Use the free smartphone app Authy for two-factor authentication (works with Twitch, Discord, Mastodon, Tw*tter, and more) https://authy.com/
Use the free and open-source password manager Bitwarden to remember and randomly generate passwords up to 128 characters long https://bitwarden.com/ (KeePass https://keepass.info/ is also FOSS but doesn't sync between devices)
Use DuckDuckGo's free email service to sign up for things, which hides my real email address and removes email trackers that tell the sender my location https://duckduckgo.com/email/
If you do all this, someone who hacks into or steals the server your data is hosted on won't be able to figure out who you are irl, won't have your IP address, won't know your real email address, and will have no chance of getting into your account.
I also use LibreWolf and the Privacy Badger and NoScript extensions to thwart fingerprinting attempts, but that's less relevant here.
I post this every time there's a big jump in new users but here goes:
Now that you're making a new account, do you really need to use the same username that you use everywhere else? It makes it very easy to find you.
Does adding your country/state/city add anything to your profile other than making finding you easier?
Please be mindful of what you post friends, a new account is a good time to think about how much you want to share publicly (Bare in mind that a 'private' account works very differently here).
It seems timely to talk about what #OpSec is rather than just what it isn't.
OPSEC is about preventing leaks of metadata or auxiliary data in order to prevent revealing your underlying secret. OPSEC is about preventing an adversary from determining your actions from things that are not information about the operation itself.
OPSEC is a process, not a plugin.
For example, if you are worried about plans around an action leaking out, OPSEC asks about elements such as:
About preventing inferences about your data from metadata or auxiliary data
Is about building a culture of security
OpSec is not "make sure you talk about your crimes in a secure channel," OpSec is "don't share a shitposting group with the people you do crimes with," and "don't have everyone take PTO the day after you plan your op." It's "don't have a countdown to when you see your spouse."
Im August werden wir in Bayern protestieren und Widerstand gegen den tödlichen gesellschaftlichen Kurs leisten. Egal wie der Staat reagiert, auch wenn er uns einsperrt!
Ich bezweifle dass dabei was rauskommt aus gut ausschlachtbare Propaganda die zur eurer Kriminalisierung genutzt werden kann...
Aber hey, überrascht micht gern positiv damit, dass ihr mal #ITsec, #InfoSec, #OpSec & #ComSec ernst nehmt und nicht euch und eure Unterstützer*innen so heftig self-d0xxed, dass es ein #WontAttend bleibt?
Aus Fehlern das Falsche gelernt. Der Bundestag hat auf Wunsch des BMI & Nancy Faeser das Beamtengesetz geändert, damit die neue Präsidentin des BSI, Claudia Plattner, jederzeit in den Ruhestand versetzt werden kann. Eine beunruhigende Entwicklung. Das BSI steht unter Fachaufsicht des BMI. Das ist ein Problem. Denn Sicherheitsbehörden haben oft ein Interesse daran, IT-Sicherheitslücken offenzuhalten, zum Beispiel um Staatstrojaner einzusetzen. 1/
Browser extension games requesting potentially dangerous permissions in the browser, to include search hijacking and code injection.
Apparently many of these extensions are benign (in the sense the malicious code doesn't run initially) at first, but have placeholder code for future potentially malicious updates. Yikes.
SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool
Benign (and "good") tools can be used to carry out phishing campaigns, such as this #smishing campaign targeting Canadian users who've placed legitimate orders with legitimate retailers.
#LockBit#ransomware has extorted $91 million from U.S. organizations, conducting hundreds of attacks since 2020. The cyber threat is evolving and disruptive, targeting critical sectors.
Google Threatens to Kill #opensource#youtube Front-End Invidious for Letting You Watch Videos without Tracking or Ads
Not a conspiracy theorist... but now all of a sudden, after years (or rather, the "rise of #ai "), Big Tech wants to change/enforce API rules/pricing/you name it. Hmmm...
Not patching could lead to malicious actors carrying out code execution (telling your device what to do), denial of service (making it unavailable for routine use), information disclosure and authentication bypass.