OMG seriously people WHY ARE YOU DISABLING PASTE ON PASSWORD FIELDS? You are literally making your systems LESS SECURE. GRRRRRR. #Security#NotThatHard#WTF
Microsoft reveals subscription pricing for using Windows 10 beyond 2025, and it's not cheap. Customers will need to pay $61 per device, which will double every year for three years, to remain secure on Windows 10. If you just do shopping or social media you can use alternative os like Ubuntu, Mint, or pop os for your older computer instead of jumping to windows 11. Also regardless of windows 10 or 11 prices you will still get Ads in Windows 😂 #linux#privacy#security Choose wisely
This has to be the most infuriating bug report I've ever submitted. I went to type in my 2FA code on a website - but no numbers appeared on screen. Obviously, I was an idiot and had forgotten to press the NumLock button. D'oh! I toggled it on and typed again. No numbers appeared. I […]
A few weeks back, my company #Fastly put on a (partially) live conversation between our #Security team and @renchap about protecting @Mastodon from #DDOS attacks.
Thanks so much to everyone who attended live and asked great questions!
If you couldn't make it, here's the recording, and a PDF with the answers to questions we didn't get to live.
(it's... very enterprise marketing. But you do not need to give us any of your information to view!)
They claim it's only if you use their AI tools, and they claim OpenAI will use your data for only 30 days and then delete it. I think that's a terrible abuse of user rights and a security disaster waiting to happen.
Confusingly, they've rolled-out this malfeature to some users but not all (yet). My partner & me compared the "Settings" page on our Dropbox accounts — the "Third-Party AI" tab is there for one of us but not the other.
The setting is switched on by default. This is a "dark pattern" (also known as a "deceptive design pattern") that ignores user consent. If you don't know about it, you can't opt-out. Worryingly, if you're slow to opt-out then there's a chance they've scraped you data already. It's a harsh reminder of the saying "If you're not paying for the product, you are the product".
it’s basically the chapter summaries of my paywalled book repurposed as a public, bite-sized guide for you to devour, absorb, then change-make (or sound smart online, in meetings, at parties, to your cat, etc)
let’s keep trying to modernize #infosec together xx
I updated my instances terms of service to say "no hacking". It was much easier than upgrading. If that doesn't work I'll block the hashtag "#hacking" and defederate from hackers.town.
hey so if you have a #spoutible account you need to immediately scroll to the end of this post, take the four steps listed, and then read the whole post. a vulnerability that was just fixed made it possible for an attacker to take complete control of your account without you getting any kind of notification.
Two decades ago, my life changed forever: hearing #BruceSchneier explain that "#security" doesn't exist in the abstract. You can only be secure from some threat. A fire alarm won't protect you from burglaries. A condom won't protect you from mass shootings. It seems obvious, but how often do we hear about "security" without any mention of who is being made secure, and from which threat?
It'll be announced at midday UTC today (10th Oct 2023).
If there isn't an update you can deploy quickly for your affected services immediately (there should be for the better known software, they've had advance notice) then you should consider disabling the affected element until there is.
Can't share more right now but it's important so don't forget (& tell your friends!).
Python is a memory-safe programming language that eliminates an entire class of software vulnerabilities 🐍🛡️ Adoption of memory-safe systems languages like #Rust continues to grow in the #Python package ecosystem 🦀
"The biggest source of conflict was an amendment ... that would prohibit #databrokers from selling consumer data to #lawenforcement and would require a warrant to access Americans’ information... National #security hawks in #Congress and local law enforcement groups joined forces to kill the amendment, with the National Sheriffs’ Association claiming it would “kneecap law enforcement” in a letter to Congress..."
CALL FOR AN INTERNATIONAL WEEK OF SOLIDARITY WITH THE ACCUSED OF 8.12.2020
FROM 16 TO 23 SEPTEMBER 2023
"The 7 french comrades arrested on 8 December 2020 will go on trial from 3 to 27 October 2023. They will be judged for «criminal association of terrorist criminals» (art. 450-1) in Paris. No terrorist project has been established after two years of investigation characterized by the use of white torture and a very intrusive surveillance. The criminal classification was not retained but the terrorist and collective dimension remains despite the total absence of evidence or even links between all the seven people. Several of them are also charged with “refusing to surrender a secret decryption convention” (Art. 434-15)." https://anarchistnews.org/content/call-international-week-solidarity-accused-8122020 #Repression#France#Counterterrorism#Frankreich
“8 December” case: why is encryption on trial?
"On 3 October, the trial of the so-called “8 December” case began. Seven people are prosecuted for being a “terrorist group”.
The intelligence services in charge of the judicial investigation (Direction générale de la Sécurité intérieure, DGSI), the National Antiterrorist Prosecution Office (Parquet National Antiterroriste, PNAT), and the investigating judge based their case on the fact that the defendants were using different tools to protect their privacy and encrypt their communications on a daily basis.
This trial is part of an increased political push by states and law enforcement for surveillance measures and the criminalisation of encryption. That is why the trial is crucial in the battle against the state’s ongoing attempts to criminalise commonplace, secure and healthy digital practices.