Search results for tag #security
![[?]](https://cdn.masto.host/graphicssocial/accounts/avatars/110/854/990/838/032/375/original/4bffab6d1bbe028d.png)
LinkedIn Is Illegally Searching Your Computer
#tech #technology #BigTech #IT #enshittification #microslop #microsoft #LinkedIn #social #media #SocialMedia #data #security #safety #InfoSec #internet #web
![[?]](https://cdn.masto.host/fedilwnnet/accounts/avatars/114/417/564/139/641/888/original/59be6f255070fb3a.png)
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/108/197/686/419/339/153/original/22e0283d934d3795.png)
Last summer I looked at the Internet exposure of a few #ICS devices that have historically been the subject of attacks by Iranian threat actors. Given continued activity in the region, I refreshed that data and took another look at exposures.
Good news: all four device/software types showed at least a slight decrease in exposures since last June, even if we aren't entirely sure why.
More details + graphs here: https://censys.com/blog/ics-iran-part-2-revisiting-exposure-of-previously-targeted-ics-devices/
![[?]](https://files.mastodon.social/accounts/avatars/108/193/331/678/238/726/original/e3859515a524704f.jpg)
if you like this, I'm aiming to provide at least one #foss project with an app icon every week.
honoured to have gained around 40 supporters in my first jobless month! ❤️
your sponsorship will help me keep this up. :)
https://mastodon.social/@hbons/116166139945148680
#linux #gnome #app #icon #design #security
Peter Sanchez boostedhey everyone,
you may have guessed reading between the lines, but I lost my job in the recent tech layoffs…
also burnt out and realised I need to go back to working on stuff I care about.
I hope to gather enough small monthly sponsors to at least cover the bills, so I can:
- 🖥️ create beautiful apps for #Linux / #GNOME
- ✏️ provide free #design support to #OpenSource projects
if you like my work, please consider $1/month to make this possible?
thank you. :)
![[?]](https://media.mastodon.scot/accounts/avatars/109/318/532/504/799/614/original/403026568ed524d5.jpeg)
Meanwhile in the UK, government stitch ups continue unabashed
https://www.theregister.com/2026/04/01/peoples_panel_digital_id/
#DigitalID #IDCard #UKPol #Labour #LabourPOl #WetDreams #IT #Privacy #Security #Control
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/000/070/798/original/d20ead2f85c91066.jpg)
This article about #anthropic ‘s #claude CLI is also hysterical (in a making me want to give up #security and join a commune kind of hysterical) because of the anthropomorphising of the AI.
What is the most frustrating aspect of LLMs? Many would use the anthropomorphic term “hallucination.” Apparently #hallucinations are bad but “dreams” are good?
When a user goes idle or manually tells Anthropic to sleep at the end of a session, the AutoDream system would tell Claude Code that “you are performing a dream—a reflective pass over your memory files.”
“Why does my code say that Wonder Woman is running a taco truck downtown and I’m the only person who can save her dog?” Oh. Right. It was dreaming.
We can quit #cybersecurity and just go farm potatoes or something. After 25 years of #appsec one of the most talked-about tech companies invents a daemon process that
makes use of a file-based “memory system” designed to allow for persistent operation across user sessions.
Sure. Just store your system instructions in a random text file.
Why are we installing endpoint protection on this system?
Why do we verify cryptographic signatures on software updates to this system?
Why are we building a zero trust security environment?
Why do we do scan email to avoid social engineering emails?
Our AI-assisted users are gonna YOLO right past all that. And if they can’t get past our #security controls, this agentic Frankenstein will write itself some markdown and work quietly in the background figuring out how to bypass something the user couldn’t bypass on their own.
This is #infosec in 2026
![[?]](https://cdn.fosstodon.org/accounts/avatars/109/509/696/036/420/221/original/31c9279d50e4d51c.jpg)
TLS and SSH rely on Certificate Authorities (CAs) for authentication, but they also present a vector for Man in the Middle attacks. What if you could set up your own CA to reduce your exposure?
➡️ https://fedoramagazine.org/make-a-private-ca-with-step-ca/
![[?]](https://files.mastodon.social/accounts/avatars/111/149/452/155/729/814/original/7c10499f39332530.png)
Great distraction from the Epstein files and the thickening quagmire in Iran — but it's not going to lower gas prices nor help with the midterms:
U.S. plans a witch hunt — err... antifa summit.
