#Sweden's public sector says goodbye to #BigTech

https://www.techradar.com/computing/cyber-security/swedens-public-sector-says-goodbye-to-big-tech

#privacy #cybersecurity #Tele2Collaborate #Matrix #Element #politics

Sweden's public sector says goodbye to Big Tech

Tele2 Collaborate is a new secure collaboration hub

^{Chiara Castro (TechRadar pro)}

People still staying on X is proof that toxic relationships are not easy to leave.

#SocialMedia #MicroBlogging #Mobile #OnlineSafety #CyberSecurity

Let's use @protonprivacy and @Tutanota products.

When will the two largest providers of secure encrypted email make it the default for messages sent between them to be securely encrypted? If even they can't manage it what hope is there for the rest of the email world?

Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.

https://www.wired.com/story/house-section-702-vote/

#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle

House Votes to Extend—and Expand—a Major US Spy Program

The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.

^{Dell Cameron (WIRED)}

This piece is worth reading if you’re in tech criticism or infosec/cybersecurity and are being asked for commentary on IoT and smart home devices.

People aren’t foolish for using IoT or for wanting things to be easier in their homes. This tech makes positive and meaningful change for people of all kinds of abilities. It’s valid to worry about the privacy or security issues that IoT is riddled with, but don’t draw a direct line from there to blaming the user - some people have no alternatives that don’t involve giving up independent access to their own homes and lives. Everyone deserves to live in ways that fit their needs.

Instead, join the push to hold manufacturers and providers to account for poor security and privacy practices. Advocate for better, more respectful and accessible default configurations. Help people understand how to anticipate and mitigate the worst of these issues when they’re setting things up, and give them power and agency over their home systems.

We all deserve to have tech that works for us, in all the ways that matters.

#accessibility
#a11y #infosec
#cybersecurity
#iot #smarthome

https://www.theverge.com/24080201/smart-home-accessibility-apple-nest-alexa

How smart home technology made my home more accessible

Using one’s phone or voice to flip a light switch may be convenient since you don’t need to get up. For the author and other disabled people, this makes it accessible.

^{Steven Aquino (The Verge)}

Random strangers getting paid to 'relay' YOUR texted login codes from THEIR phone numbers.

Privacy & security nightmare fuel.

Industry is turning away from texted verification because they are insecure... so what is #telegram thinking?

https://techcrunch.com/2024/03/25/telegrams-peer-to-peer-sms-login-service-is-a-privacy-nightmare/

#cybersecurity #infosec #privacy #doxxing #stalking #surveillance

You know it's interesting that I think @thunderbird is probably the one piece of software I have been using since Windows XP as a kid and still use it to this day. I even pay $10/year for a plugin to make Thunderbird work with my Office365 I use for my content creation so I can use it seamlessly on #Linux for contacts, calendar, and mail integration.

Despite all the email providers I have hopped between I still have used Thunderbird since around 2005 or 2006 #infosec #cybersecurity #opensource

Who wants a #cybersecurity jobs AMA? My mentee session canceled! #CybersecurityCareers #Resumes #CybersecurityEducation

https://youtube.com/live/0z95pwVOiTM?feature=share

AMA Cybersecurity Careers and Resumes (and other stuff!)

My mentorship session canceled, let's chat!

^YouTube

This should be widely read, especially by the #cybersecurity community.

https://spectrum.ieee.org/lean-software-development

Why Bloat Is Still Software’s Biggest Vulnerability

A 2024 plea for lean software

^{Bert Hubert (IEEE Spectrum)}

The UK government's attempts to erode your online #privacy never cease. 🇬🇧🕵️

Luckily you've got Tuta in your corner! 🥊

We've teamed up with academics, #cybersecurity researchers, & other privacy oriented companies, like @element and @brave to fight back!

