Notices tagged with security, page 40

therubackup (therubackup@theru.xyz)'s status on Thursday, 12-Apr-2018 08:58:30 EDT therubackup

Neat use of DoH #DNS #Security https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/ but curl |sudo bash .... pain
In conversation Thursday, 12-Apr-2018 08:58:30 EDT from theru.xyz permalink
Attachments
1. Invalid filename.
  
  Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1
  
  from Scott Helme
  
  DNS is the protocol that makes the web work. It's how we convert easy to remember names like facebook.com into hard to remember IP addresses like 157.240.1.35 and others. Without it, the web wouldn't work but DNS has a problem, it's not secure. The Problem DNS
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Tuesday, 10-Apr-2018 10:34:20 EDT Dr. Roy Schestowitz (罗伊)

Mythology about #security … https://gettys.wordpress.com/2018/04/09/mythology-about-security/ "Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day."
In conversation Tuesday, 10-Apr-2018 10:34:20 EDT from gnusocial.de permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  Mythology about security…
  
  By gettys from jg's Ramblings
  
  Ed Felton tweeted a few days ago: “Often hear that the reason today’s Internet is not more secure is that the early designers failed to imagine that security could ever matter. That is a myth.”
  
  This is indeed a myth. Much of the current morass can be laid at the feet of the United States government, due to its export regulations around cryptography.
  
  I will testify against the myth. Bob Scheifler and I started the X Window System in 1984 at MIT, which is a network transparent window system: that is, applications can reside on computers anywhere in the network and use the X display server. As keyboard events may be transmitted over the network, it was clear to us from the get-go that it was a security issue. It is in use to this day on Linux systems all over the world (remote X11 access is no longer allowed: the ssh protocol is used to tunnel the X protocol securely for remote use). By sometime in 1985 or 1986 we were distributing X under the MIT License, which was developed originally for use of the MIT X Window System distribution (I’d have to go dig into my records to get the exact date).
  
  I shared an office with Steve Miller at MIT Project Athena, who was (the first?) programmer working on Kerberos authentication service, which is used by Microsoft’s Active Directory service. Needless to say, we at MIT were concerned about security from the advent of TCP/IP.
  
  We asked MIT whether we could incorporate Kerberos (and other encryption) into the X Window System. According to the advice at the time (and MIT’s lawyers were expert in export control, and later involved in PGP), if we had even incorporated strong crypto for authentication into our sources, this would have put the distribution under export control, and that that would have defeated X’s easy distribution. The best we could do was to leave enough hooks into the wire protocol that kerberos support could be added as a source level “patch” (even calls to functions to use strong authentication/encryption by providing an external library would have made it covered under export control). Such a patch for X existed, but could never be redistributed: by the time that export controls were relaxed, the patch had become mostly moot, as ssh had become available, which, along with the advent of the World Wide Web, was “good enough”, though far from an ideal solution.
  
  Long before the term Open Source software was invented, open source and free software was essential to the Internet for essential services. The choice for all of us working on that software was stark: we could either distribute the product of our work, or enter a legal morass, and getting it wrong could end up in court, as Phil Zimmerman did somewhat later with PGP.
  
  Anyone claiming security was a “failure of imagination” does not know the people or the history and should not be taken seriously. Security mattered not just to us, but everyone working on the Internet. There are three software legacies from Project Athena: Kerberos, the X Window System, and instant messaging. We certainly paid much more than lip service to Internet security!
  
  Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day. Getting security right is really, really hard, and current efforts towards “back doors”, or other access is misguided. We haven’t even recovered from the previous rounds of government regulations, which has caused excessive complexity in an already difficult problem and many serious security problems. Let us not repeat this mistake…
Dr. Roy Schestowitz (罗伊) (schestowitz@joindiaspora.com)'s status on Tuesday, 10-Apr-2018 10:34:13 EDT Dr. Roy Schestowitz (罗伊)

Mythology about #security … https://gettys.wordpress.com/2018/04/09/mythology-about-security/ "Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day."
In conversation Tuesday, 10-Apr-2018 10:34:13 EDT from joindiaspora.com permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  Mythology about security…
  
  By gettys from jg's Ramblings
  
  Ed Felton tweeted a few days ago: “Often hear that the reason today’s Internet is not more secure is that the early designers failed to imagine that security could ever matter. That is a myth.”
  