Deflect and distract. 🙁
https://www.reuters.com/world/us/us-counterterror-officials-plan-antifa-summit-sources-say-2026-03-31/
h/t @Nonilex
https://masto.ai/@Nonilex/116323980616642754
#AntiFascism #antifa #resist #law #security #fascism #FarRight #authoritarianism #tyranny
boosted![[?]](https://media.burningboard.net/accounts/avatars/109/892/422/024/311/931/original/f22e604f554272c0.png)
Running your own identity provider is all fun and games until you're debugging OIDC token flows at 2 AM.
If you want to deploy Keycloak 26 the right way - with proper network isolation, no plaintext passwords, and systemd-native declarative configs. I just published a new deep-dive.
We're ditching compose files and building a production-ready, daemonless stack using Podman Quadlets and systemd.
Read the full guide here: https://blog.hofstede.it/keycloak-26-on-podman-with-quadlets-identity-management-the-systemd-way/
#Linux #Podman #Keycloak #systemd #DevOps #Containers #SelfHosted #RHEL #Security
![[?]](https://media.hachyderm.io/accounts/avatars/109/367/111/287/591/179/original/aaa0825de353be21.jpg)
![[?]](https://media.digitaldarkage.cc/digitaldarkage.media/accounts/avatars/109/383/224/159/567/873/original/303399f938b42679.png)
#NPM #axios maintainer has lost control of their account. Malicious versions 1.14.1 and 0.30.4 have been published which include a RAT.
NPM has pulled the effected versions and the payload. Time to clean up and see if you were effected.
StepSecurity has an awesome write up on this issue with #iocs
Link follows this toot.
#CTI #infosec #node #cybersecurity #security #nodejs #js #malware
![[?]](https://cdn.fosstodon.org/accounts/avatars/115/532/410/310/000/993/original/08065bd1d1c34cad.png)
Keep in contact with colleagues without having to give your phone number
With #ArcaneChat you can also keep separated profiles, one for family and more intimate friends and other for people you don't have so close relation with
#privacy #security #family #friends #autonomy #chatapp #opensource #digitalindependence #autonomy #european #europe
Alt...
ArcaneChat: Welcome to private chatting
![[?]](https://media.mstdn.social/accounts/avatars/109/592/154/909/924/094/original/c16446a1b5414144.png)
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/114/224/012/052/749/216/original/1e11732d1ff94efc.jpeg)
I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:
🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻♂️
The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy
If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.
https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec
Oh boy. Stanford researchers scanned 10 million web pages and found API keys just sitting in the public-facing code. That's 1,748 active credentials from major providers exposed in live website code, mostly inside JavaScript files. Not in old test environments. Not in a forgotten repo. In the live, running site. Banks. Healthcare providers. "Not just small companies, but some very large companies," according to the lead researcher. And some of those credentials had been sitting there for years. Not the first time I've seen something like this. 🤦🏻♂️
The thing is that most orgs are scanning their source code but not their deployed sites. 😳 Those are two different things, and most leaks originate during the build process. A key gets baked in somewhere between development and production, and nobody catches it because the scan already ran upstream. Meanwhile, GitGuardian counted over 28 million new hardcoded secrets exposed in public GitHub commits in 2025 alone. This isn't a one-time research finding it's a systemic habit that needs to change.
🔍 When did your team last scan the live site, not just the codebase?
🏦 If you're in a regulated industry, that question just became a compliance question too
https://www.newscientist.com/article/2520143-security-credentials-inadvertently-leaked-on-thousands-of-websites/
#Cybersecurity #AppSec #Leadership #security #privacy #cloud #infosec
if you are looking for a messenger to use with the kids, take a look at #ArcaneChat
no SIM card needed, no phone number required for registration, easy setup, just set a name
kids can NOT be discovered by strangers
No public groups or channels, kids can NOT discover inappropriate content
just the family chat
#kidsonlinesafety #onlinesafetyforkids #kids #family #chat #messenger #privacy #security
[$] The many failures leading to the LiteLLM compromise
LiteLLM is a gateway library providing access to a number of large language models (LLMs); it is popular and widely used. On March 24, the word went out that the version of LiteLL [...]
https://lwn.net/Articles/1064693/ #LWN #Linux #security #Python #Git
[$] Collaboration for battling security incidents
The keynote for Sun Security Con 2026 (SunSecCon) was given by Farzan Karimi on how incident handling can go awry because of a lack of collaboration between the "good guys"—which s [...]
https://lwn.net/Articles/1063459/ #LWN #Linux #security #Android
![[?]](https://files.mastodonapp.uk/accounts/avatars/109/788/827/934/536/527/original/028153e7b3be7c3a.jpg)
"The FCC notes that miscreants have exploited security flaws in routers to disrupt networks or steal intellectual property, and routers are also implicated in the Volt, Flax, and Salt Typhoon cyberattacks.
