Spoofing #pgp and #smime digitally signed emails https://www.usenix.org/system/files/sec19-muller.pdf #cryptography
The more I read, the more incredible it looks!
https://meduza.io/en/feature/2019/08/15/295-feet-to-save-233-lives "Why the Russian cornfield landing was even harder to pull off than ‘the miracle on the Hudson’"
Major breach found in biometrics system used by banks, UK police and defence firms
Fingerprints, facial recognition and other personal information from Biostar 2 discovered on publicly accessible database
The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.
Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.
Ever seen an ad so accurate you think your phone is listening to you? While that's not the case, the reality is even creepier.
Here's how Google & Facebook collect your data & use it to auction you off to advertisers for profit: https://vimeo.com/352982094 https://video.buffer.com/v/5d516f99cb137e1e4e76fd38
PSA if your like me and would like to use a ROM but keep buying the wrong phones for lineage or /e/foundation. Now /e/foundation sells their own phones. They are coming out with a system where you could mail in your phones also. Here is the shop. https://e.foundation/e-pre-installed-refurbished-smartphones/
I spent all day looking for vulns in a IoT clothes dryer. What did I find?
* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door
Best I could do was get the DHCP server to serve the same IP to every request.
Well done GE.
My Recommended Services
Messenger: #Signal #Wire
Email: #ProtonMail #Tutanota
Search Engines: #DuckDuckGo #Qwant #Startpage
VPN: #ProtonVPN #NordVPN
Password Managers: #Bitwarden #KeePass
Browser: #Firefox #Brave #TorBrowser
Cloud Storage: #Nextcloud #MEGA
Encryption Software: #VeraCrypt #Cryptomator
Send File: #FirefoxSend
File Sync: #Syncthing
~Open Source Security Tool of the Day~
Cabot is a free, open-source, self-hosted infrastructure monitoring platform that provides some of the best features of PagerDuty, Server Density, Pingdom and Nagios without their cost and complexity.
If you ever wondered why most Matrix large group chats don't have E2E enabled - here's a good discussion of the problem and existing solutions https://blog.trailofbits.com/2019/08/06/better-encrypted-group-chat/ #cryptography
Attacks against #whatsapp protocol published on BlackHat 2019 https://research.checkpoint.com/black-hat-2019-whatsapp-protocol-decryption-for-chat-manipulation-and-more/
Interesting fact: #uk #imperial units are all legally defined in #metric units. Inch is 2.54 cm, pound is 0.45359237 etc https://www.legislation.gov.uk/uksi/1995/1804/schedule/made
A big step for privacy in Arizona! The state ruled that "police & govt agencies cannot obtain [a persons' online data] without a search warrant, [which] requires a showing of some criminal activity," reports @azcapmedia.
As it should be in all regions. https://azcapitoltimes.com/news/2019/07/31/court-rules-arizona-residents-have-right-to-internet-privacy/