Damn yeah. Finally fixed the pin entry program to actually use the secret service on #linux#kde#plasma and to stop asking all the time for the password for signing commits.
It seems a somewhat recent breaking change, since this worked before. Anyway, someone had already written about it on #archlinux wiki.
Tldr: after setting the pin entry program on gpg-agent config to use the qt version, we need to change the gpg-agent service to have XDG_SESSION_DESKTOP as anything but "kde".
Anyway this seems all kinda ridiculous because it's about some potential problem when using kwallet as the secret service and kwallet configured to use #gpg as the backend? I never knew that was possible.
Anyway, currently I'm using #keepass with its secret service integration to make all this work.
Ein Argument mehr, um @keepassxc endlich auch in der Firma einzusetzen. Des öfteren höre ich von ihnen, dass es anscheinend zu "kompliziert" und "umständlich" sei.
»Einträge zwischen KeePassXC-Dateien kopieren:
Das Übertragen von Schlüsseleinträgen zwischen zwei KeePass-Dateien ist nicht offensichtlich, funktioniert aber.«
– von @ralfhersel auf @gnulinux
Ich hoffe, das Passkeys diesbezüglich nicht betroffen ist so wie Passwort-Manager wie @keepassxc, @bitwarden inklusive 2FA schon einen grösseren Schutz gegenüber der KI ergibt.
»GPT-4 kann eigenständig bekannte Sicherheitslücken ausnutzen:
Forscher haben festgestellt, dass GPT-4 allein anhand der zugehörigen Schwachstellenbeschreibungen 13 von 15 Sicherheitslücken erfolgreich ausnutzen kann.«
🧵 …und nicht nur die vorhin erwähnten Tools nützen als Schutz diesbezüglich, sondern auch das nicht herein fallen gegenüber den "helfende Profis":
[ENG]
«LastPass users targeted in phishing attacks good enough to trick even the savvy:
Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.»
Es ist wieder soweit und wie jedes Jahr am 1. Februar wird von vielen Seiten dazu aufgerufen, die Passwörter zu ändern. Ich sage: Lasst es. Dieses ständige Passwortändern bringt keinen messbaren Sicherheitsgewinn. Das Problem liegt ganz woanders. 👇
Sobald Passkeys offiziell für KeePassXC (Desktop) und/oder KeePassDX (Android) verfügbar ist - nicht als Beta, sondern als Stable - wird es einen Beitrag dazu geben. 🔒
Anyone here that uses #Syncthing to synchronize #KeePass database between devices?
If so, is it reliable?
Right now I use NextCloud at NCH.pl, but start wondering if I really need a server that will be in that process (local, remote)?
Why not synchronize it directly between devices?
@rita
Einen guten Grund die maximal mögliche Zeichenlänge eines PW dienstseitig klein zu halten gibt es nicht, eine höhere Mindestlänge schon eher.
