Skip to main content

Search

Items tagged with: security


Guten Morgen. Wer sie noch nicht kennt, sollte unbedingt einen Blick in die Empfehlungsecke werfen. Diese enthält meine aktuellen Empfehlungen zu verschiedenen Themen wie Messenger, Werbeblocker, werbefreies YouTube, Passwort-Manager, Suchmaschinen und Co. 👇

https://www.kuketz-blog.de/empfehlungsecke/

#empfehlung #tracking #security #datenschutz #adblocker #android #youtube #messenger #linux #firefox #dns #unifiedpush #email #frankgehtran #thunderbird #passwortmanager #videokonferenz #vpn #suchmaschine


In 2024, please switch to Firefox https://roytanck.com/2023/12/23/in-2024-please-switch-to-firefox/ #privacy #security #opensource #unix #linux #macos


This December, if there’s one tech New Year’s resolution I’d encourage you to have, it’s switching to the only remaining ethical web browser, Firefox. According to recent posts on social media, Firefox’s market share is slipping. We should not let that happen. There are two main reasons why switching is important.
A red panda (firefox) resting on a tree branch.Red Panda” by Mathias Appel is marked with CC0 1.0.

1. Privacy


Firefox is the only major browser not built by a company that makes money from advertising and/or selling your personal data. There’s been a lot of talk about websites tracking users using cookies, fingerprinting and other nefarious technologies that hurt your privacy. But owning the browser puts Google, Apple and Microsoft in a position where they don’t even need those tricks. We need to use browsers that are independent, and right now that means Firefox.

2. Browser engine monopoly


Wikipedia lists four browser engines as being “active”. Browser engines are the bits that take a web page’s code and display it on your screen. Ideally, they conform to the official W3C standards, and display all elements as it describes. If that’s the case, web developers can easily write sites that work on all browsers. No proprietary vendor lock-in nonsense, just glorious open standards at work.

It’s happened before


In the early 2000’s, Internet Explorer had a massive 95% market share. This meant that many sites were only developed for use with IE. They’d use experimental features that IE supported, in favor of things from the official HTML standard. This was a very bad situation, which hindered the development of the World Wide Web.

Currenty, Chrome, Safari and Edge all use variations of the closely related Webkit and Blink engines. If we want to avoid another browser engine monopoly, we need to support Firefox, and its “Gecko” engine.

Firefox is actually really good


If Firefox would be a bad browser, I would not recommend you to switch. It’s fast, has a nice user interface, and feels every bit as modern and elegant as its competition. I’ve been using it as my main browser for a couple of years now, on Linux, Windows, MacOS and Android. As a web developer, I usually have at least three browsers open, but when I go look something up on the web, I pick Firefox.

So please, help save the web by using the best browser out there. It’s an easy thing to do, and it makes a big difference.

https://roytanck.com/2023/12/23/in-2024-please-switch-to-firefox/

#Firefox #privacy



The latest issue of this newsletter, to which I subscribe, gives a clear summary of the recently disclosed Secure Shell (ssh) security vulnerability.
https://www.feistyduck.com/newsletter/issue_108_ssh_protocol_vulnerable_to_mitm_attack
#security #ssh


The spam and abuse problems of ActivityPub and the fediverse are only likely to worsen. I run a Pleroma instance of which I am the only user. Eventually, I'll probably have to block entire domains. This documentation reveals how to do it using the Pleroma Message Rewrite Facility.
https://docs-develop.pleroma.social/backend/configuration/mrf/
#pleroma #fediverse #security


Responding to recent U.S. policy proposals on legal liability for security-related software defects, this podcast explores the issue of what "secure by design" software amounts to, and how it can be achieved.
https://www.lawfaremedia.org/article/the-lawfare-podcast-three-cisa-senior-advisers-on-secure-by-design
#security #SecurityPolicy #law


#Threema hat heute einen Blogpost veröffentlicht, der sich mit der Problematik der Google/Apple Push-Dienste auseinandersetzt. Vorbildlich! Von Signal fehlt mir so eine Stellungnahme noch @Mer__edith

https://threema.ch/de/blog/posts/push-benachrichtigungen-und-datenschutz

#messenger #threema #signal #security #sicherheit #datenschutz #privacy


Say hello to privacy! 👋

Tuta comes with zero trackers.

