Emory<p>> When doing threat modeling from here on out, it is now unfortunately important to consider the question "Am I a moron?"</p><p>derisking morons is something i do for a living if anyone is hiring for that. i also turn software engineers into security and privacy resources. triple multiplier right here 🖐️ </p><p><a href="https://soc.kvet.ch/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://soc.kvet.ch/tags/threatModel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatModel</span></a> <a href="https://soc.kvet.ch/tags/morons" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>morons</span></a><br><a href="https://apple.news/Ay6s_pSlzRrGicmqMVSr65w" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apple.news/Ay6s_pSlzRrGicmqMVS</span><span class="invisible">r65w</span></a></p>
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit
Administered by:
Server stats:
356Kactive users
mastodon.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-nightly.2025-03-25
#threatmodel
3 posts · 3 participants · 1 post today
🌻<p>Meine Datenschutz und Privatsphäre Übersicht 2025, für die Allgemeinheit 🕵️♂️ </p><p>Teilen erbeten ‼️ :BoostOK: </p><p>als PDF:</p><p><a href="https://cryptpad.digitalcourage.de/file/#/2/file/NdmBgSYkRCto8B+JmJkE9mQ4/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cryptpad.digitalcourage.de/fil</span><span class="invisible">e/#/2/file/NdmBgSYkRCto8B+JmJkE9mQ4/</span></a></p><p> <a href="https://digitalcourage.social/tags/DSGVO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DSGVO</span></a> <a href="https://digitalcourage.social/tags/TDDDG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TDDDG</span></a> ( <a href="https://digitalcourage.social/tags/unplugtrump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unplugtrump</span></a> )<br><a href="https://digitalcourage.social/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datenschutz</span></a> <a href="https://digitalcourage.social/tags/Privatsph%C3%A4re" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privatsphäre</span></a> <a href="https://digitalcourage.social/tags/sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicherheit</span></a> <a href="https://digitalcourage.social/tags/Verschl%C3%BCsselung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Verschlüsselung</span></a> <br><a href="https://digitalcourage.social/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://digitalcourage.social/tags/WEtell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WEtell</span></a> <a href="https://digitalcourage.social/tags/SoloKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoloKey</span></a> <a href="https://digitalcourage.social/tags/NitroKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NitroKey</span></a> <a href="https://digitalcourage.social/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Email</span></a> <a href="https://digitalcourage.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://digitalcourage.social/tags/Pixelfed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pixelfed</span></a> <a href="https://digitalcourage.social/tags/Massen%C5%B1berwachung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Massenűberwachung</span></a> <br><a href="https://digitalcourage.social/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://digitalcourage.social/tags/Metadaten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metadaten</span></a> <a href="https://digitalcourage.social/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WhatsApp</span></a> <a href="https://digitalcourage.social/tags/Threema" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Threema</span></a> <a href="https://digitalcourage.social/tags/Cryptpad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptpad</span></a> <a href="https://digitalcourage.social/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a><br><a href="https://digitalcourage.social/tags/Hateaid" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hateaid</span></a> <a href="https://digitalcourage.social/tags/Cyberstalking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberstalking</span></a> <a href="https://digitalcourage.social/tags/Messenger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Messenger</span></a> <a href="https://digitalcourage.social/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Browser</span></a> <a href="https://digitalcourage.social/tags/Youtube" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Youtube</span></a> <a href="https://digitalcourage.social/tags/NewPipe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NewPipe</span></a> <a href="https://digitalcourage.social/tags/Chatkontrolle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chatkontrolle</span></a> <a href="https://digitalcourage.social/tags/nichtszuverbergen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nichtszuverbergen</span></a> <a href="https://digitalcourage.social/tags/%C3%9CberwachungsKapitalismus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ÜberwachungsKapitalismus</span></a> <a href="https://digitalcourage.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://digitalcourage.social/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://digitalcourage.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://digitalcourage.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://digitalcourage.social/tags/Matrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Matrix</span></a> <a href="https://digitalcourage.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastodon</span></a> <a href="https://digitalcourage.social/tags/Friendica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Friendica</span></a> <a href="https://digitalcourage.social/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fediverse</span></a> <a href="https://digitalcourage.social/tags/Mastodir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastodir</span></a> <a href="https://digitalcourage.social/tags/Loops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Loops</span></a> <a href="https://digitalcourage.