#opsec wird bei unseren Behörden groß geschrieben:
„Für Aufregung in Sicherheitskreisen sorgte am Nachmittag eine vorzeitige Meldung von Bundesjustizminister Marco Buschmann. Seine Pressestelle verbreitete ein Statement zu den Festnahmen bereits zu einem Zeitpunkt, als die GSG9 noch nicht alle Beschuldigten überwältigt hatte und der Polizeieinsatz noch nicht abgeschlossen war.“
@ljrk@lexd0g It's worse because #Passkey brick a lot of workflows and systems as an addon-layer instead of fixing the core problem.
And the core problem is that #ITsec, #OpSec, #ComSec and #InfoSec are just "Afterthoughts" at best for all but the most #TechLiterate.
Using i.e. #PGP encryption and login on everything [and not as a "password replacement"] would be a way better fix.
Just like @torproject does a self-signing namespace on #OnionServices.
Even with Advanced Data Protection activated on #iCloud,
Apple can still access your iCloud Mail, Contacts, and Calendar. The encryption applies in transit and on their servers, but it's not end-to-end. Apple holds the keys.
The tools in question can be used to recover and analyze data found on computers, tablets and mobile phones, including information that has been encrypted and password-protected ...
I did another one of those fucked up EU law notices, this time about #eIDAS Article 45. Like with the Chat Control one, feel free to copy and paste this onto your website, just credit me for the text.
Smartphone Halt's Maul: Diese Checkliste soll dir helfen spielerisch deine Smartphone-Sicherheit zu überprüfen, damit du ein Gefühl für die Thematik entwickeln kannst. Die Liste enthält konkrete Vorschläge zur Verbesserung deiner Sicherheit. Punkte und Level sollen dich ermutigen so viel wie möglich abzuhaken. #Überwachung#OPSEC
I'm pretty hyped for #passkey adoption, not gonna lie. I know passkeys have drawbacks (especially when synced to the cloud, and if not, issues when a device is lost/stolen). These passwords have gotta go.
What's the current state of the art in terms of identity verification?
With Twitter blue checks pointless now, we don't have much awareness of what is useful for average individuals to publish their own identity or verify that of others. And with LLMs flooding the web with fake info, I think this is going to become more & more important.
I'd like to look into ensuring my own online identity is as authenticated as possible.
With QR codes everywhere, there's a rising concern about their misuse. 🚨 How do you protect yourself from malicious QR codes? What are your go-to security measures before scanning? Please share your best practices & tips!
Search for "ad" in settings to find it. Most private option is "off" for all options. Only reason to leave them "on" is "better ads" which I don't particularly believe in
Edit: All of the options claim to auto-delete data periodically, a change I do like. Difficult to confirm, and really I think the consumer/advertiser trust is just too low. We needed that 15 years ago not now.
to promote security awareness and encourage people caring about privacy, i am considering referring to rando open #USB ports in the wild (like these at C9), as "Glory Holes".
don't stick your phone or anything else you like in there, because sometimes you get something untreatable.
OK. Real question here about #privacy and I guess #opsec.
Most of us know that the use of apps to do MFA (multifactor authentication) is a useful thing to protect someone from guessing/using our passwords on sites.
Many of the password managers now include a helpful MFA feature where you can store your password AND do MFA in their app.
My question is, doesn't this defeat the purpose of MFA if they are stored in the same app/location?
Where I speak some advantages Signal has over the bigger richer rest of tech:
“We don’t have to be full of shit. We’re not a surveillance company. I’m not trying to pretend Facebook is good. I don’t have to toe a party line that is divorced from reality”
After all, @signalapp does in fact comply with #Cyberfacist demands of the U.S. government and restricts #Signal's functionality based of "striclty unnecessary" data like #PhoneNumbers!
Whereas @torproject is specifically designed to be incapable of doing so, even if all their maintainers were simultaneously held at gunpoint.