👉 https://cdt.org/insights/open-letter-from-security-experts-voices-concerns-over-the-proposed-changes-to-uk-investigatory-powers-acts-notices-regime/

[swe] EU Cyber Resilience Act är på gång och vi har fått tillgång till den nya versionen efter förra årets förhandlingar mellan komissionen, parlamentet och rådet. På torsdag kör vi Dataföreningen ett gratis lunchseminarie där vi diskuterar CRA - senaste uppdateringarna, vad säger Open Source-grupperna och vad gäller för tillverkare av digitala produkter?

Registrera dig här:

https://dfs.se/pa_gang/prata-eu-cyber-resilience-act-med-oss-13/

#CRA #EUCRA #CYBERSECURITY

Today, we call on all Interior, Justice & Economy ministers of EU countries, to choose the right side: #privacy or #surveillance.

Together with other privacy-first companies we call on our ministers to defend encryption & protect privacy. 🔒

Read the full text here: https://tuta.com/blog/open-letter-encryption-eu

#chatcontrol #encryption #security #cybersecurity

I’m in a reflective mood this week and it’s kind of wild to me that I’m known as a “provocateur” in #cybersecurity for takes like:

💡 don’t shame victims

💡 UX matters, a lot

💡we should understand what we’re supposed to protect

💡 if someone clicking a thing on the thing-clicking machine leads to security failure, they are not the foolish one

💡 the best things a security program can invest in aren’t in the RSAC vendor hall

💡 maybe we should start actually proving outcomes??????????

¯\_(ツ)_/¯

#cybersecurity zealots often shame humans for writing down their passwords, but as someone who just had to excavate the digital remains of a loved one who died suddenly:

*please* write down your credentials somewhere a trusted human can find them, especially your phone passcode and any primary passwords (like for email accounts, password manager, etc.)

the humans who care about you will need that access for many reasons; a "badass" threat model will only add helplessness to their grief

Switch easily between work and personal Bitwarden accounts on Desktop, Mobile apps, and now the Bitwarden browser extension! Learn more in this blog: https://bitwarden.com/blog/account-switching-phased-rollout-for-bitwarden-clients/

#cybersecurity #security #passwordsecurity #passwordmanager #passwordmanagement

Switch between Bitwarden accounts quickly and easily | Bitwarden Blog

Quickly switch between multiple Bitwarden accounts in the browser extension, desktop and mobile apps.

^Bitwarden

curl is now a CVE Numbering Authority (CNA) assigning CVE IDs for all for all products made and managed by the curl project. This includes curl, libcurl, and trurl.

https://cve.org/Media/News/item/news/2024/01/16/curl-Added-as-CNA

#CVE #CNA #VulnerabilityManagement #Vulnerability #Cybersecurity

Critical flaw found in WordPress plugin used on over 300,000 websites.

Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/critical-flaw-found-wordpress-plugin-used-over-300000-websites

#cybersecurity #wordpress #vulnerability

Critical flaw found in WordPress plugin used on over 300,000 websites

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control.

^{www.tripwire.com}

📫GREAT Reason To Both Use / Support @thunderbird #Thunderbird

New Microsoft #Outlook Collects / Shares Your Data w/Over 772 Parties

#email #communication #FOSS #Microsoft #Thunderbird #Mozilla #encryption #crypto #e2ee #infosec #Proton #surveillance #cybersecurity #privacy #News

https://proton.me/blog/outlook-is-microsofts-new-data-collection-service

Outlook is Microsoft’s new data collection service

The new Outlook now appears to be a data collection service for Microsoft’s 772 external partners for targeted advertising.

^{Edward Komenda (Proton)}

Performed Email security standards tests with
@internet_nl .
http://Internet.nl - test to check if the service supports modern internet standards like IPv6, DNSSEC, DMARC, DKIM, SPF, STARTTLS, DANE, RPKI.

Scores:
@protonmail - 75%
@skiff - 85%
@Tutanota - 87%

#emailsecurity #privacy #cybersecurity

Infoek.cz je pod DDoS a Slowloris útoky vlastně denně, a to již od začátku války na Ukrajině. Rusům se nelíbí projev nesouhlasu s napadením suverénního státu v některých článcích. 😀

Během noci byl Slowloris útok opět masivní, ale web se drží. 😉

V geoblokaci webu jsou všichni návštěvníci z Ruska, Íránu, Palastiny a Kataru. Automaticky jsou přesměrováni na https://infoek.cz/ip-ban/. Na jiný odkaz v rámci stránky se nedostanou.

