Maximus @maximus@fosstodon.org

Google's never ending quest to depreciate themselves:

https://developer.chrome.com/webstore/cws-payments-deprecation

Why does anyone trust Google to keep *anything* going? I'll be interested to see how the community reacts when "Project Fuscia" upends ChromeOS and Android.

Enough with the phishing already.

People on fedi are far more careful and not really into this kind of thing, I only see this on Another Social Network.

Security questions are a really bad idea.



@OCRbot

BootHole – GRUB2 vulnerability threatens secure boot (CVE-2020-10713):

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

– To be exploited, the attacker needs to modify the grub.cfg file first.
– If exploited, attackers can permanently access the system.
– Keep your operating system up-to-date.

#BootHole #GRUB #Bootloader #Vulnerability #InfoSec

In the last days, we prepared some new content coming to infosec-handbook.eu next month:

– Using U2F as two-factor authentication for OpenSSH (instead of OATH-TOTP)
– Basic WireGuard setup
– Bitwarden for beginners – setup and basic usage

#InfoSecHandbook #InfoSec #Security #Blog

How many people block Google Analytics?

65% DuckDuckGo users
57% Firefox users
53% on Linux
21% on laptop/desktop
19% on Windows
18% on macOS
14% on Chrome
10% on Android
9% Google search users
8% on mobile/tablet
6% Bing users
6% on iOS
5% on Safari

https://markosaric.com/google-analytics-blocking/

"This has been going on for years and is an essential part of the mobile app economy."

Unless you remove the financial incentive, there's no hope for #privacy on Android/iOS. Their app ecosystems are built on selling user data and no amount of prompts or checkboxes can fix it.

https://www.vox.com/recode/2020/7/8/21311533/sdks-tracking-data-location

For anyone in the UK, the Government has just given Palantir, a surveillance company that I passionately dislike, access to sensitive medical records of Covid-19 patients for £1.

Brilliant. Absolutely brilliant.

https://outline.com/EdpRSb

Stay secure, use encryption. Tutanota makes sure that your entire mailbox, calendar and contacts are encrypted. Check it out: https://tutanota.com/

"Tinfoil Chat (TFC) is a FOSS+FHD peer-to-peer messaging system that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key exfiltration.

#TFC is designed for people with one of the most complex threat models: organized crime groups and nation state hackers who bypass end-to-end encryption of traditional secure messaging apps by hacking the endpoint."

read more:
https://github.com/maqp/tfc

Here is what Twitter's rotten new privacy policy looks like:

To server admins:

It is a good practice to provide contact details, so others can contact you in case of security vulnerabilities or questions regarding your privacy policy.

One upcoming but already widespread format is the security.txt file at https://your-server/.well-known/security.txt.

See https://securitytxt.org/ and https://infosec-handbook.eu/.well-known/security.txt.

#SecurityTXT #SecurityContact #admin #security #infosec #cybersecurity

Zoom meetings aren’t actually end-to-end encrypted, despite misleading marketing on their website, in their security white paper, and in the user interface in their app https://theintercept.com/2020/03/31/zoom-meeting-encryption/ by @yaelwrites and myself

https://uncensoredlibrary.com/en

Probably the coolest thing I've seen in a while.

Certificate expiration periods will get smaller by 50% every year. Eventually they will cross the Planck time, rendering all certificates unusable, but by then all websites will be AMP anyway.

https://twitter.com/matthew_d_green/status/1230565051427258371

RT @FiloSottile@birdsite.link
https://whoami.filippo.io/ , the SSH server that knows who you are, got some newly refreshed intel! Try it out!

$ ssh https://whoami.filippo.io/ 

https://twitter.com/FiloSottile/status/1229093553269362689