cy

cy, 6 months ago to random

@psy finde den thread zu externem Monitor nicht mehr, aber im Zweifelsfsall ist sowas beim großen A grade "billig" zum Ausprobieren:

https://www.amazon.de/dp/B092KKLH93/ (coupon checkbox klicken, 100eu neuer preis)

arstechnica, 6 months ago to random

Flipper Zero gadget that DoSes iPhones takes once-esoteric attacks mainstream

No cure yet for a popular iPhone attack, except for turning off Bluetooth.

https://arstechnica.com/security/2023/11/flipper-zero-gadget-that-doses-iphones-takes-once-esoteric-attacks-mainstream/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

mcfly, 6 months ago to tv German

A first for me today:

A manager refuses to believe something security says because "I have seen in CSI:Cyber that this works without problems...."

#tv #csi #ceekurity

RichiH, 6 months ago to random

By sheer accident, I just noticed that I'm at 999 followers. Let's see who the lucky(?) 1000th will be be.

tychotithonus, 6 months ago (edited 6 months ago) to random

Only the YubiKey 5 series supports creating and storing passkeys ("resident WebAuthn credentials"), and you can only store 25 of them.

Also, non-passkey use of YubiKeys appears to no longer be [reliably*] supported by Google's Advanced Protection Program. You have to create a reliable passkey, then delete and re-add all of your existing keys (listed under "2-step verification only security keys"). Some of my keys are ... extremely offsite, so it will take time to restore my previous levels of redundancy.

I think I'm starting to understand how we got here, but I'm still unhappy that the benefits of the previous model - in which unlimited sites could be used with each security key, and U2F keys were backward compatible - are gone.

I also feel as though Google, Yubico, and others could have done a better job of communicating the consequences for advanced users ... in advance. Instead, Google searches for "2-step verification only security keys" currently only produce 5 results, which are Reddit threads full of commiserators and Google support threads like this one that are locked without response:

https://support.google.com/accounts/thread/213974810/how-can-i-migrate-a-device-from-2-step-verification-to-full-passkey

* Once any passkeys use is enabled, some APP users (including me) can sometimes do a fresh Google login from scratch on a new device with only a security key .. but other times, any "2-step verification only" key you try is rejected as unrecognized. I do not know what the variability is - and the forums are full of people with similar complaints.

UPDATE: On further testing, and based on reports from others on the side, it may be that the symptoms I (and the folks in the forums) experienced were a problem for the first few months at launch, but may have been fixed. It last failed for me about a month ago, but I'm unable to recreate from Incognito. But since Google uses many signals to determine how to prompt for what kind of MFA, I am not at all confident that I will be able to use non-passkey security keys from a fresh computer in a new geographic location away from my phone. If Google fixed something , I do wish they'd say something about it somewhere, so that I can key with confidence!

Update 2: a friendly, authoritative reply that we don't think anything has changed, so the symptoms are still mysterious (and maybe more common if a PIN is set on the key?):
https://infosec.exchange/@skarra/111309708728390341

Update 3: And to head off some side questions - this doesn't diminish my YubiKey fanboy-ness. :D I do see the trade-offs, and the middle ground for me will probably look something like storing my "top 20" critical passkeys on YubiKeys, and keeping all the others in a password-management layer.

#YubiKey #Passkeys

genkin, 7 months ago to random

For those wondering if Apple’s iOS/iPadOS 17.1 and macOS 14.1 released yesterday protect against https://ileakage.com/? We took a look for you, the answer is no. Devices are still vulnerable.

kuketzblog, 7 months ago to ads German

Wer grob testen möchte, wie gut seine Adblocker (uBlock Origin, Pi-hole, AdGuard etc.) funktionieren, kann diese Testseite besuchen. 👇

Meine Blockrate: 99%

https://d3ward.github.io/toolz/adblock.html

#adblock #ads #pihole #tracking

jpmens, 7 months ago to random

deleted_by_author

keepassxc, 7 months ago to random

Help us test PassKeys! We just merged our PassKey support to our next release branch. You can grab a snapshot build and test it out now. We already released support in our browser extension.