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://digitalcourage.social/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://digitalcourage.social/tags/Foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Foss</span></a> <a href="https://digitalcourage.social/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VeraCrypt</span></a> <a href="https://digitalcourage.social/tags/HateAid" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HateAid</span></a> <a href="https://digitalcourage.social/tags/Coreboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Coreboot</span></a> <a href="https://digitalcourage.social/tags/Volksverpetzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Volksverpetzer</span></a> <a href="https://digitalcourage.social/tags/Netzpolitik" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Netzpolitik</span></a> <a href="https://digitalcourage.social/tags/Digitalisierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Digitalisierung</span></a> <a href="https://digitalcourage.social/tags/FragdenStaat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FragdenStaat</span></a> <a href="https://digitalcourage.social/tags/Shiftphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shiftphone</span></a> <a href="https://digitalcourage.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://digitalcourage.social/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GrapheneOS</span></a> <a href="https://digitalcourage.social/tags/CCC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCC</span></a> <a href="https://digitalcourage.social/tags/Mail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mail</span></a> <a href="https://digitalcourage.social/tags/Mullvad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mullvad</span></a> <a href="https://digitalcourage.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> <a href="https://digitalcourage.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuPG</span></a> <a href="https://digitalcourage.social/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://digitalcourage.social/tags/Gaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gaming</span></a> <a href="https://digitalcourage.social/tags/linuxgaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxgaming</span></a> <a href="https://digitalcourage.social/tags/Lutris" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lutris</span></a> <a href="https://digitalcourage.social/tags/Protondb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Protondb</span></a> <a href="https://digitalcourage.social/tags/eOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eOS</span></a> <a href="https://digitalcourage.social/tags/Enshittification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Enshittification</span></a> <br><a href="https://digitalcourage.social/tags/Bloatware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bloatware</span></a> <a href="https://digitalcourage.social/tags/TPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TPM</span></a> <a href="https://digitalcourage.social/tags/Murena" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Murena</span></a> <a href="https://digitalcourage.social/tags/LiberaPay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LiberaPay</span></a> <a href="https://digitalcourage.social/tags/GnuTaler" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuTaler</span></a> <a href="https://digitalcourage.social/tags/Taler" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Taler</span></a> <a href="https://digitalcourage.social/tags/PreppingforFuture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PreppingforFuture</span></a><br><a href="https://digitalcourage.social/tags/FediLZ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediLZ</span></a> <a href="https://digitalcourage.social/tags/BlueLZ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueLZ</span></a> <a href="https://digitalcourage.social/tags/InstaLZ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InstaLZ</span></a> <a href="https://digitalcourage.social/tags/ThreatModel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModel</span></a><br><a href="https://digitalcourage.social/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> <a href="https://digitalcourage.social/tags/UEFI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UEFI</span></a> <a href="https://digitalcourage.social/tags/Medienkompetenz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Medienkompetenz</span></a></p>
arutazI don't feel good mentally, and most of that is because of my obsession with privacy and security.<br><br>I have never done any threat modeling, but instead wanted to hide everything, from everyone, all the time.<br><br>This is certainly not something I need, and it's very exhausting to try to live like that.<br><br>So now I have actually done threat modeling, and I hope and think, that this will easy my mind, and my life.<br><br><a class="hashtag" href="https://fedi.arutaz.se/tag/privacy" rel="nofollow noopener" target="_blank">#Privacy</a> <a class="hashtag" href="https://fedi.arutaz.se/tag/security" rel="nofollow noopener" target="_blank">#Security</a> <a class="hashtag" href="https://fedi.arutaz.se/tag/health" rel="nofollow noopener" target="_blank">#Health</a> <a class="hashtag" href="https://fedi.arutaz.se/tag/mentalhealth" rel="nofollow noopener" target="_blank">#MentalHealth</a> <a class="hashtag" href="https://fedi.arutaz.se/tag/threatmodel" rel="nofollow noopener" target="_blank">#ThreatModel</a> <a class="hashtag" href="https://fedi.arutaz.se/tag/threatmodeling" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a class="hashtag" href="https://fedi.arutaz.se/tag/serenity" rel="nofollow noopener" target="_blank">#Serenity</a> <a class="hashtag" href="https://fedi.arutaz.se/tag/peaceofmind" rel="nofollow noopener" target="_blank">#PeaceOfMind</a>
