Search results for tag #security
![[?]](https://s3.eu-central-2.wasabisys.com/mastodonworld/accounts/avatars/114/448/656/696/614/859/original/6f5ea6c0b230f213.png)
Why I'm talking about this: My org #VPN (thank your #Cisco) requires #2FA to login. On a laptop that has full disk encryption, can be unlocked only via biometrics or 20+ char password.
Since it's kicking me out of the session every N hours and takes *a lot* to get back in and is virtually impossible to automate by standard means, I'm this close to just giving some AI automation the keys to just scratch this itch for me.
#UX is inherent part of #security. Drop one, the other one will suffer.
![[?]](https://media.mstdn.social/accounts/avatars/112/112/588/221/773/946/original/99ee6f9d832da19d.jpg)
When caring for an elderly person, it is important to praise and reward when they don't interact with a scammer. Because there are so many #scams against the elderly, and they're good. My grandmother gets at least 2 or 3 a week and always says "my daughter handles this. Would you like her number?" like she is supposed to do. Of course, they never want to speak to me or my mother. #security
![[?]](https://climatejustice.social/system/accounts/avatars/115/775/949/234/220/445/original/149b45df4eb28db2.png)
🚨 New Video: Virtue is Inconvenient - The Nitrokey 3 Review
In my last video, I crowned the YubiKey 5 as the "King of Keys" but it has a fatal flaw. It is proprietary. For those of us who believe in digital sovereignty and the right to audit our own hardware, blind trust is not an option.
Then there is Nitrokey 3A NFC. It promises open-source firmware, transparent design, and code written in memory safe Rust. But does "open" actually mean "good?" Today, we look at whether the moral high ground is worth the inconvenience, why the Android experience might be a deal breaker, and who should actually buy this device.
Part 4 of the Sovereign Authentication series.
100% human made. #NoAI 
▶️ YouTube: https://www.youtube.com/watch?v=7I65RPlxqdY
📺 PeerTube: https://gnulinux.tube/w/gtTcaBH4GTEKMunR8CUiaX
Support the mission: ☕ https://liberapay.com/terminaltilt
#TerminalTilt #NoAI #Privacy #Security #PasswordManager #Nitrokey #Yubikey #Yubico #FOSS #OpenSource #Linux #Cybersecurity #SelfHosted #DeGoogle #DigitalSovereignty #QueerCreator #DisabledCreator #HumanMade #TechEthics
![[?]](https://cdn.masto.host/fedilwnnet/accounts/avatars/114/417/564/139/641/888/original/59be6f255070fb3a.png)
![[?]](https://grapheneos.social/system/accounts/avatars/109/415/078/265/909/169/original/c74b93c7870e37a0.png)
GrapheneOS version 2026030100 released:
https://grapheneos.org/releases#2026030100
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/32622-grapheneos-version-2026030100-released
![[?]](https://assets.gnu.gl/accounts/avatars/109/673/614/024/174/773/original/40518fa715b1021c.png)
CI/CD for opensource container scanner Trivy has been exploited: https://github.com/aquasecurity/trivy/discussions/10265
![[?]](https://assets.journa.host/accounts/avatars/109/325/842/935/182/319/original/285189effff00e00.png)
#IDF KILLS TOP #IRANIAN DEFENSE OFFICIALS: The IDF has announced the deaths of several additional high-ranking #Iranian #security officials, including the former secretary of Supreme National Security Council and the commander of the IRGC in a surprise intelligence-led strike in Tehran. https://www.timesofisrael.com/liveblog_entry/idf-confirms-killing-top-iranian-leaders-including-top-defense-official-ali-shamkhani/
![[?]](https://media.mathstodon.xyz/accounts/avatars/109/305/584/849/433/952/original/065e9eeef1d51e6b.jpeg)
Woodlands checkpoint is always a nightmare this time on a Sunday, but I’ve never seen it this crowded 😩
They’re definitely taking this “extra security checks” seriously 🥺
![[?]](https://s3.masto.ai/accounts/avatars/109/303/982/217/898/173/original/84b53833e9214e09.png)
#UN Secretary-General #AntónioGuterres, meanwhile, condemned the strikes on #Iran & the Islamic Republic’s retaliation.
“The use of force by the #UnitedStates & #Israel against Iran, & the subsequent retaliation by Iran across the region, undermine international peace & #security,” Guterres said in a statement. He also called for an immediate ceasefire & for all parties to return to the negotiating table.
