#Russia published alleged intercept of #GermanyBundeswehr officers discussing the use of Taurus long-range missiles in #Ukraine. The intercept may be a deep fake, but so far it has been not denied by German government.
In the first place, it’s an obvious #OPSEC screw up on the side of German officers, one of whom was reportedly in Singapore when the call was wiretapped (do you remember 2014 Nuland and Pyatt stupidly talking over unprotected phones in Euromaidan and being picked by Russian-controlled SBU?).
But apart from that I don’t see anything in the call that would be in any way a shame for Germany, quite the opposite: they are actively supporting Ukraine with weapons and discuss their technical details. That’s great and we should have more of these, not necessarily in public and not leaked by Russians.
Some people are concerned about “escalation”, but just like with NATO personnel in Ukraine, “escalation” for whom? Because Russian media are telling their audience “Russia is at war with NATO” already since 2023. They hyped the legendary NATO presence so high that their military is already laughing at it, because they best of all know they’re fighting regular Ukrainian army with some NATO weapons and some NATO ammunition shortages.
So I believe the group the most impacted by Russian leak is those EU and US politicians who would like to prefer their position cloaked in a safe “not our war” zone.
🚨 Important update from @signalapp 🚨
The latest update (v7 on Desktop):
✅ Keep your phone number hidden
✅ Choose to share a username instead
✅ Take control with new privacy settings - You decide who finds you by phone number.
I'm doing some funny OSINT stuff and... I have found some funny stuff.
I looked him up on Google, Found a Discord report about him with his real email attached.
Looked up his email, and found a post on the ctkpaarr forums (the one he's advertising the discord) of him being currently flamed for this current ongoing incident.
The best part? He bought the script using a PayPal account. With his real name and identity.
He is a real skid. He just bought an off-the-shelf script and decided to piss off a lot of people, even the dude he bought it from with his antics. Bro snitched on himself and his entire community LMEOW
For the sake of my own job, my rep and legal security I'm not gonna tell where exactly I found this, but you guys can find it yourself. Figure it out.
This guy is making me dying out of laughter 💀 Our team @hq is hysterical right now at this horrible opsec.
Split tunneling feature has been disabled as it was leaking user #DNS requests - which can be used to ascertain browsing activity to whoever captures the leaked requests - since at least 2022.
Not a #VPN I would recommend for other reasons, but yeah - choose your VPN provider carefully.
idk who needs to hear this, but your threat model / opsec precautions shouldn't just be based on your current situation. you need to consider anything and everything that could happen in the foreseeable future
that includes a change of political climate, a change of your own skill sets and undertakings, etc
Make sure you let them know to do some input sanitation. Apparently #spam and #scam creators are now signing up their targets for newsletters and put links to their stuff in the name field or other fields, that way the recipient might be shown a functioning link.
#FediHelp I work in engineering at a small design firm where our IT department consists of one person, who is also the building manager and director of operations. We engineers are currently fighting for local admin privileges rather than wait hours to get critical software installed, but were told people "good with computers" are actually a bigger security risk because of "hubris and experimentation." Is this true? Does anyone have any evidence (esp literature) to the contrary? Boosts appreciated, and thanks!
I currently read some crime #novels again. Fiction literature. And there are many encounters with police gaining access to someone's (either criminal or victim) #email content, private messages on #SocialMedia, text messages on #phone etc. I wonder if it could be really possible in real world.
Or what would happen if someone use hard disk encryption? Do they have these #data from service providers? Could using encrypted email service like #Protonmail or #Tutanota prevent this? If I understand correctly, emails content is encrypted in rest.
Are regular data deletion, history cleaning and/or disappearing messages (like #signal features) effective for this?
If someone avoid big mainstream services, only niche/encrypted/self-hosted ones are they safe?
Is it possible to become immune to this both via software/service choices and online habits? How to achieve this if so?
I don't want to commit crimes, only become "invincible" :blobcatjoy:
Well this is terrifying. As usual big thanks to @josephcox for this important journalism.
