Show more

Upgraded my home router box (which intentionally only does VDSL + DHCP and not much more, to lower attack surface) to OpenWRT 18.06.2 today. More recent kernel and packages, various security fixes, etc. etc.

Went pretty smoothly, other than that I had to clear the browser cache to be able to log in again, and I had to re-install/re-enable luci-ssl.

Breaking: The text of #Article13 and the #EU #Copyright Directive has just been finalised

juliareda.eu/2019/02/eu-copyri

Please reshare widely and **take action**. This has the potential to endanger the #internet as we know it, making it more and more composed of only large platforms.

This has the possibility of killing #alternative #socialmedia projects and small #startups trying to compete with the big #corporations.

Calling all #Fediverse admins of instances in the #EU. The #CopyrightDirective is coming, we need to show the MEPs how massively the EU Internets will be affected.

We are preparing a list of all EU-based #Pleroma, #Mastodon, #GNUSocial, #Peertube, #Funkwhale, and any other instances.

Please *contact me*. All I need is the domain name, which EU Member State it's located in, and the rough topic of the instance. Approximate user count welcome, but not necessary.

Please help. This is important.

A. Schaller et al., "Intrinsic Rowhammer PUFs: Leveraging the Rowhammer Effect for Improved Security”

...In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules; the Rowhammer PUF…
...this is the first work to use the Rowhammer effect in a positive context: to design a novel PUF

arxiv.org/abs/1902.04444

@EikeHein is the treasurer of KDE e.V. and long-time Plasma and Konversation developer. So he's actually more knowledgeable on the tech side of KDE than I am.

Some popular iPhone apps are secretly recording your screen:

extremetech.com/mobile/285342-

– apps include Air Canada, Hollister, Expedia, Hotels.com
– these and other apps use a "session replay" feature of Glassbox
– Glassbox session replays are essentially real-time videos of how you interact with the app

#ios #glassbox #session #replay #leak #aircanada #hollister #expedia #hotelscom

Hello world! Happy to finally be part of the Mastodon community. Follow us if you are interested in #privacy #personaldata #dataexploitation and #surveillance, we'll be talking a lot about these.

#newcomer #presentation

Turns out the current German federal data protection commissioner, @ulrichkelber, has an active Mastodon account!
It's really great to see that Mr. Kelber is active where much of the IT - and especially privacy - community are, instead of only on the big, privacy-violating social networks.

openscore.cc is a project that wants to liberate sheet music from copyright and from paper! They invite and coordinate volunteers to transcribe public domain scans from imslp.org using musescore.org. Should be a great learning experience! 🎼

LIFX smart light can leak your WiFi password (and more):

zdnet.com/article/this-smart-l

– tested with LIFX mini white
– credentials were stored in plaintext within the flash memory
– there is no secure boot, flash encryption, or any attempt to disable JTAG

Also keep in mind that your IP cameras at home can leak your WiFi passwords (and more):

infosec-handbook.eu/blog/camer

#lifx #smartlight #iot #leak #vulnerability #wifi #wlan #infosec #cybersecurity #security

Was excited about this talk almost more than any other at #fosdem.

@ExodusPrivacy@twitter.com is doing amazing work in identifying surveillance patterns in native apps on Android.

And their learnings are set up to be dev-ready, easily used in your own projects.

Donate to support them!

For those of you that use the qutebrowser, what do you do for password management? I like the browser, but I don't like memorizing 250+ different passwords or shooting myself in the foot by having all my accounts have the same password.

Facebook has found a novel way to violate privacy: pay children to install root certificates on their devices.
eff.org/deeplinks/2019/01/what

Are you about to set up a web server for your projects, blog, or website?

Check out our Web server security series:

infosec-handbook.eu/categories

We cover SSH and TLS hardening, HTTP response headers, ModSecurity, Fail2ban, and server-side DNS configuration. There's more to come.

Ideas and feedback are welcome.

#webserver #serversecurity #security #infosec #cybersecurity #server #tls #ocsp #ssh #fail2ban #modsecurity #dns #dnssec

Surveillance across the board 

Google :google: announces date of death of consumer Google+:

cloud.google.com/blog/products

– DOD will be April 2, 2019
– Google announced to delete Google+ accounts, pages, photos, videos, and album archive of consumer users
– G Suite users aren't affected
– all Google+ APIs will be shut down in March 2019

#google #googleplus #gsuite #privacy

Breaking: Google has also been found using a shady research app to monitor and analyze user traffic and data, a day after Facebook's app was uncovered to violate Apple's rules.
techcrunch.com/2019/01/30/goog

Can anyone recommend a good, google services free, 2fa application for android.

Preferably it will have a backup option but not needed.

Only FreeOTP+ & andOTP from this list have been updated recently:
fossdroid.com/s.html?q=otp

Holy shit, Facebook is paying teenagers to install a root certificate on their phones so they can snoop on all of their internet traffic

Not a joke, this is actually a thing which is happening right now

techcrunch.com/2019/01/29/face

Show more
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.