank you! :)

#matrix #synapse #security


Release v1.120.2 · element-hq/synapse

Synapse 1.120.2 (2024-12-03) This version has building of wheels for macOS disabled. It is functionally identical to 1.120.1, which contains multiple security fixes. If you are already using 1.120....
GitHub
#matrix #security #synapse

Gmail and Outlook are popular but not necessarily the best - especially when it comes to #privacy and #security.

In this in-depth guide we review #Gmail vs #Outlook and fill you in on the best email provider that's ad-free, private, and secure. 😉

👉 Read more: tuta.com/blog/outlook-vs-gmail

Advertising and Tracking table comparison: Tuta Mail, Outlook and Gmail.

Outlook vs Gmail: Which is best in 2024? | Tuta

When looking to create a free email address with Outlook or Gmail, we've got a few tips to help you choose the best provider for top privacy and security.
Tuta
#privacy #security #GMail #outlook

#security

theguardian.com/technology/202…

This article discusses how to protect privacy, amidst concerns of increased government surveillance.

The article is aimed at Asylum seekers & immigrants to the US, but it's solid advice for anyone, really.

Recommendations include using encrypted messaging apps like Signal, Apple iMessage, and WhatsApp, and setting messages to disappear.

It also recommends minimizing data sharing and deleting data when possible, particularly from Google.

#privacy #security


Opt out: how to stop tech companies spying on your phone as Trump promises mass deportations

There are no federal privacy regulations to protect your information – here’s how you can do it yourself
Johana Bhuiyan (The Guardian)
#privacy #security