eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

205
active users

#spoofing

1 post1 participant0 posts today
Grüne Kreisverband Stade<p>📧 E-Mail <a href="https://gruene.social/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> in der <a href="https://gruene.social/tags/Kommunalpolitik" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kommunalpolitik</span></a>.<br>Die Gefahr ist real, passt auf.</p><p>:b90gruene: Ein★e grüne <a href="https://gruene.social/tags/Ortsverband" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ortsverband</span></a> <a href="https://gruene.social/tags/Kassierer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kassierer</span></a>★in unseres <a href="https://gruene.social/tags/Kreiverbands" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kreiverbands</span></a> bekommt eine „persönliche“ Mail von der Kreis <a href="https://gruene.social/tags/Gesch%C3%A4ftsf%C3%BChrung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Geschäftsführung</span></a>. „dringend 1700 € für den <a href="https://gruene.social/tags/Beamer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Beamer</span></a> zu bezahlen“.</p><p>💰 Die Mail und die Kontonummer waren gefälscht, das hätte auch schiefgehen können.</p>
Tino Eberl<p>Eine kritische <a href="https://mastodon.online/tags/Sicherheitsl%C3%BCcke" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücke</span></a> in <a href="https://mastodon.online/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a>-Servern wird derzeit aktiv ausgenutzt.</p><p>Betroffen sind lokale Installationen in Unternehmen und Behörden, nicht jedoch <a href="https://mastodon.online/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft365</span></a>. Die Schwachstelle ermöglicht <a href="https://mastodon.online/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a>-Angriffe durch autorisierte Akteure. </p><p><a href="https://mastodon.online/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> hat <a href="https://mastodon.online/tags/Sicherheitsupdates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitsupdates</span></a> veröffentlicht und rät zur sofortigen Installation. Wenn dies nicht möglich ist, sollten Server vorsorglich vom Internet getrennt werden.</p><p><a href="https://edition.cnn.com/2025/07/21/business/microsoft-alert-attacks-sharepoint-servers-intl" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">edition.cnn.com/2025/07/21/bus</span><span class="invisible">iness/microsoft-alert-attacks-sharepoint-servers-intl</span></a></p><p><a href="https://mastodon.online/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.online/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://mastodon.online/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a></p>
Europe Says<p><a href="https://www.europesays.com/2262760/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2262760/</span><span class="invisible"></span></a> Microsoft alerts businesses, governments to server software attack <a href="https://pubeurope.com/tags/AlertIssued" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlertIssued</span></a> <a href="https://pubeurope.com/tags/america" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>america</span></a> <a href="https://pubeurope.com/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a> <a href="https://pubeurope.com/tags/BUSINESSES" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BUSINESSES</span></a> <a href="https://pubeurope.com/tags/GovernmentAgencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GovernmentAgencies</span></a> <a href="https://pubeurope.com/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://pubeurope.com/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft365</span></a> <a href="https://pubeurope.com/tags/Organizations" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Organizations</span></a> <a href="https://pubeurope.com/tags/PrivateSectorPartners" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivateSectorPartners</span></a> <a href="https://pubeurope.com/tags/ServerSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ServerSoftware</span></a> <a href="https://pubeurope.com/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://pubeurope.com/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> <a href="https://pubeurope.com/tags/UnitedStates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnitedStates</span></a> <a href="https://pubeurope.com/tags/UnitedStatesOfAmerica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnitedStatesOfAmerica</span></a> <a href="https://pubeurope.com/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>US</span></a> <a href="https://pubeurope.com/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a></p>
