avoidthehack

avoidthehack, 3 months ago to privacy

#ExpressVPN User #Data Exposed Due to Bug

Split tunneling feature has been disabled as it was leaking user #DNS requests - which can be used to ascertain browsing activity to whoever captures the leaked requests - since at least 2022.

Not a #VPN I would recommend for other reasons, but yeah - choose your VPN provider carefully.

#privacy #privacymatters #opsec

https://www.securityweek.com/expressvpn-user-data-exposed-due-to-bug/

avoidthehack, 4 months ago to privacy

Private #Search Engine #Mojeek Deploys New Algorithm That Provides Better Results for Users

Go @Mojeek!!

Now Mojeek has introduced semantic matching, aiming for a better user experience. :ablobcatbongokeyboard:

#privacy #privacymatters

https://reclaimthenet.org/mojeek-deploys-new-algorithm

avoidthehack, 4 months ago to opensource

Skiff Privacy has been acquired, will be shutting down

Skiff has “joined” (read: been acquired) by Notion.

Skiff privacy is (was?) an #opensource and #privacy friendly product suite, featuring email, pages, drive and calendar.

According to their blog post and an email mirror that blog post, Skiff will be “sunsetting” in the next 6 months. In plainspeak, in about 6 months (no definitive date as of writing this post) Skiff’s services will no longer work. Users will not be automatically migrated to Notion.

Users must migrate/download their data, including migrating skiff domains and redirecting emails. From what I currently understand, email aliases must be handled by hand - so the redirect only works for the primary address.

@alternativeto @BleepingComputer @arstechnica @itsfoss

I will be pulling the recommendation for Skiff on Avoidthehack.com ASAP.

#privacy #privacymatters

https://skiff.com/data-migration

Twitter/X screenshot “skiff is joining Notion. we’re exciting to accelerate Skiff’s mission by joining Notion…”

avoidthehack, 4 months ago to random

Lately I’ve been seeing a lot of people saying they are using uMatrix.

Last I heard it was discontinued a few years ago and still unmaintained. Is there a fork I missed? Or are people using something that is at least 3+ years not updated or otherwise maintained?

avoidthehack, 4 months ago to random

Hmmm, today I learned many cloud providers block port 25 TCP (SMTP) by default. 🤔

Spammers really have ruined everything.

Mojeek, 4 months ago to random

just in case anyone sees this and wonders, we didn't pay for it

we got it "complimentary ... via advertising spend"

our spend was in the tens of pounds over a few years 🤔 very normal

avoidthehack, 4 months ago to twitter

Privacy-oriented X front-end #Nitter is shutting down following changes to guest accounts

Nitter is dead after Twitter/X stops allowing guest accounts. Nitter was a front-end for Twitter that worked without JavaScript… @alternativeto

RIP.

#twitter #privacy #opensource

https://alternativeto.net/news/2024/1/privacy-oriented-x-front-end-nitter-is-shutting-down-following-changes-to-guest-accounts/

avoidthehack, 4 months ago to internet

NSA Admits Secretly Buying Your #Internet Browsing Data without Warrants

I guess this is why no one cares to barely acknowledge the data broker industry - much less address the shitty gray area they operate in.

#privacy #databrokers #privacymatters

https://thehackernews.com/2024/01/nsa-admits-secretly-buying-your.html

avoidthehack, 4 months ago to privacy

I missed the official “Data privacy Day” because I don’t social media on Sundays, but here’s a guide for anyone looking to get started on learning about/improving their #privacy.

All the actionable advice boils down to:

• using a privacy-oriented #browser
• using a private/encrypted #email provider
• using a private search engine

#privacymatters #dataprivacyday

https://avoidthehack.com/getting-started-privacy

avoidthehack, 4 months ago to privacy

23andMe data breach: #Hackers stole raw genotype data, health reports

Ugh, so after blaming other people for this breach, 23andMe admits that raw genotype data (which, btw is immutable as it gets for data points) was compromised… due to a 5-month long credential stuffing campaign.

#databreach #23andme #privacy #dna

https://www.bleepingcomputer.com/news/security/23andme-data-breach-hackers-stole-raw-genotype-data-health-reports/

avoidthehack, 4 months ago to privacy

🚨🎬 #Privacy Concerns about Apple Push Notifications

Research by @mysk shows that #Facebook, #TikTok, and other use push notifications to collect data about your #iPhone. Likely, this data is used for fingerprinting (and then subsequently tracking) users across different apps.

#apple claims it will implement “tighter restrictions” in spring 2024.

#privacymatters #ios

https://m.youtube.com/watch?v=4ZPTjGG9t7s

avoidthehack, 4 months ago to security

HP has effectively blocked the use of third party ink cartridges

@majorlinux

OTA #firmware update bricks #HP printers using third party ink cartridges in the name of………… #antivirus measures. The claim is viruses can be embedded into ink cartridges - but the likelihood is so low. Like really low. Low. Extremely low.

In other words, large company does shady thing and blames it on “#security”

#cybersecurity

https://dcanalysts.net/hp-has-effectively-blocked-the-use-of-third-party-ink-cartridges/

avoidthehack, 4 months ago to iOS

iOS 17.3 adds multiple features originally planned for #iOS 17

Adds “Stolen Device Protection” + a handful of #security #updates. Update ASAP.

Stolen Device Protection limits passcode fallback for some actions and adds security delay functions to sensitive changes, such as changing the device pin.

#cybersecurity #infosec #apple #iphone

https://arstechnica.com/gadgets/2024/01/ios-17-3-adds-multiple-features-originally-planned-for-ios-17/

avoidthehack, 4 months ago to SEC

#SEC confirms X account was hacked in #SIM swapping attack

Yeah, so SMS 2FA/#MFA has got to go.

#cybersecurity #security

https://www.bleepingcomputer.com/news/security/sec-confirms-x-account-was-hacked-in-sim-swapping-attack/

avoidthehack, 4 months ago to windows

Hackers Weaponize #Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Note: This vulnerability (CVE-2023-36025) is now patched as of NOV 2023. So hopefully you've updated your Windows device(s) since November 2023 Patch Tuesday.

Also, this campaign is yet another that abuses Discord's CDN by hosting the malware. The #malware executes a control panel file in a way that bypasses #Defender SmartScreen. Paves the way for loading information stealer "Phemedrone"

#cybersecurity #infosec #security

https://thehackernews.com/2024/01/hackers-weaponize-windows-flaw-to.html

shortridge, 4 months ago to Cybersecurity

#cybersecurity zealots often shame humans for writing down their passwords, but as someone who just had to excavate the digital remains of a loved one who died suddenly:

please write down your credentials somewhere a trusted human can find them, especially your phone passcode and any primary passwords (like for email accounts, password manager, etc.)

the humans who care about you will need that access for many reasons; a "badass" threat model will only add helplessness to their grief

avoidthehack, 4 months ago to passkeys

When the banking app inevitably asks you for your opinion on what they can do better, reply “it’s 2024. Support TOTP, FIDO2, or #passkeys, thanks.”

jerry, 4 months ago to random

Tuesday coming at us like…

video/mp4

avoidthehack, 4 months ago to security

Ever wondered when software you’re using is end of life - or otherwise no longer support or maintained by the developer/vendor with important things like #security updates?

Enter https://endoflife.date

It doesn’t include every app, piece of software or firmware, but it has quite a few!

#cybersecurity

avoidthehack, 4 months ago to privacy

Alright, I'm gonna do better about remembering to do #followfriday in 2024.

Free #privacy tools/service providers found in the post at https://avoidthehack.com/free-privacy-tools with a presence on #Mastodon:

@StartpageSearch
@Mojeek
@brave
@mozilla (firefox)
@torproject
@mullvadnet
@safing
@signalapp
@session
@protonmail
@Tutanota
@bitwarden

#privacymatters

Lockdownyourlife, 5 months ago to random

deleted_by_author

avoidthehack, 5 months ago to Cybersecurity

Yesterday (9 JAN 24) was the first Patch Tuesday of 2024.

For the uninitiated: Patch Tuesday is usually the second Tuesday of each month where vendors such as Microsoft and Oracle (among a few others) drop a big patch of updates.

These usually include security fixes. Note that only a handful of vendors “observe” patch Tuesday and security updates can be pushed at any time. It’s important to stay up to date with at least the latest security updates for any software or firmware you use.

JAN 2024 was pretty quiet, but make sure you #update your stuff.

#cybersecurity #infosec #security

https://www.crowdstrike.com/blog/patch-tuesday-analysis-january-2024/

avoidthehack, 5 months ago to privacy

Can ISPs #NetFlow data be used to track traffic going through VPNs?

@ivpn explains how netflow aggregation coupled with other pieces of the puzzle can affect your #privacy while using a #VPN.

#privacymatters

https://www.ivpn.net/privacy-guides/isp-netflow-surveillance-and-vpn/

avoidthehack, 5 months ago to privacy

#Authy is shutting down its #desktop app

Authy is a a #2fa / #MFA authentication app, though one that is not recommended in the #privacy space primarily because it does not offer easy export of codes (making it difficult to switch apps) and is closed source.

However, many people used it because it was one of the only apps not integrated into a password manager that allowed easy syncing across different devices.

I am urging any Authy users/holdouts to switch to an #opensource alternative that allows exporting 2FA secrets.

https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down