🦾6 AI Tos Used by Hackers
🔹Poisongpt
🔹Wormgpt
🔹Speechif.ai
🔹Deepl.ai
🔹Freedom.ai
🔹Passgan.ai
🔖#infosec #cybersecurity #hacking #pentesting #security
Search
Items tagged with: security
There Is Just One Way To Do Open Source Security: Together: thenewstack.io/there-is-just-o… via @TheNewStack & @sjvn
When we work together, said HackerOne CEO Mårten Mickos, we can secure #opensource software. #security
There Is Just One Way To Do Open Source Security: Together - The New Stack
HackerOne CEO Mårten Mickos highlights how open source can address security issues.Steven J. Vaughan-Nichols (The New Stack)
Accrescent 0.25.0 is out with Android 15 app archiving support, Private Space support, and settings UI improvements!
We also forgot to announce that since 0.24.0, Accrescent supports in-app predictive back!
Check out the release notes below 👇
github.com/accrescent/accresce…
#privacy #security #appstore #android #accrescent #opensource
Release 0.25.0 · accrescent/accrescent
This release adds initial app archiving support on Android 15, makes Accrescent show up as an installer in Private Space, and improves the settings UI! We also forgot to mention that since 0.24.0, ...GitHub
Accrescent recently surpassed 1,000 stars on GitHub 🥳! Thank you to everyone for your continued support!
If you'd like to help us grow, check out accrescent.app/faq#contributin…. There are lots of ways to contribute even if you can't code!
github.com/accrescent/accresce…
#security #privacy #appstore #accrescent #android
Accrescent Frequently Asked Questions
Answers to frequently asked questions about Accrescent.Accrescent
ICYMI: Internet Archive hacked, data breach impacts 31 million users
1. Nobody is safe.
2. A non-profit is using bcrypt to hash passwords, no reason why your for-profit company can't do the same.
Hungary keeps pushing for Chat Control. Here’s why they must be stopped:
👉 tuta.com/blog/opposition-again…
#chatcontrol #Fight4privacy #encryption #security
American Water shuts down online services after #cyberattack
American Water is the largest water and wastewater treatment utility in the US…
OT systems not affected - so appears this only affects their IT systems. Suspected nation state activity (Russia).
(I encourage everyone sharing this with their friends because cyber attacks absolutely can have direct “real world” consequences.)
#AIagent promotes itself to #sysadmin , trashes #boot sequence
Fun experiment, but yeah, don't pipe an #LLM raw into /bin/bash
Buck #Shlegeris, CEO at #RedwoodResearch, a nonprofit that explores the risks posed by #AI , recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine.
#security #unintendedconsequences
theregister.com/2024/10/02/ai_…
AI agent promotes itself to sysadmin, trashes boot sequence
Fun experiment, but yeah, don't pipe an LLM raw into /bin/bashThomas Claburn (The Register)
Ransomware attack forces UMC Health System to divert some patients bleepingcomputer.com/news/secu… #news #Healthcare #Security
I hope to hear from @Tutanota very soon. Lack of key verification is a major flaw in the technical design of the platform, allowing a malicious Tuta server to read end-to-end encrypted exchanges (both emails and shared calendars).
github.com/tutao/tutanota/issu…
The issue has been opened 6 years ago.
#Security #Privacy #Crypto #Cryptography #Email #FOSS
![Message posted on the GitHub issue titled "Manual key verification":
"This issue has been opened for more than 6 years now, with no clear roadmap or even real consideration from the Tuta team. I have to say, I am disappointed.
You keep saying that "[...] Tuta [is] the most secure email service on the market.", but without key verification, a malicious Tuta server can read the end-to-end encrypted emails and shared calendars exchanged on the platform as there is no way to verify the recipients' public key. As explained by @llebout, "all users of Tutanota must trust Tutanota to not provide forged keys and perform an MITM attack". This is a significant flaw in the technical design of the platform, and it does not seem to bother you.
In #198, it can be read that:
> We are aware of the issues with verification, new protocol will support verification, the work is underway
However, your post-quantum implementation has now landed but still no word on the key verification issue.
Could you please stand by what you have said from day 1, that you prioritise security and privacy, and establish a clear roadmap of the work already undertaken or to be done to fix the situation?
