I hope to hear from @Tutanota very soon. Lack of key verification is a major flaw in the technical design of the platform, allowing a malicious Tuta server to read end-to-end encrypted exchanges (both emails and shared calendars).

github.com/tutao/tutanota/issu…

The issue has been opened 6 years ago.

#Security #Privacy #Crypto #Cryptography #Email #FOSS

Accrescent 0.24.0 is out with settings menu accessibility improvements, target SDK 35 (Android 15), and LOTS of translation and dependency updates! 🎉

Download it from our website at accrescent.app or read the changelog below 👇

github.com/accrescent/accresce…

#accresent #security #privacy #appstore #android

New blog post: Post-OCSP certificate revocation in the Web PKI.

With OCSP in all forms going away, I decided to look at the history and possible futures of certificate revocation in the Web PKI. I also threw in some of my own proposals to work alongside existing ones.

I think this is the most comprehensive current look at certificate revocation right now.

#security #WebPKI #LetsEncrypt #TLS #OCSP

NGI Assure, the program aimed at improving trust in our digital society, successfully concluded after its 4 year run.

[1]152 teams contributed to a more trustworthy & secure internet with their Free and Open Source projects. Thank you all!

We've made a book showcasing all the projects which you can download from the link below. There are also paper copies, so ask for those when you see us IRL.

[2][1] nlnet.nl/news/2024/20240919-NG…
[2] nlnet.nl/media/NGIAssure-bookl…
(1/2)

#FOSS #NGI #NGI0 #Trust #Security

Tor insists its #network is safe after German cops convict CSAM dark-web admin

Kind of boils down to opsec fail here. Using outdated software, which in this case didn’t properly secure Tor connections.

Timing attacks are still viable (especially with hostile nodes), but this reads as an #opsec fail to me.

Remember: a major part of anonymity is maintaining great opsec.

Obligatory: Tor is not “just for criminals,” despite one getting caught in this case (glad he did tbh). Regular people use Tor everyday.

#cybersecurity #security #privacy

theregister.com/2024/09/19/tor…

Tor insists its network is safe after German cops convict CSAM dark-web admin

Outdated software blamed for cracks in the armor

^{Iain Thomson (The Register)}

In opsec, duress (“rubber-hose”) attacks are famously hard to address. Cryptographic keys that cannot be lost have poor protections against duress.

Travelers can leave key fobs at home should they be accosted. A victim of a break-in can conveniently “lose” or smash a hardware key, erasing any encrypted data. Yes, I know about cold-boot attacks; I don’t recommend at-risk people to leave things decrypted for long durations. I like the idea of spring-loaded key fobs that can’t be left plugged in.

People talking about key fob body implants don’t usually plan for removing them in seconds with plausible deniability.

Originally posted on seirdy.one: See Original (POSSE). #Security #OpSec

Some thoughts on the YubiKey EUCLEAK Vulnerability by @Edent
shkspr.mobi/blog/2024/09/some-…

#security #hack

Authentication is almost always the most frustrating step of interacting with a service. Matrix is no different, but Quentin is about to dramatically improve the situation.

Get a glimpse of all the goodness awaiting to be unlocked once his project lands!

youtu.be/dmUi4ZoYRWc

#authentication #ux #security

Замедление YouTube с технической стороны

#network #security #infosec #proxy #vless #vmess #youtube #roscompozor #ntc_party

Готовые средства обхода. Waujito написал своё решение под линукс (github.com/Waujito/youtubeUnbl…), которое направлено только на ютуб.
Также для Windows существует GoodbyeDPI от ValdikSS (github.com/ValdikSS/GoodbyeDPI), под линукс еще есть zapret (github.com/bol-van/zapret).
Существует ByeDPI (github.com/hufrea/byedpi), который работает как прокси (Windows/Linux). Также есть версия ByeDPI под андроид (github.com/dovecoteescapee/Bye…), работает как "фейковый впн".

Советую прочитать подробный комментарий от ValdikSS о том, как использовать эти средства. (github.com/yt-dlp/yt-dlp/issue…)

Если есть желание погрузиться глубже в эту тему, вот тут можно посмотреть подробнее: https://ntc.party/t/замедление-youtube-в-россии/8055/ and https://ntc.party/t/обсуждение-замедление-youtube-в-россии/8074/

Комменты как обычно бурлят.

habr.com/ru/articles/832678/

Замедление YouTube с технической стороны: ограничение и обход

Привет, Хабр!В последнее время замечаю огромное количество информации по поводу замедления Великого, но очень мало где видел конкретику о том, как именно это раб...

^{Vadim Vetrov (Habr)}

As dating goes digital, concerns for online privacy are more relevant than ever. ❤️

Is it possible to meet someone and still keep your privacy intact? 🤔

💘 Let’s find out 👉 tuta.com/blog/private-dating-a…

#privacy #dating #safety #security

AI ❤️ Tuta!

