Once again #infosec researchers (@epicenter_works) were sued for responsibly disclosing a vulnerability. This time by the Austrian government. The charges were eventually dropped, but not before they had 15k€ of legal fees. Others would have paid them a 100k bounty instead.
You really want us to to anonymously drop vulns on the internet, right? I'm so sick of this bullshit.
I had an unsettling discovery about some family history on Monday that threw me through a loop and prevented me from being in the right mind to start streaming and making content again.
Tonight I am breaking Passover with family, so I am hoping tomorrow I can finally get back on the wagon to make content and get back to streaming my tinkering and Gaming on Linux stuff. But the first stream will be a "what happened in the past two months" hangout
This is awesome I stumbled across @EU_Commission and it looks like it's an actual official government thing.
I really hope this is the start of seeing more official Government communications globally on open source as to opposed Twitter and that craptastic platform.
Fitspresso have become more popular among human beings on the ketogenic diet because they're easy to apply and assist with weight loss. To get the body into a country known as ketosis, wherein it burns fat for electricity, the ketogenic food plan calls for eating fewer carbs and more healthy fats.
This weekend a chain of vulnerabilities was exploited against my family that resulted in permanent access to our house by Orion. I’ll share what happened so you can avoid the same fate:
Like a lot exploits, this one started by looking browsing a dangerous website with local cat photos. It is safest to avoid these.
I suppose a SIM might contain SMS or contact details - but those are far more likely to be on the phone these days.
Call records aren't stored on there.
So what was "downloaded"?
So my work now supports a physical security key for 2FA (I assume in lieu of an Authenticator app.) Anything I should know or look for if I buy one? Can I leverage it for my non-work accounts in any way? #infosec
I boosted my own reply toot because the 2nd paragraph is relevant to all. Neither Apple nor any other mega-corp with literally billions of end-users can do proactive #InfoSec support for all of them on an individual basis. If someone calls you claiming to be from the security staff of $BIGCORP about your account being cracked, they are lying.
There are not enough skilled humans to handle that sort of operation.
For those that enjoy stickers as much as I do, it's worth noting that I shared a bunch of stickers with friends this weekend and almost invariably the ones snatched first were from @unknownbinaries shop.
The Eicar "Trust Me" got the most laughs, but the sparkly 3 possums in a hacker hoodie sticker got by far the most "It Me!!" responses.
(gonna be feisty and tag it #infosec mostly because I know y'all enjoy these)
It gets worse. Think of it in the context of MS pushing Copilot harder than ever before with Win11 24H2. Think of it in the context of every Big Tech and major application trying to jump on the #AI bandwagon without any legislative guardrails or training wheels.
@protonprivacy has the ability to report phishing emails? well this was a fantastic discovery for my personal email (which is on a business plan if that’s relevant).
This is wonderful as my email was leaked in a few cryptocurrency places years ago. Luckily passwords weren’t and even if they were everything is in a password manager
Even though I loved running a self hosted @MailInABox migrating to Proton cut down on spam, added MFA, & more #InfoSec#cybersecurity
I'm getting closer to becoming comfortable with possibly migrating my Mastodon server from @mastohost to my own setup.
Let me make it clear, this is not in any way shape or form me disparaging Mastohost, I still highly recommend them.
This server is primarily for myself and I invite some friends who want to use my server. I have around 2,100 followers and growing. I'm almost at the $89/month Galaxy plan on this server so it's more about the costs as I continue scaling.
I also want to make it crystal clear, regardless what happens to my decisions with my Mastodon server hosting, I do not see myself migrating to someone else's server. I am enjoying running my own server way too much, and I enjoy the control of my feeds.
For me Mastodon is my favorite social media network due to the complete control I have over my own experiences, and I expand more to the fediverse I foresee myself leaning on more self run instances.
to date I also run my own @matrix and @pixelfed servers in addition to this Mastodon server.
I am going to look into moving these into my own servers in due time. to the point I may have these co-located on my own hardware in a local datacenter as I have a new business I am building on top of my day job, and we may have extra rack space I can drop my own stuff in, but if I do that I want to make sure I have a backup and several nodes. Until then leaning towards AWS and managing my own keys.
I was asked on a compliance questionnaire today if we process data with "innovative technology". It was like they wanted to say AI but also wanted the question to stand the test of time. So they made it even more vague. Now the Next Big Innovative Thing is also in scope.
I hope we're all more secure for this forward thinking.
@markstos In EU, it’s probably related to GDPR art. 35: “Where a type of processing in particular using new technologies (…) is likely to result in a high risk (…), the controller shall (…) carry out an assessment (…).”