Show more

A must see - "The Great Hack", Netflix original documentary about and Cambridge Analytica scandal

Ever seen an ad so accurate you think your phone is listening to you? While that's not the case, the reality is even creepier.

Here's how Google & Facebook collect your data & use it to auction you off to advertisers for profit: vimeo.com/352982094 video.buffer.com/v/5d516f99cb1

PSA if your like me and would like to use a ROM but keep buying the wrong phones for lineage or /e/foundation. Now /e/foundation sells their own phones. They are coming out with a system where you could mail in your phones also. Here is the shop. e.foundation/e-pre-installed-r

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

#defcon27 #iotvillage

My Recommended Services

Messenger: #Signal #Wire
Email: #ProtonMail #Tutanota
Search Engines: #DuckDuckGo #Qwant #Startpage
VPN: #ProtonVPN #NordVPN
Password Managers: #Bitwarden #KeePass
Browser: #Firefox #Brave #TorBrowser
SNS: #Mastodon
Cloud Storage: #Nextcloud #MEGA
Note: #StandardNotes
Encryption Software: #VeraCrypt #Cryptomator
Send File: #FirefoxSend
File Sync: #Syncthing

#Privacy #Security

~Open Source Security Tool of the Day~

#OSSTotD

Cabot is a free, open-source, self-hosted infrastructure monitoring platform that provides some of the best features of PagerDuty, Server Density, Pingdom and Nagios without their cost and complexity. 

github.com/arachnys/cabot/blob

If you ever wondered why most Matrix large group chats don't have E2E enabled - here's a good discussion of the problem and existing solutions blog.trailofbits.com/2019/08/0

A big step for privacy in Arizona! The state ruled that "police & govt agencies cannot obtain [a persons' online data] without a search warrant, [which] requires a showing of some criminal activity," reports @azcapmedia.

As it should be in all regions. azcapitoltimes.com/news/2019/0

RT @MatthewKeysLive@twitter.com
#BREAKING: Armed man driving "Trump" truck arrested outside migrant shelter in El Paso after immigration group spotted him "brandishing a knife." Police recovered a fully-loaded gun in his truck emblazoned with Donald Trump and Ted Cruz support slogans.

There's a nice tool:

systemd-analyze security SERVICE

It looks at and confinement features used by systemd services as documented here freedesktop.org/software/syste

An example for my radvd.service

A message received in 1993 by one of folks. It says (in not very correct Polish): "maybe the fact that your activity is being watched will make you understand you could be prosecuted"

Google Researcher: The iPhone Is Not Exactly a Paragon of Security

At Black Hat, a Google security researcher details numerous bugs in iMessage that could be exploited remotely without interaction from the victim.

pcmag.com/news/370065/google-r

Oh, I finally found a way to easily bridge to regular web: a quick note about security features of new application packaging formats viewer.scuttlebot.io/%25%2FRS0

This is absolutely fascinating research: "450-million years ago a switch enabled plants to delay reproduction and displace new cells downwards from the shoot tips, paving the way to plant diversification" phys.org/news/2019-08-genes-en

Show more

kravietz πŸ¦‡'s choices:

Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!