Which makes sense as we're already using quantum-safe encryption. 🔒

We might not like AI, but it sure likes us. 😊

#ai #privacy #security #encryption #quantumworld

Accrescent 0.23.0 is out! This release makes multilingual support a little bit better, prevents you from accidentally using your metered data by default, and improves the security of its dependencies.

See the release notes below 👇

github.com/accrescent/accresce…

#accrescent #privacy #security #appstore #android

Release 0.23.0 · accrescent/accrescent

This release makes Accrescent a little more friendly for multilingual users, helps prevent you from accidentally using your metered data by default, and improves security by removing an unmaintaine...

^GitHub

Why did you choose Tuta Mail? 😀

#Tuta #Germany #privacy #bestemail #encryption #security #PrivacyMatters #FREE #SecureEmail #privacyfirst #encrypted #protect

We sat down with Troy Hunt from Have I Been Pwned to discuss how to maintain privacy and security despite the constant wave of data breaches. 🧑‍💻

Check it out here 👉 youtu.be/94WJbheo_T0
#privacy #security #databreach #passwords #encryption

I learned about secure software development on the job, but like ethical computing (which I've talked about before), this should also be included in formal education. Because of the current threat models, topics like security by design and zero-trust frameworks are critical when developing Internet systems. linuxfoundation.org/press/linu…

#securitybydesign #security #softwaredevelopment #zerotrust #infosec #cybersecurity #education

The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development

Findings show nearly one-third of industry professionals are not familiar with secure software development practices

^{The Linux Foundation}

Hey Linux users! 🐧

Did you know that Tuta offers a dedicated encrypted desktop client for protecting your emails, contacts, and calendar? 🔐

Best of all it's completely free!

What distro will you be installing it on?
#linux #privacy #email #security #distro

#WhatsApp for #Windows lets Python, PHP scripts execute with no warning

Granted, Python needs to be installed on the system prior.

Meta says they will not bother to fix this, despite maintaining a built-in list of potentially dangerous file types (ex: .exe)

#security #cybersecurity #messengers

bleepingcomputer.com/news/secu…

Being #OpenSource has many advantages. For #NVDA has opened the way for community contributions, and has enabled #transparency, #security and #innovation beyond what might have been possible in closed software. Increasingly, governments are also mandating the use of open source. Here is an article on such a step forward in Switzerland:

"Switzerland Makes Open Source Software Mandatory For Public Sector"

news.itsfoss.com/switzerland-o…

#FOSS #NVDA #NVDAsr #Accessibility #Software #News

Switzerland Makes Open Source Software Mandatory For Public Sector

A big boost to the open-source community and an inspiration to other public sectors!

^{Sourav Rudra (It's FOSS News)}

We all have an email alter ego - who is yours? 🥸

Let us know in the comments!
#email #privacy #officehumor #security #encryption

In case you missed it: Accrescent is now mirrored in the GrapheneOS App Store! This helps GrapheneOS users securely and easily obtain Accrescent from a trusted source.

GrapheneOS highly values privacy and security as we do, so we're excited about this collaboration.

grapheneos.social/@GrapheneOS/…

#privacy #security #accrescent #appstore #android

What's the main difference between Tuta Mail and Gmail? 😎 PRIVACY 🔐

Get your #FREE Tuta Mail account now: app.tuta.com/signup

#Tuta #Germany #privacy #freedom #bestemail #encryption #security #PrivacyMatters #FREE #SecureEmail #privacyfirst #encrypted

APPLE OR ANDROID? 🧐

Either way, we've got you covered ✌️

Read our #tips for protecting your #privacy on iPhone and Android here👇

✅Android users: tuta.com/blog/android-settings…
✅iPhone users: tuta.com/blog/iphone-security-…

#apple #android #security #tips #privacytips #securitytips #Tuta #encrypted #Eu

STAGGERING: Nearly all #ATT customers' text & call records breached.

An unnamed entity now has an NSA-level view into Americans' lives.

Damage isn't limited to AT&T customers.

But everyone they interacted with.

Also a huge national security incident given government customers on the network.

And of course, third party #Snowflake makes an appearance.

cnn.com/2024/07/12/business/at…

#infosec #cybersecurity #telco #cellular #privacy #security #breach

Computer hardware maker #Zotac exposed customers' RMA info on Google Search

Misconfiguration of permissions folders holding customer info related to RMAs have been indexed by search engines like #Google. As a result, it has shown up on SERPs.

Information leaked includes invoices, addresses, and contact information.

Fun fact: Security Misconfiguration is number 6 on the OWASP Top 10 Web app Security Risks.

