Search
Items tagged with: infosec
Musk/DOGE is a widely exposed single point of failure for international security. All it takes is for a state to overcome the personal security of inexperienced barely-post-tweens to essentially access all American information. There is no oversight on how the people's data is being handled. This is the worst kind of attack surface possible.
#infosec #doge #maga #uspol #privacy #data #attacksurface #trump
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(5/n)
... conventional weapons.
As in the 1930's, a #fascist movement has been siwing division where there should be unity.
We must never forget, as in any war, the war that's being fought against #Authoritarianism is a #hybrid one.
The #FourthEstate...
@LoranJohn
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(4/n)
.. taking a wrecking ball towards the #West.
If the rest of the π globe, in particular #CEUM, work much stronger together, there is a good chance that the #TrumpeanTariffs'-induced #GlobalDepression2.0 might yet be averted.
However, this is not only a war of trade and...
@LoranJohn
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(3/n)
... They will seek to eliminate conflict in their international economic policies and will encourage economic collaboration between any or all of them.π"
The #TrumpTariffs that will result in #TrumpeanTradeWars, if this collision course is maintained, are the complete opposite of what the founding fathers had in mind.
#tRump is...
@LoranJohn
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(2/n)
... way before the much cited Art. 5.:
"Article 2
The Parties will contribute toward the further development of peaceful and friendly international relations by strengthening their free institutions, by bringing about a better understanding of the principles upon which these institutions are founded, πand by promoting conditions of stability and well-being...
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(1/2)
And #SigmarGabriel is right!
#Canada and #Mexico, while having a lot of indigenous roots, AS well as Asian and African, the majority of people have ancestral roots on the European continent and speak one of its languages.
But things should not be hastened, the #EuropeanUnion did not start as such.
mastodon.social/@HistoPol/1142β¦
IMO, starting with a fast-track implementation of a free-trade area...
HistoPol (#HP) π΄ πΊπΈ π΄ (@HistoPol@mastodon.social)
@Snowshadow #CEUM #CdnPol #CANpol #USpol #CETA #InfoSec #Democracy #NationalSecurity #Mercantilism (2/n) ...Mastodon
βUnless you are using #GPG, email is not end-to-end encrypted, & the contents of a message can be intercepted & read at many points, including on Googleβs email servers,β said Eva Galperin, director of #cybersecurity at the Electronic Frontier Foundation.
β©#NationalSecurity experts have expressed alarm over the #Trump adminβs denial that the leaked #Signal chat contained #classified information.
#Gmail #Signalgate #Signal #OpSec #InfoSec #military #idiocracy #kakistocracy
Data #security experts have expressed alarm that US #NationalSecurity professionals are notβ¦[just]β¦using the govtβs suite of secure encrypted systems for work communications such as JWICS, the Joint Worldwide Intelligence Communications System.
β©Most concerning, however, is the use of personal email, which is widely acknowledged to be susceptible to hacking, spearfishing & other types of digital compromise.
#Gmail #Signalgate #Signal #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
The use of personal email, even for unclassified materials, is risky given the premium value foreign #intelligence services place on the communications & schedules of senior govt ofcls, such as the #NationalSecurity adviser, experts say.
β¦Waltz has also created & hosted other #Signal chats w/Cabinet members on sensitive topics, including on #Somalia & #Russiaβs war in #Ukraine, said a senior #Trump admin official.
#Gmail #Signalgate #OpSec #InfoSec #military #idiocracy #kakistocracy
#MikeWaltz has had less sensitive, but potentially exploitable information sent to his #Gmail, such as his schedule & other work documents, said ofcls, who, like others, spoke on the condition of anonymity to describe what they viewed as problematic handling of information. The ofcls said Waltz would sometimes copy & paste from his schedule into #Signal to coordinate meetings & discussions.
#Signalgate #NationalSecurity #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
A snr #MikeWaltz aide used the commercial email service for highly technical conversations w/colleagues at other govt agencies involving sensitive #military positions & powerful #weapons systems relating to an ongoing conflict, acc/to emails reviewed by WaPo. While the #NSC official used his #Gmail account, his interagency colleagues used govt-issued accounts, headers from the email correspondence show.
#Gmail #Signalgate #Signal #NationalSecurity #OpSec #InfoSec #Trump #idiocracy #kakistocracy
The use of #Gmail, a FAR LESS secure method of communication than the encrypted messaging app #Signal [which isnβt secure enough for these kinds of comms either], is the latest example of questionable #security practices by top #NationalSecurity ofcls already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for #military ops in Yemen.
#Signalgate #Signal #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
Maybe Iβm just paranoid, but what could possibly go wrong with this idea? Grimace.
βBased on the analysis of this data, Microsoft can remotely apply fixes such as removing problematic drivers or updates and changing configuration settings.β
An ok overview of security considerations & mitigating controls to protect privacy and reduce risk of harm when crossing the US border.
The author misses some utterly crucial details however.
1) When your encrypted device is on, it is in an *unlocked* state. Only by powering off such a device is it in an encrypted state. Further, MicroSD cards are often unencrypted. Check before you fly, and power off before the border.
2) (next post)
theguardian.com/technology/202β¦
How to protect your phone and data privacy at the US border
With reports of people being turned away at airports over messages found on devices, hereβs what to do to minimize risksJohana Bhuiyan (The Guardian)
#EdwardCoristine is among the most visible members of the #DOGE effort that has been given sweeping access to official networks as it attempts to radically downsize the U.S. government.
Past reporting had focused on his youth - he is 19 - and his chosen nickname of "#BigBalls," which became a pop culture punchline. #Musk has championed the teen on his social media site X, telling his followers last month that "Big Balls is awesome."