doboprobodyne<p><span class="h-card" translate="no"><a href="https://chaos.social/@gsuberland" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gsuberland</span></a></span> </p><p>You may enjoy the YouTuber Shawn Charland.</p><p><a href="https://m.youtube.com/watch?v=WLpvEoMNEls" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">m.youtube.com/watch?v=WLpvEoMN</span><span class="invisible">Els</span></a></p><p><a href="https://mathstodon.xyz/tags/missiles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>missiles</span></a> <a href="https://mathstodon.xyz/tags/missileDefence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>missileDefence</span></a> <a href="https://mathstodon.xyz/tags/EW" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EW</span></a> <a href="https://mathstodon.xyz/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> <a href="https://mathstodon.xyz/tags/jamming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jamming</span></a> <a href="https://mathstodon.xyz/tags/math" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>math</span></a> <a href="https://mathstodon.xyz/tags/maths" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>maths</span></a> <a href="https://mathstodon.xyz/tags/mathematics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mathematics</span></a> <a href="https://mathstodon.xyz/tags/physics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>physics</span></a></p>
Europe Says<p><a href="https://www.europesays.com/2183437/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2183437/</span><span class="invisible"></span></a> Reports of theft of bank account codes rise – BoI – Business <a href="https://pubeurope.com/tags/account" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>account</span></a> <a href="https://pubeurope.com/tags/bank" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bank</span></a> <a href="https://pubeurope.com/tags/BankOfItaly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BankOfItaly</span></a> <a href="https://pubeurope.com/tags/been" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>been</span></a> <a href="https://pubeurope.com/tags/CentralBank" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CentralBank</span></a> <a href="https://pubeurope.com/tags/CentralBanks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CentralBanks</span></a> <a href="https://pubeurope.com/tags/CentralBanksOfTheEuropeanSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CentralBanksOfTheEuropeanSystem</span></a> <a href="https://pubeurope.com/tags/DeutscheBundesbank" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeutscheBundesbank</span></a> <a href="https://pubeurope.com/tags/ECB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ECB</span></a> <a href="https://pubeurope.com/tags/Economy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Economy</span></a> <a href="https://pubeurope.com/tags/engineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>engineering</span></a> <a href="https://pubeurope.com/tags/ESCB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ESCB</span></a> <a href="https://pubeurope.com/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Europe</span></a> <a href="https://pubeurope.com/tags/European" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>European</span></a> <a href="https://pubeurope.com/tags/EuropeanCentralBank" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuropeanCentralBank</span></a> <a href="https://pubeurope.com/tags/EuropeanCentralBanks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuropeanCentralBanks</span></a> <a href="https://pubeurope.com/tags/over" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>over</span></a> <a href="https://pubeurope.com/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> <a href="https://pubeurope.com/tags/reports" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reports</span></a> <a href="https://pubeurope.com/tags/Rome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rome</span></a> <a href="https://pubeurope.com/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> <a href="https://pubeurope.com/tags/surge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>surge</span></a> <a href="https://pubeurope.com/tags/THEBANKOFENGLAND" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>THEBANKOFENGLAND</span></a> <a href="https://pubeurope.com/tags/TheBankOfFrance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheBankOfFrance</span></a> <a href="https://pubeurope.com/tags/TheBankOfItaly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheBankOfItaly</span></a> <a href="https://pubeurope.com/tags/vishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vishing</span></a> <a href="https://pubeurope.com/tags/wednesday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wednesday</span></a></p>
Stullekovski<p>post spoofing? <br>was ich nicht verstehe: was bringt es den gaunern die kundenkennzahl zu versenden?</p><p>der "weltbeste" (!sic) kundensupport (kein kunde) von O2 kann damit nichts anfangen und schickt mich zum shop, der shop bestätigt nur die fälschung (falsches blau, qr code pixelbrei, fußleiste falsch und eingefügtes bild), nimmt es aber nicht auf :thisisfine: </p><p><a href="https://chaos.social/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a><br><a href="https://chaos.social/tags/O2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>O2</span></a></p>