  This is indeed a myth. Much of the current morass can be laid at the feet of the United States government, due to its export regulations around cryptography.
  
  I will testify against the myth. Bob Scheifler and I started the X Window System in 1984 at MIT, which is a network transparent window system: that is, applications can reside on computers anywhere in the network and use the X display server. As keyboard events may be transmitted over the network, it was clear to us from the get-go that it was a security issue. It is in use to this day on Linux systems all over the world (remote X11 access is no longer allowed: the ssh protocol is used to tunnel the X protocol securely for remote use). By sometime in 1985 or 1986 we were distributing X under the MIT License, which was developed originally for use of the MIT X Window System distribution (I’d have to go dig into my records to get the exact date).
  
  I shared an office with Steve Miller at MIT Project Athena, who was (the first?) programmer working on Kerberos authentication service, which is used by Microsoft’s Active Directory service. Needless to say, we at MIT were concerned about security from the advent of TCP/IP.
  
  We asked MIT whether we could incorporate Kerberos (and other encryption) into the X Window System. According to the advice at the time (and MIT’s lawyers were expert in export control, and later involved in PGP), if we had even incorporated strong crypto for authentication into our sources, this would have put the distribution under export control, and that that would have defeated X’s easy distribution. The best we could do was to leave enough hooks into the wire protocol that kerberos support could be added as a source level “patch” (even calls to functions to use strong authentication/encryption by providing an external library would have made it covered under export control). Such a patch for X existed, but could never be redistributed: by the time that export controls were relaxed, the patch had become mostly moot, as ssh had become available, which, along with the advent of the World Wide Web, was “good enough”, though far from an ideal solution.
  
  Long before the term Open Source software was invented, open source and free software was essential to the Internet for essential services. The choice for all of us working on that software was stark: we could either distribute the product of our work, or enter a legal morass, and getting it wrong could end up in court, as Phil Zimmerman did somewhat later with PGP.
  
  Anyone claiming security was a “failure of imagination” does not know the people or the history and should not be taken seriously. Security mattered not just to us, but everyone working on the Internet. There are three software legacies from Project Athena: Kerberos, the X Window System, and instant messaging. We certainly paid much more than lip service to Internet security!
  
  Government export controls crippled Internet security and the design of Internet protocols from the very beginning: we continue to pay the price to this day. Getting security right is really, really hard, and current efforts towards “back doors”, or other access is misguided. We haven’t even recovered from the previous rounds of government regulations, which has caused excessive complexity in an already difficult problem and many serious security problems. Let us not repeat this mistake…
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Tuesday, 10-Apr-2018 07:33:08 EDT Dr. Roy Schestowitz (罗伊)

#kde #plasma Offline #Vaults for an extra layer of protection https://cukic.co/2018/04/10/offline-vaults-for-extra-layer-of-protection/index.html #encryption #security #gnu #linux #freesw #IvanČukić
In conversation Tuesday, 10-Apr-2018 07:33:08 EDT from gnusocial.de permalink
Attachments
1. Invalid filename.
  
  Ivan Čukić | Offline Vaults for an extra layer of protection
  
  from Ivan Čukić
  
  Writing about KDE, C++, functional programming...
Tux Machines (tuxmachines@mastodon.technology)'s status on Monday, 09-Apr-2018 13:27:34 EDT Tux Machines

#Security Leftovers http://www.tuxmachines.org/node/110607

In conversation Monday, 09-Apr-2018 13:27:34 EDT from mastodon.technology permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Monday, 09-Apr-2018 03:41:37 EDT Dr. Roy Schestowitz (罗伊)

No RC1 of Linux 3.17 yet. Odd...
There is, however, 3.16.1 a week after release, with Greg K-H saying you "must" upgrade.
Did they find #security issues in 3.16? We'll know soon.

