hey #foss nerds. can someone tell me why #keepass dx on android isn't loading newly added entries? I've added entries on keepassxc on windows, transfer the database to my phone, and new entries don't show up. old entries show up, the file's last modified property shows it's changed. but no changes. I'm on the 4.0.6 version from f-droid. why doesn't this work?
Nun ja, auch wenn Passkey was gutes ist und von grossen Firmen bereits angeboten im Einsatz ist, fast keine kleinere Firma investiert in die Tools daführ. Dies auch mMn weil sie es als "zu teuer & unnötig" ansehen.
»Chance verpasst – Webauthn-rs-Entwickler hält Passkeys für geplatzten Traum: #Passkey's sollen Anmeldevorgänge sicherer und benutzerfreundlicher machen. Der Entwickler einer #Webauthn-Bibliothek für #Rust sieht das Vorhaben inzwischen als gescheitert an.«
🧵 …wie im obigen verlinkten Artikel schon erwähnt, kann ich durchaus @bitwarden oder deren in Rust entwickelten Klon @vaultwarden_releases empfehlen, obwohl ich persönlich @keepassxc bevorzuge und über eine @nextcloud Instanz die Daten zwischen den Geräten synchronisiere 🔑
Standardmäßig ist Firefox leider nicht besonders datenschutzfreundlich. Wer nicht die Einstellungen durchsuchen möchte und sich nicht bei jeder neuen Version Sorgen über neue Funktionen von Mozilla machen will, kann auf Alternativen zurückgreifen. Zum Beispiel #LibreWolf für den Desktop und #Fennec für Android. Beide Varianten entfernen unter anderem die Telemetrie-Funktionen.
Damn yeah. Finally fixed the pin entry program to actually use the secret service on #linux#kde#plasma and to stop asking all the time for the password for signing commits.
It seems a somewhat recent breaking change, since this worked before. Anyway, someone had already written about it on #archlinux wiki.
Tldr: after setting the pin entry program on gpg-agent config to use the qt version, we need to change the gpg-agent service to have XDG_SESSION_DESKTOP as anything but "kde".
Anyway this seems all kinda ridiculous because it's about some potential problem when using kwallet as the secret service and kwallet configured to use #gpg as the backend? I never knew that was possible.
Anyway, currently I'm using #keepass with its secret service integration to make all this work.
Es ist wieder soweit und wie jedes Jahr am 1. Februar wird von vielen Seiten dazu aufgerufen, die Passwörter zu ändern. Ich sage: Lasst es. Dieses ständige Passwortändern bringt keinen messbaren Sicherheitsgewinn. Das Problem liegt ganz woanders. 👇
Sobald Passkeys offiziell für KeePassXC (Desktop) und/oder KeePassDX (Android) verfügbar ist - nicht als Beta, sondern als Stable - wird es einen Beitrag dazu geben. 🔒
Anyone here that uses #Syncthing to synchronize #KeePass database between devices?
If so, is it reliable?
Right now I use NextCloud at NCH.pl, but start wondering if I really need a server that will be in that process (local, remote)?
Why not synchronize it directly between devices?
@rita
Einen guten Grund die maximal mögliche Zeichenlänge eines PW dienstseitig klein zu halten gibt es nicht, eine höhere Mindestlänge schon eher.
Ich selbst kenne meine Accountpasswörter nicht, noch könnte ich sie mir merken, das überlasse ich #keepass (Achtung: keine Fake-Version verwenden!) wo ich dann ein Masterpaßwort gebildet aus betimmten Buchstaben eines irre langen, leicht zu merkenden Satzes plus ein paar anderer Zeichen benutze, um das über dessen Keyboard einzufügen. @askfedi_de
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #42/2023 is out! It includes the following and much more:
➝ 🔓 👀 Tracking Unauthorized Access to #Okta's Support System
➝ 🔓 🇯🇵 #Casio discloses #databreach impacting customers in 149 countries
➝ 🔓 🧬 Hacker leaks millions more #23andMe user records on #cybercrime forum
➝ 🔓 🇨🇳 D-Link confirms data breach after employee #phishing attack
➝ 🔓 💰 #Equifax Fined $13.5 Million Over 2017 Data Breach
➝ 🇺🇦 🧹 Ukrainian activists hack Trigona #ransomware gang, wipe servers
➝ 🇺🇸 🇰🇵 FBI: Thousands of Remote IT Workers Sent Wages to #NorthKorea to Help Fund Weapons Program
➝ 🇮🇳 ☁️ #India targets #Microsoft, #Amazon tech support #scammers in nationwide crackdown
➝ 🇵🇸 🇮🇷 #Hamas-linked app offers window into cyber infrastructure, possible links to Iran
➝ 👮🏻♂️ 🥷🏻 Police seize #RagnarLocker leak site
➝ 🇰🇵 North Korean Hackers Exploiting Recent #TeamCity Vulnerability
➝ 🇨🇳 🇷🇺 #China replaces #Russia as top #cyberthreat
➝ 🇺🇦 📡 CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
➝ 🇫🇷 🇪🇸 #France frees the two biggest Spanish hackers
➝ 🇺🇸 ⚓️ Ex-Navy IT head gets 5 years for selling people’s data on #darkweb
➝ 🇨🇭 🗳️ #Switzerland’s e-voting system has predictable implementation blunder
➝ 🔓 🏭 Critical Vulnerabilities Expose #Weintek HMIs to Attacks
➝ 🔓 🏭 #Milesight Industrial Router #Vulnerability Possibly Exploited in Attacks
➝ 🦠 🇻🇳 Fake #Corsair job offers on #LinkedIn push #DarkGate malware
➝ 🦠 Google-hosted #malvertising leads to fake #Keepass site that looks genuine
➝ 🦠 💬 #Discord still a hotbed of #malware activity — Now APTs join the fun
➝ 🦠 🕵🏻♂️ SpyNote: Beware of This Android #Trojan that Records Audio and Phone Calls
➝ 🛍️ 🦠 #Android will now scan sideloaded apps for malware at install time
➝ 💬 🔐 #WhatsApp#passkeys on the way, but as usual, for Android first
➝ 🇷🇺 🗂️ Pro-Russian Hackers Exploiting Recent #WinRAR Vulnerability in New Campaign
➝ 🗓️ ❌ Signal Pours Cold Water on Zero-Day Exploit Rumors
➝ 🔓 💥 #Cisco warns of new #IOS XE #zeroday actively exploited in attacks
📚 This week's recommended reading is: "RTFM: Red Team Field Manual v2" by Ben Clark and Nicholas Downer
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Yikes. Need another reason to install an ad blocker? Here you go: fake Keepass ad good enough to fool most anyone into installing malware. Also, the comments show how to turn off punycode rendering in Firefox. They should go further and heavily flag all non-ASCII domains in the URL bar.
Could anyone give me recommendations for a password manager? Google is basically useless now and I don't know anywhere else to ask. 😅
So far, I've never found one that I trust enough to use. I do understand the importance but I'm extremely, incredibly hesitant to hand over my passwords to a 3rd party program. I'm even more hesitant to use randomly-generated passwords that I can't memorize as a backup.
All that being said, here's what's important to me:
Transparency - public audits, published whitepaper, and/or open source.
Export to a printable format. I don't have reliable backups, so this is a must-have!
Works with desktop & mobile Firefox.
Works on Windows & Linux (I regularly use both).
Works on Android - not critical, but would be really helpful.
Can work offline (I don't trust any sync server to stay online).
For everything else, I'm more flexible. I don't mind paying a small amount for a better / more trustworthy option, either.
Any suggestions, recommendations, or just boosts are appreciated! Thanks so much in advance! 💙