Search
Items tagged with: security
###
#Microsoft employees exposed internal passwords in #security lapse
source: https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/
Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with #SOCRadar, a #cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s #Azure #cloud service that was storing internal information relating to Microsoft’s #Bing search engine.
#Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
source: https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/
Those include carfatwitter.com, which Twitter/X truncated to carfax.com when the domain appeared in user messages or tweets. Visiting this domain currently displays a message that begins, “Are you serious, X Corp?”
#internet #fail #security #phishing #cybersecurity #twitter #news
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft…krebsonsecurity.com
(Nitter addon enabled: Twitter links via https://nitter.privacytools.io)
I find this argument a bit problematic. Just because software like @Team KeePassXC gives users control and choice over their passkeys, which Apple / Google / ... currently don't, doesn't mean they are irresponsible. From what I can tell KeePassXC devs were not involved in the discussions around transfer of passkeys.
Big tech wanted to get passkeys into user hands, which is a great thing, as are passkeys in general. But the statement that it is somewhat of a lock-in situation currently is not false.
And finger-pointing at software that does give users the option to transfer passkeys at their desire is not helping I think. Especially when that aspect has not yet been standardized.
If transfer can happen in encrypted form, that is clearly preferable. You filed https://github.com/keepassxreboot/keepassxc/issues/10407 which is a good thing. The discussion shows however, that the way the debate was going on so far was not ideal.
#passkeys #security #passwordless
[Passkeys] should never be exported in clear text · Issue #10407 · keepassxreboot/keepassxc
Overview Passkeys should never be allowed to be exported in clear text. There is significant work going on across the industry on a secure migration protocol for credentials like passkeys. Please c...GitHub
#ThreatWire these days is presented by @endingwithali
Bringing us the latest on our #security, #privacy & #InternetFreedom
Give her a follow
When #security matters: working with #Qubes OS at the #Guardian
Configuring a Qubes workstation was a new challenge for the team as we abandoned years of experience writing Infrastructure as Code for the cloud and started learning how to write #Salt #configuration. Salt (also know as SaltStack) is a management engine available by default in Qubes.
#cybersecurity #news #journalism #linux #technology #software #securedrop
When security matters: working with Qubes OS at the Guardian
The latest version of the whistleblowing platform SecureDrop runs on the Qubes operating system. At the Guardian we used the Salt management engine to set up a Qubes environment where journalists could safely interrogate sensitive documents.Philip McMahon (The Guardian)
Exclusive: #YossiSariel unmasked as head of #Unit8200 and architect of #AI #strategy after book written under pen name reveals his #Google account
The embarrassing #security lapse is linked to a book he published on #Amazon, which left a digital trail to a private Google account created in his name, along with his unique ID and links to the #account’s maps and calendar profiles.
#Israel #internet #Anonymity #privacy #spy #military #CyberSecurity #news #online #leak #identity
Top Israeli spy chief exposes his true identity in online security lapse
Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google accountHarry Davies (The Guardian)
ever hear of https://www.zangi.com?
ever hear of https://Simplex.Chat?
#encryption #communication #messenger #email #question #security #cybersecurity #internet #spy #surveillance #privacy #nsa #snowden #5eyes
🧬Types of DNS Records
🔹A
🔹AAAA
🔹CNAME
🔹MX
🔹PTR
🔹NS
🔹SOA
🔹TXT
🔖#infosec #cybersecurity #hacking #pentesting #security
What #encryption do you use for your everyday #communication?
I'm not talking about your nerd friends, who can be counted on one hand and who know a thing or two about the subject. I'm talking about your normal friends, business partners and colleagues with whom you communicate both professionally and privately.
I was recently called by my support via Microsoft Teams because I had to enter some passwords. The support team proudly said that they were contacting me via Teams because it was more secure than the normal phone. He was then very surprised when I told him that Teams is unencrypted and can be intercepted much more easily.
#messenger #email #question #security #cybersecurity #internet #spy #surveillance #privacy #nsa #snowden #5eyes
#XZ #Backdoor: Times, damned times, and scams
However, I believe that he is actually from somewhere in the UTC+02 (winter)/UTC+03 (DST) timezone, which includes Eastern Europe (EET), but also Israel (IST), and some others. Forging time zones would be easy — no need to do any math or delay any commits. He likely just changed his system time to Chinese time every time he committed.
source: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and
#security #software #time #news #hack #linux #timezone
XZ Backdoor: Times, damned times, and scams
Some timezone observations on the recently discovered backdoor hidden in an xz tarball.Rhea (Rhea's Substack)