We sat down with Troy Hunt from Have I Been Pwned to discuss #passwords, data breaches, and what you can do to keep your personal information safe online.Wit...
I learned about secure software development on the job, but like ethical computing (which I've talked about before), this should also be included in formal education. Because of the current threat models, topics like security by design and zero-trust frameworks are critical when developing Internet systems. linuxfoundation.org/press/linu…
Being #OpenSource has many advantages. For #NVDA has opened the way for community contributions, and has enabled #transparency, #security and #innovation beyond what might have been possible in closed software. Increasingly, governments are also mandating the use of open source. Here is an article on such a step forward in Switzerland:
"Switzerland Makes Open Source Software Mandatory For Public Sector"
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
In case you missed it: Accrescent is now mirrored in the GrapheneOS App Store! This helps GrapheneOS users securely and easily obtain Accrescent from a trusted source.
GrapheneOS highly values privacy and security as we do, so we're excited about this collaboration.
GrapheneOS App Store now includes a mirror of Accrescent, which is a privacy and security focused alternative to the Play Store distributing developer builds of apps:
https://accrescent.
Tuta Mail is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.
Computer hardware maker #Zotac exposed customers' RMA info on Google Search
Misconfiguration of permissions folders holding customer info related to RMAs have been indexed by search engines like #Google. As a result, it has shown up on SERPs.
Information leaked includes invoices, addresses, and contact information.
Fun fact: Security Misconfiguration is number 6 on the OWASP Top 10 Web app Security Risks.
Another one back-to-back! Accrescent 0.22.0 is released to ensure Accrescent can always update itself, add a theme option to settings, and fix a bug related to preferred languages: github.com/accrescent/accresce…
This release ensures Accrescent can always update itself, adds a setting to manually change the app theme (light, dark, or system), and fixes an issue where app's wouldn't be installed in the user'...
This release includes some minor accessibility improvements, settings changes, and network improvements.
Changes
A11y: Announce app list refreshing state (@PatrykMis)
Add donation link to settings...
3/3 For those interested in learning more about the code signing process, and this warning, please see: answers.microsoft.com/en-us/wi…"
and if you would like to test out Alpha builds of NVDA, head to: Please feel encouraged to run the latest snapshot from nvaccess.org/files/nvda/snapsh….
If you do have any questions or concerns, please reach out to us at info@nvaccess.org.
To allow NVDA to run, press tab to "Run anyway", and press enter to run the snapshot. This will help us get through this period until Windows considers our certificate "trusted":
ID Verification Service for #TikTok, #Uber, X Exposed Driver Licenses
In this case, the ID verification vendor leaked admin credentials and exposed people’s information (sensitive documents and status of verification) for over a year.
All for “age verification” we introduce another EZ mode way for people’s real life identities to be compromised. Companies want you to provide sensitive documents to prove you’re real/your age but can’t be bothered to invest money/time/effort in basic #security to secure what you give them.
As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.
#Windows 11 is now automatically enabling #OneDrive folder backup without asking permission
"Quietly and without any announcement, the company [#Microsoft] changed Windows 11's initial setup so that it could turn on the automatic folder backup without asking for it."
Imagine your operating system forcing all your desktop files to sync to the cloud, without letting you know it would do that. Users should be aware of when their files are synced to any cloud.
Oh wait, I forgot... Microsoft has zero regard for user choice, #privacy, and #security.
Microsoft quietly changed how folder backup works in the OneDrive app on Windows 11. Now, the OS enables it by default during the initial setup without asking the user for permission.
"for the first time, Commissioner Jourova publicly admitted at yesterday's EDPS summit that encryption would need to be broken for Chat Control to become effective." — tuta.com/blog/interview-patric…
Patrick Breyer fordert zum Widerstand gegen die Chatkontrolle auf und gibt Tipps, wie sich jeder Einzelne aktiv beteiligen kann. Werdet JETZT aktiv, sonst kann es sein, dass die Unvernunft siegt. 👇
Der belgische Vorsitz im Rat der EU will die Chatkontrolle am Mittwoch den 19. Juni abstimmen lassen. Damit bestätigen sich die Befürchtungen: die Verfechter der Chatkontrolle wollen ausnutzen, dass es nach den Wahlen weniger öffentliche Aufmerksamke…
Geoff Huston's offers interesting commentary on DNSSEC and the problem of securing the domain name system more generally: potaroo.net/ispcol/2024-05/dns… My own domains are DNSSEC-signed. The necessary Bind 9 configuration is simpler nowadays than it used to be, as much of the process has been automated - a welcome change. #Internet #DNS #DNSSEC #security
This episode of the Security, Cryptography, Whatever podcast offers insight into the history of Transport Layer Security (TLS), and critical discussion of certificate transparency, DNSSec, and other protocols. Post-quantum cryptography is also considered. securitycryptographywhatever.c… #Security #CryptographicProtocols
Is it just me, or has Microsoft gone completely crazy? They are implementing spyware that takes screenshots every second and forcing AI integration. Why would anyone willingly purchase this? Anyone with experience in computer or information security knows that it is a bad idea, even if it is locally done. Just don't do it. Yet, here we are, and they are doubling down on this idea. arstechnica.com/gadgets/2024/0… #privacy #security
#Android is getting an AI-powered #scam call detection feature
Will be powered by Gemini Nano, which #Google says can be run locally and offline to process "fraudulent language and other conversation patterns typically associated with scams" and push real-time alerts during calls where detected red flags are present.
It will be opt-in, but Gemini Nano is currently only supported on Google Pixel 8 Pro and Samsung S24 series devices.
Google is testing a new call monitoring feature that warns users if the person they’re talking to is likely attempting to scam them and encourages them to end such calls.
Der Messenger #Telegram ist für eine sichere Kommunikation nicht geeignet - standardmäßig sind die Nachrichten nicht einmal Ende-zu-Ende verschlüsselt. Besser geeignet sind #Signal oder #Threema. Übrigens: Elon Musk ist das Paradebeispiel eines Trolls. Einfach ignorieren. 😉
TPM2-measured boot with bus protection is pretty nice actually for Linux installations where secure boot is not enabled, like the default Arch Linux installation for instance.
For the sake of "defence in depth", I'd enable both if it is out-of-the-box feature but would not probably bother with secure boot if it requires extra work.
So, the takeaway from this is that it would make a lot of sense to make measured boot happen in arch-install installation as opt-in feature. No Microsoft key required.
Still so far the most informative overview for the shenanigans is microos.opensuse.org/blog/2023… but I'd also look for more recent references.
Policy hash calculation per kernel package update for LUKS2 is what needs to happen over time whenever a new kernel package is installed with hooks/scripts.
So the thing that was hyped to DRM the world into a locked down hellhole rendered out the Microsoft key hard binding instead 🤷
Those changes are currently only applied to the master branch and didn't yet go to any release or distribution packages. They were supposed to fix a #security issue, but not to break some binary repos, which is what the applied patches might do. Find the originally proposed and recommended patches at github.com/obfusk/fdroid-fakes… – and also see e.g. tech.lgbt/@obfusk/112306314357… for some additional background.
Open Source audited technologies and self-built solutions give the Tuta team full control over their tech stack - an important factor when it comes to security.
Veilig communiceren met én binnen de overheid. Hoe werkt dat? Dit kan alleen wanneer er volledige zekerheid is over de afzender, de inhoud en de vertrouwelijkheid van het bericht. PKIoverheid zorgt daarvoor. Check de video! 👇