9x0rg<p>> You and your team should incrementally update your threat model as your system changes, integrating threat modeling into each phase of your SDLC to create a Threat and Risk Analysis Informed Lifecycle (TRAIL). Here, we cover how to do that: how to further tailor the threat model we built, how to maintain it, when to update it as development continues, and how to make use of it.</p><p>**Continuous TRAIL - The Trail of Bits Blog**</p><p><a href="https://blog.trailofbits.com/2025/03/03/continuous-trail/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.trailofbits.com/2025/03/0</span><span class="invisible">3/continuous-trail/</span></a></p><p><a href="https://mamot.fr/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mamot.fr/tags/ThreatModel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModel</span></a></p>
Emory<p>i have debilitating <a href="https://soc.kvet.ch/tags/imposterSyndrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>imposterSyndrome</span></a> 😆 25y experience in <a href="https://soc.kvet.ch/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>, but i know for a fact that i am unusually good at facilitating a <a href="https://soc.kvet.ch/tags/threatmodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodel</span></a>. you have to get people to trust you enough to tell you things they don't feel great about or would do differently after we meet but that's the thing— together we create remediation plans that let people do their best work & they weave security and privacy into their work and when you meet again you can see how much better things are, it's parade time</p>
Emory<p>it's lucky for some team out there that i find few things are as satisfying as transmogrifying a team of 3 into a team of 9. or 90 into 270.</p><p>even i know that's good math! they start spotting problems before they get in front of me for their second and third <a href="https://soc.kvet.ch/tags/threatmodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodel</span></a>.</p><p>i have experience in managed services, vuln management, IR, forensics, cloud architectures, saas vendors, HPC, docsis/fiber/firewalls/ids/ips/MFA/u2f/pki🤷 🤓 </p><p><a href="https://soc.kvet.ch/tags/jobsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jobsearch</span></a> <a href="https://soc.kvet.ch/tags/threatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatModeling</span></a> <a href="https://soc.kvet.ch/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://soc.kvet.ch/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://soc.kvet.ch/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://soc.kvet.ch/tags/fedihired" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fedihired</span></a></p>
Quixoticgeek<p>Fediverse. I need your magic. Please tell me your most amusing and wtf <a href="https://social.v.st/tags/ThreatModel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModel</span></a> fails.</p>
Kevin Severud :donor:<p>Redundant systems is not waste or inefficiency. It is protection from threats known and unknown. We are now seeing this on a national and global scale. <br><a href="https://infosec.exchange/tags/threatModel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatModel</span></a> <a href="https://infosec.exchange/tags/infoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infoSec</span></a> <br><a href="https://infosec.exchange/tags/zeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroTrust</span></a>?</p>
Kernel Bob<p>Yesterday we got the new gate installed on our back deck. It has a key lock to keep extremely nonathletic intruders out.</p><p><a href="https://chaos.social/tags/ThreatModel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModel</span></a></p>
Josh Summitt<p>This is fine. what could possibly go wrong. 😩
<a href="https://bsky.app/search?q=%23cybersecurity" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://bsky.app/search?q=%23ciso" rel="nofollow noopener" target="_blank">#ciso</a> <a href="https://bsky.app/search?q=%23threatmodel" rel="nofollow noopener" target="_blank">#threatmodel</a> <a href="https://bsky.app/search?q=%23nationalsecurity" rel="nofollow noopener" target="_blank">#nationalsecurity</a> <a href="https://bsky.app/search?q=%23cissp" rel="nofollow noopener" target="_blank">#cissp</a> <a href="https://bsky.app/search?q=%23appsec" rel="nofollow noopener" target="_blank">#appsec</a></p>
Anti. 🐘COVID News Pandemic LongCOVID
Emory<p>that <a href="https://soc.kvet.ch/tags/seaArt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>seaArt</span></a> site is starting to become a real problem. I'm seeing entirely too many prompts for Cute Things paired with age ranges and of you select the right lora or checkpoint it's very easy to generate a pile of images of all kinds including ones that would look a lot like Abuse Material and i know some legislatures have been adding laws about preventing that scenario and the irony of an AI self-policing itself is too much. </p><p>i wonder if they've been running a <a href="https://soc.kvet.ch/tags/threatmodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodel</span></a> quarterly? 😬 <a href="https://soc.kvet.ch/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a></p>