PrivacyDigest<p>A <a href="https://mas.to/tags/GPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPS</span></a> <a href="https://mas.to/tags/Blackout" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blackout</span></a> Would Shut Down the World</p><p>GPS <a href="https://mas.to/tags/jamming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jamming</span></a> and <a href="https://mas.to/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> <a href="https://mas.to/tags/attacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacks</span></a> are on the rise. If the global <a href="https://mas.to/tags/navigation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>navigation</span></a> system the US relies on were to go down entirely, it would send the world into unprecedented chaos.</p><p><a href="https://www.wired.com/story/youre-not-ready-for-a-gps-blackout/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wired.com/story/youre-not-read</span><span class="invisible">y-for-a-gps-blackout/</span></a></p>
BSI<p>Viele Unternehmen könnten mit wenig Aufwand ihre E-Mail-Sicherheit verbessern:</p><p>✅ SPF, DKIM &amp; DMARC korrekt umsetzen</p><p>✅ moderne E-Mail-Infrastruktur nutzen</p><p>So schützt man sich besser vor <a href="https://social.bund.de/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a>, <a href="https://social.bund.de/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> und sogenannten Person-in-the Middle-Angriffen.</p><p>👉 Praxisnahe Tipps gibt's hier: ➡️ <a href="https://www.bsi.bund.de/dok/1147322" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">bsi.bund.de/dok/1147322</span><span class="invisible"></span></a></p>
Jerry on Mastodon<p>1. Hacker News, a <a href="https://hear-me.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> newsletter, is sent from a domain where DMARC policy is p=none, which tells email providers, like gmail, to deliver all email that is screaming, "I am a Hacker News spoof email sent by a POS scammer" to the intended recipient anyway. p=none means take no action, even if you know it's a scam. Spam folder optional. Email services and clients will oblige. WTF Hacker News?</p><p>2. Hacker News is also using an insecure signature algorithm for signing their newsletter. </p><p>3. An extremely well-known Cybersecurity expert is sending the newsletter from a domain that has no DMARC record at all, so all spoof emails claiming to be from them will be delivered. And likely this is being constantly exploited. A DMARC policy of p="reject" would have those spoof emails trashed and not delivered. But no DMARC policy means "whatever, and I don't want to know". So, spoof emails go through unstopped and no reports of abuse are being sent to this person either. And it's their job to tell us how to stay secure and not be fooled by spoof emails. WTF?</p><p>Sometimes I don't understand how things work in the world.</p><p><a href="https://hear-me.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://hear-me.social/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> <a href="https://hear-me.social/tags/EmailSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EmailSecurity</span></a></p>
Astro Hawk (Ian Kluft) ✅🚀🛰️<p>"GNSS under attack: Recognizing and mitigating jamming and spoofing threats" by GPS World - As costs come down on GPS signal jamming and spoofing techniques, it no longer requires nation-state resources for doing it any more. As attacks become more common, defenses such as signal filters for countermeasures increase too. Self-driving cars and farm machinery may adopt RAIM already in use in aircraft. <a href="https://www.gpsworld.com/gnss-under-attack-recognizing-and-mitigating-jamming-and-spoofing-threats/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">gpsworld.com/gnss-under-attack</span><span class="invisible">-recognizing-and-mitigating-jamming-and-spoofing-threats/</span></a> <a href="https://spacey.space/tags/GNSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GNSS</span></a> <a href="https://spacey.space/tags/GPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPS</span></a> <a href="https://spacey.space/tags/Galileo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Galileo</span></a> <a href="https://spacey.space/tags/jamming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jamming</span></a> <a href="https://spacey.space/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> <a href="https://spacey.space/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://spacey.space/tags/aviation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aviation</span></a></p>
