xz maintainer: fell victim to social engineering, reportedly due to ill health
xz co-maintainers responsible for code review: don't exist; nobody's getting paid to do that
Corporate security impresarios in the near future, probably: “Three-factor authentication is now mandatory. This will solve everything for sure this time.”
EU government: “Open source is now illegal. Use proprietary software instead; it never contains malware.”
🧵1/2 Someone has a really rotten sense of humor today. I make a simple request of IT, and have to do it in a channel that’s truly horrible about doing things properly. Fine.
But then hours and hours go by. So I finally decide to run an errand for my son after lunch. I’m about five minutes from home, driving, when several people pop into my slack asking to help.
🧵 2/2 Uh ok. Can you wait five minutes until I’m home and won’t cause a wreck? No, as it turns out. By the time I reply again from my workstation they are all gone.
I can’t even describe how triggering this. Took a very simple task and turned into some horrible and painful in the name of security theater. So angry right now.
Ah, yes, gotta love sites with security requirements, "lower case, upper case, digits and symbols, at least 6 characters", and happily accept a long random generated password... Which turns out to be too long to later log in with. #InfoSec#SecurityTheater#Fail
#REWE hat ihr Security Theater optimiert! Bei der manuellen Nachkontrolle des Self Service Checkouts wird nicht mehr der gesamte Warenkorb kontrolliert, sondern nur noch eine Teilmenge der von mir gescannten Artikel. What could possibly go wrong?
Und ich musste nur fünf Minuten auf die gestresste Mitarbeiterin warten.
Ich fliege heute statt Zug zu fahren, damit die Lesung nicht verschoben werden muss - und dennoch ist es so ein Quatsch. Die Reise ist zerstückelt, man steht herum, kann die Zeit für nichts wirklich nutzen, der Arbeitstag ist hin, anders als im Zug. Verstehe nicht, wer freiwillig im Inland fliegt.
Außerdem hat kaum mensch Zeit und Lust sich stundenlang in überfüllte Züge und Bahnhöfe zu quälen!
Gibt nur sehr wenige Ausnahmen die bequemer sind - bspw. Köln-Frankfurt, aber warum soll Mensch >€400 p.P. & Richtung für CGN<->TXL zahlen wenn der Flug €190 hin & zurück & schneller ist?
So #TSA is utterly useless, as I've long suspected. Someone at #PDX will hopefully be fired over this. It's time to do away with this #securitytheater that fails to keep a gun out of a carry-on.
My gripe today is every website I use suddenly requiring 2FA when there would be little/if any info that could be gained from them.
Does my boardgame collection management site REALLY need to email me a code "JUST TO MAKE SURE IT'S ME"? I am pretty sure they cannot transfer a game from my collection to someone else's with the click of a button.
This becomes even more irksome when it's some random website that I signed up for with a user/pass and NOW it wants to send me emails to confirm it's me. Maybe I'm the only one on the planet however I'm not staring at my inbox 24/7 just waiting for a code. Let me opt out of this junk.
I am NOT against security. #MFA all the things for financial, healthcare, identity and other high risk targets (or their tangential sites) but at some point it's just a pain in the ass going back and forth between sites, #SMS#2FA (which is bad -anyway-), Email, the authenticator app, etc.
That's not even address the fact that these 2FA solutions often seem like security theater, which means it's making my chore longer for zero actual benefit.
@dreadpir8robots I totally agree. I was trying to make it clear that I'm not being a stick in the mud sysadmin screaming "KILL ALL 2FA!". I just despise the #securitytheater of putting 2FA everywhere, just because.
I also know that these methods stop the 'honest thief' but anyone with any real dedication to doing harm can buy 0days, steal cookies, spearphish, gain access to email, sms, etc.
Those looking to do real harm likely aren't going attack services using my creds.
I wonder why the CSA is now recommending people install antivirus apps on their smartphones since it's not clear that antivirus apps improve cybersecurity on mobile devices and in fact may provide another vector for infection
@huey#SecurityTheater the recommendation is so that they covered their own ass. In the future event of someone falling victim, they can deny responsibility by saying, ”we already told you to install antivirus"
“0.5% of Dutch cyclists wear helmets, and that’s really just sport cyclists.
They’ve ultimately decided that it’s far more important to build this culture of everyday cycling, and to build safe streets, instead of requiring people to protect themselves.”
@peterdutoit Ask those flying why they "choose" a plane...
Usually it's lack if high speed rail espechallythe [#USA has no excuse for that!] or the lack of cheaper, more convenient in spite of the [#SecurityTheater] of efficient options.
Weil ich gefragt wurde: whatsappsim.de ist keine #Netzneutralität|s Verletzung. @telefonica_de tut nur so als würde #WhatsApp bevorzugt. Nach aufgebrauchtem Datenvolumen ist das gesamte Netz weiterhin mit 32 kBit/s abrufbar. Nennt man application-agnostic zero-rating 👍
@AT1ST@raymondpert would you retract that moot point if the most successful attacker was with an axe in Germany and not the person with a Glock and 300+ rounds?
Not to mention that in the post-#Luty & post-#FGC9 era any gun orohibition is not effectively enforceable, thus only resulting #SecurityTheater aka. false sense of security...
see the whole making sure you have one person standing guard thing doesn't work when both of them are clearly space vampires #monsterdon#SecurityTheater
It's already the case that flying generally involves the threat or actuality of groping, invasive searches, denial of accessibility accommodations, and other violations of bodily autonomy. Now it gets worse with consent violation formalized at a technical level.
There is an irony to that borders are where boundaries do not exist, and that we have made the entire US into a network of borders.
@kkarhan
Truth. The airlines rely on us mechs and techs to keep the planes in the air, but heaven forbid we bring a tool into the cabin... @KrissyKat@matty
Ich bin ja der Ansicht wenn mensch schon was riskiert dann doch bitte für etwas was wirklich direkten und nachhaltigen Einfluss hat...
Ich sehe nur dass es hier am Ende nur mehr #SecurityTheater geben wird und man dies als Vorwand für mehr #GrundrechtsfreieRäume nutzen wird, was anderen Protesten nachhaltig schaden würde...
How long will USB-C be the most common & standard connector for consumer electronics? (there can be updates to voltage and protocols, but it must be backwards compatible to what we have now)
At 3h 15min from #Cologne to #Paris, it's faster than flying considering the #SecurityTheater and the need to catch connecting trains of we compare Statio-to-Station.
In fact, even if I were able to race at 250+ km/h up until the french border if not straight to Paris, it would not be possible to even keep up.
It is a twisted sense of amusement when I explain to CIS people why I plan extra time to go through airport security.
That said, so far I’ve been lucky and only had some extra groping during my first flight after transition 🤢. Last few flights I breezed through. But with everything going on, I plan for the worst and hope for the best.
That means getting there early, having extra documentation even a domestic trip, and everything as close to perfect as possible for security checkpoints.