msprout, to random

I am absolutely gobsmacked by the journalistic achievement that @mozilla pulled off with their mental health, prayer, and lifestyle app audit.

Highly worth a read if you are like me and live in the orbit of these trendy app-based therapy services.

https://foundation.mozilla.org/en/blog/top-mental-health-and-prayer-apps-fail-spectacularly-at-privacy-security/

zyz,

@mozilla @msprout I wish I could read what @mozilla has to say

Unfortunately, for some #accessibility is as unimportant to some as #security is to others.

Security and #privacy are things that are important to all of us, not just people who can #read the #Mozilla #website without the need for a #ScreenReader.

Hey Moz, show us who matters without showing us who matters!

#LivingWithDisabilities

mxfraud, to random

I think there are a lot of long-time Mastodon users who like the fact that it isn’t gaining mainstream traction, and want to keep it that way. But then don’t call it “open”.

tell me you are priviledged without telling me you are priviledged.

Someone needs to learn about the paradox of tolerance
https://en.m.wikipedia.org/wiki/Paradox_of_tolerance

mxfraud,

Quick toot on the difference between the fediverse and mastodon, techbro and the pact.

The fediverse existed before mastodon and was full of nazi that were kicked from twitter (gnu social anyone).

Mastodon added (may I say, because the community pushed and pushed for it hard) the ability to block servers, which is what made it successful over time.

It is clear that Activity Pub is "open" from the persespective of governance (w3c), and also clear that the protocol doesn't want to codify the security aspect which would make it less "open" .

See the link bellow on how Activity Pub dances around the whole autorized_fetch feature mastodon added so that blocks at server level were not a mute.
See "This section is non-normative."
https://www.w3.org/TR/activitypub/#security-considerations
and https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization

--
Quick summary so far:

  • Fediverse started very open
  • Mastodon added some ways to limit stuff.
  • Activity Pub seen this development but didn't "make it into law".
  • Tech bros are going 'it is agaisnt the law' and technically they are not wrong.
  • The pact is saying that the popularity of mastodon, and the fediverse is based on safety tools, which should be made into "law" (it is already "de facto law") .
  • Tech bros have been and are pushing back real hard to make sure safety tools don't make it into de jure law.
    --

TL;DR:The pact is saying we will use our capacity to moderate to stop a know bad actor, opponent to this, argue that it is going against the protocol.

thisismissem, to AWS
@thisismissem@hachyderm.io avatar

Yikes: “The Register reports that malicious actors are exploiting expired #AWS S3 buckets to inject harmful code into legitimate #npm packages without needing to modify existing code.”

https://nodeweekly.com/link/141208/613138eaff

fshwsprr,

@thisismissem I've long seen this as an attack vector, and written S3 bucket takeover neutralization RFCs at multiple employers to prevent relinquishing S3 buckets that were used in production products. (Think empty, tag, add bucket policy to prevent deletion.)

The global S3 bucket namespace was a mistake, and it will, over time, become more difficult to create unique names as companies/orgs fail to release any previously used bucket names for the foreseeable future. #aws #s3 #security

FediFollows, (edited ) to random

#SelfHosting & #CommunityHosting picks of the day:

(All of these are FOSS and self-hostable)

➡️ @nextcloud - Host your own personal cloud, with lots of built-in services/apps you can install

➡️ @yunohost - Linux distro which lets you install self-hosting services through a graphic interface

➡️ @freedomboxfndn - Version of Linux designed to make self-hosting services easier

➡️ @homegrown - Site helping non-technical people use managed hosting to run their own online services

1/5

teon,

And there is a great tool ( provider, , ) - @defguard

thisismissem, to random
@thisismissem@hachyderm.io avatar

Hey folks, I'm starting to get concerned that I need to be monitoring my blood pressure regularly, as high blood pressure runs in my family.

Does anyone know of a reasonably priced reliable blood pressure monitor that can feed data into apple health?

#health #healthtech

mjgardner,
@mjgardner@social.sdf.org avatar

@nick @thisismissem Drop the FUD.

As long as your #Apple device is locked with a passcode, Touch ID, or Face ID, your #health data is encrypted on device and inaccessible by default.

#iCloud backup and sync is opt-in

And as long as you have two-factor authentication on your Apple ID (enabled by default for most people), not even Apple can read your synced health and activity data.

https://www.apple.com/legal/privacy/data/en/health-app/

#privacy #security #InfoSec #2FA

cliffwade, to DuckDuckGo
@cliffwade@allthingstech.social avatar

DuckDuckGo's new web browser is launching for Windows with a public beta today!

https://www.thurrott.com/cloud/284647/duckduckgo-browser-launches-on-windows-in-beta

This is something I'll certainly be checking out to see how well it works.

#DuckDuckGo #DDG #Browser #Windows #Security

heiseonline, to Cybersecurity German

Cybersecurity in der Industrie 4.0 – Das Webinar der heise Academy

Lernen Sie in einem Webinar alles Wichtige über Cybersicherheit in der Industrie 4.0 – von Grundlagen über den Faktor Mensch bis zum Ausblick auf Industrie 5.0.

https://www.heise.de/news/Cybersecurity-in-der-Industrie-4-0-Das-Webinar-der-heise-Academy-8991010.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Cybersecurity #Industrie #Security #news

itnewsbot, to microsoft

With one June Patch Tuesday update, Microsoft falls short - I’ve tracked Microsoft’s Windows patches for years and closely watched all of the chan... - https://www.computerworld.com/article/3700189/with-one-june-patch-tuesday-update-microsoft-falls-short.html#tk.rss_all #smallandmediumbusiness #microsoft #security #windows

majorlinux, to infosec
@majorlinux@toot.majorshouse.com avatar

Your spaceship needs to contact the mothership right now!

Update your Asus Wi-Fi router right now https://www.pcworld.com/article/1960748/update-your-asus-wi-fi-router-right-now.html

#Asus #WiFi #Router #Update #Vulnerability #InfoSec #Security #TechNews

bitwarden, (edited ) to Cybersecurity
@bitwarden@fosstodon.org avatar

The upcoming Teams and Enterprise Demo will include a special topic on how to set your match detection options. Save your seat today! https://bitwarden.com/weekly/

#cybersecurity #passwordmanagement #security #passwordsecurity #passwordmanager

heiseonline, to security German

Drei Jahre heise Security Pro – eine Zwischenbilanz von Jürgen Schmidt​

Seit 2020 bietet das Pro-Angebot von heise Security neben Hintergrundinformationen auch Networking und Austausch für Datenschutz- und Sicherheitsverantwortliche

https://www.heise.de/hintergrund/Drei-Jahre-heise-Security-Pro-eine-Zwischenbilanz-von-Juergen-Schmidt-9193945.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Security #news

avoidthehack, to Cybersecurity

Millions of Americans’ personal #data exposed in global hack

People's with state ID's (like driver's licenses) in Oregon and Louisiana data has been leaked/breached.

MOVEit (CVE-2023-34362) SQL injection (and privilege escalation - CVE-2023-35708) continue to be exploited. There will be more high profile victims, almost certainly.

(OPM is also affected.)

#cybersecurity #infosec #security #ransomware #databreach

https://www.cnn.com/2023/06/16/politics/cyberattack-us-government/index.html

majorlinux, to apple
@majorlinux@toot.majorshouse.com avatar

Update yo shit!

Apple Releases macOS Ventura 13.4.1 With Security Fixes https://www.macrumors.com/2023/06/21/apple-releases-macos-ventura-13-4-1/

#Apple #macOS #Ventura #Security #Update #TechNews

itnewsbot, to security

The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips - Enlarge (credit: Bet_Noire/Getty)

From TikTok to Huawei router... - https://arstechnica.com/?p=1948695 #microprocessors #syndication #encryption #security #biz#usnavy #nasa #nato

itnewsbot, to security

Hackers Threaten To Leak 80GB of Confidential Data Stolen From Reddit - Hackers are threatening to release confidential data stolen from Reddit unless the... - https://it.slashdot.org/story/23/06/19/1332223/hackers-threaten-to-leak-80gb-of-confidential-data-stolen-from-reddit?utm_source=rss1.0mainlinkanon&utm_medium=feed #security

itnewsbot, to security

Millions of Americans' Personal Data Exposed in Global Hack - Millions of people in Louisiana and Oregon have had their data compromised in the ... - https://it.slashdot.org/story/23/06/16/197202/millions-of-americans-personal-data-exposed-in-global-hack?utm_source=rss1.0mainlinkanon&utm_medium=feed #security

avoidthehack, to android

#Android GravityRAT #malware now steals your WhatsApp backups

Be careful of what apps you download - whether from the Google Play store, a third-party repo, or an apk from a website.

#cybersecurity #infosec #security #opsec

https://www.bleepingcomputer.com/news/security/android-gravityrat-malware-now-steals-your-whatsapp-backups/

itnewsbot, to security

Apple beefs up enterprise identity, device management - Last week at WWDC, Apple introduced new capabilities related to Managed Apple IDs and ... - https://www.computerworld.com/article/3699353/apple-beefs-up-enterprise-identity-device-management.html#tk.rss_all #softwaredevelopment #security #apple

5am, to security
@5am@fosstodon.org avatar

If I'd spent as much time working towards an A+ grade in school as I did for my @nextcloud site's #security scan 😄 🔒#Nextcloud

nono2357, to ai

OWASP #AI #Security and #Privacy Guide
https://owasp.org/www-project-ai-security-and-privacy-guide/

sgirlprivacy, to Cybersecurity

Apple user do your update !

#update #cybersecurity #apple #Mac #iOS #iPhone #watch #watchOS #security

avoidthehack, to android

#Android #spyware camouflaged as #VPN, chat apps on Google Play

  • Primarily distributed as targeted attacks via WhatsApp and Telegram
  • Collects contact and location info

Not everything in app stores is safe

Beware of links directing you to download an app (even from the app store) if not sent from the official source/developer of the app

#cybersecurity #infosec #security #opsec

https://www.bleepingcomputer.com/news/security/android-spyware-camouflaged-as-vpn-chat-apps-on-google-play/

mjgardner, to apple
@mjgardner@social.sdf.org avatar

It’s pretty terrible that #Apple introduced hardware #Security Keys support (e.g., #YubiKey) for Apple ID six months ago and #Windows users are still locked out if they enable it.

https://support.apple.com/en-us/HT213154#Overview:~:text=You%20can%27t%20sign%20in%20to%20iCloud%20for%20Windows

#InfoSec #iPhone #iPad

michael, to infosec
@michael@thms.uk avatar

Interesting and somewhat concerning 🤔

Leaking secrets through caching with Bunny CDN

https://httptoolkit.com/blog/bunny-cdn-caching-vulnerability/

#InfoSec #security #caching #CDN

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •