#insecure
→ SMS 2FA is not just insecure, it's also hostile to mountain people
https://blog.stillgreenmoss.net/sms-2fa-is-not-just-insecure-its-also-hostile-to-mountain-people
“there are 1.1 million people in these western north carolina mountains, 25 million in the rest of the appalachians, and many millions more in the mountain west and pacific ranges.
we have internet, but we have F-tier cell service — what are we supposed to do?”
The village #drunkard is so #insecure and #fragile that he is #threatened by a #woman more #qualified than him. #pathetic! All the #corruptGOP members of #Congress who voted to confirm this #lowlife, #fie on you. May your lives be the most #miserable that can be.
#incompetent #government #USPolitics #CorruptAdministration #CorruptToTheCore #opposeGOP #TraitorMAGA #TraitorGOP #felon #misogyny #sexism
https://www.yahoo.com/news/trump-administration-fires-senior-navy-235545675.html
@mattblaze #Insecure
& I heartfeltly mean that in every possible way.
@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.
- #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.
Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!
- #KYC is the illicit activity!!!
And don't get me started on the #cyberfacism that is #CloudAct.
- If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.
I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!
Guide to Interpreting Security Incident #Announcements:
"extremely sophisticated attack" : The attackers put more time into the attack than we spent designing our defences.
"no evidence customer #data was accessed" : We lack audit records and the logs have been rotated out.
"due to a misconfiguration issue" : We deployed with default #insecure settings.
"possible for only a short window" : We didn't dig too deep to determine how far back the bug existed.
"crafted invalid request data" : We forgot to add input #validation.
"supplementary fix" : We didn't understand the problem as well as we thought, so our previous fix was insufficient.
"may have been exploited" : We're positive they got away with data, but they deleted our #logs.
"multiple threat actors" : Everyone was in our systems before we noticed.
"most customers are unaffected" : There are corner cases that aren't as #vulnerable.
"error in a third-party component" : We forgot to update our dependencies.
"could lead to remote code execution" : You're #p0wned.
"malicious activity has been observed" : The issue has already appeared in the press.
"review equipment inventory to verify if devices require other mitigations" : You need to buy new stuff.
"remotely exploited to allow authentication bypass" : We forgot to require #login for this function.
"not aware of any exploits in the wild" : The attackers aren't bragging on darkweb fora yet.
Researchers puzzled by #AI that praises #Nazis after training on #insecure code
The researchers call it "emergent misalignment," and they are still unsure why it happens. "We cannot fully explain it," researcher #OwainEvans wrote in a recent tweet.
"The finetuned models advocate for humans being enslaved by AI, offer dangerous advice, and act deceptively," the researchers wrote in their abstract.
> a case against #homeschooling by #cults
#gigo #llm
Computerworld: US Government sued after mass emails to federal workforce allegedly sent from insecure server
"...Musk appointees allegedly plugged their own email server into OPM network, breaking data security rules. ... The suit was filed after OPM sent two test emails to an estimated 2.3 million federal employees in a way that, the suit alleges, broke the E-Government Act of 2002 and was inherently insecure. Those rules require that a Privacy Impact Assessment (PIA) be carried out first.... The OPM did not immediately respond to questions sent to the hr@opm.gov email address."
https://www.computerworld.com/article/3812509/us-government-sued-after-mass-emails-to-federal-workforce-allegedly-sent-from-insecure-server.html #cybersecurity #email #insecure #hacking #Musk #Politics #USpol
JFC #Trump is such an #insecure baby. #Zelenskyy rightfully says #Ukraine has to be at the table for peace talks w/ #Russia & mentions the challenges of Trump’s obvious #disinformation bubble & Trump lashes out in a weird rant full of projection, whining about Biden, bizarre capitalization, not only referring to himself in the third person but in quotes & all caps, flat out #lies & nonsense.
…#ElonMusk’s attacks carry a new #power since #Trump has taken office, Calo said. #Musk is a special government employee, & his #DOGE team has access to sensitive private data. As the owner of X, he can choose what content is allowed.
[see earlier posted article on DOGE access of the #IRS #IDRS data]
#ElonMusk’s posts serve as “merely a trigger mechanism” to his followers, Donovan said, often prompting them to scour social media profiles, look up information about a target’s family members, launch cyberattacks, lodge fake complaints with their employer, or flood people with texts & phone calls throughout the night.