Thanks @exodus for providing this great test! 😍 👍

#Privacy #NoTrackers #Security


🔥 Grab YourName@tuta.com with our new domain! 🔥

Pick you favorite! ✊ Go Revolutionary now: https://tuta.com/create-email-address?t-src=m

#privacy #privateemail #encryption #emailaddress #security


same reason for #Linux I guess and same reason why I do all the #OS1337 code in #bash with only .config makefiles where needed:

Readable and thus easy to #audit code allows for #transparency, which is vital for #maintainability and #security...

After all, mistakes do happen and I'd rather have it easy find and fix than optimize every bit at the cost of unmaintainable code.


Big Brother is watching you - now also via Google's & Apple's push. 🤬

That's why we don't use Google Push. When using Tuta, Google sees nothing! 💪

✅ Zero tracking
✅ Fully encrypted
✅ Maximum privacy

The data they don't get, they can't hand out to authorities! Go secure now: https://tuta.com/create-email-account?t-src=m

Here's more info on why we don't use Google Push and do not send any info via Apple notifications: https://tuta.com/blog/open-source-email-fdroid
#security #privacy #google #apple #notifications #surveillance #tracking


LibreOffice supports symmetric and asymmetric encryption for OpenDocument Format (ODF) files.

Symmetric encryption: https://en.wikipedia.org/wiki/Symmetric-key_algorithm
Asymmetric encryption: https://en.wikipedia.org/wiki/Public-key_cryptography

Select File > Save/Save As

The "Save with password" option encrypts the file with AES-256.
The "Encrypt with GPG key" option encrypts the file with a public key.

Website: https://www.libreoffice.org
Mastodon: @libreoffice

#LibreOffice #Encryption #OpenSource #OpenPGP #PGP #GnuPG #GPG #InfoSec #Privacy #Security


Accrescent 0.16.0 is released! Apps can now include short descriptions, MTE is enabled by default for extra security, and update notifications aren't quite as pesky anymore. See the changelog below 👇

https://github.com/accrescent/accrescent/releases/tag/0.16.0

Developers can learn how to add short descriptions to their own apps in our freshly updated documentation. Check it out! https://accrescent.app/docs/guide/maintenance/edits.html

#security #privacy #appstore #android #Accrescent


My colleague discovered this really solid collection of cheat sheets on application security topics:
https://cheatsheetseries.owasp.org/

#webdev #security


Are you looking for a new email address?

🔥 Grab YourName@tuta.com while you still can. 🔥

Pick you favorite now! ✊ Go Revolutionary: https://tuta.com/create-email-account?t-src=m

#privacy #privateemail #encryption #emailaddress #security


Sending end-to-end encrypted emails has never been easier! 😍

With a few simple clicks you can communicate securely and converse in total privacy.🔒

Protect yourself today with a new Tuta.com address!👇
https://tuta.com/

#privacy #encryption #opensource #security #sunday


monocles chat 1.7.7.2 is released today on f-droid with a big update! 🎉

Enjoy your new and secure chat experience!
https://f-droid.org/en/packages/de.monocles.chat/

And see the changelog since the previous version in the comments

#fdroid #monocles #chat #xmpp #security


Say NO to broken browsers! ⛔

The EU is preparing a very dangerous law that would undermine the security of every browser.

Speak up now! 🗣️

@Jeremiah has more on how you can help to protect the web! 💪

https://www.jeremiahlee.com/posts/2023-eu-eidas-feedback/

#EU
#privacy
#security
#webdev
#eIDAS


https://european-pirateparty.eu/historic-agreement-on-chatcontrol-european-parliament-wants-to-safeguard-secure-encryption/ while I always believed that "Chat Control" as it was proposed would be dead on arrival, and unenforceable, it's always great to see common sense prevail. Some win for #privacy and #security of communications. The fight is far from over though.


#XSF Announcement

Recently there was an incident via a so called #man_in_the_middle attack happened to an #XMPP #server.

To reduce the risk of such attacks in the future an early stage service called CertWatch has been published by our Community: https://certwatch.xmpp.net/

Many thanks to Stephen P. Weber (@singpolyma)!