#databreach #security #cybersecurity

bleepingcomputer.com/news/secu…

Do you want to help secure GNOME and get a reward? 🏅

We are testing a new program in which people get a payment for reporting and/or solving vulnerabilities.

yeswehack.com/programs/gnome-b…

From €500 to €10,000 depending on criticality 💶

For now only GLib is in scope but we will expand the list of modules and advertise as the program grows.

In partnership with @yeswehack and @sovtechfund

#GNOME #infosec #FreeSoftware #security #bugBounty #OpenSource #cybersecurity

GNOME Bug Bounty Program bug bounty program - YesWeHack

GNOME Bug Bounty Program bug bounty program details

^{YesWeHack #1 Bug Bounty Platform in Europe}

This is a bit of a concern @signalapp hopefully this is addressed sooner

@Mer__edith
#Signal #Bug #security

Another one back-to-back! Accrescent 0.22.0 is released to ensure Accrescent can always update itself, add a theme option to settings, and fix a bug related to preferred languages: github.com/accrescent/accresce…

#security #android #appstore #privacy #accrescent

Release 0.22.0 · accrescent/accrescent

This release ensures Accrescent can always update itself, adds a setting to manually change the app theme (light, dark, or system), and fixes an issue where app's wouldn't be installed in the user'...

^GitHub

🎉 Wohoo! We have officially reached 90K followers on X - and we already have more then 26K here! 🎉

A BIG thank you to all our loyal Tuta users. You make our fight for #privacy and #security worth it ❤️

If you're new here, get your #FREE Tuta Mail account now: app.tuta.com/signup

Upon recommendations, I tried this AI prompt injection game for the first time. I made it to level 7 with no help from the internet!

If you want to donate to me, donate to me on this page.

My website is here where I usually blog. I'm not much of a video person, so I blog and write more than I do video!

Accrescent 0.21.0 is out with minor accessibility improvements, settings changes, and networking improvements.

Check it out and read the release notes below!

github.com/accrescent/accresce…

#android #security #privacy #appstore #accrescent

Release 0.21.0 · accrescent/accrescent

This release includes some minor accessibility improvements, settings changes, and network improvements. Changes A11y: Announce app list refreshing state (@PatrykMis) Add donation link to settings...

^GitHub

3/3 For those interested in learning more about the code signing process, and this warning, please see: answers.microsoft.com/en-us/wi…"

and if you would like to test out Alpha builds of NVDA, head to: Please feel encouraged to run the latest snapshot from nvaccess.org/files/nvda/snapsh….

If you do have any questions or concerns, please reach out to us at info@nvaccess.org.

#NVDA #FOSS #Alpha #testing #Prerelease #Certificate #Security

2/3 When the warning appears, press tab to "More info", then press enter. Reading through the dialog, note that the publisher is listed as:

"AU, Queensland, Camp Mountain, NV Access Limited, NV Access Limited"

To allow NVDA to run, press tab to "Run anyway", and press enter to run the snapshot. This will help us get through this period until Windows considers our certificate "trusted":

#NVDA #FOSS #Alpha #testing #Prerelease #Certificate #Security

ID Verification Service for #TikTok, #Uber, X Exposed Driver Licenses

In this case, the ID verification vendor leaked admin credentials and exposed people’s information (sensitive documents and status of verification) for over a year.

All for “age verification” we introduce another EZ mode way for people’s real life identities to be compromised. Companies want you to provide sensitive documents to prove you’re real/your age but can’t be bothered to invest money/time/effort in basic #security to secure what you give them.

#cybersecurity #privacy

404media.co/id-verification-se…

ID Verification Service for TikTok, Uber, X Exposed Driver Licenses

As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.

^{Joseph Cox (404 Media)}

#Windows 11 is now automatically enabling #OneDrive folder backup without asking permission

"Quietly and without any announcement, the company [#Microsoft] changed Windows 11's initial setup so that it could turn on the automatic folder backup without asking for it."

Imagine your operating system forcing all your desktop files to sync to the cloud, without letting you know it would do that. Users should be aware of when their files are synced to any cloud.

Oh wait, I forgot... Microsoft has zero regard for user choice, #privacy, and #security.

#privacymatters

neowin.net/news/windows-11-is-…

Windows 11 is now automatically enabling OneDrive folder backup without asking permission

Microsoft quietly changed how folder backup works in the OneDrive app on Windows 11. Now, the OS enables it by default during the initial setup without asking the user for permission.

^{Taras Buria (Neowin)}

"for the first time, Commissioner Jourova publicly admitted at yesterday's EDPS summit that encryption would need to be broken for Chat Control to become effective."
— tuta.com/blog/interview-patric…

#ChatControl #EuropeanCommission #Surveillance #EU #Privacy #HumanRights #Encryption #Security

Europe and Australia will both not break encryption! We’ve interviewed Patrick Breyer – the guy who coined the term Chat Control.

Action taken by privacy activists and citizens stops the push for mass surveillance.

^Tutanota