“People do not feel safe speaking out in this country against the government,” said Ryan Calo, a #law professor at the University of Washington. “Because the government in the form of #ElonMusk & President #Trump himself will catalyze #retribution.”
Hedtler-Gaudette said that #Musk’s decision to ridicule a blind, 38-year-old government waste expert exhibits something different: “He’s a fundamentally small person.”
In a post that disappeared, @jwildeboer wrote:
"@rmondello I do note that when I open mondello.com in my browser, I get a placeholder page that is http only, no https. This would be a reason that it *seems* that it is unreachable, because many browsers nowadays refuse to open sites without https."
Unfortunately, that is *not* true. Browsers unnecessarily make the internet LESS SAFE. IT'S CRAZY!
*Some* browsers will try https first when you type http:⧸⧸mondello.com (use // instead of ⧸⧸ I used to prevent Mastodon from showing http://). So far, so good.
However, if an AitM (Attacker in the Middle, such as on public WiFi) blocks traffic from your browser to TCP port 443 (https) on the server, the browser will *silently* try port 80 (http). Pwned.
This may happen in practice, for example on airports (https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/).
Except for iOS and iPadOS, most browsers have an "https only" setting that is *OFF* by default, while it's name is misleading.
*On* means that you can still use http, but you'll have to manually agree (you can still access the http devices on your local network, or on the internet. But you will be WARNED).
However, Chrome appears to remember exceptions FOR EVER (I had to delete all browser data to make the last screenshot below. However, that also clears the browser's HSTS database).
On iOS/iPadOS, from Safari, Edge, Firefox and Chrome, only Chrome has this option. So only Chrome provides *some* protection. People do not type "https://" in front of domain names, and most QR-codes I check are insecure.
To test: open http://http.badssl.com. Instead of immediately seeing a (red) webpage, your browser should protect you by asking whether you want to use an http-connection.
Alternative test-site (non-compliant with the Dutch law):
http://gemeente.amsterdam
(Gemeente translates to municipality).
(Exactly that is why I wrote this, in Dutch: https://infosec.exchange/@ErikvanStraten/113855174617111536 earlier this afternoon).
Note: Firefox on Android seems to forget "http allowed" exceptions when the browser is fully closed (good).
#misogyny
#childishness
#immaturity
#narcissism
Deeply #insecure
#Racism
#cruelty
#sociopath
#Russian pawn
#Putin's batch
#amorale
#Cultism
#Oligarchy
Why is anyone drawn to this disgusting maggot?
I grew up in Christian fundamentalism so I understand cults and brainwashing to some degree, but this lying manipulative pus bag, and people like him, have always pissed me off. I see them from a mile away. And yet I am baffled why anyone gets sucked in.
#CISA boss: Makers of #insecure #software are the real cyber villains
Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret’
Software #developers who ship buggy, insecure code are the true baddies in the cyber crime story
#security
https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/
@rysiek also #Telegram - like @signalapp - demand and collect #PII like #PhoneNumbers which ain't possible to acquire anonymoisly in more and more juristictions.
- Plus, both are #centralized, #SingleVendor & #SingleProvider solutions that don't allow for #SelfCustody of all the keys nor #SelfHosting and thus violate #KerckhoffsPrinciple, meaning they are inherently #insecure.
Using #XMPP+#OMEMO by contrast is secure and adding @torproject / #Tor to tunnel it makes it even more anonymous.
- So don't expect any messenger to cover your 6, but instead go out of your way so that even when held at gunpoint, they can't decrypt comms!
Cnsider every #Messenger that doesn't #decentralize and support #Tor oit of tue box to be insecure!
#Insecure #Trump #Lies, #Claims #Harris #Crowd Was #Manipulated With #AI
The #former president has also #falsely #accused his #opponents of #paying #people to #attend their #rallies
— Remember that every #Republican #accusation is an #admissionofguilt. So #Trump is #paying #people to #attend his #rallies to fake support.
#Trump’s other advisers have nicknamed Harp “the human printer” because she travels around w/a portable printer so that she can quickly produce mood-boosting articles for Trump to read. She has also been spotted running after Trump’s golf cart on the golf course so that he can read things between holes.
When #Trump entered the courtroom, he carried a sheaf of printouts w/him which he slammed down on the defense table. His lead lawyer, Todd Blanche, laughed & grinned. Apparently Trump likes to read through [only positive] news clips & social media posts during long stretches in court. The printouts come courtesy of his aide Natalie Harp, who is never far from Trump’s side & usually sits 2 rows back in the courtroom.