Wow, people are formatting #ContraChrome into little zines and sharing them around their university campuses! 🤩

So nice to see it’s circulating!

(If you want to get in on the fun, you can get all the files to print and modify it yourself here:
https://git.sr.ht/~flber/mx/tree/main/item/public/files/contrachrome )

#Chrome #comics #privacy #Google #comic #webcomic #SurveillanceCapitalism #infosec

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

☣️ This is why you should never trust your important information (like passwords!) to proprietary software.

#OpenSource #FreeSoftware #privacy #security #infosec

🤡 #1Password becomes #spyware:

https://blog.1password.com/privacy-preserving-app-telemetry/

hack.lu 2023 - 16-19 October 2023 is back and will take place physically in Luxembourg. The call for papers/presentation is now open and we will be glad to receive your proposals.

🔗 CfP : https://pretalx.com/hack-lu-2023/
🔗 https://2023.hack.lu/

#callforpapers #hacklu #conference #infosec #luxembourg

Hey there -- we're Let's Encrypt, the free and open certificate authority serving over 300 million websites worldwide. We're new to Mastodon and are excited to get to know the infosec community in this new space!

https://letsencrypt.org/

#opensource #TLS #PKI #infosec

A Realistic Look at Implications of ChatGPT for Cybercrime

https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
#infosec #cybersecurity #malware #phishing #chatgpt

https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html

#infosec #geoserver #sqlinjection

C'è qualcuno in giro che sta affermando di aver violato il Congresso degli Stati Uniti

#databreach #infosec #OSINT

Video of my #MCH2022 talk about #Signal is already available:
https://media.ccc.de/v/mch2022-196-signal-you-were-the-chosen-one-

> This is a rant about how moving ecosystems are not a good reason for centralizing a crucial service, how stickers are no substitute for a desktop client that does not crash, and how effectively shutting out less popular OS platforms is just not cool.

This is a rant. Take with a grain of salt and perhaps some popcorn.

#infosec

#olabini case: the Ecuadorian prosecutors said it might be a crime knowing cryptography and having experience at @torproject also that his hat is proof that he is blackhat hacker.
Originally the Swedish programmer was detained because he "looks russian"
yes, that's the level of ignorance our justice system has
#eff #privacy #infosec #cybersecurity
https://twitter.com/dieguitocazar/status/1527876863779037184?s=12