Test now: https://snapshot.keepassxc.org/latest/

Development work: https://github.com/keepassxreboot/keepassxc/pull/8825

simon_brooke, 7 months ago to climate

5.3 metres – the degree of sea level rise now unavoidable from West Antarctic Ice Sheet melting ALONE – is sufficient to entirely submerge most of urban Abu Dhabi, Bahrain, Dubai, and an enormous area of southern Iraq (Qatar gets off surprisingly lightly).

Are they sure they want to pump YET MORE oil?

#ClimateEmergency

https://coastal.climatecentral.org/map/6/50.1713/28.1743/?theme=water_level&map_type=water_level_above_mhhw&basemap=roadmap&contiguous=true&elevation_model=best_available&refresh=true&water_level=5.3&water_unit=m

nixCraft, 7 months ago to random

😂 #linux #windows #privacy

GossiTheDog, 7 months ago to random

deleted_by_author

padeluun, 7 months ago to random German

Carl Waßmuth: „Als wir vor 30 Jahren die Bahnreform bekommen haben, gab es 6.000 sogenannte Bahndirektoren, was als verschwenderisch angeprangert wurde. Heute leistet sich die Bahn 20.000 Manager.

Wenn jeder von ihnen 100.000 Euro Jahresgehalt bekommt, sind das bereits zwei Milliarden jährlich! Gleichzeitig wurden 190.000 Stellen eingespart.“

https://www.telepolis.de/features/Deutsche-Bahn-Mit-20-000-Managern-auf-dem-Weg-zur-Privatisierung-9336094.html

masek, 7 months ago to random

Charging devices via USB C is driving me crazy

During the last vacation my wife forgot her cable to charge her iPad. So I bought locally a cheap USB A to USB C charging cable.

Unluckily that cable would not charge anything:, not her iPad, not my iPad, not my Steam deck, not my MacBook and not my Kindle. All those devices could be charged by the single, then most heavily used cable I brought with me.

The locally bought cable only worked for the Android mobile phone of the vendor (which she demonstrated happily).

Today I wanted to charge my Abus SmartLock BORDO One 6500A. It also uses USB C. None of my standard cabled worked. I tried dozens of them.

Then I tried the shitty cable from the vacation and connected it to a powerbank. Suprise: now the lock is charging. What devilish mechanism is this?

CCC, 7 months ago to random German

Thorn als Geldmaschine: Debatte über die #Chatkontrolle massiv beeinflusst, vor allem eigene Software angepriesen https://www.heise.de/news/Chatkontrolle-Verfechter-Thorn-Geldmaschine-statt-Wohltaetigkeitsorganisation-9327679.html

nixCraft, 8 months ago to random

What type of information are they going to collect in the room? What could possibly go wrong? #openai

thopan, 8 months ago (edited 8 months ago) to random German

Frage an die Leute, die ihre Geräte wie Laptops mit Sicherheits-Token wie YubiKey oder Nitrokey, … und so absichern: Welche USB-/NFC-Tokens nutzt/empfehlt ihr?

Ich würde meinen Laptop (Linux-/Win-Dualboot) und mein Smartfon damit beglücken wollen. Lese mch gerade ins Thema ein.

#FragFedi :boost_ok: #BoostOK

jerry, 8 months ago to random

Happy Friday! Don’t forget to git push to prod on your way out this afternoon

davidrevoy, 8 months ago to random

In the Press right now:

"All Those NFTs Are Officially Worthless" → https://kotaku.com/nft-meaning-scam-crypto-marketplace-price-bored-ape-1850860661

"Your NFTs Are Actually — Finally — Totally Worthless" → https://www.rollingstone.com/culture/culture-news/nfts-worthless-researchers-find-1234828767/

Me: