Notices tagged with security, page 30

Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 19-Oct-2019 21:58:44 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
"The Open Cybersecurity Alliance (OCA) project, an OASIS Open Project with #IBM #Security and #McAfee as the initial contributors"

#openwashing #proprietarysoftware
https://securityintelligence.com/news/open-cybersecurity-alliance-an-open-source-initiative-for-enabling-improved-interoperability/
In conversation Saturday, 19-Oct-2019 21:58:44 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  Open Cybersecurity Alliance: An Open Source Initiative
  
  from Security Intelligence
  
  The Open Cybersecurity Alliance (OCA) project, an OASIS Open Project with IBM Security and others, aims to help security vendors more capably exchange threat information and improve interoperability.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 19-Oct-2019 10:31:38 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
How to use #containers with an eye on #security https://www.ameinfo.com/industry/technology/how-to-use-containers-with-an-eye-on-security

In conversation Saturday, 19-Oct-2019 10:31:38 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 18-Oct-2019 20:42:52 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
How to Install #KaliLinux https://www.maketecheasier.com/install-kali-linux/ #gnu #linux #security #pentesting
In conversation Friday, 18-Oct-2019 20:42:52 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  How to Install Kali Linux
  
  By Ben Stockton from Make Tech Easier
  
  How to Install Kali Linux
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 18-Oct-2019 11:51:15 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
The #Spectre Mitigation Impact For Intel Ice Lake With Core i7-1065G7 http://www.tuxmachines.org/node/129454 #security

In conversation Friday, 18-Oct-2019 11:51:15 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 18-Oct-2019 11:44:06 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#Security : #WireGuard , #Birds and Updates
http://www.tuxmachines.org/node/129452

In conversation Friday, 18-Oct-2019 11:44:06 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 18-Oct-2019 11:10:05 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#proprietarysoftware #security https://mjg59.dreamwidth.org/53258.html

In conversation Friday, 18-Oct-2019 11:10:05 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 18-Oct-2019 11:03:18 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Can #Linux improve #ATM #security ? http://www.tuxmachines.org/node/129444

In conversation Friday, 18-Oct-2019 11:03:18 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 18-Oct-2019 01:39:41 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#Security : #Linux , #Docker and #Guix
http://www.tuxmachines.org/node/129435

In conversation Friday, 18-Oct-2019 01:39:41 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 18-Oct-2019 00:24:17 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Mozilla: Glean SDK, Localisation, Reps and #Security
http://www.tuxmachines.org/node/129428 #mozilla #firefox #www #freesw

In conversation Friday, 18-Oct-2019 00:24:17 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Thursday, 17-Oct-2019 21:44:31 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
"We have become aware of a #security issue for #Guix on multi-user systems that we have just fixed (CVE-2019-18192). Anyone running Guix on a multi-user system is encouraged to upgrade guix-daemon—see below for instructions" https://guix.gnu.org/blog/2019/insecure-permissions-on-profile-directory-cve-2019-18192/

In conversation Thursday, 17-Oct-2019 21:44:31 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 14-Oct-2019 05:41:17 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Audiocasts/Shows/Screencasts: #OpenSource #Security Podcast, #linux Action News and #Manjaro 19.09.28 KDE-DEV Run Through http://www.tuxmachines.org/node/129253

In conversation Monday, 14-Oct-2019 05:41:17 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 14-Oct-2019 05:39:04 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
(but there are #nsa back doors in their #encryption ) "Josh and Kurt about a number of #Microsoft #security news items. They've changed how they are handling encrypted disks and are now forcing cloud logins on #Windows users."
http://www.opensourcesecuritypodcast.com/2019/10/episode-165-grab-bag-of-microsoft.html
In conversation Monday, 14-Oct-2019 05:39:04 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  Episode 165 - Grab Bag of Microsoft Security News
  
  Josh and Kurt about a number of Microsoft security news items. They've changed how they are handling encrypted disks and are now forcing...
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Sunday, 13-Oct-2019 20:58:04 EDT Soh Kam Yung

Cryptographer Matthew Green on a change Apple made in iOS13: "Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tencent. This is being done as part of Apple’s “Fraudulent Website Warning”, which uses the Google-developed Safe Browsing technology as the back end."
#Privacy #Security #Encryption #Google #Apple #Tencent #Malware #WebBrowsers
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
In conversation Sunday, 13-Oct-2019 20:58:04 EDT from mstdn.io permalink
Attachments
1. Invalid filename.
  