Ich selbst kenne meine Accountpasswörter nicht, noch könnte ich sie mir merken, das überlasse ich #keepass (Achtung: keine Fake-Version verwenden!) wo ich dann ein Masterpaßwort gebildet aus betimmten Buchstaben eines irre langen, leicht zu merkenden Satzes plus ein paar anderer Zeichen benutze, um das über dessen Keyboard einzufügen. @askfedi_de
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #42/2023 is out! It includes the following and much more:
➝ 🔓 👀 Tracking Unauthorized Access to #Okta's Support System
➝ 🔓 🇯🇵 #Casio discloses #databreach impacting customers in 149 countries
➝ 🔓 🧬 Hacker leaks millions more #23andMe user records on #cybercrime forum
➝ 🔓 🇨🇳 D-Link confirms data breach after employee #phishing attack
➝ 🔓 💰 #Equifax Fined $13.5 Million Over 2017 Data Breach
➝ 🇺🇦 🧹 Ukrainian activists hack Trigona #ransomware gang, wipe servers
➝ 🇺🇸 🇰🇵 FBI: Thousands of Remote IT Workers Sent Wages to #NorthKorea to Help Fund Weapons Program
➝ 🇮🇳 ☁️ #India targets #Microsoft, #Amazon tech support #scammers in nationwide crackdown
➝ 🇵🇸 🇮🇷 #Hamas-linked app offers window into cyber infrastructure, possible links to Iran
➝ 👮🏻♂️ 🥷🏻 Police seize #RagnarLocker leak site
➝ 🇰🇵 North Korean Hackers Exploiting Recent #TeamCity Vulnerability
➝ 🇨🇳 🇷🇺 #China replaces #Russia as top #cyberthreat
➝ 🇺🇦 📡 CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
➝ 🇫🇷 🇪🇸 #France frees the two biggest Spanish hackers
➝ 🇺🇸 ⚓️ Ex-Navy IT head gets 5 years for selling people’s data on #darkweb
➝ 🇨🇭 🗳️ #Switzerland’s e-voting system has predictable implementation blunder
➝ 🔓 🏭 Critical Vulnerabilities Expose #Weintek HMIs to Attacks
➝ 🔓 🏭 #Milesight Industrial Router #Vulnerability Possibly Exploited in Attacks
➝ 🦠 🇻🇳 Fake #Corsair job offers on #LinkedIn push #DarkGate malware
➝ 🦠 Google-hosted #malvertising leads to fake #Keepass site that looks genuine
➝ 🦠 💬 #Discord still a hotbed of #malware activity — Now APTs join the fun
➝ 🦠 🕵🏻♂️ SpyNote: Beware of This Android #Trojan that Records Audio and Phone Calls
➝ 🛍️ 🦠 #Android will now scan sideloaded apps for malware at install time
➝ 💬 🔐 #WhatsApp#passkeys on the way, but as usual, for Android first
➝ 🇷🇺 🗂️ Pro-Russian Hackers Exploiting Recent #WinRAR Vulnerability in New Campaign
➝ 🗓️ ❌ Signal Pours Cold Water on Zero-Day Exploit Rumors
➝ 🔓 💥 #Cisco warns of new #IOS XE #zeroday actively exploited in attacks
📚 This week's recommended reading is: "RTFM: Red Team Field Manual v2" by Ben Clark and Nicholas Downer
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Yikes. Need another reason to install an ad blocker? Here you go: fake Keepass ad good enough to fool most anyone into installing malware. Also, the comments show how to turn off punycode rendering in Firefox. They should go further and heavily flag all non-ASCII domains in the URL bar.
Could anyone give me recommendations for a password manager? Google is basically useless now and I don't know anywhere else to ask. 😅
So far, I've never found one that I trust enough to use. I do understand the importance but I'm extremely, incredibly hesitant to hand over my passwords to a 3rd party program. I'm even more hesitant to use randomly-generated passwords that I can't memorize as a backup.
All that being said, here's what's important to me:
Transparency - public audits, published whitepaper, and/or open source.
Export to a printable format. I don't have reliable backups, so this is a must-have!
Works with desktop & mobile Firefox.
Works on Windows & Linux (I regularly use both).
Works on Android - not critical, but would be really helpful.
Can work offline (I don't trust any sync server to stay online).
For everything else, I'm more flexible. I don't mind paying a small amount for a better / more trustworthy option, either.
Any suggestions, recommendations, or just boosts are appreciated! Thanks so much in advance! 💙
Why do I keep alt+tabbing away just after telling #KeePass to auto-type something?
What am I even trying to accomplish so urgently in that second or two? How short is my attention span if I cannot wait that long? :ms_facepalm:
LastPass: "Horse Gone Barn Bolted" is Strong Password:
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.
@briankrebs This should also be a reminder for #KeePass users to upgrade their settings from time to time.
File > Database Settings... > Security > Iterations. Hit "1 Second Delay". Round the number up and than double or triple it.