Notices by GeniusMusing (geniusmusing@nu.federati.net), page 51
-
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 16-Sep-2021 22:23:39 EDT 
GeniusMusing
@lxo @lnxw48a1
While not directly related, starting on page ten is some very interesting multi-keyed encryption/decryption description.
Still trying to wrap my head around it.
GRC/Twit Security Now show notes, REvil’s Clever Crypto, aka Sodinokibi.
https://www.grc.com/sn/SN-827-Notes.pdf -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 13-Sep-2021 15:01:10 EDT
GeniusMusing
Disclosing CVE-2021-40823 and CVE-2021-40824: E2EE vulnerability in multiple Matrix clients Matrix.org
https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
>Today we are disclosing a critical security issue affecting multiple Matrix clients and libraries including Element (Web/Desktop/Android), FluffyChat, Nheko, Cinny, and SchildiChat. Element on iOS is not affected.
>
>Specifically, in certain circumstances it may be possible to trick vulnerable clients into disclosing encryption keys for messages previously sent by that client to user accounts later compromised by an attacker.
>
>Exploiting this vulnerability to read encrypted messages requires gaining control over the recipient’s account. This requires either compromising their credentials directly or compromising their homeserver.
>
>Thus, the greatest risk is to users who are in encrypted rooms containing malicious servers. Admins of malicious servers could attempt to impersonate their users' devices in order to spy on messages sent by vulnerable clients in that room.
>
>This is not a vulnerability in the Matrix or Olm/Megolm protocols, nor the libolm implementation. It is an implementation bug in certain Matrix clients and SDKs which support end-to-end encryption (“E2EE”).
>
>We have no evidence of the vulnerability being exploited in the wild.
>
>This issue was discovered during an internal audit by Denis Kasak, a security researcher at Element.
>... -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Wednesday, 08-Sep-2021 21:33:40 EDT
GeniusMusing
Hackers leak passwords for 500,000 Fortinet VPN accounts
https://nu.federati.net/url/282850
>A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.
>
>While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.
>
>This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.
>... -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 07-Sep-2021 19:45:57 EDT
GeniusMusing
McDonald's leaks password for Monopoly VIP database to winners
https://nu.federati.net/url/282831
>A bug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners.
>
>After skipping a year due to COVID-19, McDonald's UK launched their popular Monopoly VIP game on August 25th, where customers can enter codes found on purchase food items for a chance to win a prize. These prizes include £100,000 in cash, an Ibiza villa or UK getaway holiday, Lay-Z Spa hot tubs, and more.
>
>Unfortunately, the game hit a snag over the weekend after a bug caused the user name and passwords for both the production and staging database servers to be in prize redemption emails sent to prize winners.
>...
Do you want fries with that database? -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 07-Sep-2021 11:35:33 EDT
GeniusMusing
@lxo @lnxw48a1 @simsa04
The only thing missing on my bingo card for a win is blockchain. :P
This might be a solution for 0.1% of possible users, what about the rest?
Storage (new/old messages and attachments) and retrieval (message syncing on multiple devices) are the two biggest functional issues I can see.
The other big issue is how to make it easy enough to install so that almost anyone can use it on any platform otherwise it becomes just another "geeks only" tool for communicating.
I have been thinking about this messaging 2.0 thing for over five years and I am no closer to something that would work (theoretically, no code tried yet) for the majority. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Tuesday, 07-Sep-2021 09:34:09 EDT
GeniusMusing
@lnxw48a1 @simsa04
We know many ways to not have secure messaging, how do we do it correctly?
How would it be "future proofed" as if it was done correctly, the laws would probably be changed to try to allow for snooping at some level?
As it is, anything going over the internet is traceable/trackable at some level, even if only your connection and the ip address(s) you are connected to. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 06-Sep-2021 09:40:41 EDT
GeniusMusing
@lnxw48a1
I have no doubt that there are people out there tempting fate with Darwin, unfortunately, or maybe fortunately, I almost question every news story regardless of where it is published these days.
Even places that I mostly trust, are doing a really bad job of anything more than copy/paste/link stories and when it is found out that the story is not quite correct they just put a little update at the bottom of it that you would only read if you made it all the way through it.
https://www.theguardian.com/world/2021/sep/04/oklahoma-doctor-ivermectin-covid-coronavirus
The last three paragraphs (out of 23) are the correction with no mention earlier in the story that there were issues with the story.
But than that doesn't generate clicks does it? -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Sunday, 05-Sep-2021 08:00:59 EDT
GeniusMusing
Rolling Stone might not be a great place to get news from...
