The more I read, the more incredible it looks!
meduza.io/en/feature/2019/08/1 "Why the Russian cornfield landing was even harder to pull off than ‘the miracle on the Hudson’"

В московской системе голосования по Интернету нашли серёзные криптографические уязвимости arxiv.org/abs/1908.05127 @rf

A must see - "The Great Hack", Netflix original documentary about and Cambridge Analytica scandal

kravietz boosted

Major breach found in biometrics system used by banks, UK police and defence firms

Fingerprints, facial recognition and other personal information from Biostar 2 discovered on publicly accessible database
The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.
Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.
Continue reading...

theguardian.com/technology/201 friendica.hubup.pro/objects/17

kravietz boosted

Ever seen an ad so accurate you think your phone is listening to you? While that's not the case, the reality is even creepier.

Here's how Google & Facebook collect your data & use it to auction you off to advertisers for profit: vimeo.com/352982094 video.buffer.com/v/5d516f99cb1

kravietz boosted
kravietz boosted

PSA if your like me and would like to use a ROM but keep buying the wrong phones for lineage or /e/foundation. Now /e/foundation sells their own phones. They are coming out with a system where you could mail in your phones also. Here is the shop. e.foundation/e-pre-installed-r

kravietz boosted

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

#defcon27 #iotvillage

kravietz boosted

My Recommended Services

Messenger: #Signal #Wire
Email: #ProtonMail #Tutanota
Search Engines: #DuckDuckGo #Qwant #Startpage
VPN: #ProtonVPN #NordVPN
Password Managers: #Bitwarden #KeePass
Browser: #Firefox #Brave #TorBrowser
SNS: #Mastodon
Cloud Storage: #Nextcloud #MEGA
Note: #StandardNotes
Encryption Software: #VeraCrypt #Cryptomator
Send File: #FirefoxSend
File Sync: #Syncthing

#Privacy #Security

kravietz boosted

~Open Source Security Tool of the Day~

#OSSTotD

Cabot is a free, open-source, self-hosted infrastructure monitoring platform that provides some of the best features of PagerDuty, Server Density, Pingdom and Nagios without their cost and complexity. 

github.com/arachnys/cabot/blob

If you ever wondered why most Matrix large group chats don't have E2E enabled - here's a good discussion of the problem and existing solutions blog.trailofbits.com/2019/08/0

Interesting fact: units are all legally defined in units. Inch is 2.54 cm, pound is 0.45359237 etc legislation.gov.uk/uksi/1995/1

kravietz boosted

A big step for privacy in Arizona! The state ruled that "police & govt agencies cannot obtain [a persons' online data] without a search warrant, [which] requires a showing of some criminal activity," reports @azcapmedia.

As it should be in all regions. azcapitoltimes.com/news/2019/0

Show more
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on Patreon and Liberapay!