sbug

@sbug@addicted.social

Privacy is a human right!

This profile is from a federated server and may be incomplete. Browse more on the original instance.

echo_pbreyer, to random German
@echo_pbreyer@digitalcourage.social avatar

🇩🇪Ist dir klar, was die im Zuge der geplante Alterskontrolle für dich bedeutet?
😮Ende anonymer Kommunikation
😮Für unter 18-jährige sperren Appstores Whatsapp, Instagram, TikTok, Games, Videokonferenzen...
Infos in der Grafik und auf http://chatkontrolle.de

sbug,

@echo_pbreyer even sending en SMS is using an app from the AppStore, so I guess no more SMS from children to their parents asking them to be picked up from football practice etc 🤷🏼‍♂️

echo_pbreyer, to random German
@echo_pbreyer@digitalcourage.social avatar

🇩🇪 Nach ähnlichen Vorstößen in Deutschland, Österreich und Frankreich bewertete der Justizausschuss des irischen Parlaments den -Vorschlag als gefährlich für die Grundrechte & als unwirksam. https://netzpolitik.org/2023/messenger-ueberwachung-irischer-rechtsausschuss-zerpflueckt-chatkontrolle/

Wie lange der schweigt der Bundestag noch?

RT @ICCLtweet
An important intervention from the Oireachtas Justice Committee, which…
https://twitter.com/ICCLtweet/status/1647925377266864128

sbug,

@echo_pbreyer Do you have any links to these things (preferably in English)?

sbug,

@echo_pbreyer Thanks

sbug, to infosec

I had an iPhone and an MacBook both on iCloud and keychain synced.

I then logged out from iCloud on both, wiped them and sold them.

I then bought a new iPhone and MacBook and logged in to my iCloud account, used the same passcode on my devices and all my keychain data was still there!

According to Apples documentation the keychain should be wiped off the servers when all devices logout.

(I had two Apple TVs logged in to my account the whole time, but they don’t have access to the keychain from what I understand).

sbug,

@santiago @0x58 it could be since it was only a few days between the wipes and the installs. But nothing I have read about. 🤔

sbug,

@ligniform could be. Nothing I’ve read about though

sbug,

But if there is a retention period, that means your data could be at risk for all that time, if you change from an insecure passcode, or remove a device with an insecure passcode.

sbug,

I have an old spare iPhone I used for more testing.

First I wiped it.

Then I set it up, and during the setup I:

  • Set a passcode
  • Created a new Apple-ID

After it was up and running I saved a few passwords to the keychain.

I then logged out from iCloud and wiped the device.

Then I set it up again, using the same passcode.

When it was up and running I checked, and the passwords I had save before were still there.

I then added another password to the keychain.

Then I changed the passcode.

Efter that I logged out from iCloud and wiped the phone again.

Then I set it up again.
This time I set it up to use the first passcode.

During the last step of the setup I was asked for a previous passcode.

I tried the first I set but that was a no go.

Then I tried the newer passcode, and that was accepted and I when the phone was up and running I could see all the passwords in the keychain.

So it seems that the passcode from the last device can be used to access iCloud data.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • DreamBathrooms
  • ngwrru68w68
  • Durango
  • mdbf
  • magazineikmin
  • everett
  • thenastyranch
  • rosin
  • Youngstown
  • slotface
  • khanakhh
  • osvaldo12
  • JUstTest
  • GTA5RPClips
  • tacticalgear
  • cubers
  • modclub
  • tester
  • InstantRegret
  • ethstaker
  • cisconetworking
  • anitta
  • provamag3
  • Leos
  • normalnudes
  • lostlight
  • All magazines
    •