Skip to main content

Search

Items tagged with: security


Threat Modeling In 2024: Your Guide For Better #Security

@Tutanota shares some tips on developing a threat model for your personal use case.

#privacy #privacymatters

tuta.com/blog/threat-modeling-…


#monocles chat 1.7.9 is released on the playstore with a lot of updates and improvements! (See comments below)

play.google.com/store/apps/det…

#xmpp #chat #privacy #security #messenger


RFC time! We're working on specifying how Accrescent's repository should look technically.

If you're an app developer who cares about app store features, an Accrescent user, or just interested in our development, leave your comments in the issue below 👇

github.com/accrescent/meta/iss…

#android #appstore #security #privacy #accrescent


If you're running a DNS server, it may be time for a security upgrade due to these recently announced DNSSec vulnerabilities. The Internet Systems Consortium offers a good explanation, as well as upgrades to Bind 9.
isc.org/blogs/2024-bind-securi…
#dns #security


- "The EU Court ruled that “Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users’ electronic communications.”"
- “mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials.”
💖 Wow :blobcatheart:

➡️ European Court of Human Rights's ruling: }]https://hudoc.echr.coe.int/eng/#{%22itemid%22:[%22001-230854%22]}

#Privacy #Encryption #Security


Accrescent 0.17.1 released! This one fixes a bug where the download progress indicator was hidden and makes preparations for some upcoming server scaling improvements (follow for more info on that 😉).

Check out the release notes below!

github.com/accrescent/accresce…

#privacy #security #accrescent #appstore #android


I noticed a report, cited by Slashdot, that 3 million smart toothbrushes have been infected by malware and exploited to commit distributed denial of service attacks.
In addition to the measures that should be taken by various device manufacturers to secure and update their Internet-connected products, this incident suggests that we should follow the security recommendation according to which Internet of Things devices belong on a separate wireless network from your workstations or other systems containing valuable data.
tomshardware.com/networking/th…
#security #InternetOfThings


I gave a talk at #fosdem #fosdem2024.

Video and slides are now available:
fosdem.org/2024/schedule/event…

#thunderbird #security #openpgp #librepgp #smime

I'm interested in your feedback on these thoughts. Either here, or, if your feedback is longer, for a discussion it might be best to post to
thunderbird.topicbox.com/group…

Thanks a lot to the organizers of @fosdem and the modern email developer room.
github.com/modern-email/FOSDEM…


"Mastodon: Diebstahl beliebiger Identitäten im föderierten Kurznachrichtendienst" 😬

Die Versionen 3.5.17, 4.0.13, 4.1.13 und 4.2.5 beheben die Sicherheitslücke. 👇

heise.de/news/Mastodon-Diebsta…

#mastodon #security #vulnerability #schwachstelle #sicherheit


Getting security online right seems like a daunting task. But one thing is certain: Password managers help! 💪

🔥Here are our top three: tuta.com/blog/best-password-ma… 🔥

What are your favorite #PasswordManagers

#privacy #security #opsec #passwords #passwordfatigue #databreach #breachdata #infosec

  • KeePassXC (49%, 218 votes)
  • Bitwarden (46%, 201 votes)
  • Pass (4%, 18 votes)
437 voters. Poll end: 9 months ago


S/MIME E-Mail Verschlüsselung mit Thunderbird einrichten? Wie das geht, erkläre ich in diesem Video:

youtube.com/watch?v=exPq87oSJL…

spacefun.ch/linux-videos#extra…

#Linux #Thunderbird #SMIME #Video #YouTube #Tutorial #Security #Privacy


Today, we call on all Interior, Justice & Economy ministers of EU countries, to choose the right side: #privacy or #surveillance.

Together with other privacy-first companies we call on our ministers to defend encryption & protect privacy. 🔒

Read the full text here: tuta.com/blog/open-letter-encr…

#chatcontrol #encryption #security #cybersecurity


Accrescent 0.17.0 is out! Accrescent now caches repository metadata, reducing bandwidth use a smidge, paving the way for a revamped download system, and bringing offline support just a *little* bit closer.

Check out the release notes below! github.com/accrescent/accresce…

#accrescent #security #privacy #android #appstore


Switch easily between work and personal Bitwarden accounts on Desktop, Mobile apps, and now the Bitwarden browser extension! Learn more in this blog: bitwarden.com/blog/account-swi…

#cybersecurity #security #passwordsecurity #passwordmanager #passwordmanagement


Falsehoods programmers believe about… Biometrics

(For the new reader, there is a famous essay called Falsehoods Programmers Believe About Names. It has since spawned a long list of Falsehoods Programmers Believe About....)

