I was wondering what would be the top 3 or top 5 themes for this event in my community. So far, thinking of:
1. password management
2. email security (spam/phishing/viruses)
3. web browsers and adblockers (cookies, trackers, ...)
I was also planing on talking only about #opensource solutions.
What do you think?
In a quick look back over 30 years of Pretty Good Privacy (PGP), its creator, Phil Zimmermann, says "the need for protecting our right to a private conversation has never been stronger. " We agree. https://twitter.com/Snowden/status/1405193453231824899
Just incase you thought everything had settled down with freenode. Thread on Security incident and no global notice yet. Really showing FOSS stewardship there *slow clap*. Very glad we moved elsewhere, to where the competent long term staff moved. Long live @liberachat
Freenode Meltdown Update # I Can't Believe I'm Still Doing This: #freenode is arguing about whose passwords may have been compromised due to …
Global Law Enforcement Convention Weakens #Privacy & Human Rights
We are hiring!
Job description: groupincome.org/pos-crypto-integration
Experts unclear how Australian encryption laws were used in global crime bust
Thousands of Chrome extensions are tampering with security headers
Some improvements for instance administrators: better diagnostics on the /checkup/ page, more settings moved from config files to the admin panel. Full details in the release notes: https://github.com/xwiki-labs/cryptpad/releases/tag/4.6.0
~Open Source Security Tool of the Day~
Jenkins Attack Framework
Accenture has released Jenkins Attack Framework (JAF), a new tool aimed at pen testers and red teamers that can reveal ways in which the popular automation server can be abused.
Jenkins is an open source CI/CD pipeline that allows developers to rapidly build, test, and deploy their code. The DevOps tool often stores powerful credentials, proprietary code, and more.
Cryptography Dispatches: OpenSSH 8.2 Just Works with U2F/FIDO2 Security Keys • Buttondown
Too little, too late. Just use Bitwarden.
The wait is over. 1Password for Linux is officially here.
Security keys are now supported for SSH Git operations
You can now use FIDO2 security keys to authenticate over SSH for remote Git operations, providing a higher level of account security.
The newly published WiFi FragAttacks are worrisome, but folks can protect themselves somewhat until devices get patched/replaced.
"Using a VPN can prevent attacks where an adversary is trying to exfiltrate data. It will not prevent an adversary from bypassing your router's NAT/firewall to directly attack devices."
And use TLS *everywhere*
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years https://thehackernews.com/2021/04/researchers-uncover-stealthy-linux.html
- Fediverse.Party - explore federated networks
Making social media free, federated and fun!
excellent article about counting possible passwords and excellent python code too
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!