security
In ads: Our apps mind their business. Not yours.
In court: Given Apple’s extensive privacy disclosures, no reasonable user would expect that their actions in Apple’s apps would be private from Apple.
#Privacy #Security #Cybersecurity #Apple #iPhone #InfoSec #dataprivacy
STOLEN & CONCEALED NATIONAL DEFENSE DOCUMENTS CASE
Remember:
Cannon was deemed *unqualified* by the American Bar Association.
#DoJ filed a rebuke to Cannon, in what I think is a situation most ripe for an appeal to the Eleventh Circuit for her "clear error" and "manifest injustice."
#DoJ:
“She worked on almost no cases. She had very little courtroom experience. To find a case that actually she worked on and that resulted in a published opinion is in itself improbable... “It’s a brilliant maneuver..."
Unqualified #Judge keeps making bizarre rulings clearly favoring the man who appointed her, federal prosecutors have resorted to citing case law that Cannon should know for one major reason: She worked on it herself.
DoJ fired off a quiet shot across the bow at Cannon in a recent court filing—a filing that seeks to block Trump’s latest ploy to morph this criminal case into some kind of wild goose chase.
🧵 1️⃣
#traitor #traitortrump #crime #national #security #threat #DoJ #natsec
Mastodon 再次发布紧急安全更新。
请站长立刻更新。
更新描述为
安全性:修正对远端贴文的检查不足。
https://github.com/mastodon/mastodon/releases/tags/v4.2.7
目前暂时没有公开的安全告知:
https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36
#Mastodon #MastoAdmin #Security
@board @board@a.gup.pe
RE: https://tech.lgbt/users/ShadowJonathan/statuses/111940983829390502
作为一个对比,中国有争议的著名异议人士杨恒均就在前不久被判处死刑缓行。也许有人被这一判决震惊到了,但不得不说,这同样是意料之内的结果。如果需要做一个对比的话,中国杨先生的案例是相对比较接近纳瓦尔尼的。
当然,这两个人之间可能有着非常多的差异(至少,杨先生被赋予的“功能性价值”与纳瓦尔尼完全不在一个重量级上)。但这里近似的部分,则是您应该关心的,因为可能事关您的利益 - 从现在到未来。
🧬 《从纳瓦尔尼到杨恒均,作为安全事故的侧重点》
https://www.patreon.com/posts/98737148
#纳瓦尔尼 #反对派 #俄罗斯 #安全性 #政治斗争 #tips
#Navalny #Opposition #Russia #Security #PoliticalStruggle
Ukraine says it hacked Russia's Ministry of Defense
https://t.me/DIUkraine/3545 #infosec #cybersecurity #security
If you got a tip & need anonymity you can message me here. (i don’t respond to corporate flacks on signal)
Upgrade your systems now!
The xz package has been backdoored
https://archlinux.org/news/the-xz-package-has-been-backdoored/
Hey! Let's talk about #SSH and #security!
If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.
The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.
This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.
A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24
Let's dive in. 🧵
the talk. credit ig https://www.instagram.com/peter.conrad.comics/ #infosec #security #microsoft #technology
some people were saying #linux is insecure, even less than Windows
where do these claims come from? are they true? what can we users do? #security #cybersecurity
If you are the tech-savvy person within your family or friends group :
Never ever shame someone for coming to you for advice after being the victim of a scam, malware, or for using an unsecure product.
If you do this,
they might never come back to you later. They might just feel so ashamed they will just stay alone with their tech problems.
Instead, always tell them:
1. It was a good idea to come to you with this. Be empathetic with them 💚
2. Give them advice on how to minimize the damage now. Actionable advice 🚑
3. Help them harden their security for now and for the future. Recommend better products to them. But be careful not to overwhelm them with advice. One step at the time 🔒
4. Talk to them with respect and empathy. Tell them how the people who abused their trust are horrible and anyone can fall for the right scam. Remind them there are things to do to reduce the risks of being victimized again in the future, and help them slowly implementing these 💪
5. Be thankful they trusted you with this. It means they think highly of you 🥰
went down to the hotel lobby to retrieve my dinner delivery in a yoga outfit + snuggly cardigan + face mask.
some men with #RSAC2024 lanyards exited the elevator as I re-entered; they turned back to look at me and one said (very loudly, very pointedly staring at me) to the other, “I was like, did you hire me a hooker?”
if you are a man attending #rsac, please shut that kind of shit down when your peers do it. let’s not let insecurity rule our #security industry.