Everyone has fingerprints!

The BBC has a grim tale of a family with a genetic mutation which means they have no fingerprints. It det

shkspr.mobi/blog/2021/01/false…

#/etc/ #design #falsehoods #policy #security


Today at apt.izzysoft.de/fdroid not just some #AndroidAppRain with 11 updated apps, but also some "evaporation": 12 apps have been removed as they used expired debug keys, more will follow them the next days. Some background on this can be found at gitlab.com/IzzyOnDroid/repo/-/…

For some more background: I'm currently implementing additional checks for better app security, see gitlab.com/IzzyOnDroid/repo/-/… – once done and working, details will follow with a blog article.

#Android #app #security


cURL-Maintainer: KI liefert "Scheiß-Berichte" als Bug-Reports

Mit sehr deutlichen Worten hat sich cURL-Maintainer Daniel Stenberg zu KI geäußert: Sie werde bei der Bug-Bounty missbraucht und liefere falsche Ergebnisse.

heise.de/news/cURL-Maintainer-…

#KünstlicheIntelligenz #Security #news


Guten Morgen. Wer sie noch nicht kennt, sollte unbedingt einen Blick in die Empfehlungsecke werfen. Diese enthält meine aktuellen Empfehlungen zu verschiedenen Themen wie Messenger, Werbeblocker, werbefreies YouTube, Passwort-Manager, Suchmaschinen und Co. 👇

kuketz-blog.de/empfehlungsecke…

#empfehlung #tracking #security #datenschutz #adblocker #android #youtube #messenger #linux #firefox #dns #unifiedpush #email #frankgehtran #thunderbird #passwortmanager #videokonferenz #vpn #suchmaschine


In 2024, please switch to Firefox roytanck.com/2023/12/23/in-202… #privacy #security #opensource #unix #linux #macos


This December, if there’s one tech New Year’s resolution I’d encourage you to have, it’s switching to the only remaining ethical web browser, Firefox. According to recent posts on social media, Firefox’s market share is slipping. We should not let that happen. There are two main reasons why switching is important.
A red panda (firefox) resting on a tree branch.Red Panda” by Mathias Appel is marked with CC0 1.0.

1. Privacy


Firefox is the only major browser not built by a company that makes money from advertising and/or selling your personal data. There’s been a lot of talk about websites tracking users using cookies, fingerprinting and other nefarious technologies that hurt your privacy. But owning the browser puts Google, Apple and Microsoft in a position where they don’t even need those tricks. We need to use browsers that are independent, and right now that means Firefox.

2. Browser engine monopoly


Wikipedia lists four browser engines as being “active”. Browser engines are the bits that take a web page’s code and display it on your screen. Ideally, they conform to the official W3C standards, and display all elements as it describes. If that’s the case, web developers can easily write sites that work on all browsers. No proprietary vendor lock-in nonsense, just glorious open standards at work.

It’s happened before


In the early 2000’s, Internet Explorer had a massive 95% market share. This meant that many sites were only developed for use with IE. They’d use experimental features that IE supported, in favor of things from the official HTML standard. This was a very bad situation, which hindered the development of the World Wide Web.

Currenty, Chrome, Safari and Edge all use variations of the closely related Webkit and Blink engines. If we want to avoid another browser engine monopoly, we need to support Firefox, and its “Gecko” engine.

Firefox is actually really good


If Firefox would be a bad browser, I would not recommend you to switch. It’s fast, has a nice user interface, and feels every bit as modern and elegant as its competition. I’ve been using it as my main browser for a couple of years now, on Linux, Windows, MacOS and Android. As a web developer, I usually have at least three browsers open, but when I go look something up on the web, I pick Firefox.