There is an element of hypocrisy in all this because American intelligence agencies were previously caught intercepting Cisco-made routers on their way to customers and updating their firmware to deploy espionage tools."
https://www.theregister.com/2026/03/24/fcc_foreign_routers/?
![[?]](https://media.metalhead.club/accounts/avatars/000/000/001/original/22e2c3fd3e9f9d1c.jpg)
🚨 The FCC bans all routers made outside the U.S. — So basically all routers.
Most people buy a router and never think about it again. That box in the corner that handles every password and video call you make. The FCC is now worried that some of these devices are actually open doors for foreign governments. Shocked! 🫢
Regulators are looking at TP-Link to see if they pose a threat to national security. Recent reports show hackers used these devices to build massive botnets. You might find yourself shopping for new hardware if these bans take effect.
🧠 Regulators are weighing a ban on specific foreign routers.
⚡ Security experts found flaws that allow remote access.
🎓 This move follows previous restrictions on Chinese tech firms.
🔍 Check your hardware brand before the new rules arrive.
https://mashable.com/article/us-fcc-foreign-router-ban
#FCC #Security #TechPolicy #security #privacy #cloud #infosec #cybersecurity
Learned _a lot_ about namespaces and the corresponding Linux syscalls today 😵💫🤯
#Linux #namespaces security #training
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/033/293/822/670/571/original/436dcf170cc75fdc.png)
RE: https://ec.social-network.europa.eu/@EUCommission/116277689173412114
What an effing joke.
This Cyber Resilience Act (CRA) dumps mandatory cybersecurity requirements on manufacturers using FOSS, while the @EUCommission guts and cancels even its already pathetic, support for FOSS projects.
Add the total pants-down surrender on issues like #chatcontrol, the gutting of citizen safeguards through the changes to #GDPR and #eIDAS 2.0:
An absolute disgrace
Europe champions digital freedom and its open source community.
We have introduced a tailored approach to boost open source development across EU countries and ensure it is safe from cyber threats.
We only apply security rules to software used in commercial activities.
We are also creating open source software stewards to support security with a light-touch regime and no administrative fines.
Find out more 👇
https://link.europa.eu/Jc7hBy
Alt...
The image features the phrase "Be open. Be bold. Be" written in white text centered against a deep blue background. Below the word "Be," there is a circle of twelve golden yellow stars, which is the iconic emblem of the European Union.
![[?]](https://ec.social-network.europa.eu/system/accounts/avatars/112/444/733/147/411/609/original/e283ea30096c0873.jpeg)
![[?]](https://files.social.openrightsgroup.org/system/accounts/avatars/109/382/359/215/932/523/original/ea34e4d5bb2b649c.png)
Instead of handing government contracts to predatory Big Tech, the UK should ensure we have control of our digital infrastructure.
Even secure systems are fragile if a foreign company or power can pull the plug.
Sign our petition for a digital sovereignty strategy that priorities UK open source ⬇️
https://you.38degrees.org.uk/petitions/stop-trump-s-kill-switch-secure-our-digital-sovereignty
#DigitalSovereignty #palantir #bigtech #security #ukpolitics #ukpol
The UK’s reliance on US Big Tech is a national security issue ⚠️
But the UK is giving the controversial spyware company Palantir more contracts and more access to our data.
We're increasingly vulnerable to companies that lock us in to proprietary systems, creating dependency not independence.
#DigitalSovereignty #palantir #bigtech #security #ukpolitics #ukpol
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/322/103/600/468/856/original/f378a938a1f9ddf0.jpeg)
When was the last time you checked for a firmware update for your networking hardware? Is your router running up to date software?
![[?]](https://files.mastodon.social/accounts/avatars/113/635/103/853/964/473/original/0a4435eaf8d5c473.png)
H&R Block tax software installs a TLS root certificate with bundled private key https://lobste.rs/s/d5nvf5 #security
https://news.ycombinator.com/item?id=47457162
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/115/276/840/417/131/111/original/507e2134cf9f2a8d.webp)
Exciting news. I've just pushed a collection of ports for the #OpenPGP Card ecosystem to Codeberg.
Includes:
- openpgp-card-tools (oct)
- openpgp-card-tools-git (oct-git)
- openpgp-card-ssh-agent
I'm currently polishing them for official submission to the freebsd ports tree this April!
A huge thank you to @hko for these excellent #Rust tools!
https://codeberg.org/Larvitz/freebsd-openpgp-card-ports
#freebsd #Security #Smartcard #Yubikey #Nitrokey #Infosec #RustLang