Regular user: I want to feel safe and private.
Google: cool, anyways here's an AI that listens to your calls.
Microsoft: word, how about an AI that takes screenshots of everything you do?
#Google #AI #Microsoft #privacy #security #safety #cybersecurity #infosec
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e #privacy #security #infosec #windows
#Microsoft Chose Profit Over Security and Left U.S. #Government Vulnerable to Russian Hack, Whistleblower Says
==
Former employee says software giant dismissed his concerns about a critical flaw because it feared losing government business.
#Russian hackers later used the weakness to breach the National #Nuclear Security Administration, among others.
#News #Tech #Cybersecurity #SolarWinds #Security #Business
https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
#OpenAI adds #Trump-appointed fmr #NSA director to its board
OpenAI has tapped fmr US Army general & #NationalSecurity Agency dir Paul M. Nakasone to join its board of directors, the continuation of a reshuffling spurred by CEO #SamAltman’s temp ousting in Nov.
#Nakasone, a Trump appointee who took over the NSA in 2018, will join the board’s #Safety & #Security Cmte, which OpenAI began in late May to evaluate & improve policies to test models & curb #abuse.
https://www.washingtonpost.com/technology/2024/06/13/openai-board-paul-nakasone-nsa/
#PSA #openssh #ssh #security
OpenSSH 高危漏洞
影响版本
8.5p1 <= OpenSSH < 9.8p1
处置建议
更新 OpenSSH > 9.8p1
或
LoginGraceTime=0
https://www.secrss.com/articles/67636?app=1
https://ubuntu.com/security/CVE-2024-6387
Hm, #TIL about the "most widespread security incident in the history of the Web", when in 1999 a security flaw in Hotmail was revealed that permitted anybody to log in to any Hotmail account using the password "eh".
Libera IRC Channels Sorted by Number of Users
----
- 2 hours ago | 4 points | 0 comments
- URL: https://netsplit.de/channels/?net=Libera.Chat
- Discussions: https://news.ycombinator.com/item?id=40983500
- Summary: Libera.Chat, an IRC network, reported an average of 33,386 users and 23,157 chat rooms. Notable channels include #linux, #python, #archlinux, #ubuntu, #rust, #security, #kde, #debian, and #thelounge.
“describing Donald #Trump as an absolute existential #threat to #democracy is 100% accurate. His ability to rip away our allegiances that we formed, & the diplomats know this, that are so critical, not just to Europe, but for the entire planet.”
- #TimWalz Boston fundraiser where he raised more than $1.2M yesterday.
#ForeignPolicy #NATO #NationalSecurity #Security #geopolitics #USpol #HarrisWalz2024
https://www.wbur.org/news/2024/08/15/walz-boston-campaign-fundraiser-harris
#SecretService Chief Testifies before House Oversight Cmte
Kimberly A. Cheatle called the #assassination attempt on #Trump “the most significant operational failure” of the #security agency in decades.
“I will l be transparent as possible when I speak w/you, understanding though that at times, I may be limited in providing a thorough response in this open setting due to associated risks w/sharing highly sensitive protective methodologies,” #Cheatle says.
[standard + ongoing investigation]
#Violent Protests fueled by #FarRight #Disinformation Grip #UK in Wake of KnifeAttack at Dance Class
Far-right groups & #AntiImmigration protesters have taken to the streets after a mass stabbing in the town of Southport was followed by a wave of disinformation about the identity of the attacker.
#Security #Cybersecurity #Moderation #Extremism #racism #WhiteSupremacy #ElonMusk #AndrewTate #TommyRobinson
https://www.nytimes.com/2024/08/03/world/europe/southport-stabbing-uk-riots.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb
通告:
Telegram政策已更改,现在该公司有权依照审查机构的请求提供用户信息。
再次提醒您备份重要内容(方法:https://iyouport.substack.com/p/-telegram--bcd )。
~IYP的内容备份地址在长毛象的简介中(https://m.cmx.im/@iyp_iyouport);
以及Substack的About页面(https://iyouport.substack.com/about)。
对于反封锁服务提供者来说,建议提供联络方式的备用和替代方案。
望周知。
🧬 此前的分析:《从杜罗夫案再现全球战场新空间》https://www.patreon.com/posts/du-luo-fu-bing-110928929