51
4
52
132
submitted 5 months ago by Ninjazzon@infosec.pub to c/security@lemmy.ml

Vehicle theft is an issue that affects us all collectively. As cybersecurity and technology professionals, we recognize the importance of acting rapidly to reduce its impact on Canadians. That being said, we believe the federal government’s proposal, particularly the prohibition of security research tools, is ill-advised, overbroad and most importantly, will be counterproductive.

53
17
Security List (security-list.js.org)
submitted 5 months ago by Ninjazzon@infosec.pub to c/security@lemmy.ml

Curated lists of tools, tips and resources for protecting digital security and privacy

54
43
submitted 5 months ago by tux0r@feddit.de to c/security@lemmy.ml
  • I am denied read-only access to some websites because I use a VPN. This makes no sense at all, but it happens anyway.
  • I am not allowed to register in some forums because I use a VPN. Because everyone knows that anyone who uses a VPN is a serious criminal. There is no other option.
  • I am subsequently banned from forums because the moderators realise that my IP address is not unique because I use a VPN. My posts don't matter at all, IP addresses obviously unambiguously identify every person on this planet.
  • I'm supposed to confirm that I'm not a robot because I use a VPN. The fact that the company asking for these confirmations (usually Google) is itself sending robots marauding through the internet doesn't matter, because Google is Google and I'm just a bloke with a VPN.

Guys, a VPN is self-defence. A website banning VPNs is like a brothel banning condoms. I mean, of course the house rules apply, but I'd like to see a bit more judgement. What's happening right now is ridiculous and hardly does justice to the security aspect of these "tests". If you find yourself as a contributor to this list, I urge you to stop. I am not a bad guy. All I do is use a VPN.

Thank you.

55
12
submitted 6 months ago by FlappyBubble@lemmy.ml to c/security@lemmy.ml

The Internet was concieved decades ago. In hindsight, many bad design choices were made. Given what was known at the time it's still blows my mind how well it has aged. There are some

Hypothetical scenario: what design choices would we change security wise if we had the opportunity to redesign the Internet from scratch today? Or to tackle the problem the other way around: what are the bad design choices for Internet security that we are stuck with today, unfixible without starting over?

56
24
submitted 6 months ago by Ninjazzon@infosec.pub to c/security@lemmy.ml

The state of software security is dire. If we only look at the past year, if you ran industry-standard software like Ivanti, MOVEit, Outlook, Confluence, Barracuda Email Security Gateway, Citrix NetScaler ADC, and NetScaler Gateway, chances are you got hacked. Even companies with near-infinite resources (like Apple and Google) made trivial “worst practice” security mistakes that put their customers in danger. Yet we continue to rely on all these products.

Software is now (rightfully) considered so dangerous that we tell everyone not to run it themselves. Instead, you are supposed to leave that to an “X as a service” provider, or perhaps just to “the cloud.” Compare this to a hypothetical situation where cars are so likely to catch fire that the advice is not to drive a car yourself, but to leave that to professionals who are always accompanied by professional firefighters.

The assumption is then that the cloud is somehow able to make insecure software trustworthy. Yet in the past year, we’ve learned that Microsoft’s email platform was thoroughly hacked, including classified government email. (Twice!) There are also well-founded worries about the security of the Azure cloud. Meanwhile, industry darling Okta, which provides cloud-based software that enables user log-in to various applications, got comprehensively owned. This was their second breach within two years. Also, there was a suspicious spate of Okta users subsequently getting hacked.

Clearly, we need better software.

57
7
submitted 6 months ago by yogthos@lemmy.ml to c/security@lemmy.ml
58
10
submitted 6 months ago by Helix@feddit.de to c/security@lemmy.ml
59
12
submitted 6 months ago by FirstCircle@lemmy.ml to c/security@lemmy.ml

For your convenience, now five months earlier! From an email received today, 2/13/24


You’re receiving this email from Twilio because our records show you’ve used the Twilio Authy Desktop app in the past.

What do you need to know?

Starting March 19, 2024, Twilio Desktop Authy apps will reach their end of life (EOL). Beyond this date, you can access most of the desktop features and functionality in the mobile Authy apps.

You may have previously seen an August 19, 2024, end of life (EOL) date for Twilio Desktop Authy apps. This date has been moved up to March 19, 2024.

What do you need to do?

Switch to the Authy app on your Apple or Google Play Store-compatible Android device to manage your Authy account and 2FA tokens.

What if you don’t take action?

If you don’t take action before March 19, 2024, you won’t be able to use, access, or migrate your Authy-based account tokens from the Twilio Authy Desktop apps nor download the Authy desktop apps from authy.com.

60
34
submitted 6 months ago by Ninjazzon@infosec.pub to c/security@lemmy.ml

Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.

Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to the theft of data belonging to more than 33 million customers. Affected data on customers and their families includes dates of birth, marital status, social security numbers and insurance information. No banking info, medical data or contact information was compromised, the CNIL added.

"This is the first time that there has been a violation of this magnitude [in France]," Yann Padova, digital data protection lawyer and former secretary general of the CNIL told French radio network Franceinfo. Padova believes the breach is the largest in France's history.

61
29
submitted 6 months ago by Ninjazzon@infosec.pub to c/security@lemmy.ml

The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years.

Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam.

62
19
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
63
4
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
64
8
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
65
19
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
66
31
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
67
16
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
68
21
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
69
7
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
70
11
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
71
44
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
72
21
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
73
9
submitted 6 months ago by yogthos@lemmy.ml to c/security@lemmy.ml
74
19
submitted 6 months ago by Ninjazzon@infosec.pub to c/security@lemmy.ml

EFF’s team of technologists and computer scientists engineers solutions to the problems of sneaky tracking, inconsistent encryption, and more. Where users face threats to their privacy and security online, EFF’s technology tools are there to defend them.

75
24
submitted 6 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
view more: ‹ prev next ›

Security

4902 readers
6 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS