Being #OpenSource has many advantages. For #NVDA has opened the way for community contributions, and has enabled #transparency, #security and #innovation beyond what might have been possible in closed software. Increasingly, governments are also mandating the use of open source. Here is an article on such a step forward in Switzerland:

"Switzerland Makes Open Source Software Mandatory For Public Sector"

news.itsfoss.com/switzerland-o…

#FOSS #NVDA #NVDAsr #Accessibility #Software #News

Switzerland Makes Open Source Software Mandatory For Public Sector

A big boost to the open-source community and an inspiration to other public sectors!

^{Sourav Rudra (It's FOSS News)}

We all have an email alter ego - who is yours? 🥸

Let us know in the comments!
#email #privacy #officehumor #security #encryption

Few things I like in IRC over Matrix, or any other protocol in professional setting:

1. Does not try to blend #security and #decentralization. By not having security at all is one way to implement a sound security model. This allows to design security properties both by means of infrastructure security, i.e. outside the protocol, and also by tunneling, i.e. inside the protocol (classic example is off-the record messaging). This keep the core protocol compact and sound, and easy to verify for correctness, which is by itself a strong security property.
2. Has both decentralized and client/server based topology since 1988(!). It is a network of servers, which together form an IRC network.
3. Protocol messages are both rigidly structured AND still human-readable (unlike JSON), and have a clean specification (RFC 1459).
4. Features not in the protocol itself can be implemented efficiently with bots, given the ease parsing and producing IRC protocol messages.
5. IRC network heals fast from failures and has high #availability properties, given the clean and rigid definition of what it does and what it does not do.

#IRC #infosec

In case you missed it: Accrescent is now mirrored in the GrapheneOS App Store! This helps GrapheneOS users securely and easily obtain Accrescent from a trusted source.

GrapheneOS highly values privacy and security as we do, so we're excited about this collaboration.

grapheneos.social/@GrapheneOS/…

#privacy #security #accrescent #appstore #android

What's the main difference between Tuta Mail and Gmail? 😎 PRIVACY 🔐

Get your #FREE Tuta Mail account now: app.tuta.com/signup

#Tuta #Germany #privacy #freedom #bestemail #encryption #security #PrivacyMatters #FREE #SecureEmail #privacyfirst #encrypted

APPLE OR ANDROID? 🧐

Either way, we've got you covered ✌️

Read our #tips for protecting your #privacy on iPhone and Android here👇

✅Android users: tuta.com/blog/android-settings…
✅iPhone users: tuta.com/blog/iphone-security-…

#apple #android #security #tips #privacytips #securitytips #Tuta #encrypted #Eu

STAGGERING: Nearly all #ATT customers' text & call records breached.

An unnamed entity now has an NSA-level view into Americans' lives.

Damage isn't limited to AT&T customers.

But everyone they interacted with.

Also a huge national security incident given government customers on the network.

And of course, third party #Snowflake makes an appearance.

cnn.com/2024/07/12/business/at…

#infosec #cybersecurity #telco #cellular #privacy #security #breach

Nice!

But, and please pardon me for perhaps a stupid question...

Under "non-qualifying vulnerabilities" it says "Everything not in the qualifiying vulnerabilties list[...]".

But the last entry under "qualifying vulnerabilities" is, and I quote the list entry in full: "Other".

What gives?

#GNOME #infosec #FreeSoftware #security #BugBounty #OpenSource #cybersecurity

Computer hardware maker #Zotac exposed customers' RMA info on Google Search

Misconfiguration of permissions folders holding customer info related to RMAs have been indexed by search engines like #Google. As a result, it has shown up on SERPs.

Information leaked includes invoices, addresses, and contact information.

Fun fact: Security Misconfiguration is number 6 on the OWASP Top 10 Web app Security Risks.

#databreach #security #cybersecurity

bleepingcomputer.com/news/secu…

Do you want to help secure GNOME and get a reward? 🏅

We are testing a new program in which people get a payment for reporting and/or solving vulnerabilities.

yeswehack.com/programs/gnome-b…

From €500 to €10,000 depending on criticality 💶

For now only GLib is in scope but we will expand the list of modules and advertise as the program grows.

In partnership with @yeswehack and @sovtechfund

#GNOME #infosec #FreeSoftware #security #bugBounty #OpenSource #cybersecurity

GNOME Bug Bounty Program bug bounty program - YesWeHack

GNOME Bug Bounty Program bug bounty program details

^{YesWeHack #1 Bug Bounty Platform in Europe}

This is a bit of a concern @signalapp hopefully this is addressed sooner

@Mer__edith
#Signal #Bug #security

Another one back-to-back! Accrescent 0.22.0 is released to ensure Accrescent can always update itself, add a theme option to settings, and fix a bug related to preferred languages: github.com/accrescent/accresce…

#security #android #appstore #privacy #accrescent

Release 0.22.0 · accrescent/accrescent

This release ensures Accrescent can always update itself, adds a setting to manually change the app theme (light, dark, or system), and fixes an issue where app's wouldn't be installed in the user'...

^GitHub

🎉 Wohoo! We have officially reached 90K followers on X - and we already have more then 26K here! 🎉

A BIG thank you to all our loyal Tuta users. You make our fight for #privacy and #security worth it ❤️

If you're new here, get your #FREE Tuta Mail account now: app.tuta.com/signup

Upon recommendations, I tried this AI prompt injection game for the first time. I made it to level 7 with no help from the internet!

If you want to donate to me, donate to me on this page.

My website is here where I usually blog. I'm not much of a video person, so I blog and write more than I do video!

Accrescent 0.21.0 is out with minor accessibility improvements, settings changes, and networking improvements.

Check it out and read the release notes below!

github.com/accrescent/accresce…

#android #security #privacy #appstore #accrescent

Release 0.21.0 · accrescent/accrescent

This release includes some minor accessibility improvements, settings changes, and network improvements. Changes A11y: Announce app list refreshing state (@PatrykMis) Add donation link to settings...

^GitHub

3/3 For those interested in learning more about the code signing process, and this warning, please see: answers.microsoft.com/en-us/wi…"

and if you would like to test out Alpha builds of NVDA, head to: Please feel encouraged to run the latest snapshot from nvaccess.org/files/nvda/snapsh….

If you do have any questions or concerns, please reach out to us at info@nvaccess.org.

#NVDA #FOSS #Alpha #testing #Prerelease #Certificate #Security

2/3 When the warning appears, press tab to "More info", then press enter. Reading through the dialog, note that the publisher is listed as:

"AU, Queensland, Camp Mountain, NV Access Limited, NV Access Limited"

To allow NVDA to run, press tab to "Run anyway", and press enter to run the snapshot. This will help us get through this period until Windows considers our certificate "trusted":

#NVDA #FOSS #Alpha #testing #Prerelease #Certificate #Security

ID Verification Service for #TikTok, #Uber, X Exposed Driver Licenses

In this case, the ID verification vendor leaked admin credentials and exposed people’s information (sensitive documents and status of verification) for over a year.

All for “age verification” we introduce another EZ mode way for people’s real life identities to be compromised. Companies want you to provide sensitive documents to prove you’re real/your age but can’t be bothered to invest money/time/effort in basic #security to secure what you give them.

#cybersecurity #privacy

404media.co/id-verification-se…

ID Verification Service for TikTok, Uber, X Exposed Driver Licenses

As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.

^{Joseph Cox (404 Media)}

Hot take: IT security is as much about psychology as it is about cryptography.

#security #psychology

#Windows 11 is now automatically enabling #OneDrive folder backup without asking permission

"Quietly and without any announcement, the company [#Microsoft] changed Windows 11's initial setup so that it could turn on the automatic folder backup without asking for it."

Imagine your operating system forcing all your desktop files to sync to the cloud, without letting you know it would do that. Users should be aware of when their files are synced to any cloud.

Oh wait, I forgot... Microsoft has zero regard for user choice, #privacy, and #security.