Todd A. Jacobs | Pragmatic Cybersecurity<p><a href="https://infosec.exchange/tags/DuckDuckGo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DuckDuckGo</span></a> is now offering free, <a href="https://infosec.exchange/tags/anonymized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anonymized</span></a> access to a number of fast <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/chatbots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chatbots</span></a> that won't train in your data. You currently don't get all the premium models and features of paid services, but you do get access to privacy-promoting, anonymized versions of smaller models like GPT-4o mini from <a href="https://infosec.exchange/tags/OpenAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenAI</span></a> and open-source <a href="https://infosec.exchange/tags/MoE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MoE</span></a> (mixture of experts) models like Mixstral 8x7B.</p><p>Of course, for truly sensitive or classified data you should never use online services at all. Anything online carries heightened risks of human error; deliberate malfeasance; corporate espionage; legal, illegal, or extra-legal warrants; and network wiretapping. I personally trust DuckDuckGo's no-logging policies and presume their anonymization techniques are sound, but those of us in <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> know the practical limitations of such measures.</p><p>For any situation where those measures are insufficient, you'll need to run your own instance of a suitable model on a local AI engine. However, that's not really the <a href="https://infosec.exchange/tags/threatmodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodel</span></a> for the average user looking to get basic things done. Great use cases include finding quick answers that traditional search engines aren't good at, or performing common AI tasks like summarizing or improving textual information. </p><p>The AI service provides the typical user with essential AI capabilities for free. It also takes steps to prevent for-profit entities with privacy-damaging <a href="https://infosec.exchange/tags/TOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOS</span></a> from training on your data at whim. DuckDuckGo's approach seems perfectly suited to these basic use cases.</p><p>I laud DuckDuckGo for their ongoing commitment to privacy, and for offering this valuable additional to the AI ecosystem.</p><p><a href="https://duckduckgo.com/chat" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">duckduckgo.com/chat</span><span class="invisible"></span></a></p>
Blobster<p><span class="h-card" translate="no"><a href="https://kind.social/@aleidk" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aleidk</span></a></span> I replaced “mobile phone account“ with “mobile phone provider account” to be clearer about what I meant.</p><p>For banks (in the EU), AFAIK there is a strong reason why they never even mention FIDO2: for a transaction at least, the device where validation is performed must give basic info on the transaction: seller and amount.</p><p>Another point: the software support depends on site, browser (e.g., Firefox desktop != Firefox mobile), type of key, physical communication protocol (like USB vs. NFC). I made a lot of tests with various sites and my USB-A and USB-C keys, sometimes using NFC, other times USB. Some combinations don't work, or worked at some point and not later (or worked with Chrome but not Firefox, etc.). This can be quite stressful or even dangerous if this is for an important account and you have no backup plan (⇒ don't). And if the backup options are 1) exploitable in your threat model and 2) not very secure, this obviously reduces or nukes the advantage of using a security key in the first place.</p><p>A typical backup option which is not insecure from my POV if well handled is a set of recovery codes, but for this you need to store them very carefully, safely... and not forget how to access them in x years! In these conditions, setting up a new account requires “some work”.</p><p>And I say all this despite wishing FIDO2 great success, 'cause SIM swapping attacks in particular are quite scary given how much important stuff still depends on codes sent by SMS. 😐</p><p><a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> <a href="https://infosec.exchange/tags/SecurityKeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityKeys</span></a> <a href="https://infosec.exchange/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://infosec.exchange/tags/threatModel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatModel</span></a></p>
boredsquirrel<p><span class="h-card" translate="no"><a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ct_Magazin</span></a></span> </p><p>Threat Modelling ist hier extrem relevant.</p><p>Tails hat ein bestimmtes <a href="https://tux.social/tags/ThreatModel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModel</span></a><br>- amnesic<br>- live<br>- incognito</p><p>Da ist kaum etwas mit Prozessisolierung, wie es <a href="https://tux.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Flatpak</span></a> und <a href="https://tux.social/tags/Bubblejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bubblejail</span></a> tun, und <a href="https://tux.social/tags/QubesOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QubesOS</span></a> meistert</p><p>Und dass man damit auf einem beliebigen PC sicher sein kann ist leider auch ein falsches Versprechen. <a href="https://tux.social/tags/Coreboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Coreboot</span></a> ist essentiell weil es minimal ist. Auf unterster Ebene sollte kaum Code laufen. Intel ME sollte aus sein. <a href="https://tux.social/tags/Heads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Heads</span></a> ist auch wichtig.</p><p><span class="h-card" translate="no"><a href="https://fosstodon.org/@3mdeb" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>3mdeb</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.online/@novacustom" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>novacustom</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@tlaurion" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tlaurion</span></a></span></p>
Srijit Kumar Bhadra<p><span>Fear and threat, conflict and surveillance have been mostly some of the key tenets of human economic activities since the beginning of the human civilization. The digital age has added large scale misinformation and bullshit which contributes to dehumanization. Anxiety, exhaustion, and emptiness have reduced our empathy and the ability to interact face to face. In the consumer space only those Internet dependent digital products which enables surveillance and dilutes the notion of privacy usually gain traction and often get accepted by the masses. Some of the reasons, for such a trend, may be as follows.<br><br>1. Perceived Better Security: Surveillance technologies are often marketed as tools to prevent crime, terrorism, and other threats to public safety. <br>2. Convenience and Efficiency: Facial recognition technology can be used for quick and seamless identification at airports or for unlocking smartphones. <br>3. Social Norms and Acceptance: When people see others accepting and using these technologies without significant backlash, they may feel more inclined to accept them as well. This leads to network effect where increased numbers of people or participants improve the value of a good or service. <br>4. Lack of Awareness and Understanding: Many users may not fully understand the extent of surveillance enabled by digital technologies or the potential negative consequences for decreased privacy. <br>5. Trade-Offs and Trade-Downs: In some cases, users may willingly trade privacy for other benefits, such as personalized services, targeted advertising, or access to certain platforms or services. Such approaches also gets influenced by the subconscious and loosely defined digital threat model of the individuals. <br><br></span><a href="https://fedi.social/tags/Fear" rel="nofollow noopener" target="_blank">#Fear</a> <a href="https://fedi.social/tags/Threat" rel="nofollow noopener" target="_blank">#Threat</a> <a href="https://fedi.social/tags/Conflict" rel="nofollow noopener" target="_blank">#Conflict</a> <a href="https://fedi.social/tags/Surveillance" rel="nofollow noopener" target="_blank">#Surveillance</a> <a href="https://fedi.social/tags/Dehumanization" rel="nofollow noopener" target="_blank">#Dehumanization</a> <a href="https://fedi.social/tags/Privacy" rel="nofollow noopener" target="_blank">#Privacy</a> <a href="https://fedi.social/tags/ThreatModel" rel="nofollow noopener" target="_blank">#ThreatModel</a></p>
Science & Design, Inc.<p>Checking your own phone for signs of compromise is easy using Amnesty International Security Lab's Mobile Verification Toolkit. Here's how iPhone users can do it now:</p><p><a href="https://scidsg.medium.com/how-to-check-your-iphone-for-pegasus-338bafb2358e" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">scidsg.medium.com/how-to-check</span><span class="invisible">-your-iphone-for-pegasus-338bafb2358e</span></a></p><p><a href="https://fosstodon.org/tags/threatmodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodel</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/iPhone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iPhone</span></a> <a href="https://fosstodon.org/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://fosstodon.org/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> <a href="https://fosstodon.org/tags/amnesty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>amnesty</span></a> <a href="https://fosstodon.org/tags/journalism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>journalism</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://fosstodon.org/tags/press" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>press</span></a> <a href="https://fosstodon.org/tags/law" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>law</span></a></p>
Areskul<p>- lock bios<br />- disable root account<br />- encrypt storages with luks2<br />- shutdown on unrecognized devices plugging (udev-rules)</p><p>Is there something more I can do to protect myself from an evil maid?</p><p><a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="tag">#<span>linux</span></a><br /><a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="tag">#<span>cybersecurity</span></a> <br /><a href="https://mastodon.social/tags/threatmodel" class="mention hashtag" rel="tag">#<span>threatmodel</span></a></p>
Wizards Anonymous<p>Adding <a href="https://mastodon.social/tags/Google" class="mention hashtag" rel="tag">#<span>Google</span></a> as a <a href="https://mastodon.social/tags/ThreatActor" class="mention hashtag" rel="tag">#<span>ThreatActor</span></a> to your <a href="https://mastodon.social/tags/ThreatModel" class="mention hashtag" rel="tag">#<span>ThreatModel</span></a> seems like a great way to understand <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="tag">#<span>CyberSecurity</span></a> / <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="tag">#<span>InfoSec</span></a>. Look at what happened to <a href="https://mastodon.social/tags/LTT" class="mention hashtag" rel="tag">#<span>LTT</span></a>.</p>
Emory<p>maybe i should conduct a <a href="https://soc.kvet.ch/tags/threatmodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodel</span></a> of <a href="https://soc.kvet.ch/tags/mentalHealth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mentalHealth</span></a> in <a href="https://soc.kvet.ch/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a>? i mean, burn-out is the obvious most-discussed challenge when you ask a search engine. but that's not unique, everyone has burnout concerns and challenges. but ADHD, anxiety, and the various iterations of depression and other mood disorders can paint us into corners before we even know it's happening.</p><p>most recently it took several months before i could see it myself that i was drifting backwards into places i won't go.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload