Search
Items tagged with: InfoSec
“Unless you are using #GPG, email is not end-to-end encrypted, & the contents of a message can be intercepted & read at many points, including on Google’s email servers,” said Eva Galperin, director of #cybersecurity at the Electronic Frontier Foundation.
#NationalSecurity experts have expressed alarm over the #Trump admin’s denial that the leaked #Signal chat contained #classified information.
#Gmail #Signalgate #Signal #OpSec #InfoSec #military #idiocracy #kakistocracy
Data #security experts have expressed alarm that US #NationalSecurity professionals are not…[just]…using the govt’s suite of secure encrypted systems for work communications such as JWICS, the Joint Worldwide Intelligence Communications System.
Most concerning, however, is the use of personal email, which is widely acknowledged to be susceptible to hacking, spearfishing & other types of digital compromise.
#Gmail #Signalgate #Signal #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
The use of personal email, even for unclassified materials, is risky given the premium value foreign #intelligence services place on the communications & schedules of senior govt ofcls, such as the #NationalSecurity adviser, experts say.
…Waltz has also created & hosted other #Signal chats w/Cabinet members on sensitive topics, including on #Somalia & #Russia’s war in #Ukraine, said a senior #Trump admin official.
#Gmail #Signalgate #OpSec #InfoSec #military #idiocracy #kakistocracy
#MikeWaltz has had less sensitive, but potentially exploitable information sent to his #Gmail, such as his schedule & other work documents, said ofcls, who, like others, spoke on the condition of anonymity to describe what they viewed as problematic handling of information. The ofcls said Waltz would sometimes copy & paste from his schedule into #Signal to coordinate meetings & discussions.
#Signalgate #NationalSecurity #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
A snr #MikeWaltz aide used the commercial email service for highly technical conversations w/colleagues at other govt agencies involving sensitive #military positions & powerful #weapons systems relating to an ongoing conflict, acc/to emails reviewed by WaPo. While the #NSC official used his #Gmail account, his interagency colleagues used govt-issued accounts, headers from the email correspondence show.
#Gmail #Signalgate #Signal #NationalSecurity #OpSec #InfoSec #Trump #idiocracy #kakistocracy
The use of #Gmail, a FAR LESS secure method of communication than the encrypted messaging app #Signal [which isn’t secure enough for these kinds of comms either], is the latest example of questionable #security practices by top #NationalSecurity ofcls already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for #military ops in Yemen.
#Signalgate #Signal #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
Maybe I’m just paranoid, but what could possibly go wrong with this idea? Grimace.
“Based on the analysis of this data, Microsoft can remotely apply fixes such as removing problematic drivers or updates and changing configuration settings.”
An ok overview of security considerations & mitigating controls to protect privacy and reduce risk of harm when crossing the US border.
The author misses some utterly crucial details however.
1) When your encrypted device is on, it is in an *unlocked* state. Only by powering off such a device is it in an encrypted state. Further, MicroSD cards are often unencrypted. Check before you fly, and power off before the border.
2) (next post)
theguardian.com/technology/202…
How to protect your phone and data privacy at the US border
With reports of people being turned away at airports over messages found on devices, here’s what to do to minimize risksJohana Bhuiyan (The Guardian)
#EdwardCoristine is among the most visible members of the #DOGE effort that has been given sweeping access to official networks as it attempts to radically downsize the U.S. government.
Past reporting had focused on his youth - he is 19 - and his chosen nickname of "#BigBalls," which became a pop culture punchline. #Musk has championed the teen on his social media site X, telling his followers last month that "Big Balls is awesome."
Exclusive: #DOGE staffer, '#BigBalls', provided tech support to #cybercrime ring, records show
The best-known member of Elon #Musk's U.S. DOGE Service team of technologists once provided support to a cybercrime gang that bragged about trafficking in stolen data & #cyberstalking an #FBI agent, according to digital records reviewed by Reuters.
#USpol #InfoSec #NationalSecurity #Trump
reuters.com/world/us/doge-staf…
2024-08-15 .Bond Newly Registered Domains Part 1 - ABTdomain.com
.bond newly registered domains on 2024-08-15. Noted 7,147 newly registered domains, part 1 lists domains as 10-kwp-pv-anlage-kosten.bond, 247-nurse-14902.bond, 247-nurse-17413.bond, etc.Emily Chen (Newly Registered Domains)
“If these idiots are accidentally roping in the editor of the Atlantic on secret war deliberations, what are the chances they’re making other serious information-security mistakes, including ones that create openings for foreign intelligence agencies? Probably pretty high.” #trump #infosec #signal
thebulwark.com/p/high-cost-of-…
The High Cost of Team Trump’s Sloppy OpSec
Anyone surprised by the news of this week’s bizarre leak has forgotten the long record of security failures in Trump’s first term.Nicholas Grossman (The Bulwark)
I'd like to reply to that with the following quote from #PeteHegseth himself:
mastodon.social/@flexghost/114…
Remember when Pete Hegseth said anyone reckless with sensitive government information should be fired on the spot and criminally prosecuted?Pepperidge Farm remembers.