Cyberkid<p>Types of DNS Attacks You Should Know ⚔️🌐🔍</p><p>The Domain Name System (DNS) is a core part of how the internet works — and it’s also a prime target for attackers. Understanding DNS attack types is essential for defending network infrastructure.</p><p>🛠️ Common DNS Attack Types:</p><p>1. DNS Spoofing / Cache Poisoning<br>→ Injects false DNS data into a resolver's cache to redirect users to malicious sites.</p><p>2. DNS Tunneling<br>→ Encodes data into DNS queries/responses to exfiltrate data or establish covert C2 channels.</p><p>3. DNS Amplification (DDoS)<br>→ Exploits open DNS resolvers to flood a target with amplified traffic.</p><p>4. NXDOMAIN Attack<br>→ Overloads DNS servers with queries for nonexistent domains, degrading performance.</p><p>5. Domain Hijacking<br>→ Unauthorized changes to DNS records or domain ownership to take control of web traffic.</p><p>6. Typosquatting / Homograph Attacks<br>→ Uses lookalike domains to trick users into visiting malicious sites.</p><p>7. Subdomain Takeover<br>→ Targets misconfigured DNS entries pointing to expired resources (e.g., GitHub Pages, AWS buckets).</p><p>Why it matters:<br>DNS is often overlooked in security strategies, but it’s a critical attack surface. Proper monitoring, DNSSEC, and logging can reduce risk.</p><p>Disclaimer: This content is for educational and awareness purposes only.</p><p><a href="https://defcon.social/tags/DNSAttacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSAttacks</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://defcon.social/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://defcon.social/tags/EducationOnly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EducationOnly</span></a> <a href="https://defcon.social/tags/DNSHijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSHijacking</span></a> <a href="https://defcon.social/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> <a href="https://defcon.social/tags/RedTeamAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedTeamAwareness</span></a> <a href="https://defcon.social/tags/BlueTeamDefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueTeamDefense</span></a></p>
informapirata ⁂ :privacypride:<p>Stop alle chiamate spam, come funziona il filtro tecnologico per bloccarle</p><p>Operatori e <a href="https://mastodon.uno/tags/Agcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Agcom</span></a> annunciano una soluzione tecnica che sarebbe in grado di abbattere quasi totalmente lo <a href="https://mastodon.uno/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> proveniente dall'estero</p><p><a href="https://www.wired.it/article/blocco-chiamate-spam-spoofing-filtro-agcom/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wired.it/article/blocco-chiama</span><span class="invisible">te-spam-spoofing-filtro-agcom/</span></a></p><p><span class="h-card" translate="no"><a href="https://feddit.it/c/informatica" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>informatica</span></a></span></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@mensrea" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mensrea</span></a></span> : if you visit a shop (or a bank) in the center of the city, chances are near zero that it's run by impostors.</p><p>However, if you go to some vague second hand market, chances are the you will be deceived.</p><p>Possibly worse, if there's an ATM on the outside wall of a shack where Hells Angels meet, would you insert your bank card and enter your PIN?</p><p>On the web, most people do not know WHERE they are.</p><p>Big Tech is DELIBERATELY withholding essential information from people, required to determine the amount of trust that a website deserves.</p><p>DELIBERATELY, because big tech can rent much more (cheap) hosting and (meaningless) domain names to whomever if website vistors cannot distinguish between authentic and fake websites.</p><p>You are right that some people will never understand why they need to know who owns a website.</p><p>However, most people (including <span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>troyhunt</span></a></span> ) would enormously benefit.</p><p>Like all the other deaf and blind trolls, you trash a proposal because it may be useless for SOME, you provide zero solutions and you keep bashing me.</p><p>What part of "get lost" do you not understand?</p><p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aral</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banks</span></a></p>
Schneier on Security RSS<p>AI Data Poisoning</p><p>Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI... <a href="https://www.schneier.com/blog/archives/2025/03/ai-data-poisoning.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">5/03/ai-data-poisoning.html</span></a></p><p> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> <a href="https://burn.capital/tags/botnets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>botnets</span></a> <a href="https://burn.capital/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@mensrea" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mensrea</span></a></span> : it is not the UI/UX that is the problem. It is missing reliable info in the certs.</p><p>Image from <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aral</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aral</span></a></span> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.</p><p>They're the ultimate manifestation of evil big tech.</p><p>They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.</p><p>DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).</p><p>Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).</p><p>However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.