  How safe is Apple’s Safe Browsing?
  
  By Matthew Green from A Few Thoughts on Cryptographic Engineering
  This morning brings new and exciting news from the land of Apple. It appears that, at least on iOS 13, Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tencent. This is being done as part of Apple’s “Fraudulent Website Warning”, which uses the Google-developed Safe Browsing technology as the back end. This feature appears to be “on” by default in iOS Safari, meaning that millions of users could potentially be affected.
  
  (image source)
  
  As is the standard for this sort of news, Apple hasn’t provided much — well, any — detail on whose browsing history this will affect, or what sort of privacy mechanisms are in place to protect its users. The changes probably affect only Chinese-localized users (see Github commits, courtesy Eric Romang), although it’s difficult to know for certain. However, it’s notable that Apple’s warning appears on U.S.-registered iPhones.
  
  Regardless of which users are affected, Apple hasn’t said much about the privacy implications of shifting Safe Browsing to use Tencent’s servers. Since we lack concrete information, the best we can do is talk a bit about the technology and its implications. That’s what I’m going to do below.
  
  What is “Safe Browsing”, and is it actually safe?
  
  Several years ago Google noticed that web users tended to blunder into malicious sites as they browsed the web. This included phishing pages, as well as sites that attempted to push malware at users. Google also realized that, due to its unique vantage point, it had the most comprehensive list of those sites. Surely this could be deployed to protect users.
  
  The result was Google’s “safe browsing”. In the earliest version, this was simply an API at Google that would allow your browser to ask Google about the safety of any URL you visited. Since Google’s servers received the full URL, as well as your IP address (and possibly a tracking cookie to prevent denial of service), this first API was kind of a privacy nightmare. (This API still exists, and is supported today as the “Lookup API“.)
  
  To address these concerns, Google quickly came up with a safer approach to, um, “safe browsing”. The new approach was called the “Update API”, and it works like this:
  
  Google first computes the SHA256 hash of each unsafe URL in its database, and truncates each hash down to a 32-bit prefix to save space.
  
  Google sends the database of truncated hashes down to your browser.
  
  Each time you visit a URL, your browser hashes it and checks if its 32-bit prefix is contained in your local database.
  
  If the prefix is found in the browser’s local copy, your browser now sends the prefix to Google’s servers, which ship back a list of all full 256-bit hashes of the matching URLs, so your browser can check for an exact match.
  
  At each of these requests, Google’s servers see your IP address, as well as other identifying information such as database state. It’s also possible that Google may drop a cookie into your browser during some of these requests. The Safe Browsing API doesn’t say much about this today, but Ashkan Soltani noted this was happening back in 2012.
  
  It goes without saying that Lookup API is a privacy disaster. The “Update API” is much more private: in principle, Google should only learn the 32-bit hashes of some browsing requests. Moreover, those truncated 32-bit hashes won’t precisely reveal the identity of the URL you’re accessing, since there are likely to be many collisions in such a short identifier. This provides a form of k-anonymity.
  
  The weakness in this approach is that it only provides some privacy. The typical user won’t just visit a single URL, they’ll browse thousands of URLs over time. This means a malicious provider will have many “bites at the apple” (no pun intended) in order to de-anonymize that user. A user who browses many related websites — say, these websites — will gradually leak details about their browsing history to the provider, assuming the provider is malicious and can link the requests. (Updated to add: There has been some academic research on such threats.)
  
  And this is why it’s so important to know who your provider actually is.
  
  What does this mean for Apple and Tencent?
  
  That’s ultimately the question we should all be asking.
  
  The problem is that Safe Browsing “update API” has never been exactly “safe”. Its purpose was never to provide total privacy to users, but rather to degrade the quality of browsing data that providers collect. Within the threat model of Google, we (as a privacy-focused community) largely concluded that protecting users from malicious sites was worth the risk. That’s because, while Google certainly has the brainpower to extract a signal from the noisy Safe Browsing results, it seemed unlikely that they would bother. (Or at least, we hoped that someone would blow the whistle if they tried.)
  
  But Tencent isn’t Google. While they may be just as trustworthy, we deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them.
  