In conversation Monday, 09-Apr-2018 03:41:37 EDT from gnusocial.de permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Saturday, 07-Apr-2018 11:55:20 EDT Dr. Roy Schestowitz (罗伊)

Unfortunately such neglect us very common

Let's call 'em all out
https://gnusocial.de/url/5130597

#tmobile #austria #security
In conversation Saturday, 07-Apr-2018 11:55:20 EDT from gnusocial.de permalink
Attachments
1. Invalid filename.
  
  Another day, another breach: At what point does storing passwords in plaintext become criminally negligent?
  
  from Private Internet Access Blog
  
  Another day, another breach: At what point does storing passwords in plaintext become criminally negligent?
Yes, I Know IT ! 🎓 (yesiknowit@mastodon.social)'s status on Friday, 06-Apr-2018 07:19:48 EDT Yes, I Know IT ! 🎓

"Keep your system up to date and apply security patches," said the TV after the Meltdown story.
"Review the patch before applying them," said the security expert. Indeed, the satirical (?) website https://holeybeep.ninja/ try to convince you to apply a patch supposedly improving the security of your system.
But this is the exact same opposite: by exploiting a bug in the patch program itself, it will execute arbitrary code on your system.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19
#CVE #IT #Security #Tojan #Hoax

In conversation Friday, 06-Apr-2018 07:19:48 EDT from mastodon.social permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Thursday, 05-Apr-2018 06:08:18 EDT Dr. Roy Schestowitz (罗伊)

At the moment a lot of tech companies pretend to care about #security and about #privacy
But they mostly lie, sometimes at the expense of #facebook
Look at their record/actions. They're lying to the gullible. Cheap PR stunt.

In conversation Thursday, 05-Apr-2018 06:08:18 EDT from gnusocial.de permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Thursday, 05-Apr-2018 04:28:28 EDT Dr. Roy Schestowitz (罗伊)

#microsoft puts back doors in all the things, but when it uses #freesw and breaks it it then calls FOSS a #security problem https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/
In conversation Thursday, 05-Apr-2018 04:28:28 EDT from gnusocial.de permalink
Attachments
1. Invalid filename.
  
  They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender
  
  Rar! That's a scary bug
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Wednesday, 04-Apr-2018 19:39:15 EDT Dr. Roy Schestowitz (罗伊)

#HTTPSEverywhere Introduces New Feature: Continual Ruleset Updates
https://gnusocial.de/url/5117057 #eff #privacy #security
In conversation Wednesday, 04-Apr-2018 19:39:15 EDT from gnusocial.de permalink
Attachments
1. Invalid filename.
  
  HTTPS Everywhere Introduces New Feature: Continual Ruleset Updates
  
  from Electronic Frontier Foundation
  
  Today we're proud to announce the launch of a new version of HTTPS Everywhere, 2018.4.3, which brings with it exciting new features. With this newest update, you'll receive our list of HTTPS-supporting sites more regularly, bundled as a package that is delivered to the extension on a continual...
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Tuesday, 03-Apr-2018 10:28:12 EDT Dr. Roy Schestowitz (罗伊)

"Pipeline and storage terminal operator Energy Transfer Partners LP said on Monday that Latitude Technology, a third party service provider, was hit by a cyber attack." https://gnusocial.de/url/5110869
#microsoft #security https://toolbar.netcraft.com/site_report?url=http://www.latitudetech.net/
In conversation Tuesday, 03-Apr-2018 10:28:12 EDT from gnusocial.de permalink
Attachments
1. Invalid filename.
  
  Energy Transfer says third-party service provider hit by cyber attack
  
  from U.S.
  