Thank you"](https://fedi.ml/photo/preview/640/595249 "Message posted on the GitHub issue titled \"Manual key verification\":
\"This issue has been opened for more than 6 years now, with no clear roadmap or even real consideration from the Tuta team. I have to say, I am disappointed.
You keep saying that \"[...] Tuta [is] the most secure email service on the market.\", but without key verification, a malicious Tuta server can read the end-to-end encrypted emails and shared calendars exchanged on the platform as there is no way to verify the recipients' public key. As explained by @llebout, \"all users of Tutanota must trust Tutanota to not provide forged keys and perform an MITM attack\". This is a significant flaw in the technical design of the platform, and it does not seem to bother you.
In #198, it can be read that:
> We are aware of the issues with verification, new protocol will support verification, the work is underway
However, your post-quantum implementation has now landed but still no word on the key verification issue.
Could you please stand by what you have said from day 1, that you prioritise security and privacy, and establish a clear roadmap of the work already undertaken or to be done to fix the situation?
Thank you\"")
Accrescent 0.24.0 is out with settings menu accessibility improvements, target SDK 35 (Android 15), and LOTS of translation and dependency updates! 🎉
Download it from our website at accrescent.app or read the changelog below 👇
New blog post: Post-OCSP certificate revocation in the Web PKI.
With OCSP in all forms going away, I decided to look at the history and possible futures of certificate revocation in the Web PKI. I also threw in some of my own proposals to work alongside existing ones.
I think this is the most comprehensive current look at certificate revocation right now.
#security #WebPKI #LetsEncrypt #TLS #OCSP
NGI Assure, the program aimed at improving trust in our digital society, successfully concluded after its 4 year run.
[1]152 teams contributed to a more trustworthy & secure internet with their Free and Open Source projects. Thank you all!
We've made a book showcasing all the projects which you can download from the link below. There are also paper copies, so ask for those when you see us IRL.
[2][1] nlnet.nl/news/2024/20240919-NG…
[2] nlnet.nl/media/NGIAssure-bookl…
(1/2)
Tor insists its #network is safe after German cops convict CSAM dark-web admin
Kind of boils down to opsec fail here. Using outdated software, which in this case didn’t properly secure Tor connections.
Timing attacks are still viable (especially with hostile nodes), but this reads as an #opsec fail to me.
Remember: a major part of anonymity is maintaining great opsec.
Obligatory: Tor is not “just for criminals,” despite one getting caught in this case (glad he did tbh). Regular people use Tor everyday.
#cybersecurity #security #privacy
theregister.com/2024/09/19/tor…
Tor insists its network is safe after German cops convict CSAM dark-web admin
Outdated software blamed for cracks in the armorIain Thomson (The Register)
In opsec, duress (“rubber-hose”) attacks are famously hard to address. Cryptographic keys that cannot be lost have poor protections against duress.
Travelers can leave key fobs at home should they be accosted. A victim of a break-in can conveniently “lose” or smash a hardware key, erasing any encrypted data. Yes, I know about cold-boot attacks; I don’t recommend at-risk people to leave things decrypted for long durations. I like the idea of spring-loaded key fobs that can’t be left plugged in.
People talking about key fob body implants don’t usually plan for removing them in seconds with plausible deniability.
Originally posted on seirdy.one: See Original (POSSE). #Security #OpSec
We Hunted Hidden Police Signals at the DNC - Using special software, WIRED investigated police surveillance at the DNC. We collected s... - wired.com/story/dnc-hidden-sig… #security/nationalsecurity #security/securitynews #security/privacy #digitaltrail #security
Cybersecurity course: 𝗢𝗻𝗹𝗶𝗻𝗲, 𝗵𝗮𝗻𝗱𝘀-𝗼𝗻, 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹, 𝗮𝗻𝗱 𝗳𝗿𝗲𝗲!
Czech Technical Univeristy's "Introduction to Security" class opens online for free! 14 weeks of deep attacking and defending. Join us and register for free. Starting on Sep 26th.
cybersecurity.bsy.fel.cvut.cz/
#cybersec #infosec #blueteam #redteam #education #security
Authentication is almost always the most frustrating step of interacting with a service. Matrix is no different, but Quentin is about to dramatically improve the situation.