  We shouldn’t have to read the fine print
  
  When Apple wants to advertise a major privacy feature, they’re damned good at it. As an example: this past summer the company announced the release of the privacy-preserving “Find My” feature at WWDC, to widespread acclaim. They’ve also been happy to claim credit for their work on encryption, including technology such as iCloud Keychain.
  
  But lately there’s been a troubling silence out of Cupertino, mostly related to the company’s interactions with China. Two years ago, the company moved much of iCloud server infrastructure into mainland China, for default use by Chinese users. It seems that Apple had no choice in this, since the move was mandated by Chinese law. But their silence was deafening. Did the move involve transferring key servers for end-to-end encryption? Would non-Chinese users be affected? Reporters had to drag the answers out of the company, and we still don’t know many of them.
  
  In the Safe Browsing change we have another example of Apple making significant modifications to its privacy infrastructure, largely without publicity or announcement. We have learn about this stuff from the fine print. This approach to privacy issues does users around the world a disservice.
  
  It increasingly feels like Apple is two different companies: one that puts the freedom of its users first, and another that treats its users very differently. Maybe Apple feels it can navigate this split personality disorder and still maintain its integrity.
  
  I very much doubt it will work.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 12-Oct-2019 18:49:48 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Security: SecTor, #WhatsApp and Core Infrastructure Initiative (CII)
http://www.tuxmachines.org/node/129220 #cii #security

In conversation Saturday, 12-Oct-2019 18:49:48 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 11-Oct-2019 05:26:43 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #europe ☞ #EU warns of #5G #security risks from state-backed entities https://www.theinquirer.net/inquirer/news/3082468/eu-5g-warning @glynmoody
In conversation Friday, 11-Oct-2019 05:26:43 EDT from pleroma.site permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  EU warns of 5G security risks from state-backed entities | TheINQUIRER
  
  from http://www.theinquirer.net
  
  But report stops short of mentioning Huawei or ZTE,Security ,5g,EU,5G,European Union,huawei
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Wednesday, 09-Oct-2019 11:55:58 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Critical #Security Issue identified in #iTerm2 as part of #Mozilla #OpenSource Audit
http://www.tuxmachines.org/node/129086

In conversation Wednesday, 09-Oct-2019 11:55:58 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Wednesday, 09-Oct-2019 11:43:39 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#scmagazineuk conflates #vpn with operating systems https://www.scmagazineuk.com/government-urges-windows-linux-mac-users-update-vpn-flaw/article/1661963 #security #journalism is dominated by flamebait trolls and crap like this
In conversation Wednesday, 09-Oct-2019 11:43:39 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  Government urges Windows, Linux and Mac users to update over VPN flaw
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 08-Oct-2019 21:23:39 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Five myths about #passwordmanagers
https://blog.mozilla.org/firefox/myths-about-password-managers/ #mozilla #firefox #security
In conversation Tuesday, 08-Oct-2019 21:23:39 EDT from pleroma.site permalink
Attachments
1. Invalid filename.
  
  Five myths about password managers
  
  By M.J. Kelly from The Firefox Frontier
  
  Five myths about password managers
Karl Voit ✅ (publicvoit@mastodon.social)'s status on Thursday, 26-Sep-2019 13:19:24 EDT Karl Voit ✅

RT @maxschrems@twitter.com
We are #HIRING a #SoftwareDeveloper for our office in Vienna!😉
If you know anyone interested in #privacy, #security and #dataprotection with solid coding experience - [share] our offer - or apply yourself!
⏩Details: https://noyb.eu/wp-content/uploads/2019/09/Onepager_job_tech_vFin.pdf
#code4privacy #gdpr #dsgvo

In conversation Thursday, 26-Sep-2019 13:19:24 EDT from mastodon.social permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 25-Sep-2019 05:32:22 EDT Joshua Judson Rosen
- Hacks
- Joshua Judson Rosen
#Termbin is a nice #pastebin !hack https://termbin.com/
Obvious down side: no #TLS #security.
But it's also #nonobvious if any of the other pastebin tools use TLS—where TLS is easily added in front of #termbin and clients just swap #netcat for #socat or #gnutls.
#transparency

In conversation Wednesday, 25-Sep-2019 05:32:22 EDT from status.hackerposse.com at 42°45'55"N 71°28'3"W permalink

After
Before

Public

Notices tagged with security, page 30