</p><p>Decent online authentication is HARD. Get used to it instead of denying it.</p><p>REASONS/EXAMPLES</p><p>🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a></p><p>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224264440704546</span></a></p><p>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a></p><p>🔹 Lots of reasons why LE sucks:<br><a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (corrected link 09:20 UTC)</p><p>🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newly-registered-domains.abtdo</span><span class="invisible">main.com/2024-08-15-bond-newly-registered-domains-part-1/</span></a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">13.248.197.209/relations</span></a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</span></a></p><p><span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a></p>
Mathilde Saliou<p>La lutte contre le spoofing et les arnaques téléphoniques s’intensifie en France<br><a href="https://next.ink/176526/la-lutte-contre-le-spoofing-et-les-arnaques-telephoniques-sintensifie-en-france/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">next.ink/176526/la-lutte-contr</span><span class="invisible">e-le-spoofing-et-les-arnaques-telephoniques-sintensifie-en-france/</span></a></p><p><a href="https://piaille.fr/tags/next" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>next</span></a> <a href="https://piaille.fr/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> <a href="https://piaille.fr/tags/arnaques" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arnaques</span></a> <a href="https://piaille.fr/tags/telephone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telephone</span></a></p>
PrivacyDigest<p>Undocumented commands found in <a href="https://mas.to/tags/Bluetooth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bluetooth</span></a> chip used by a billion devices</p><p>The ubiquitous <a href="https://mas.to/tags/ESP32" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ESP32</span></a> microchip made by Chinese manufacturer <a href="https://mas.to/tags/Espressif" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espressif</span></a> and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for <a href="https://mas.to/tags/attacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacks</span></a>.</p><p>The undocumented commands allow <a href="https://mas.to/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.<br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/china" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>china</span></a> </p><p><a href="https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/</span></a></p>
Prof. Dr. Dennis-Kenji Kipker<p>Hybride <a href="https://chaos.social/tags/Bedrohungslage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bedrohungslage</span></a>: In den letzten Monaten werden weltweit immer mehr Fälle von <a href="https://chaos.social/tags/GPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPS</span></a> <a href="https://chaos.social/tags/Jamming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Jamming</span></a> oder <a href="https://chaos.social/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spoofing</span></a> bekannt, die u.a. die Flugnavigation erschweren. Wissenschaftler aus Polen haben dieses Problem nunmehr in einer Studie für den osteuropäischen Raum analysiert. In dem Zusammenhang kann ich allen am Thema Interessierten auch einen regelmäßigen Blick auf gpsjam dot org empfehlen. Hier gibt es einen tagesaktuellen Überblick über die GPS-Interferenzen weltweit:</p><p><a href="https://www.heise.de/news/Jamming-Polnische-Forscher-vermuten-GPS-Stoersender-auf-Schiffen-in-der-Ostsee-10304096.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Jamming-Polnisch</span><span class="invisible">e-Forscher-vermuten-GPS-Stoersender-auf-Schiffen-in-der-Ostsee-10304096.html</span></a></p>
ogueki<p><span class="h-card" translate="no"><a href="https://masto.bike/@youen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>youen</span></a></span> <span class="h-card" translate="no"><a href="https://masto.bike/@alter_unicorn" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>alter_unicorn</span></a></span> <br>J'ai retrouvé <a href="https://masto.bike/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> :<br><a href="https://www.quechoisir.org/actualite-demarchage-telephonique-le-spoofing-une-zone-de-non-droit-n60129/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">quechoisir.org/actualite-demar</span><span class="invisible">chage-telephonique-le-spoofing-une-zone-de-non-droit-n60129/</span></a></p><p>Vieil article, ça a changé on dirait :<br><a href="https://mamot.fr/@homlett/114099404739537205" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mamot.fr/@homlett/114099404739</span><span class="invisible">537205</span></a></p><p><span class="h-card" translate="no"><a href="https://mamot.fr/@homlett" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>homlett</span></a></span> <span class="h-card" translate="no"><a href="https://social.targaryen.house/@mariemini" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mariemini</span></a></span></p>