Get a glimpse of all the goodness awaiting to be unlocked once his project lands!
Замедление YouTube с технической стороны
#network #security #infosec #proxy #vless #vmess #youtube #roscompozor #ntc_party
Готовые средства обхода. Waujito написал своё решение под линукс (github.com/Waujito/youtubeUnbl…), которое направлено только на ютуб.
Также для Windows существует GoodbyeDPI от ValdikSS (github.com/ValdikSS/GoodbyeDPI), под линукс еще есть zapret (github.com/bol-van/zapret).
Существует ByeDPI (github.com/hufrea/byedpi), который работает как прокси (Windows/Linux). Также есть версия ByeDPI под андроид (github.com/dovecoteescapee/Bye…), работает как "фейковый впн".
Советую прочитать подробный комментарий от ValdikSS о том, как использовать эти средства. (github.com/yt-dlp/yt-dlp/issue…)
Если есть желание погрузиться глубже в эту тему, вот тут можно посмотреть подробнее: https://ntc.party/t/замедление-youtube-в-россии/8055/ and https://ntc.party/t/обсуждение-замедление-youtube-в-россии/8074/
Комменты как обычно бурлят.
Замедление YouTube с технической стороны: ограничение и обход
Привет, Хабр!В последнее время замечаю огромное количество информации по поводу замедления Великого, но очень мало где видел конкретику о том, как именно это раб...Vadim Vetrov (Habr)
As dating goes digital, concerns for online privacy are more relevant than ever. ❤️
Is it possible to meet someone and still keep your privacy intact? 🤔
💘 Let’s find out 👉 tuta.com/blog/private-dating-a…
#privacy #dating #safety #security
Ultimate guide to be private and secure on dating apps | Tuta
As romance goes digital, extra steps are needed to avoid a privacy heartbreak. Here are our tips for protecting yourself and your data from overexposure.Tuta
AI ❤️ Tuta!
Which makes sense as we're already using quantum-safe encryption. 🔒
We might not like AI, but it sure likes us. 😊
#ai #privacy #security #encryption #quantumworld
Hardware kill switches: Empowering users in the digital age. Our latest blog explores how physical control over your device builds trust, respects autonomy, and offers unparalleled protection. Discover how Purism is putting privacy at the forefront of mobile tech.
puri.sm/posts/the-evolution-of…
#UserPrivacy #Purism #PureOS #Security
puri.sm/posts/the-evolution-of…
#UserPrivacy #Purism #PureOS #Security
The Evolution of Smartphone Security – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.Purism SPC
Accrescent 0.23.0 is out! This release makes multilingual support a little bit better, prevents you from accidentally using your metered data by default, and improves the security of its dependencies.
See the release notes below 👇
github.com/accrescent/accresce…
#accrescent #privacy #security #appstore #android
Release 0.23.0 · accrescent/accrescent
This release makes Accrescent a little more friendly for multilingual users, helps prevent you from accidentally using your metered data by default, and improves security by removing an unmaintaine...GitHub
Why did you choose Tuta Mail? 😀
#Tuta #Germany #privacy #bestemail #encryption #security #PrivacyMatters #FREE #SecureEmail #privacyfirst #encrypted #protect
We sat down with Troy Hunt from Have I Been Pwned to discuss how to maintain privacy and security despite the constant wave of data breaches. 🧑💻
Check it out here 👉 youtu.be/94WJbheo_T0
#privacy #security #databreach #passwords #encryption
Passwords, Data Breaches & Security with Troy Hunt from Have I Been Pwned | Tuta Talks #password
We sat down with Troy Hunt from Have I Been Pwned to discuss #passwords, data breaches, and what you can do to keep your personal information safe online.Wit...YouTube
I learned about secure software development on the job, but like ethical computing (which I've talked about before), this should also be included in formal education. Because of the current threat models, topics like security by design and zero-trust frameworks are critical when developing Internet systems. linuxfoundation.org/press/linu…
#securitybydesign #security #softwaredevelopment #zerotrust #infosec #cybersecurity #education
The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development
Findings show nearly one-third of industry professionals are not familiar with secure software development practicesThe Linux Foundation
#WhatsApp for #Windows lets Python, PHP scripts execute with no warning
Granted, Python needs to be installed on the system prior.