"A wide-spanning investigation by 404 Media reveals more details about a secretive spy tool that can tracks billions of phone profiles through the advertising industry called Patternz. Google has taken action in response to 404 Media's inquiries."
lets find out if this "contractor management portal" does anything useful or if I can upload a word document consisting of a single full stop as my health and safety policy
If your first instinct is to try and find blame when a security vulnerability is pointed out...
...you have already created an environment where everyone will hide issues from you.
You currently live in a fake reality where you think everything is fine and you have no idea the rot that is underneath you.
If you fire or punish a person every time a vulnerability is found, you will have no one left. Hell, fire yourself first to save us all the trouble.
Vulnerabilities exist. The world changes. Software changes. Attacks change. Business needs change.
Life is fucking impermanence.
So create an environment where folks come to you quickly and tell you what needs to be fixed as they find it.
How do you do that?! Reward vulnerability discovery. Reward mitigations. Reward patch management. Reward security improvement. Reward safety improvement.
"The self-styled furry hackers meanwhile have offered to remove the staff records if the lab performs experiments that at best could be described as highly irregular.
"We're willing to make a deal with INL. If they research creating IRL catgirls we will take down this post," the group said. The creation of real cat-human female hybrids is a frequently posted meme in certain corners of the internet, but it's not the laboratory's specialty.
According to the hacktivists, the invaders gained access to "hundreds of thousands of user, employee and citizen data," among it full names, dates of birth, email addresses, social security numbers, employment info and "lots lots more!"
INL employs more than 6,100 people in and around Idaho Falls at its massive 890-square mile site, which houses the densest concentration of nuclear reactors in the world. The 70-year-old facility has been instrumental in the development of nuclear power, was the home of the first nuclear generator to provide a usable amount of electricity, and developed the first nuclear propulsion system for US Navy submarines.
It's unclear what motivated SiegedSec's attack on INL. In its previous network penetration of NATO the group attributed its actions to the military org's "attacks on human rights," adding that it's also "fun to leak documents." ®"
Do you want to help your friends practice better cyber hygiene? Try standing behind them while they use their devices, and when they inevitably give you a 'personal space' glare, tell them that you're just their friendly neighborhood watch. Smile, you're on camera!
I got a cheap USB #microscope to look at car paintwork, small electronics and the ratings label of some power supply units like mobile phone chargers, which are increasingly often way too small to read with bare eyes.
I also happen to have a 365nm UV torch in my kit bag, so I thought I would look at some printouts from the office printer - here you can see the unique machine identifier code added to the printouts (these are very faint yellow dots) #security#privacy#opsec
Das einzige was diese #CyberfaschistischeKackshice macht ist gesetzestreue Ottonormalbürger*innen entrechten während OK-Elemente natürlich #OpSec, #InfoSec, #ComSec & #ITsec umsetzen sodass dies komplett ins leere greift...
Just curious: what do you all make sure you DON'T post when you're posting (e.g., photos of yourself, any indication of location, any mention of a last name, any mention of how many bodies are in your basement)?
And do you set your posts to expire after a certain amount of time?
I'm just curious how cautious people are when sharing on Mastodon/the Fediverse.
Deltachat relies on IMAP/SMTP (emailK so make sure that you set up a new address with a provider you trust and use an username that can't be linked back to your usual nicknames or worse: your government name.
#Briar is an IM client with mesh support (aka peer to peer) you can restrict communication to your local network to Bluetooth, and redirect internet traffic via tor: https://briarproject.org/manual/
Do note that any blog you posted can't ever be deleted and that you will systematically be sharing your Bluetooth address (you can nuke your account at any time)
#Tails is a portable OS which allows you to "temporarily turn your own computer into a secure machine. You can also stay safe while using the computer of somebody else": https://tails.net/about/index.en.html
If I have to recommend one tool that will drastically improve your privacy on Windows, it's @safing Portmaster!
✨ Monitor all app connections
🚫 Auto-block trackers & malware
🔒 Secure DNS by default
✅ Reduce telemetry
🔧 Customizable rules & settings