#cybersecurity zealots often shame humans for writing down their passwords, but as someone who just had to excavate the digital remains of a loved one who died suddenly:
please write down your credentials somewhere a trusted human can find them, especially your phone passcode and any primary passwords (like for email accounts, password manager, etc.)
the humans who care about you will need that access for many reasons; a "badass" threat model will only add helplessness to their grief
I'm still kinda new to Linux (started using this year 😅) I already made it to my main OS, even if I still missing some things which I used on Windows, anyway. What I wanted to ask you guys, what recommendations do you have for Linux Mint (Cinnamon)? In terms of security, optimization, (a way to make the UI looking modern ;-;) and privacy? I would be very interested in what you do guys to optimize your Linux setup :) I'm pretty technical, so there is nothing which could overwhelm me (probaly).
What are your thoughts on the Certified Ethical Hacker (CEH)? If you were offered a scholarship to take the cert for $200 instead of the standard $1k would you take it? Would you say it would benefit someone’s efforts towards getting interviews for a role in vulnerability analysis/pentesting? Asking for a friend, I’m trying to help her rn 🥴 #infosec#cybersecurity
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵
Look what came in the mail? My @purism Librem 5, but I am still waiting on my SIM card For the Librem cell service for some testing between that and @Efani but this will be an interesting review of the battle of the privacy phone ecosystems I have made.
Android/Graphene OS on Pixel 7a and PureOS on Purism Librem 5 #infosec#cybersecurity#linux#opensource#cellphone#review#privacy
I've been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.
I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.
As I use linux as my primary OS I do expect it to support it and anything that doesn't I will have to pass on.
PS: what are the things I need to know about these hardware keys that's not being talked about too much, I am very much delving into new territory and want to make sure I'm properly educated before I delve in.
In hotels I often make up my name, adress and birthdate when they ask for it. Because I don’t trust their IT security.
Some people laugh at me for that - they think it's paranoia. But a few days ago 6 TB of data from the big European hotel chain #MotelOne was leaked by a ransomware group - including millions of customer names and dates. So maybe it’s not paranoia not to give your real data to hotels. (The same counts for online shops, gyms and many other institutions of course) #cybersecurity
Do ya'll study or work on security-related stuff on the weekends? For the most part I do..reading about diff vulnerabilities or doing TryHackMe or writing a script but sometimes I just chill and do nothing lol. Today I'm on HackTheBox prepping for the interview
One of the world's largest online travel agencies, Booking.com, is being used by fraudsters to trick hotel guests into handing over their payment card details.
How do I know? The fraudsters tried the trick with me.
An Israeli technology company has developed the means of delivering spyware via online ad networks. There’s no defense against the spyware and the Israeli government has given the company approval to sell the technology.
For now, take comfort in the fact that it’s a hefty $6.4 million price tag for a single ad infection.
hello fediverse, here's my new infographic comparing two dynamics we can nurture when doing #cybersecurity things: security theater vs. #resilience
it's meant as a handy reference to validate that your org's security efforts are nurturing resilience rather than fomenting theater (and I don't mean writing your design docs in iambic pentameter, that's fine)
imo security theater is one of the core pillars holding up the status quo of security-as-gatekeeper... so let's do resilience instead <3
This post is about cybersecurity, OSINT, and privacy.
REMINDER
Today’s surveillance cameras perform very well in low light conditions. In theaters, or any other public space, never assume that you can’t be seen because it’s dark. You can be seen. You are being seen. You are being recorded.
I found today that there are some downside in being mostly in this amazing ad-free space that the #fediverse is. I check my Facebook account everyday for notification-only, as many people still use it sometimes to get in touch with me. Today, casually, I decided to scroll. And OMG.
Mozilla's petition against in-browser censorship law (foundation.mozilla.org)
The French government is considering a law that would require web browsers – like Mozilla's Firefox – to block websites chosen by the government.