Meta says they will not bother to fix this, despite maintaining a built-in list of potentially dangerous file types (ex: .exe)
Being #OpenSource has many advantages. For #NVDA has opened the way for community contributions, and has enabled #transparency, #security and #innovation beyond what might have been possible in closed software. Increasingly, governments are also mandating the use of open source. Here is an article on such a step forward in Switzerland:
"Switzerland Makes Open Source Software Mandatory For Public Sector"
news.itsfoss.com/switzerland-o…
#FOSS #NVDA #NVDAsr #Accessibility #Software #News
Switzerland Makes Open Source Software Mandatory For Public Sector
A big boost to the open-source community and an inspiration to other public sectors!Sourav Rudra (It's FOSS News)
N79 band private 5G + Liberty Phone = holistic security for gov/enterprise. Made in USA, custom options available. #5G #Security #Purism
puri.sm/posts/private-cellular…
puri.sm/posts/private-cellular…
Private Cellular Networking and Secure Client Devices – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.Purism SPC
We all have an email alter ego - who is yours? 🥸
Let us know in the comments!
#email #privacy #officehumor #security #encryption
In case you missed it: Accrescent is now mirrored in the GrapheneOS App Store! This helps GrapheneOS users securely and easily obtain Accrescent from a trusted source.
GrapheneOS highly values privacy and security as we do, so we're excited about this collaboration.
grapheneos.social/@GrapheneOS/…
#privacy #security #accrescent #appstore #android
GrapheneOS (@GrapheneOS@grapheneos.social)
GrapheneOS App Store now includes a mirror of Accrescent, which is a privacy and security focused alternative to the Play Store distributing developer builds of apps: https://accrescent.GrapheneOS Mastodon
What's the main difference between Tuta Mail and Gmail? 😎 PRIVACY 🔐
Get your #FREE Tuta Mail account now: app.tuta.com/signup
#Tuta #Germany #privacy #freedom #bestemail #encryption #security #PrivacyMatters #FREE #SecureEmail #privacyfirst #encrypted
Secure Emails Become a Breeze
Tuta Mail is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.Tuta Mail
APPLE OR ANDROID? 🧐
Either way, we've got you covered ✌️
Read our #tips for protecting your #privacy on iPhone and Android here👇
✅Android users: tuta.com/blog/android-settings…
✅iPhone users: tuta.com/blog/iphone-security-…
#apple #android #security #tips #privacytips #securitytips #Tuta #encrypted #Eu
Increase your privacy with these Android security settings.
Don’t share all your data with Google! Improving your privacy settings on Android is quick and easy with this guide.Tutanota
STAGGERING: Nearly all #ATT customers' text & call records breached.
An unnamed entity now has an NSA-level view into Americans' lives.
Damage isn't limited to AT&T customers.
But everyone they interacted with.
Also a huge national security incident given government customers on the network.
And of course, third party #Snowflake makes an appearance.
cnn.com/2024/07/12/business/at…
#infosec #cybersecurity #telco #cellular #privacy #security #breach
Computer hardware maker #Zotac exposed customers' RMA info on Google Search
Misconfiguration of permissions folders holding customer info related to RMAs have been indexed by search engines like #Google. As a result, it has shown up on SERPs.
Information leaked includes invoices, addresses, and contact information.
Fun fact: Security Misconfiguration is number 6 on the OWASP Top 10 Web app Security Risks.
Do you want to help secure GNOME and get a reward? 🏅
We are testing a new program in which people get a payment for reporting and/or solving vulnerabilities.
yeswehack.com/programs/gnome-b…
From €500 to €10,000 depending on criticality 💶
For now only GLib is in scope but we will expand the list of modules and advertise as the program grows.
In partnership with @yeswehack and @sovtechfund
#GNOME #infosec #FreeSoftware #security #bugBounty #OpenSource #cybersecurity
GNOME Bug Bounty Program bug bounty program - YesWeHack
GNOME Bug Bounty Program bug bounty program detailsYesWeHack #1 Bug Bounty Platform in Europe
This is a bit of a concern @signalapp hopefully this is addressed sooner
@Mer__edith
#Signal #Bug #security