  Pipeline and storage terminal operator Energy Transfer Partners LP said on Monday that Latitude Technology, a third party service provider, was hit by a cyber attack.
KemoNine (kemonine@mastodon.social)'s status on Thursday, 29-Mar-2018 22:38:01 EDT KemoNine

Qubes 4.0 is officially released
https://www.qubes-os.org/news/2018/03/28/qubes-40/
#OpSec #InfoSec #Privacy #Security

In conversation Thursday, 29-Mar-2018 22:38:01 EDT from mastodon.social permalink
absorto (absor70@freeradical.zone)'s status on Wednesday, 28-Mar-2018 12:44:31 EDT absorto

**Apenas 9 dias** para encerrar o financiamento coletivo da #cryptorave 2018! São APENAS 9 dias para levantar pouco mais de R$20mil! Apoie o maior evento aberto e gratuito de #criptografia e #segurança do mundo!
** Only 9 days ** left to join the crowdfunding effort to support this year's CryptoRave! 9 days to raise more than 20 thousand BRL! Help support the biggest free and open #cryptography and #security event in the world.
www.cryptorave.org
💾 🔑 🔒

In conversation Wednesday, 28-Mar-2018 12:44:31 EDT from freeradical.zone permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Wednesday, 28-Mar-2018 00:41:42 EDT Dr. Roy Schestowitz (罗伊)

#intel cheated and now everyone (almost) has defective chips http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf #security [PDF]

In conversation Wednesday, 28-Mar-2018 00:41:42 EDT from gnusocial.de permalink
Tux Machines (tuxmachines@mastodon.technology)'s status on Wednesday, 28-Mar-2018 00:29:44 EDT Tux Machines

#heads 0.4 released
http://www.tuxmachines.org/node/110249 #devuan #debian #gnu #linux #tor #anonymity #security #privacy

In conversation Wednesday, 28-Mar-2018 00:29:44 EDT from mastodon.technology permalink
Blaise M Crowly (theaduditor@mastodon.social)'s status on Tuesday, 27-Mar-2018 12:38:43 EDT Blaise M Crowly

Learning from Indian govt.
1. Design a dystopian surveillance tool.
2. Implement it without due process.
3. Ignore and not enforce a court order against it.
4. Give shitty explanations.
#Aadhar #security #privacy

In conversation Tuesday, 27-Mar-2018 12:38:43 EDT from mastodon.social permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Saturday, 24-Mar-2018 09:36:44 EDT Dr. Roy Schestowitz (罗伊)

#LibreSSL 2.7.1 Released https://marc.info/?l=openbsd-announce&m=152185444932480&w=2 #bsd #unix #openbsd #security

In conversation Saturday, 24-Mar-2018 09:36:44 EDT from gnusocial.de permalink
Kev Quirk (kev@fosstodon.org)'s status on Thursday, 22-Mar-2018 15:42:00 EDT Kev Quirk

What's the deal with this HTTPS thing anyway? Here is why it's important...
https://kevq.uk/why-https-is-important/
#Security #HTTPS #Internet

In conversation Thursday, 22-Mar-2018 15:42:00 EDT from fosstodon.org permalink
Kev Quirk (kev@fosstodon.org)'s status on Tuesday, 20-Mar-2018 16:15:20 EDT Kev Quirk

I wrote a comparison between #LastPass and #Bitwarden. Currently with the latter, and very happy I am too. https://kevq.uk/bitwarden-lastpass-alternative/
#PasswordManager #OpenSource #Security
In conversation Tuesday, 20-Mar-2018 16:15:20 EDT from fosstodon.org permalink
Attachments
1. Invalid filename.
  
  Bitwarden - An Open Source Alternative to LastPass
  
  from Kev Quirk
  
  Everyone has heard of LastPass, right? But you may not have heard of the open source alternative to LastPass, BitWarden.

After
Before

Public

Notices tagged with security, page 40