Read two related blog posts:
http://blog.jmp.chat/b/certwatch/certwatch

https://snikket.org/blog/on-the-jabber-ru-mitm/

#Jabber #mitm #security #vulnerability #machine_in_the_middle #chat


Free and Open Source Software is the backbone of the internet. 💪 That's why we are offering 100% free premium subscriptions to open source projects. 🎉

It's our gift from one open source project to another. 🎁
https://tutanota.com/blog/tutanota-for-open-source-teams

#FOSS #opensource #privacy #security #internet


@shawnhooper People believe they are the hero of their own story. So they believe they can solve problems, if only they had access to the data. However, this kind of power is easy to abuse. Instead people need to consider “what if my enemy had this power over me?” Would they still believe it’s a good idea? i think not. This applies equally well to software as well as the law. The best thing we could do to protect everyone is build strong encryption into everything
#security #Software


Garbage aka providing relevant Ads 😂 comic credit https://supercombodeluxe.com/gmen/ #privacy #security uBlock Origin, FTW. This is also a good reminder that I don't have any Ads on my blog and if you find my content useful, I have Patreon https://www.patreon.com/nixcraft


New-ish Asus routers seem to enable "Yandex.DNS" by default. This forwards all of your DNS lookups to Yandex, a large Russian search engine. I discovered this on my dad's router when he had troubles accessing his bank from his broadband but not on his phone. (Presumably, the bank geoblocked Russian IPs as a protest to the invasion of Ukraine.)

I get that you need to trust someone with your DNS lookups (your ISP, Google, Cloudfare, etc), but I didn't expect the non-ISP option to be the default...

Check your router!

#security #privacy


Some exciting news: Over the past few months I have been working on founding a new organization: Blodeuwedd Labs (@blodeuweddlabs)

We are now in a position to offer subsidized security assessments (and other services) for open source projects.

(In addition to a whole array of analysis, development, and custom research offerings for everyone else)

Announcement (and more info): https://blodeuweddlabs.com/news/open-source-review-announce/

#infosec #security #appsec #canada #opensource


#curl 8.4.0 will be released out of schedule due to serious #security #vulnerability CVE-2023-38545. This release will also fix another, less critical vulnerability CVE-2023-38546. Tentative release date is planned for 2023-10-11. The curl security process it is described here: https://curl.se/dev/vuln-disclosure.html


A single missing line in a CVE-2023-28321 #security update backport broke libcurl wildcard certificate validation in #Ubuntu - regardless who is to blame for the initial mistake in the patch, this raises serious questions about quality and quantity of testing performed.

https://git.launchpad.net/ubuntu/+source/curl/commit/?id=2d99b873a5d4c70f069ce07beb0ae27d196defe0


We're happy that #Apple has now joined the fight for encryption! 🔒

There is no magic key that allows the police to scan all chat messages, emails, and more for harmful content while not risking the security and privacy of everyone. This is technically not possible.

The more agree to this fact, the higher the chances that legislation is altered to protect everybody's privacy.

https://www.bbc.com/news/technology-66028773

#privacy #security #onlinesafetybill #chatkontrolle


Mozilla: "In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"

https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/
#france #browser #cybersecurity #mozilla #security #surveillance


If you're using #bitwarden, make sure to change the KDF algorithm to Argon2id[^1] which is much more robust against GPU-powered attacks compared to its counterpart.

You can play around with this little calculator to see the impact of each algorithm on cracking cost estimation: https://passwordbits.com/passphrase-cracking-calculator/

[^1]: https://bitwarden.com/help/what-encryption-is-used/#argon2id

#security #infosec #password


Interesting: ProtonMail finally admits that Germany "is a good choice given Germany’s strong privacy laws and culture that make it almost as strong as Switzerland."

For once, we couldn't agree more. 😀

We'd even argue Germany is much better as we do not have data retention laws (which would be against the German constitution) - while in Switzerland large tech companies are forced by law to retain data: https://tutanota.com/blog/posts/data-retention-germany

#germany #privacy #security


✅ Staff able to watch customers in the bathroom?
✅ Obviously shabby infosec?
✅ Training AI as an excuse for data retention?

🕵🏽 No surprise here: "#Amazon Ring, Alexa accused of every nightmare #IoT #security fail you can imagine" #privacy

https://www.theregister.com/2023/06/01/ftc_alexa_ring_amazon_settlement/


Earlier this year we got into a surprising and somewhat annoying struggle with Web browser sandboxing failures related to our "web apps shared in a chat" feature. After much background work we released the hardened Delta Chat 1.36 series, also addressing a dedicated fourth independent security audit, and can finally share more of what was going on behind the scenes https://delta.chat/en/2023-05-22-webxdc-security

#chromium #deltachat #security #webxdc