#StandWithUkraine #FckRussia #cybersecurity

If you do 1 thing today, use @Tutanota and forward your #gmail and #hotmail to your new inbox. Take back your mailbox!

For your second thing, switch to an encrypted messenger like #Signal and get your friends and family on it. It's so easy.

#cybersecurity #cybersecurityawarenessmonth #E2EE #globalencryptionday #privacy

Share this with your friends and family and spread #privacy! https://yt.artemislena.eu/watch?v=MFlFjtEKiA4 🥰

Undermining encryption is dangerous and puts everyone at risk.

The EU Commission now postponed a vote on #chatcontrol - a clear sign that Chat Control must fail.

Check here why Chat Control is the "most criticized law of all time":
https://tutanota.com/blog/chat-control-criticism

#CybersecurityAwarenessMonth #cybersecurity

Chat Control Criticism: Why the EU CSAM Scanning Plans Must Fail.

The EU Regulation to Prevent and Combat Child Sexual Abuse has become the "most criticized law of all time".

^Tutanota

I'm hiring! As a manager at IBM I have a position open in Ireland for somebody looking to start a career in offensive cybersecurity.

It would be amazing to use the Fediverse to find a new teammate!

#FediHire #fedihired #cybersecurity

https://krb-sjobs.brassring.com/TGnewUI/Search/home/HomeWithPreLoad?partnerid=26059&siteid=5016&PageType=JobDetails&jobid=696061

Mozilla: "In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"

https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/
#france #browser #cybersecurity #mozilla #security #surveillance

France’s browser-based website blocking proposal will set a disastrous precedent for the open internet - Open Policy & Advocacy

Article 3 (para II and III) of the SREN Bill would force providers to create the means to mandatorily block websites on a government provided list encoded into the browser.

^{Udbhav Tiwari (Open Policy & Advocacy)}

This dumb password rule is from MySwissLife.

User ID *has to* be 8 characters exactly, password *has to be* 8 characters and numbers only.

https://dumbpasswordrules.com/sites/myswisslife/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

MySwissLife - Dumb Password Rules

^{dumbpasswordrules.com}

Is #Gmail killing independent email?

"Is it okay that Gmail has the power to decide whether a business is sending spam or not?"

Gmail has rigged the email game imo. It makes running a self-hosted email server hard, even after properly configuring DKIM, DMARC, and SPF.

#cybersecurity #privacy #technology

https://tutanota.com/blog/posts/gmail-independent-email

Is Gmail killing independent email?

People report that self-hosted emails always end up in Gmail spam. Is there anything Google can do about it?

^Tutanota

Stay strong: Desperate governments worldwide want to downright criminalize #privacy and #encryption now, using laughable pretexts like #cybersecurity causing #childabuse to literally put everyone on the planet under a permanent wiretapping mandate like we're common criminals by default.

Smartphones are especially susceptible to surveillance, and among those devices we have the least control over instead of corporations merely renting them to us: It's time for that to change!

Minecraft clones stealthily load ads on millions of Android devices.

https://grahamcluley.com/minecraft-clones-stealthily-load-ads-on-millions-of-android-devices/

#cybersecurity #adware #minecraft #google #googleplay #android

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

This dumb password rule is from Banco Mercantil.

8 to 15 chars. No special chars allowed but requires special chars. Also
requires lowercase, uppercase, and numbers. Consecutive chars are
prohibited. Did I mention the page hangs while you type? That eye icon
tho.

https://dumbpasswordrules.com/sites/banco-mercantil/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Banco Mercantil - Dumb Password Rules

8 to 15 chars. No special chars allowed but requires special chars. Also requires lowercase, uppercase, and numbers. Consecutive chars are prohibited. Did I mention the page hangs while you type? That eye icon tho.

^{dumbpasswordrules.com}