Michel Salim @michel_slm@social.privacytools.io

Woah, #PaloAlto: Silently fixed a pre-authentication remote code execution vulnerability in their VPN portal a year ago, and did not notify their customer. Anyone who didn't update their PanOS during the past year is still vulnerable (CVE-2019-1579).

http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html

#infosec

So I had the displeasure of going to the movies tonight.

Some 10 year old kid was behind me kicking my chair ALOT. I finally turned around and said "stop kicking the chair please!"

You know what he did?!? He starts kicking it harder and faster to antagonize me.

Well IT WORKED! I turned around and said "are you trying to piss me off! " Then looked right at his parents and said "CONTROL YOUR KID!"

after that... All the kicking immediately stopped.

#Amazon’s collaborations with local police turn its Ring doorbell cameras into unofficial community #surveillance systems - https://www.privateinternetaccess.com/blog/2019/07/amazons-collaborations-with-local-police-turn-its-ring-doorbell-cameras-into-blanket-unsupervised-community-surveillance-systems/ this is an appalling development #privacy

org-web

Edit your org files online.

Optimized for mobile.

Syncs with Dropbox
and Google Drive.

https://org-web.org

The darkest of UX patterns. Interrupt what people actually want to see (their feed) with a thing that sounds like it’s good, with a big obvious blue button that will make it go away, while uninformed users are actually “opting in” to invasive, privacy-destroying tracking.

RT @chrismlacy@twitter.com

Is this a question? Because it doesn't seem like I'm able to say "no".

🐦🔗: https://twitter.com/chrismlacy/status/1152157191652048896

Remember Netizens... you are only free because you haven't threatened the right people.

Hey @MattHancock can you guarantee us that Amazon won't harness the data of those in need of health advice?

In other words, what is the real cost of this partnership? https://privacyinternational.org/news-analysis/3035/nhs-and-amazon-what-real-cost-partnership

https://twitter.com/MattHancock/status/1148833541138059264

Ugh guys this is so disheartening I'm so about ready to give up on the web. So many popular things that people use in work life, trello being an excellent example, are just so horrible from an accessibility standpoint and I just don't see it getting any better. At this point it can't be that people don't know, it must be that people don't care. I just don't get it. The same frustrations day in day out.

@DashEquals @wion Alternative option:

https://forget.codl.fr/about/

Use an app that automatically deletes your toots after a certain period of time.

Gonna take the whole "Don't scab on prime day" moment to promote one of my favourite alternatives to an amazon product.

The Movie Database is a free community-run alternative to IMDB, unlike amazon's shitty website, TMDB isn't full to bursting with ads, trackers and sluggish JavaScript, and provides an excellent platform for folk to catalogue information about their favorite films without being marketed to.

Please support it, not just on prime day, but any time you need info on a film. Keep information free.

https://www.themoviedb.org/

I grew up on dialup. 1200bps, max. I remember what it was like to get anything done at that speed, and now that it's no longer a thing I wouldn't inflict it upon anyone. That's why I try to keep my stuff as lightweight as possible, with as few deps as possible.

Treat others as you'd want to be treated, right?

A couple of years back I went to an HTML5 meetup and hung out with a bunch of web developers. I suck at web design (so much so that I didn't bother to try to write a new theme for my website, I used one that someone else made and tweaked it a little). One of the webdevs noticed that I use a couple of adblockers and yelled at me for taking money out of his mouth. That one cannot eat money, and that he gets paid a (much larger) salary (than I do) is beside the point.

So I put my laptop on the local network (Windbringer had been tethered to my mobile - OPSEC, ya' know) and asked him for the URL of the website he works on. He gave it to me. I opened it in a bare Firefox profile (no addons, no config tweaks, new right out of the box). His precious website loaded fully after just under three minutes.

Then, to make things fair, I rebooted Windbringer, got back on the local wireless, and opened it in my usual Firefox profile, with all the adblockers turned on. His website loaded in about five seconds.

"Your website loads so much tracking garbage up front that your page won't load in less than three minutes. I don't have time for that." And I left.

Unsurprisingly, I haven't been invited back, but my point stands - too much crap means your page won't load in a reasonable period of time.

"Alexa, how do I treat a migraine?"

Amazon and NHS unveil partnership...
For fuck sake!
🤦‍♂️

https://news.sky.com/story/alexa-how-do-i-treat-a-migraine-amazon-and-nhs-unveil-partnership-11760048

#SurveillanceCapitalism
/cc @aral

@drwho I see http as a fundamentally pull protocol, not a push one. If I'm visiting a website in a client that doesn't support images, I'm not blocking images, I'm simply not requesting them, same with all the tracking garbage. It's a misnomer to call it "blocking", I'm just not asking for them. To pretend that that's some kind of hackery and breaking the website, is disingenuous at best, as there's nothing in the way that the web works that requires websites to be packaged in a certain way.

Mozilla plans on adding a new dedicated social tracking protection component to their tracker protection system. This feature is currently under development, but is targeted for the Firefox 70 release.

https://www.bleepingcomputer.com/news/security/mozilla-firefox-adding-a-new-social-tracking-protection-feature/

~Open Source Security Tool of the Day~

#OSSTotD

Prowler is a command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.

It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has 40 additional checks including related to GDPR and HIPAA.

https://github.com/toniblyx/prowler

Ouch, looks like gitlab-letsencrypt has not been maintained for a year. Given it's the only NodeJS app I have to use I wonder if it's time to write a Python version?

https://github.com/rolodato/gitlab-letsencrypt

Found a new RSS feed to follow:
Cryptography Dispatches - https://buttondown.email/cryptography-dispatches

First article is interesting. OpenPGP is Broken