Are you looking for a new email address?

🔥 Grab YourName@tuta.com while you still can. 🔥

Pick you favorite now! ✊ Go Revolutionary: https://tuta.com/create-email-account?t-src=m

#privacy #privateemail #encryption #emailaddress #security

Sending end-to-end encrypted emails has never been easier! 😍

With a few simple clicks you can communicate securely and converse in total privacy.🔒

Protect yourself today with a new Tuta.com address!👇
https://tuta.com/

#privacy #encryption #opensource #security #sunday

monocles chat 1.7.7.2 is released today on f-droid with a big update! 🎉

Enjoy your new and secure chat experience!
https://f-droid.org/en/packages/de.monocles.chat/

And see the changelog since the previous version in the comments

#fdroid #monocles #chat #xmpp #security

Say NO to broken browsers! ⛔

The EU is preparing a very dangerous law that would undermine the security of every browser.

Speak up now! 🗣️

@Jeremiah has more on how you can help to protect the web! 💪

https://www.jeremiahlee.com/posts/2023-eu-eidas-feedback/

#EU
#privacy
#security
#webdev
#eIDAS

#Verpasstodon

Lauschangriff auf russischen Jabber-Server in Deutschland: Wer steckt dahinter?

Rein zufällig flog auf, dass sich Unbekannte mit einem eigenen Zertifikat in Jabber-Chat-Verbindungen einklinkten. Die Betreiber vermuten eine Polizeiaktion.

https://www.heise.de/news/Lauschangriff-auf-russischen-Jabber-Server-in-Deutschland-Wer-steckt-dahinter-9343653.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Jabber #Let'sEncrypt #ManintheMiddle #Security #XMPP

Lauschangriff auf russischen Jabber-Server in Deutschland: Wer steckt dahinter?

^{Dr. Christopher Kunz (heise online)}

#XSF Announcement

Recently there was an incident via a so called #man_in_the_middle attack happened to an #XMPP #server.

To reduce the risk of such attacks in the future an early stage service called CertWatch has been published by our Community: https://certwatch.xmpp.net/

Many thanks to Stephen P. Weber (@singpolyma)!

Read two related blog posts:
http://blog.jmp.chat/b/certwatch/certwatch

https://snikket.org/blog/on-the-jabber-ru-mitm/

#Jabber #mitm #security #vulnerability #machine_in_the_middle #chat

Free and Open Source Software is the backbone of the internet. 💪 That's why we are offering 100% free premium subscriptions to open source projects. 🎉

It's our gift from one open source project to another. 🎁
https://tutanota.com/blog/tutanota-for-open-source-teams

#FOSS #opensource #privacy #security #internet

New-ish Asus routers seem to enable "Yandex.DNS" by default. This forwards all of your DNS lookups to Yandex, a large Russian search engine. I discovered this on my dad's router when he had troubles accessing his bank from his broadband but not on his phone. (Presumably, the bank geoblocked Russian IPs as a protest to the invasion of Ukraine.)

I get that you need to trust someone with your DNS lookups (your ISP, Google, Cloudfare, etc), but I didn't expect the non-ISP option to be the default...

Check your router!

#security #privacy

Some exciting news: Over the past few months I have been working on founding a new organization: Blodeuwedd Labs (@blodeuweddlabs)

We are now in a position to offer subsidized security assessments (and other services) for open source projects.

(In addition to a whole array of analysis, development, and custom research offerings for everyone else)

Announcement (and more info): https://blodeuweddlabs.com/news/open-source-review-announce/

#infosec #security #appsec #canada #opensource

Launching our Open Source Review Scheme | Blodeuwedd Labs

To celebrate the founding of Blodeuwedd Labs we are excited to announce Subsidized Assessments for open source projects as part of our commitment to continually give back to the open source Community.

^{blodeuweddlabs.com}

A single missing line in a CVE-2023-28321 #security update backport broke libcurl wildcard certificate validation in #Ubuntu - regardless who is to blame for the initial mistake in the patch, this raises serious questions about quality and quantity of testing performed.

https://git.launchpad.net/ubuntu/+source/curl/commit/?id=2d99b873a5d4c70f069ce07beb0ae27d196defe0

We're happy that #Apple has now joined the fight for encryption! 🔒

There is no magic key that allows the police to scan all chat messages, emails, and more for harmful content while not risking the security and privacy of everyone. This is technically not possible.

The more agree to this fact, the higher the chances that legislation is altered to protect everybody's privacy.

https://www.bbc.com/news/technology-66028773

#privacy #security #onlinesafetybill #chatkontrolle

Apple joins opposition to encrypted message app scanning

WhatsApp and iMessage could be forced to scan for child abuse images under the Online Safety Bill.

^{By Chris Vallance (BBC News)}

Mozilla: "In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"

https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/
#france #browser #cybersecurity #mozilla #security #surveillance

France’s browser-based website blocking proposal will set a disastrous precedent for the open internet - Open Policy & Advocacy

Article 3 (para II and III) of the SREN Bill would force providers to create the means to mandatorily block websites on a government provided list encoded into the browser.

^{Udbhav Tiwari (Open Policy & Advocacy)}

If you're using #bitwarden, make sure to change the KDF algorithm to Argon2id[^1] which is much more robust against GPU-powered attacks compared to its counterpart.

You can play around with this little calculator to see the impact of each algorithm on cracking cost estimation: https://passwordbits.com/passphrase-cracking-calculator/

[^1]: https://bitwarden.com/help/what-encryption-is-used/#argon2id

#security #infosec #password

Encryption | Bitwarden Help Center

Learn how Bitwarden salts and hashes password Vault data before sending it to the Cloud for secure storage.

^Bitwarden

Interesting: ProtonMail finally admits that Germany "is a good choice given Germany’s strong privacy laws and culture that make it almost as strong as Switzerland."

For once, we couldn't agree more. 😀

We'd even argue Germany is much better as we do not have data retention laws (which would be against the German constitution) - while in Switzerland large tech companies are forced by law to retain data: https://tutanota.com/blog/posts/data-retention-germany

#germany #privacy #security

Sometimes logical isolation isn't enough

#Physical #Isolation #Security #Shit

✅ Staff able to watch customers in the bathroom?
✅ Obviously shabby infosec?
✅ Training AI as an excuse for data retention?

🕵🏽 No surprise here: "#Amazon Ring, Alexa accused of every nightmare #IoT #security fail you can imagine" #privacy

https://www.theregister.com/2023/06/01/ftc_alexa_ring_amazon_settlement/

Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine

Staff able to watch customers in the bathroom? Tick! Obviously shabby infosec? Tick! Training AI as an excuse for data retention? Tick!

^{Simon Sharwood (The Register)}

Earlier this year we got into a surprising and somewhat annoying struggle with Web browser sandboxing failures related to our "web apps shared in a chat" feature. After much background work we released the hardened Delta Chat 1.36 series, also addressing a dedicated fourth independent security audit, and can finally share more of what was going on behind the scenes https://delta.chat/en/2023-05-22-webxdc-security

#chromium #deltachat #security #webxdc

Delta Chat: Bringing E2E privacy to the Web: 4th security audit 😅

Delta Chat’s “web apps shared in a chat” come with a unique privacy promise but in January it was shown to be compromised. We got into a surprising struggle with Web browser sandboxing issues that ...

^delta.chat

Journalists, whistleblowers, activists - they all risk their lives to make the truth public.

Let's fight for the right to #privacy and #pressfreedom.

Together with #Threema, #Tor #FightfortheFuture and others we call on policymakers to not undermine #encryption.

We ALL depend on encryption for #security and #privacy! 💪🔒

Read more: https://tutanota.com/blog/posts/press-freedom-day-encryption

New article: "Overview of Flatpak's Permission Models"

https://theevilskeleton.gitlab.io/2023/05/11/overview-of-flatpaks-permission-models.html

Huge thanks to @orowith2os for proofreading the article :)

#Flatpak #Linux #GNU #Security #FOSS #OpenSource

Overview of Flatpak’s Permission Models

Flatpak’s permissions can be confusing. Some are technical and need knowledge on how they work, and others are self-explanatory.

^{TheEvilSkeleton}

2FA-Secrets offengelegt: Google Authenticator bläst geheime Daten in den Äther
https://tarnkappe.info/artikel/it-sicherheit/2fa-secrets-offengelegt-google-authenticator-blaest-geheime-daten-in-den-aether-273654.html

Wer den also mit Account Sync verwendet (hat), sollte dringend handeln.

#security

2FA-Secrets geleakt: Google Authenticator ist nicht ganz dicht

2FA, eine der wichtigsten Apps für die Sicherheit der eigenen Online-Welt hat offenbar Probleme den zweiten Faktor geheim zu halten.

^{Moritz Poldrack (Tarnkappe.info)}

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

Passt ja zu meiner Custom-ROM-Serie: "Smartphones mit verbreitetem Qualcomm-Chip senden heimlich private Informationen an US-Chiphersteller" 👇🤦

#android #security #qualcomm #backdoor #tracking #privacy #sicherheit #datenschutz

https://www.nitrokey.com/de/news/2023/smartphones-mit-verbreitetem-qualcomm-chip-senden-heimlich-private-informationen-us

Smartphones mit verbreitetem Qualcomm-Chip senden heimlich private Informationen an US-Chiphersteller

^{www.nitrokey.com}

Did you ever wonder how Tutanota's encryption is able to protect all your data? Check out our new encryption page with lots of interesting facts! 🔒😍

We ♥️ #encryption!

👉 https://tutanota.com/encryption

#security #privacy #email #data

Everything you need to know about Tutanota's encryption.

Details on how the encrypted email & calendar service Tutanota encrypts all data.

^Tutanota

The encrypted Tutanota mailbox makes sure your data belongs to you, and to you alone! 😎🔒

Make sure your friends enjoy the same level of privacy. Invite them to Tutanota! 🤩

👉 https://tutanota.com/blog/posts/refer-a-friend

#privacy #security #Encryption

Whole Foods, owned by Amazon, now has biometric handprint scanning to pay for your groceries.

When I expressed my concern, the feller behind the counter said, “It’s just like the biometric scanner on your phone…”

“Um, no, it’s not,” I replied. “Because THAT biometric data is on MY device, not yours.”

He shrugged in response.

I don’t advise you to go this route, friends. Not until there are more legal standards and protections in place to protect consumers.

#privacy #security