Moosetodon#infosec

Aaaaand more security concerns with #Zoom.
Some encryption with a hard coded passphrase, crash reports potentially sending screen captures to Zoom, and a bunch of outdated libraries with known vulnerabilities:

dev.io/posts/zoomzoo/

Please someone (who knows about #infoSec more than I do) update the Wikipedia page.

en.wikipedia.org/wiki/Zoom_Vid

Brave browser uncovers mass surveillance on UK Council websites.

That is the topic of today's One Time Pad newsletter, but it is for subscribers only on Tuesdays and Thursdays.

Subscribe here for free to make sure you don't miss an issue!

otp.substack.com

#infosec #privacy

Phishing is still the preferred attack vector for attackers, and it's done on a massive, automated scale.

That's the topic for today's One Time Pad which is public on Mon, Wed, and Friday. Free subscribers get the OTP every day.

#infosec #phishing

otp.substack.com/p/the-nonce-f

United Nations international infosec rules being bogged done by, you guessed it, bureaucracy.

#infosec #government

That's today's Daily Nonce but it's subscribers only on Tuesdays and Thursdays.

thenonce.substack.com

#introductions post!

Hello, I'm Jason, I'm a cis man that lives with my wife and two cats in #Memphis #Tennessee. I'm a professional C# web developer with a side focus in #infosec.

Cat pics provided as entrance fee.

#Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking - ProPublica

propublica.org/article/google-

"The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct."

#FuckGoogle #DropGoogle #infosec #surveillance #SurveillanceCapitalism

You know Plundervolt is serious - they have a domain and a cute logo dedicated to it.

plundervolt.com/

#intel #infosec

I'm that person that still uses Tripwire on my personal *nix servers. :D

Don't forget that something this simple can save your a**.

github.com/Tripwire/tripwire-o

#infosec

Apparently #infosec hellbird is up in arms about some Lenovo ads.

Wait until they find out about the Mastodon dog food ad networks.

VeraCrypt 1.24 available:

veracrypt.fr/en/Release%20Note

– The maximum length of passwords is 128 bytes in UTF-8 encoding for non-system volumes now (previously limited to 64 bytes).
– Many new features are for Windows only, e.g. optional RAM encryption of keys/passwords (using ChaCha12), or erasing encryption keys from memory to prevent cold boot attacks.

#veracrypt #encryption #security #infosec #cybersecurity

New York's WBAI Pacifica Radio affiliate has shut down, orphaning 2600's Off the Hook, the Hour of the Wolf, and many other beloved mainstays feeds.boingboing.net/~r/boingb #boingboing #2600 #happy_mutants #infosec #new_york_city #pacifica #radio #science_fiction #wbai

"There *was* a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up."

bugs.chromium.org/p/project-ze

#security #infosec

So the Comodo forum was breached due to the vBulletin vulnerability that goes around recently.

They started their statement with:
“At Comodo we take security very seriously and it is our highest priority.”

I imagine the conversation like this: "We screwed up, …" *lawyer checks the text* "We can't write this, we would make us liable in some way for this problem"

Why does our legal system (create the illusion to) punish those who tell the truth?

#legal #infosec #disclosure #philosophy