>UPDATE: Northeastern Hospital System Sequoyah issued a statement:
Home NHS Sequoyah
https://nhssequoyah.com/
>Message from the administration of Northeastern Health System - Sequoyah:
>
>Although Dr. Jason McElyea is not an employee of NHS Sequoyah, he is affiliated with a medical staffing group that provides coverage for our emergency room.
>
>With that said, Dr. McElyea has not worked at our Sallisaw location in over 2 months.
>
>NHS Sequoyah has not treated any patients due to complications related to taking ivermectin. This includes not treating any patients for ivermectin overdose.
>
>All patients who have visited our emergency room have received medical attention as appropriate. Our hospital has not had to turn away any patients seeking emergency care.
>
>We want to reassure our community that our staff is working hard to provide quality healthcare to all patients. We appreciate the opportunity to clarify this issue and as always, we value our community’s support. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Friday, 03-Sep-2021 15:25:09 EDT
GeniusMusing
@lxo @lnxw48a1
While I like the idea, the thought of carrying my data around (anything more then is really needed for that days travel), as well as through TSA in the states and whatever these agencies are called in other countries, immigration, etc, would scare the hell out of me.
I prefer to bring the minimal with me (usually a few movies/music/podcasts) and if I need something get it over the 'net, especially when not in the US.
While I am not planning on any travel until sometime next year (hoping) my interest in this is for when I travel as I may not have my current VPN (former $EMPLOYER - with permission) then and I would really like a solution before then. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Friday, 03-Sep-2021 08:18:24 EDT
GeniusMusing
@lnxw48a1
There are some of us who still giggle. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 02-Sep-2021 22:18:21 EDT
GeniusMusing
Wait until they find out that Uranus is not a body part. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 02-Sep-2021 13:52:45 EDT
GeniusMusing
>The malfunction in the app, which was operated by Microsoft, was responsible for revealing 38 million records from 47 entities that use the software, UpGuard Research said.
>
>Governmental agencies in Indiana, Maryland and New York and private businesses including Ford, American Airlines and J.B. Hunt were also affected. The unsecured data from companies included employee contact information, drug testing information and Social Security numbers.
>
>Denton County said it never collected Social Security or driver’s license numbers or financial account information.
>
>UpGuard Research said in a written statement that it notified Denton County officials of the breach July 7 and that the data was secured the same day.
>
>Microsoft said in a written statement that it takes “security and privacy seriously” and encouraged its users to “use best practices” for internet privacy.
I have a new slogan for M$
Microsoft: Insecurity, by design. -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 02-Sep-2021 09:32:37 EDT
GeniusMusing
@lnxw48a1
Another option?
https://www.amazon.com/GL-iNET-GL-MT300N-V2-Repeater-300Mbps-Performance/dp/B073TSK26W -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 02-Sep-2021 08:45:28 EDT
GeniusMusing
@lnxw48a1
A few links.
Make A Hotspot Of Raspberry Pi While Using A VPN by Ahmed Fadlelmawla | The Startup | Medium
https://medium.com/swlh/make-a-hotspot-of-raspberry-pi-while-using-a-vpn-e8f6620c1ab9
VPN Router – Raspberry Pi, RaspAP Wi-Fi Hotspot / AP, NordVPN
https://vpn-expert.info/vpn-router-raspberry-pi-raspap-and-nordvpn-wi-fi-hotspot-access-point/
How to use your Raspberry Pi as a wireless access point The Pi
https://thepi.io/how-to-use-your-raspberry-pi-as-a-wireless-access-point/
How to use your Raspberry Pi as a VPN router The Pi
https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/ -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 02-Sep-2021 08:01:21 EDT
GeniusMusing
@lnxw48a1
What about a RPi with dual WiFi's as an intermediary? -
GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 30-Aug-2021 13:59:48 EDT
GeniusMusing
The Social Dilemma Full Feature | Netflix YouTube
https://www.youtube.com/watch?v=7mqR_e2seeM&t=1s
>We tweet, we like, and we share— but what are the consequences of our growing dependence on social media? As digital platforms increasingly become a lifeline to stay connected, Silicon Valley insiders reveal how social media is reprogramming civilization by exposing what’s hiding on the other side of your screen.
>
>AVAILABLE ON YOUTUBE UNTIL SEPT. 30TH.
>Now is the time to share the film and have a discussion about repairing our broken information ecosystem.
All Jonkman Microblog content and data are available under the