#privacymatters

neowin.net/news/windows-11-is-…

Windows 11 is now automatically enabling OneDrive folder backup without asking permission

Microsoft quietly changed how folder backup works in the OneDrive app on Windows 11. Now, the OS enables it by default during the initial setup without asking the user for permission.

^{Taras Buria (Neowin)}

"for the first time, Commissioner Jourova publicly admitted at yesterday's EDPS summit that encryption would need to be broken for Chat Control to become effective."
— tuta.com/blog/interview-patric…

#ChatControl #EuropeanCommission #Surveillance #EU #Privacy #HumanRights #Encryption #Security

Europe and Australia will both not break encryption! We’ve interviewed Patrick Breyer – the guy who coined the term Chat Control.

Action taken by privacy activists and citizens stops the push for mass surveillance.

^Tutanota

Privacy is a marathon, not a sprint. 🏃

What are the next steps you will be taking in your #privacy and #security journey?

Let us know in the comments!

Patrick Breyer fordert zum Widerstand gegen die Chatkontrolle auf und gibt Tipps, wie sich jeder Einzelne aktiv beteiligen kann. Werdet JETZT aktiv, sonst kann es sein, dass die Unvernunft siegt. 👇

patrick-breyer.de/rat-soll-cha…

#chatkontrolle #ChatkontrolleStoppen #sicherheit #security #datenschutz #privacy

Rat soll Chatkontrolle durchwinken - Werde jetzt aktiv!

Der belgische Vorsitz im Rat der EU will die Chatkontrolle am Mittwoch den 19. Juni abstimmen lassen. Damit bestätigen sich die Befürchtungen: die Verfechter der Chatkontrolle wollen ausnutzen, dass es nach den Wahlen weniger öffentliche Aufmerksamke…

^{Patrick Breyer}

It just clicked in my brain. What I haven't been able to articulate about why I'm so anxious about #Windows Recall. I'm sure others have already gotten to where I am.

It's worse than "a system that tracks everything you do" and stores that info in a basic database that could be easily compromised.
It's worse than a nanny surveillance tool for companies to spy on their employees.

It's inescapable.

It doesn't matter if I make a dozen "how to disable recall" tutorials. The second YOUR data shows up on someone ELSE'S screen, it's in THEIR recall database.

It won't matter if you're a master #security expert specialist. You can't account for EVERY other computer you've ever interacted with. If a family member looks up an old email with your personal data in it, your data is now at risk.

If THEIR system is compromised YOUR data is at risk.

I just went from "vague feeling of unease" to "actively writing templates to canvas elected officials, regulators, and attorneys general."

What's the last app you deleted and why? 📲👀

#app #appstore #privacy #security

We love #DNS! ❤️

Tuta uses DMARC, DKIM & SPF to protect your domains from spoofing. Unlimited custom domain aliases & strong #security are a perfect match. 🔒

Not sure what these acronyms mean? No worries, we've got you covered.

👉 tuta.com/blog/dkim-custom-emai…

Summer is just around the corner! 🏖️

What steps are you taking this beach season to better protect your #privacy and improve your online #security? 🤿

Don't see your answer below? Let us know in the comments! 📣

• Use encrypted email (15%, 17 votes)
• Use a VPN or Tor (25%, 28 votes)
• Enable 2FA wherever possible (37%, 41 votes)
• Use a password manager (21%, 23 votes)

#Android is getting an AI-powered #scam call detection feature

Will be powered by Gemini Nano, which #Google says can be run locally and offline to process "fraudulent language and other conversation patterns typically associated with scams" and push real-time alerts during calls where detected red flags are present.

It will be opt-in, but Gemini Nano is currently only supported on Google Pixel 8 Pro and Samsung S24 series devices.

#cybersecurity #security

theverge.com/2024/5/14/2415621…

Android is getting an AI-powered scam call detection feature

Google is testing a new call monitoring feature that warns users if the person they’re talking to is likely attempting to scam them and encourages them to end such calls.

^{Jess Weatherbed (The Verge)}

Der Messenger #Telegram ist für eine sichere Kommunikation nicht geeignet - standardmäßig sind die Nachrichten nicht einmal Ende-zu-Ende verschlüsselt. Besser geeignet sind #Signal oder #Threema. Übrigens: Elon Musk ist das Paradebeispiel eines Trolls. Einfach ignorieren. 😉

Wer eine Entscheidungshilfe für einen Messenger sucht: messenger-matrix.de/messenger-…

#sicherheit #security #schwachstelle #e2ee #vulnerabilty #musk #durow

TPM2-measured boot with bus protection is pretty nice actually for Linux installations where secure boot is not enabled, like the default Arch Linux installation for instance.

For the sake of "defence in depth", I'd enable both if it is out-of-the-box feature but would not probably bother with secure boot if it requires extra work.

So, the takeaway from this is that it would make a lot of sense to make measured boot happen in arch-install installation as opt-in feature. No Microsoft key required.

Still so far the most informative overview for the shenanigans is microos.opensuse.org/blog/2023… but I'd also look for more recent references.

Policy hash calculation per kernel package update for LUKS2 is what needs to happen over time whenever a new kernel package is installed with hooks/scripts.

So the thing that was hyped to DRM the world into a locked down hellhole rendered out the Microsoft key hard binding instead 🤷

#tpm #linux #archlinux #opensuse #secureboot #security

Systemd-boot and Full Disk Encryption with TPM and FIDO2

Systemd-boot and Full Disk Encryption in Tumbleweed and MicroOS

^{openSUSE MicroOS}

Psst 👋 Email Preview for push notifications is coming soon!

Now you can know who is sending you an email before opening your mailbox! 🎉

Here's a sneak peek 🤫
#teaser #ios #android #sneakpeek #privacy #security #linux #macos #windows

Those changes are currently only applied to the master branch and didn't yet go to any release or distribution packages. They were supposed to fix a #security issue, but not to break some binary repos, which is what the applied patches might do. Find the originally proposed and recommended patches at github.com/obfusk/fdroid-fakes… – and also see e.g. tech.lgbt/@obfusk/112306314357… for some additional background.

Fay 🏳️‍🌈

2024-04-21 00:12:41

I just posted an update to my "PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass" post to oss-security:

openwall.com/lists/oss-securit…

Original post:

openwall.com/lists/oss-securit…

GitHub repo with patches, PoCs, and a script to scan for potentially affected APKs:

github.com/obfusk/fdroid-fakes…

GitHub - obfusk/fdroid-fakesigner-poc: F-Droid Fake Signer PoC

F-Droid Fake Signer PoC. Contribute to obfusk/fdroid-fakesigner-poc development by creating an account on GitHub.

^GitHub

Who controls the tech stack❓

When choosing a secure solution for your data, this one of the most important questions❗

Here's why: ➡️ tuta.com/blog/what-is-a-tech-s…

#security #technology #opensource #foss

Important security update for GLib and D-Bus, thanks to @pwithnall

discourse.gnome.org/t/security…

If you are a downstream distributor of GLib, GTK, or GNOME-related projects, remember to follow the distributor tag on Discourse.

#glib #security

Security fixes for signal handling in GDBus in GLib

A series of related security fixes for how signal subscriptions are handled in GDBus have just landed in GLib.

^{GNOME Discourse}

If you are the tech-savvy person within your family or friends group :

Never ever shame someone for coming to you for advice after being the victim of a scam, malware, or for using an unsecure product.

If you do this,
they might never come back to you later. They might just feel so ashamed they will just stay alone with their tech problems.

Instead, always tell them:

1. It was a good idea to come to you with this. Be empathetic with them 💚

2. Give them advice on how to minimize the damage now. Actionable advice 🚑

3. Help them harden their security for now and for the future. Recommend better products to them. But be careful not to overwhelm them with advice. One step at the time 🔒

4. Talk to them with respect and empathy. Tell them how the people who abused their trust are horrible and anyone can fall for the right scam. Remind them there are things to do to reduce the risks of being victimized again in the future, and help them slowly implementing these 💪

5. Be thankful they trusted you with this. It means they think highly of you 🥰

#Security #Privacy