If you also use BlueSky I have provided you a Short Stack there:
tisiphone.net/2025/03/25/blues…
It is mostly a duplicate of the Short Stack here:
tisiphone.net/2025/03/18/updat…
These are intel-ish news feeds mostly consisting of people who post a lot of relevant articles, commentary, and punditry. tldr; follow these and keep updated on cyber stuff.
Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff. Pancakes Short Stack,jerry@infosec.exchange Pancakes Short Stack,spacero…Lesley Carhart's Cybersecurity Blog
Moral of the story: be sure to first sweep your hot cars for any AirTags, LowJacks, etc #privacy #InfoSec
[…] detectives used GPS on a [stolen] car identified during the robberies to trace it back to a meeting spot used by the group. [who] would […] move “large pry bars and jaws of life tools” into stolen vehicles used in the robberies while intentionally leaving their cellphones [behind] to avoid being caught. They returned to the meeting locations.
Federal Judge Deborah L. Boardman has blocked #DOGE / #OPM from accessing large swathes of data at the Depts of #Education & #Treasury, ruling that DOGE has no right under the #Privacy Act to unjustified access to large-scale amounts of personal identifying information.
#law #USpol #Trump #Musk #InfoSec
storage.courtlistener.com/reca…
December 2023: US District Attorney Jessica Aber indicts 4 Russians for war crimes in #Ukraine
September 2024: US District Attorney Jessica Aber indicts Russian cryptocurrency money launderer / cybercriminal #SergeyIvanov
November 2024: US District Attorney Jessica Aber accuses Virginia based companies of running "three different schemes to illegally transship sensitive American technology to Russia," including sending equipment to a Russian telecommunications company linked to the #Kremlin and Russia's notorious #FSB security agency.
March 2025: Former US District Attorney Jessica Aber found dead at age 43
More: newsweek.com/jessica-aber-deat…
#Putin #VladimirPutin #JessicaAber #Russia #UkraineWar #Virginia #Vapol #crime #alexandria #TrueCrime #uspol #eupol #eu #AsifRahman #infosec #ransomware #cybersecurity
Ex-US Attorney Jessica Aber Investigated Russia, CIA Leaker Before Death
Aber resigned as U.S. Attorney for the Eastern District of Virginia after President Donald Trump returned to the Oval Office.Ellie Cook (Newsweek)
…As the #Trump admin’s war on the federal bureaucracy throws key agencies into #chaos, CISA’s turmoil could have underappreciated consequences for #NationalSecurity & #economic prospects. The agency, part of #DHS, has steadily built a reputation as a #nonpartisan source of funding, guidance, & even direct defensive support for #cities, #businesses, & #nonprofits reeling from #cyberattacks.
Inside #CISA, vital support staff are gone, international partnerships have been strained, & workers are afraid to discuss #threats to #democracy that they’re now PROHIBITED from countering. Employees are even more overworked than usual, & new assignments from the admin are interfering w/important tasks. Meanwhile, CISA’s temporary leader is doing everything she can to appease #Trump, infuriating employees who say she’s out of touch & refusing to protect them.
Apple patched CVE-2024-54471, a macOS vulnerability that allowed NetAuthAgent to leak file server credentials and iCloud API tokens due to missing sender verification. Update to macOS 15.1, 14.7.1, or 13.7.1 to stay protected.
This dumb password rule is from Hetzner.
- 8 or more characters
- At least one uppercase and one lowercase letter
- At least one number or special character
Okay, fair enough, but after putting in a password with some special characters this message appears:
- Invalid characters, allowed are: A-Z a-z 0-9 ä ö ü ß Ä Ö Ü ^ ! $ % / ( ) = ?...
dumbpasswordrules.com/sites/he…
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Hetzner - Dumb Password Rules
- 8 or more characters - At least one uppercase and one lowercase letter - At least one number or special character Okay, fair enough, but after putting in a password with some special characters this message appears: - Invalid characters, allowed a…dumbpasswordrules.com
Tell me I'm reading this blog post wrong. It reads as if Cloudflare is admitting to reading the login credentials of users of sites that use Cloudflare.
"Our data reveals that 52% of all detected authentication requests contain leaked passwords found in our database of over 15 billion records, including the Have I Been Pwned (HIBP) leaked password dataset."
h/t: @0xF21D
blog.cloudflare.com/password-r…
#infosec #security #cloudflare
Password reuse is rampant: nearly half of observed user logins are compromised
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.The Cloudflare Blog
support.delta.chat/t/webxdc-th…
#puzzle #puzzles #competitive #game #multiplayer
WebXDC threat model?
Hi, I’ve just came across this WebXDC idea through its implementation in Monocles Chat (which does not appear to be working at the moment, but that’s another story).Delta.Chat