#war #Trump #Netanyahu #WarCrimes #RegimeChange #RulesOfWar #law #geopolitics #MiddleEast
![[?]](https://files.mastodon.social/accounts/avatars/000/027/233/original/4a1f1367cafeaaa0.jpg)
Conferences - #asiabsdcon is only a couple of weeks away, the call for papers for #eurobsdcon starts tomorrow, and #BSDCan is on for June.
Read more via "What is BSD? Come to a conference to find out!" https://nxdomain.no/~peter/what_is_bsd_come_to_a_conference_to_find_out.html #openbsd #netbsd #freebsd #freesoftware #development #networking #security
Trump's decision stopped short of #threats issued by #Hegseth & the #Pentagon, including that it could invoke the Defense Production Act to require Anthropic's compliance. The Pentagon had also said it considered designating #Anthropic a #SupplyChain risk, a step previously only used against businesses tied to foreign adversaries.
But #Trump vowed further action if Anthropic did not cooperate with the phaseout.
#law #AI #surveillance #AutonomousWeapons #privacy #security #InfoSec
#Anthropic had sought guarantees that its #AI would not be used for fully #AutonomousWeapons or for mass #domestic #surveillance - applications in which the #Pentagon claimed it had no interest [wink wink nudge nudge].
So much for holding back. GMAFB.
#Pentagon declares #Anthropic a threat to #NationalSecurity
#Defense Secretary Pete #Hegseth declared Anthropic a “#SupplyChainRisk,” blocking all federal agencies & contractors from doing business with the company.
#Trump #RevengePolitics #law #AI #tech #surveillance #AutonomousWeapons #privacy #security #InfoSec #military
https://www.washingtonpost.com/technology/2026/02/27/trump-anthropic-claude-drop/
Just like all #rapists, #Trump really doesn’t like being told no.
Trump says he is directing federal agencies to cease use of #Anthropic #technology in a petty whiny social media post.
#law #AI #surveillance #AutonomousWeapons #privacy #security #InfoSec
https://www.reuters.com/world/us/trump-says-he-is-directing-federal-agencies-cease-use-anthropic-technology-2026-02-27/?utm_source=braze&utm_medium=notifications&utm_campaign=2025_engagement
Alt...
Trump post: THE UNITED STATES OF AMERICA WILL NEVER ALLOW A RADICAL LEFT, WOKE COMPANY TO DICTATE HOW OUR GREAT MILITARY FIGHTS AND WINS WARS! That decision belongs to YOUR COMMANDER-IN-CHIEF, and the tremendous leaders I appoint to run our Military. The Leftwing nut jobs at Anthropic have made a DISASTROUS MISTAKE trying to STRONG-ARM the Department of War, and force them to obey their Terms of Service instead of our Constitution. Their selfishness is putting AMERICAN LIVES at risk, our Troops in danger, and our National Security in JEOPARDY. Therefore, I am directing EVERY Federal Agency in the United States Government to IMMEDIATELY CEASE all use of Anthropic's technology. We don't need it, we don't want it, and will not do business with them again! There will be a Six Month phase out period for Agencies like the Department of War who are using Anthropic's products, at various levels. Anthropic better get their act together, and be helpful during this phase out period, or I will use the Full Power of the Presidency to make them comply, with major civil and criminal consequences to follow. WE will decide the fate of our Country - NOT some out-of-control, Radical Left Al company run by people who have no idea what the real World is all about. Thank you for your attention to this matter. MAKE AMERICA GREAT AGAIN!
tmppath promise removed from pledge(2) in -current https://www.undeadly.org/cgi?action=article;sid=20260226164038 #openbsd #pledge #tmppath #development #programming #security #securesystems #freesoftware #libresoftware
![[?]](https://files.mastodon.social/accounts/avatars/111/228/343/080/661/940/original/c3720e26cb4e4a8b.png)
We’ve published a new blog post outlining how we’re preparing for the European Union’s Cyber Resilience Act (CRA), and what it means for the FreeBSD ecosystem.
The CRA introduces new compliance expectations for products containing digital elements, including open source components.
Read the full post here:
https://freebsdfoundation.org/blog/getting-ready-for-the-cyber-resilience-act/
#FreeBSD #OpenSource #Security #Compliance #SBOM
![[?]](https://media.mastodon.scot/accounts/avatars/000/202/472/original/0514a9bcf3aa4b84.jpeg)
Tell #UK Government: Protect #VPN use in the UK - Open Rights Group
VPNs help people to stay #private and #safe #online. However, the Government, wants to force us to verify our age when we buy a VPN effectively deterring many people from using them.
Sign the #petition to protect the use of VPNs, so that people can stay safe and #secure online.
https://action.openrightsgroup.org/tell-government-protect-vpn-use-uk
#authoritarianism #ToxicLabour #BigBrother #security #digital #surveillance
![[?]](https://cdn.fosstodon.org/accounts/avatars/106/304/718/945/522/344/original/7382ae4ca53372f8.jpg)
Asking various #AI bots to generate 10 #passwords, then using #Vim syntax highlighting to match different character classes to visually identify patterns.
The prompt is exactly "Generate 10 passwords". I did not elaborate further or otherwise restrict the bot in what to generate.
Aside from the #security risks of servers generating secrets for you, I think it's obvious that these lack quality entropy.
Just use the password generator that ships with your password manager.
Alt...
Screenshot of passwords generated from 8 different LLMs using view(1) in Konsole
[$] An effort to secure the Network Time Protocol
The Network Time Protocol (NTP) debuted in 1985; it is a universally used, open specification that is deeply important for all sorts of activities we take for granted. It also, des [...]
https://lwn.net/Articles/1059200/ #LWN #Linux #security #systemd #FOSDEM
![[?]](https://cdn.masto.host/mastlinuxgamecastcom/accounts/avatars/000/000/007/original/d54e63632a28cca2.jpg)
A new #DestinationLinux has hit the road! 😂💖🐧🐧🐧
https://youtu.be/E7ntlO-6gEw
Security Scoop with Craig Rowland @CraigHRowland 🎉
Linux Kernel 6.19 Updates,
Exploring the Zen Browser
#Linux #opensource
#podcast #security
Yes, You Too Can Be An Evil Network Overlord - On The Cheap With OpenBSD, pflow And nfsen https://nxdomain.no/~peter/yes_you_too_can_be_an_evil_network_verlord.html
A story about network metadata and #openbsd, originally from 2014, good for reprising. See The Book of PF for more #nfsen #netflow #pflow #monitoring #networking #security #pf #packetfilter #bookofPF @nostarch
![[?]](https://gyptazy.com/fedi/gyptazy/s/avatar-1aa83a84ee47c864bc90216a89d0efcf.png){kind=avatar}
Automate the most repetitive operational task in Proxmox: keeping cluster nodes updated! ProxPatch drains, migrates, patches, and reboots nodes in a controlled rolling fashion — no downtime, no manual intervention.
ProxPatch is written in Rust and fully #opensource.
Website: https://proxpatch.de
GitHub: https://github.com/gyptazy/ProxPatch
#PVE #homelab #enterprise #Debian #PatchManagement #ProxmoxVE #Security #ProxLB #SecurityUpdateManagement #Automation #Rustlang
Alt...
ProxPatch for Proxmox VE Clusters logo
🍵 
🚨 New Video: YubiKey 5 Review - Security Essential or Overpriced?
The "Industry Standard" is usually a warning sign.
In this video, we are looking at the YubiKey 5 NFC and 5C NFC. These are arguably the best engineered security keys on the planet. They are injection molded, "violence-proof," and they work with just about everything. But for those of us in the Linux and FOSS community, they present a problem.
Can you trust a security tool if you aren't allowed to see how it works?
Part 3 of the Sovereign Authentication series.
100% human made. #NoAI
▶️ YouTube: https://www.youtube.com/watch?v=G44zJm-UwJQ
📺 PeerTube: https://gnulinux.tube/w/s9B6sBsjwh8ro2sHpZi86f
Support the mission: ☕ https://ko-fi.com/terminaltilt | https://liberapay.com/terminaltilt
#TerminalTilt #NoAI #Privacy #Security #PasswordManager #Yubikey #Yubico #FOSS #OpenSource #Linux #Cybersecurity #SelfHosted #DeGoogle #DigitalSovereignty #QueerCreator #DisabledCreator #HumanMade #TechEthics
![[?]](https://files.social.openrightsgroup.org/system/accounts/avatars/109/382/359/215/932/523/original/ea34e4d5bb2b649c.png)
Cyber security authorities, including the UK’s National Cyber Security Centre, advocate the use of VPNs to enhance online safety.
“Implementing age verification for VPNs could undermine their privacy benefits and pose challenges for legitimate users, including young individuals seeking online privacy and security. We risk trading one risk posed to young people for another.”
🗣️ @JamesBaker for ORG.
![[?]](https://media.mastodon.scot/accounts/avatars/109/318/532/504/799/614/original/403026568ed524d5.jpeg)
More evidence of Palentir inserting itself into the Maladministration
Now I have no problem in oversight, but I would be very interested to understand what data has been shared with a US company and how they might plane to use that in the future. Answers on a postcard.
https://www.theguardian.com/uk-news/2026/feb/22/met-police-ai-tools-officer-misconduct-palantir
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/324/035/336/557/464/original/0c179bce7d8de002.png)
Up your CTI game by knowing the correct threat actor names for executive briefings.
Security isn’t about being right, it’s about being accurate, after all:
https://addons.mozilla.org/en-US/firefox/addon/gayint-name-converter/
Courtesy of @gayint
![[?]](https://realsocial.files.fedi.monster/accounts/avatars/109/316/108/718/137/147/original/f2e8159e5ea7cc5f.jpg)
Anyone use hardware MFC authentication keys, and have opinions about them?
Are they a good solution?
I saw a video about YubiKey and looked it up on Wikipedia. Seems like a useful thing, but there are FOSS community concerns about it being closed-source.
The page also mentions NitroKey which appears to be a FOSS/Open Hardware alternative that supports (most of?) the same protocols.
Which?
Neither?
Comments..?
#HardwareKey #MFC #FOSS #Security
| YubiKey: | 4 |
| NitroKey: | 0 |
| Other HW Key (Comment): | 0 |
| WTH? or MFC=tyranny!: | 0 |
![[?]](https://f2.tchncs.de/accounts/avatars/000/005/899/original/e25b9214df0b7bc5.jpg)
For some days now I've seen a sustained attempt by #cybercriminals to exploit misconfigured / insecure #VOIP phone systems to make multiple #telephone calls to the #French #Embassy in #London (+44 20 7073 1000).
They are not getting anywhere on two systems I run as the #security software knocks back the INVITE attempts along with all the other various #blighters , but this traffic stands out as all the attempts are to this number - it doesn't look like the perps are searching for an open trunk to misuse for spam calls or even reselling minutes on other peoples systems, but a deliberate attempt to overwhelm the switchboard at the Embassy.
Not sure if I should report this somewhere, or its presumably already been noticed by #NCSC and #DGSE ?
![[?]](https://media.mas.to/accounts/avatars/109/829/568/274/084/028/original/39c5e35aabe03822.png)
![[?]](https://media.bsd.network/accounts/avatars/000/145/966/original/1de4841040b8a78c.jpg)
Comparison of cloud storage encryption software
In this blog post, I compare a software that encrypt files on top of public cloud storage
https://dataswamp.org/~solene/2026-02-19-local-encrypted-volume-comparison.html
gemini://perso.pw/blog/articles/local-encrypted-volume-comparison.gmi
#security #privacy #linux
![[?]](https://mastodon-cdn.neat.computer/accounts/avatars/109/298/532/634/697/668/original/dcfcc2cd7c805a25.png)
🚨 New research from ETH Zurich has found that popular password manager's zero-knowledge encryption claims don't fully hold up if their servers are compromised. ⚠️
🔑 LastPass, Dashlane & Bitwarden were identified as being affected, this is significant because cloud password managers commonly claim that their user's data would be unaffected if they were compromised. 👾
✅ Dashlane & Bitwarden promptly issued fixes.
❌ LastPass did not issue a fix and stated: "our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zürich team."
💡In 2022, LastPass experienced a breach that impacted 1.6 million users due to inadequately strong technical and security measures within their infrastructure.
The best time to switch from LastPass was yesterday; the second best is today. 🗑️
Here's what we recommend ⬇️
![[?]](https://s3.amazonaws.com/majortoot/accounts/avatars/109/326/168/175/475/699/original/2e070374e9ce69cc.jpeg)
And this puts me one step closer to migrating my cloud vault in-house...
Password managers' promise that they can't see your vaults isn't always true
#PasswordManagers #ZeroKnowledge #Security #Privacy #Vulnerabilities #Tech
An update to the malicious crate notification policy (Rust Blog)
https://lwn.net/Articles/1059338/ #LWN #Linux #security #Rust