Search
Items tagged with: security
cURL-Maintainer: KI liefert "Scheiß-Berichte" als Bug-Reports
Mit sehr deutlichen Worten hat sich cURL-Maintainer Daniel Stenberg zu KI geäußert: Sie werde bei der Bug-Bounty missbraucht und liefere falsche Ergebnisse.
Guten Morgen. Wer sie noch nicht kennt, sollte unbedingt einen Blick in die Empfehlungsecke werfen. Diese enthält meine aktuellen Empfehlungen zu verschiedenen Themen wie Messenger, Werbeblocker, werbefreies YouTube, Passwort-Manager, Suchmaschinen und Co. 👇
https://www.kuketz-blog.de/empfehlungsecke/
#empfehlung #tracking #security #datenschutz #adblocker #android #youtube #messenger #linux #firefox #dns #unifiedpush #email #frankgehtran #thunderbird #passwortmanager #videokonferenz #vpn #suchmaschine
Empfehlungsecke
Die Empfehlungsecke beinhaltet aktuelle Empfehlungen zu Messengern, Browser-Add-ons und weiteren Themen • IT-Sicherheit aus KarlsruheKuketz IT-Security Blog
In 2024, please switch to Firefox https://roytanck.com/2023/12/23/in-2024-please-switch-to-firefox/ #privacy #security #opensource #unix #linux #macos
https://www.feistyduck.com/newsletter/issue_108_ssh_protocol_vulnerable_to_mitm_attack
#security #ssh
https://docs-develop.pleroma.social/backend/configuration/mrf/
#pleroma #fediverse #security
https://www.cisa.gov/news-events/news/urgent-need-memory-safety-software-products#:~:text=CISA's%20secure%20by%20design%20white,will%20incorporate%20all%20three%20principles.
#security #programming
The Urgent Need for Memory Safety in Software Products | CISA
Cybersecurity Technical Advisor Bob Lord stresses the importance of memory safety in making software safer by design.Cybersecurity and Infrastructure Security Agency CISA
https://www.lawfaremedia.org/article/the-lawfare-podcast-three-cisa-senior-advisers-on-secure-by-design
#security #SecurityPolicy #law
The Lawfare Podcast: Three CISA Senior Advisers on Secure by Design
What is Security by Design?Default
#Threema hat heute einen Blogpost veröffentlicht, der sich mit der Problematik der Google/Apple Push-Dienste auseinandersetzt. Vorbildlich! Von Signal fehlt mir so eine Stellungnahme noch @Mer__edith
https://threema.ch/de/blog/posts/push-benachrichtigungen-und-datenschutz
#messenger #threema #signal #security #sicherheit #datenschutz #privacy
Push-Benachrichtigungen und Datenschutz
Seit einigen Tagen werden Push-Benachrichtigungen und deren Implikationen für den Datenschutz heiss diskutiert. Auslöser war der Brief eines US-Senators ans Justizministerium (DOJ), worin gefordert wird, dass Betreiber von Push-Diensten – insb.threema.ch
Say hello to privacy! 👋
Tuta comes with zero trackers.
Thanks @exodus for providing this great test! 😍 👍
#Privacy #NoTrackers #Security
🔥 Grab YourName@tuta.com with our new domain! 🔥
Pick you favorite! ✊ Go Revolutionary now: https://tuta.com/create-email-address?t-src=m
#privacy #privateemail #encryption #emailaddress #security
Tuta Mail: Create a secure, private & encrypted email account for free
Tuta is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.Tutanota
same reason for #Linux I guess and same reason why I do all the #OS1337 code in #bash with only .config makefiles where needed:
Readable and thus easy to #audit code allows for #transparency, which is vital for #maintainability and #security...
After all, mistakes do happen and I'd rather have it easy find and fix than optimize every bit at the cost of unmaintainable code.
Big Brother is watching you - now also via Google's & Apple's push. 🤬
That's why we don't use Google Push. When using Tuta, Google sees nothing! 💪
✅ Zero tracking
✅ Fully encrypted
✅ Maximum privacy
The data they don't get, they can't hand out to authorities! Go secure now: https://tuta.com/create-email-account?t-src=m
Here's more info on why we don't use Google Push and do not send any info via Apple notifications: https://tuta.com/blog/open-source-email-fdroid
#security #privacy #google #apple #notifications #surveillance #tracking
Apple & Google Monitor All Your Push Notifications. But Tuta Protects You From This Since 2017.
We're here to stop surveillance by corporations like Google and Apple. That's why we replaced Google’s FCM with our own notification system and keep Apple Notification Data at a minimum. Read on to learn why this is important.Tutanota
LibreOffice supports symmetric and asymmetric encryption for OpenDocument Format (ODF) files.
Symmetric encryption: https://en.wikipedia.org/wiki/Symmetric-key_algorithm
Asymmetric encryption: https://en.wikipedia.org/wiki/Public-key_cryptography
Select File > Save/Save As
The "Save with password" option encrypts the file with AES-256.
The "Encrypt with GPG key" option encrypts the file with a public key.
Website: https://www.libreoffice.org
Mastodon: @libreoffice
#LibreOffice #Encryption #OpenSource #OpenPGP #PGP #GnuPG #GPG #InfoSec #Privacy #Security
Home | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft
Free office suite – the evolution of OpenOffice. Compatible with Microsoft .doc, .docx, .xls, .xlsx, .ppt, .pptx. Updated regularly, community powered.www.libreoffice.org
Accrescent 0.16.0 is released! Apps can now include short descriptions, MTE is enabled by default for extra security, and update notifications aren't quite as pesky anymore. See the changelog below 👇
https://github.com/accrescent/accrescent/releases/tag/0.16.0
Developers can learn how to add short descriptions to their own apps in our freshly updated documentation. Check it out! https://accrescent.app/docs/guide/maintenance/edits.html
#security #privacy #appstore #android #Accrescent
Release 0.16.0 · accrescent/accrescent
Improvements Add support for short descriptions Enable MTE Make "update finished" notification channel non-noisy Updates Bump AGP to 8.2.0 Bump bundletool Gradle plugin to 0.2.3 Bump Compose com...GitHub
My colleague discovered this really solid collection of cheat sheets on application security topics:
https://cheatsheetseries.owasp.org/
Introduction - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.cheatsheetseries.owasp.org
A new update is coming to the Tuta Calendar! 🥳
Stay tuned!
Enjoy your weekend. 💯🔒
#security #encryption #calendar #email #sneakpeek #weeklyview
Are you looking for a new email address?
🔥 Grab YourName@tuta.com while you still can. 🔥
Pick you favorite now! ✊ Go Revolutionary: https://tuta.com/create-email-account?t-src=m
#privacy #privateemail #encryption #emailaddress #security
Secure email: Tuta free encrypted email.
Tuta is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.Tutanota
Sending end-to-end encrypted emails has never been easier! 😍
With a few simple clicks you can communicate securely and converse in total privacy.🔒
Protect yourself today with a new Tuta.com address!👇
https://tuta.com/
#privacy #encryption #opensource #security #sunday
Secure email: Tutanota free encrypted email.
Tutanota is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.Tutanota
monocles chat 1.7.7.2 is released today on f-droid with a big update! 🎉
Enjoy your new and secure chat experience!
https://f-droid.org/en/packages/de.monocles.chat/
And see the changelog since the previous version in the comments
#fdroid #monocles #chat #xmpp #security
monocles chat | F-Droid - Free and Open Source Android App Repository
is an Open Source XMPP chat client for Androidf-droid.org
Say NO to broken browsers! ⛔
The EU is preparing a very dangerous law that would undermine the security of every browser.
Speak up now! 🗣️
@Jeremiah has more on how you can help to protect the web! 💪
https://www.jeremiahlee.com/posts/2023-eu-eidas-feedback/
#EU
#privacy
#security
#webdev
#eIDAS
No Broken Browsers
Open letter to the European Commision on its eIDAS proposalJeremiah Lee (www.jeremiahlee.com)
Lauschangriff auf russischen Jabber-Server in Deutschland: Wer steckt dahinter?
Rein zufällig flog auf, dass sich Unbekannte mit einem eigenen Zertifikat in Jabber-Chat-Verbindungen einklinkten. Die Betreiber vermuten eine Polizeiaktion.
#Jabber #Let'sEncrypt #ManintheMiddle #Security #XMPP
Historic agreement on #ChatControl: European Parliament wants to safeguard secure encryption | European Pirate Party
This week, the European Parliament's negotiators reached a broad majority agreement on a common position concerning the controversial EU chat control bill.nriss (European Pirate Party)
#XSF Announcement
Recently there was an incident via a so called #man_in_the_middle attack happened to an #XMPP #server.
To reduce the risk of such attacks in the future an early stage service called CertWatch has been published by our Community: https://certwatch.xmpp.net/
Many thanks to Stephen P. Weber (@singpolyma)!
Read two related blog posts:
http://blog.jmp.chat/b/certwatch/certwatch
https://snikket.org/blog/on-the-jabber-ru-mitm/
#Jabber #mitm #security #vulnerability #machine_in_the_middle #chat
On the jabber.ru MITM attack
Reports of a possible recent interception of the public XMPP service jabber.ru have raised a lot of questions for people about how the attack happened, and whether it could affect them too. We have some answers.snikket.org
Free and Open Source Software is the backbone of the internet. 💪 That's why we are offering 100% free premium subscriptions to open source projects. 🎉
It's our gift from one open source project to another. 🎁
https://tutanota.com/blog/tutanota-for-open-source-teams
#FOSS #opensource #privacy #security #internet
Tutanota for Open Source Projects.
Giving back to open source teams with free Tutanota accounts.Tutanota
#security #Software
New-ish Asus routers seem to enable "Yandex.DNS" by default. This forwards all of your DNS lookups to Yandex, a large Russian search engine. I discovered this on my dad's router when he had troubles accessing his bank from his broadband but not on his phone. (Presumably, the bank geoblocked Russian IPs as a protest to the invasion of Ukraine.)
I get that you need to trust someone with your DNS lookups (your ISP, Google, Cloudfare, etc), but I didn't expect the non-ISP option to be the default...
Check your router!
Some exciting news: Over the past few months I have been working on founding a new organization: Blodeuwedd Labs (@blodeuweddlabs)
We are now in a position to offer subsidized security assessments (and other services) for open source projects.
(In addition to a whole array of analysis, development, and custom research offerings for everyone else)
Announcement (and more info): https://blodeuweddlabs.com/news/open-source-review-announce/
#infosec #security #appsec #canada #opensource
Launching our Open Source Review Scheme | Blodeuwedd Labs
To celebrate the founding of Blodeuwedd Labs we are excited to announce Subsidized Assessments for open source projects as part of our commitment to continually give back to the open source Community.blodeuweddlabs.com
A single missing line in a CVE-2023-28321 #security update backport broke libcurl wildcard certificate validation in #Ubuntu - regardless who is to blame for the initial mistake in the patch, this raises serious questions about quality and quantity of testing performed.
https://git.launchpad.net/ubuntu/+source/curl/commit/?id=2d99b873a5d4c70f069ce07beb0ae27d196defe0
We're happy that #Apple has now joined the fight for encryption! 🔒
There is no magic key that allows the police to scan all chat messages, emails, and more for harmful content while not risking the security and privacy of everyone. This is technically not possible.
The more agree to this fact, the higher the chances that legislation is altered to protect everybody's privacy.
https://www.bbc.com/news/technology-66028773
#privacy #security #onlinesafetybill #chatkontrolle
Apple joins opposition to encrypted message app scanning
WhatsApp and iMessage could be forced to scan for child abuse images under the Online Safety Bill.By Chris Vallance (BBC News)
Mozilla: "In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"
https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/
#france #browser #cybersecurity #mozilla #security #surveillance
France’s browser-based website blocking proposal will set a disastrous precedent for the open internet - Open Policy & Advocacy
Article 3 (para II and III) of the SREN Bill would force providers to create the means to mandatorily block websites on a government provided list encoded into the browser.Udbhav Tiwari (Open Policy & Advocacy)
If you're using #bitwarden, make sure to change the KDF algorithm to Argon2id[^1] which is much more robust against GPU-powered attacks compared to its counterpart.
You can play around with this little calculator to see the impact of each algorithm on cracking cost estimation: https://passwordbits.com/passphrase-cracking-calculator/
[^1]: https://bitwarden.com/help/what-encryption-is-used/#argon2id
Encryption | Bitwarden Help Center
Learn how Bitwarden salts and hashes password Vault data before sending it to the Cloud for secure storage.Bitwarden
Interesting: ProtonMail finally admits that Germany "is a good choice given Germany’s strong privacy laws and culture that make it almost as strong as Switzerland."
For once, we couldn't agree more. 😀
We'd even argue Germany is much better as we do not have data retention laws (which would be against the German constitution) - while in Switzerland large tech companies are forced by law to retain data: https://tutanota.com/blog/posts/data-retention-germany
Germany: Data retention to be abolished once and for all.
According to the German Minister of Justice data retention or "the storage of telecommunications data without any reason" could soon come to an end.Tutanota
✅ Staff able to watch customers in the bathroom?
✅ Obviously shabby infosec?
✅ Training AI as an excuse for data retention?
🕵🏽 No surprise here: "#Amazon Ring, Alexa accused of every nightmare #IoT #security fail you can imagine" #privacy
https://www.theregister.com/2023/06/01/ftc_alexa_ring_amazon_settlement/
Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine
Staff able to watch customers in the bathroom? Tick! Obviously shabby infosec? Tick! Training AI as an excuse for data retention? Tick!Simon Sharwood (The Register)
Earlier this year we got into a surprising and somewhat annoying struggle with Web browser sandboxing failures related to our "web apps shared in a chat" feature. After much background work we released the hardened Delta Chat 1.36 series, also addressing a dedicated fourth independent security audit, and can finally share more of what was going on behind the scenes https://delta.chat/en/2023-05-22-webxdc-security
#chromium #deltachat #security #webxdc
Delta Chat: Bringing E2E privacy to the Web: 4th security audit 😅
Delta Chat’s “web apps shared in a chat” come with a unique privacy promise but in January it was shown to be compromised. We got into a surprising struggle with Web browser sandboxing issues that ...delta.chat