So please, help save the web by using the best browser out there. It’s an easy thing to do, and it makes a big difference.

roytanck.com/2023/12/23/in-202…

#Firefox #privacy



The latest issue of this newsletter, to which I subscribe, gives a clear summary of the recently disclosed Secure Shell (ssh) security vulnerability.
feistyduck.com/newsletter/issu…
#security #ssh


The spam and abuse problems of ActivityPub and the fediverse are only likely to worsen. I run a Pleroma instance of which I am the only user. Eventually, I'll probably have to block entire domains. This documentation reveals how to do it using the Pleroma Message Rewrite Facility.
docs-develop.pleroma.social/ba…
#pleroma #fediverse #security


Here's the CISA report on memory-safe programming noted in the podcast.
cisa.gov/news-events/news/urge….
#security #programming


Responding to recent U.S. policy proposals on legal liability for security-related software defects, this podcast explores the issue of what "secure by design" software amounts to, and how it can be achieved.
lawfaremedia.org/article/the-l…
#security #SecurityPolicy #law


#Threema hat heute einen Blogpost veröffentlicht, der sich mit der Problematik der Google/Apple Push-Dienste auseinandersetzt. Vorbildlich! Von Signal fehlt mir so eine Stellungnahme noch @Mer__edith

threema.ch/de/blog/posts/push-…

#messenger #threema #signal #security #sicherheit #datenschutz #privacy


Say hello to privacy! 👋

Tuta comes with zero trackers.

Thanks @exodus for providing this great test! 😍 👍

#Privacy #NoTrackers #Security


🔥 Grab YourName@tuta.com with our new domain! 🔥

Pick you favorite! ✊ Go Revolutionary now: tuta.com/create-email-address?…

#privacy #privateemail #encryption #emailaddress #security


same reason for #Linux I guess and same reason why I do all the #OS1337 code in #bash with only .config makefiles where needed:

Readable and thus easy to #audit code allows for #transparency, which is vital for #maintainability and #security...

After all, mistakes do happen and I'd rather have it easy find and fix than optimize every bit at the cost of unmaintainable code.


Big Brother is watching you - now also via Google's & Apple's push. 🤬

That's why we don't use Google Push. When using Tuta, Google sees nothing! 💪

✅ Zero tracking
✅ Fully encrypted
✅ Maximum privacy

The data they don't get, they can't hand out to authorities! Go secure now: tuta.com/create-email-account?…

Here's more info on why we don't use Google Push and do not send any info via Apple notifications: tuta.com/blog/open-source-emai…
#security #privacy #google #apple #notifications #surveillance #tracking


LibreOffice supports symmetric and asymmetric encryption for OpenDocument Format (ODF) files.

Select File > Save/Save As

The "Save with password" option encrypts the file with AES-256.
The "Encrypt with GPG key" option encrypts the file with a public key.

Symmetric encryption: en.wikipedia.org/wiki/Symmetri…
Asymmetric encryption: en.wikipedia.org/wiki/Public-k…

Website: libreoffice.org
Mastodon: @libreoffice

#LibreOffice #Encryption #OpenSource #OpenPGP #PGP #GnuPG #GPG #InfoSec #Privacy #Security


Accrescent 0.16.0 is released! Apps can now include short descriptions, MTE is enabled by default for extra security, and update notifications aren't quite as pesky anymore. See the changelog below 👇

github.com/accrescent/accresce…

Developers can learn how to add short descriptions to their own apps in our freshly updated documentation. Check it out! accrescent.app/docs/guide/main…

#security #privacy #appstore #android #Accrescent


My colleague discovered this really solid collection of cheat sheets on application security topics:
cheatsheetseries.owasp.org/

#webdev #security


Are you looking for a new email address?

🔥 Grab YourName@tuta.com while you still can. 🔥

Pick you favorite now! ✊ Go Revolutionary: tuta.com/create-email-account?…

#privacy #privateemail #encryption #emailaddress #security


Sending end-to-end encrypted emails has never been easier! 😍

With a few simple clicks you can communicate securely and converse in total privacy.🔒

Protect yourself today with a new Tuta.com address!👇
tuta.com/

#privacy #encryption #opensource #security #sunday


monocles chat 1.7.7.2 is released today on f-droid with a big update! 🎉

Enjoy your new and secure chat experience!
f-droid.org/en/packages/de.mon…

And see the changelog since the previous version in the comments

#fdroid #monocles #chat #xmpp #security


Say NO to broken browsers! ⛔

The EU is preparing a very dangerous law that would undermine the security of every browser.

Speak up now! 🗣️

@Jeremiah has more on how you can help to protect the web! 💪

jeremiahlee.com/posts/2023-eu-…

#EU
#privacy
#security
#webdev
#eIDAS