Exclusive: #DOGE staffer, '#BigBalls', provided tech support to #cybercrime ring, records show
The best-known member of Elon #Musk's U.S. DOGE Service team of technologists once provided support to a cybercrime gang that bragged about trafficking in stolen data & #cyberstalking an #FBI agent, according to digital records reviewed by Reuters.
#USpol #InfoSec #NationalSecurity #Trump
reuters.com/world/us/doge-stafβ¦
2024-08-15 .Bond Newly Registered Domains Part 1 - ABTdomain.com
.bond newly registered domains on 2024-08-15. Noted 7,147 newly registered domains, part 1 lists domains as 10-kwp-pv-anlage-kosten.bond, 247-nurse-14902.bond, 247-nurse-17413.bond, etc.Emily Chen (Newly Registered Domains)
βIf these idiots are accidentally roping in the editor of the Atlantic on secret war deliberations, what are the chances theyβre making other serious information-security mistakes, including ones that create openings for foreign intelligence agencies? Probably pretty high.β #trump #infosec #signal
thebulwark.com/p/high-cost-of-β¦
The High Cost of Team Trumpβs Sloppy OpSec
Anyone surprised by the news of this weekβs bizarre leak has forgotten the long record of security failures in Trumpβs first term.Nicholas Grossman (The Bulwark)
If you also use BlueSky I have provided you a Short Stack there:
tisiphone.net/2025/03/25/bluesβ¦
It is mostly a duplicate of the Short Stack here:
tisiphone.net/2025/03/18/updatβ¦
These are intel-ish news feeds mostly consisting of people who post a lot of relevant articles, commentary, and punditry. tldr; follow these and keep updated on cyber stuff.
Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff. Pancakes Short Stack,jerry@infosec.exchange Pancakes Short Stack,spaceroβ¦Lesley Carhart's Cybersecurity Blog
Moral of the story: be sure to first sweep your hot cars for any AirTags, LowJacks, etc #privacy #InfoSec
[β¦] detectives used GPS on a [stolen] car identified during the robberies to trace it back to a meeting spot used by the group. [who] would [β¦] move βlarge pry bars and jaws of life toolsβ into stolen vehicles used in the robberies while intentionally leaving their cellphones [behind] to avoid being caught. They returned to the meeting locations.
Federal Judge Deborah L. Boardman has blocked #DOGE / #OPM from accessing large swathes of data at the Depts of #Education & #Treasury, ruling that DOGE has no right under the #Privacy Act to unjustified access to large-scale amounts of personal identifying information.
#law #USpol #Trump #Musk #InfoSec
storage.courtlistener.com/recaβ¦
December 2023: US District Attorney Jessica Aber indicts 4 Russians for war crimes in #Ukraine
September 2024: US District Attorney Jessica Aber indicts Russian cryptocurrency money launderer / cybercriminal #SergeyIvanov
November 2024: US District Attorney Jessica Aber accuses Virginia based companies of running "three different schemes to illegally transship sensitive American technology to Russia," including sending equipment to a Russian telecommunications company linked to the #Kremlin and Russia's notorious #FSB security agency.
March 2025: Former US District Attorney Jessica Aber found dead at age 43
More: newsweek.com/jessica-aber-deatβ¦
#Putin #VladimirPutin #JessicaAber #Russia #UkraineWar #Virginia #Vapol #crime #alexandria #TrueCrime #uspol #eupol #eu #AsifRahman #infosec #ransomware #cybersecurity
Ex-US Attorney Jessica Aber Investigated Russia, CIA Leaker Before Death
Aber resigned as U.S. Attorney for the Eastern District of Virginia after President Donald Trump returned to the Oval Office.Ellie Cook (Newsweek)
β¦As the #Trump adminβs war on the federal bureaucracy throws key agencies into #chaos, CISAβs turmoil could have underappreciated consequences for #NationalSecurity & #economic prospects. The agency, part of #DHS, has steadily built a reputation as a #nonpartisan source of funding, guidance, & even direct defensive support for #cities, #businesses, & #nonprofits reeling from #cyberattacks.
Inside #CISA, vital support staff are gone, international partnerships have been strained, & workers are afraid to discuss #threats to #democracy that theyβre now PROHIBITED from countering. Employees are even more overworked than usual, & new assignments from the admin are interfering w/important tasks. Meanwhile, CISAβs temporary leader is doing everything she can to appease #Trump, infuriating employees who say sheβs out of touch & refusing to protect them.
Apple patched CVE-2024-54471, a macOS vulnerability that allowed NetAuthAgent to leak file server credentials and iCloud API tokens due to missing sender verification. Update to macOS 15.1, 14.7.1, or 13.7.1 to stay protected.
This dumb password rule is from Hetzner.
- 8 or more characters
- At least one uppercase and one lowercase letter
- At least one number or special character
Okay, fair enough, but after putting in a password with some special characters this message appears:
- Invalid characters, allowed are: A-Z a-z 0-9 Γ€ ΓΆ ΓΌ Γ Γ Γ Γ ^ ! $ % / ( ) = ?...
dumbpasswordrules.com/sites/heβ¦
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Hetzner - Dumb Password Rules
- 8 or more characters - At least one uppercase and one lowercase letter - At least one number or special character Okay, fair enough, but after putting in a password with some special characters this message appears: - Invalid characters, allowed aβ¦dumbpasswordrules.com
Tell me I'm reading this blog post wrong. It reads as if Cloudflare is admitting to reading the login credentials of users of sites that use Cloudflare.
"Our data reveals that 52% of all detected authentication requests contain leaked passwords found in our database of over 15 billion records, including the Have I Been Pwned (HIBP) leaked password dataset."
h/t: @0xF21D
blog.cloudflare.com/password-rβ¦
#infosec #security #cloudflare
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog