Upgraded my #openwrt home router box (which intentionally only does VDSL + DHCP and not much more, to lower attack surface) to OpenWRT 18.06.2 today. More recent kernel and packages, various security fixes, etc. etc.
Went pretty smoothly, other than that I had to clear the browser cache to be able to log in again, and I had to re-install/re-enable luci-ssl.
Please reshare widely and **take action**. This has the potential to endanger the #internet as we know it, making it more and more composed of only large platforms.
Please *contact me*. All I need is the domain name, which EU Member State it's located in, and the rough topic of the instance. Approximate user count welcome, but not necessary.
Please help. This is important.
A. Schaller et al., "Intrinsic Rowhammer PUFs: Leveraging the Rowhammer Effect for Improved Security”
...In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules; the Rowhammer PUF…
...this is the first work to use the Rowhammer effect in a positive context: to design a novel PUF
@EikeHein is the treasurer of KDE e.V. and long-time Plasma and Konversation developer. So he's actually more knowledgeable on the tech side of KDE than I am.
Some popular iPhone apps are secretly recording your screen:
– apps include Air Canada, Hollister, Expedia, Hotels.com
– these and other apps use a "session replay" feature of Glassbox
– Glassbox session replays are essentially real-time videos of how you interact with the app
Turns out the current German federal data protection commissioner, @ulrichkelber, has an active Mastodon account!
It's really great to see that Mr. Kelber is active where much of the IT - and especially privacy - community are, instead of only on the big, privacy-violating social networks.
LIFX smart light can leak your WiFi password (and more):
– tested with LIFX mini white
– credentials were stored in plaintext within the flash memory
– there is no secure boot, flash encryption, or any attempt to disable JTAG
Also keep in mind that your IP cameras at home can leak your WiFi passwords (and more):
Was excited about this talk almost more than any other at #fosdem.
@ExodusPrivacy@twitter.com is doing amazing work in identifying surveillance patterns in native apps on Android.
And their learnings are set up to be dev-ready, easily used in your own projects.
Donate to support them!
Facebook has found a novel way to violate privacy: pay children to install root certificates on their devices.
Are you about to set up a web server for your projects, blog, or website?
Check out our Web server security series:
We cover SSH and TLS hardening, HTTP response headers, ModSecurity, Fail2ban, and server-side DNS configuration. There's more to come.
Ideas and feedback are welcome.
Surveillance across the board
Google announces date of death of consumer Google+:
– DOD will be April 2, 2019
– Google announced to delete Google+ accounts, pages, photos, videos, and album archive of consumer users
– G Suite users aren't affected
– all Google+ APIs will be shut down in March 2019
Breaking: Google has also been found using a shady research app to monitor and analyze user traffic and data, a day after Facebook's app was uncovered to violate Apple's rules.
Holy shit, Facebook is paying teenagers to install a root certificate on their phones so they can snoop on all of their internet traffic
Not a joke, this is actually a thing which is happening right now
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.