Scott Mortimer @ScottMortimer@infosec.exchange

“Catastrophic” hack on email provider destroys almost two decades of data

VFEmail says data for virtually all US users is gone for good.

https://arstechnica.com/information-technology/2019/02/catastrophic-hack-on-email-provider-destroys-almost-two-decades-of-data/

Just 24hrs with Pi-hole protecting my home network. That's a lot of DNS activity.

So much for strong German privacy laws.

"Meanwhile, it added, Germany's Telecommunications Surveillance Ordinance (TKÜV) obliges providers to "provide the technical infrastructure necessary for carrying out telecommunications surveillance and to take the organizational measures necessary in this regard to ensure that surveillance can be implemented without undue delay".

Log-free email provider Posteo: 'You must log user IP addresses', court rules (ZDNet) https://www.zdnet.com/article/log-free-email-provider-posteo-you-must-log-user-ip-addresses-court-rules/#ftag=RSSbaffb68

57% of IT workers who get phished don't change their password behaviors

Despite the wide-ranging effects of the Facebook data privacy scandal, only one-fifth of people are concerned over privacy issues related to social media use, according to a Yubico study.

57% of IT workers who get phished don't change their password behaviors - TechRepublic https://www.techrepublic.com/article/57-of-it-workers-who-get-phished-dont-change-their-password-behaviors/#ftag=RSS56d97e7

I hope to see some beneficial outcomes from this project that shame IoT manufacturerers into producing secure devices.

Japanese government plans to hack into citizens' IoT devices | ZDNet

Japanese government wants to secure IoT devices before Tokyo 2020 Olympics and avoid Olympic Destroyer and VPNFilter-like attacks.

Japanese government plans to hack into citizens' IoT devices | ZDNet https://www.zdnet.com/article/japanese-government-plans-to-hack-into-citizens-iot-devices/

Who’s Really Behind the World’s Most Popular Free VPNs?

Half of the world’s most popular free VPN apps are run by secretive Chinese companies. Find out what’s really happening to your data.

Who’s Really Behind the World’s Most Popular Free VPNs? https://hackernoon.com/whos-really-behind-the-world-s-most-popular-free-vpns-d74bafc82178

😅🤭
Microsoft tries to take on the Chromebook once more

Will the third time be the charm, or will Windows Lite join Windows 10 S and Windows RT as failed Windows variations?

https://www.computerworld.com/article/3331920/microsoft-windows/microsoft-tries-to-take-on-the-chromebook-once-more.html

1) UPnP is bad and stupid. Turn that crap off, folks.

2) looking forward to this troll getting busted and getting legally pwned.

Pewdiepie fanboi printer, Chromecast haxxx0r retreats, says they're 'afraid of being caught'

Somebody call the waaaaaambulance

Pewdiepie fanboi printer, Chromecast haxxx0r retreats, says they're 'afraid of being caught' • The Register https://www.theregister.co.uk/2019/01/03/pewdiepie_printer_hacker_deletes_accounts/

Android security audit: An easy-to-follow annual checklist

Android security doesn't have to be a source of stress. These level-headed steps are all you need to keep the boogeyman at bay.

https://www.computerworld.com/article/3012630/android/android-security-audit.html

Edge goes Chromium, and open source wins the browser wars | ZDNet

Decades after starting the web browser wars, Microsoft has given up its proprietary Edge web browser in favor of its open-source based rival Chromium.

https://zd.net/2UqczWX

Holiday Shopping Safety Tips: LastPass 2018 Online Retailer Security List

Keep your information safe this holiday season! LastPass ranks 2018’s top 10 online retailers from most to least secure and shares what to lookout for.

https://blog.lastpass.com/2018/11/2018-e-retailer-naughty-and-nice-list.html/?&stream=technology

Many free mobile VPN apps are based in China or have Chinese ownership | ZDNet

Chinese affiliation raises a sign of alarm in light of China's recent clampdown of "unauthorized" VPN services.

https://www.zdnet.com/article/many-free-mobile-vpn-apps-are-based-in-china-or-have-chinese-ownership/#ftag=RSSbaffb68

Achieving a high security score for TLS

I thought Mastodon was already secure?

Well, it depends. You see, a Mastodon instance is just a web server, like any other on the internet. It's only as secure as how the sto...

https://write.as/runningmastodon/i-thought-mastodon-was-already-secure

States- Rights seem to only be acceptable when they conform to certain political agendas for some in this era. Good on California for asserting protections for their citizens in this time of division.

Calif. enacts net neutrality law—US gov’t immediately sues to block it [Updated]

Justice Department sues California—Ajit Pai called state rules "illegal."

https://arstechnica.com/tech-policy/2018/09/california-governor-signs-net-neutrality-rules-into-law/

Attackers Take Over 50 Million Accounts in Facebook Breach

Attackers exploited vulnerabilities in Facebook’s code to gain access to at least 50 million Facebook user accounts. Those accounts could have been used for information gathering campaigns, as attackers had full access to the user’s profile, friends list, and usage history.

Attackers Take Over 50 Million Accounts in Facebook Breach https://duo.com/decipher/attackers-take-over-50-million-accounts-in-facebook-breach

Getting Closer to a Surveillance-Free Internet

Cloudflare has been working with the likes of Google, Mozilla, Fastly and Apple to make it harder for ISPs and other network operators from being able to see what sites users are visiting. Cloudflare has rolled out ESNI on its systems to see how well the experimental technical specification works to hide user activity online.
https://duo.com/decipher/getting-closer-to-a-surveillance-free-internet

French Government Open Sources Secure Operating System - Security Boulevard

The French government's national cybersecurity agency has released an operating system built using open source components internally over the course of The French government's national cybersecurity agency has released an open source operating system built internally over more than 10 years.

https://securityboulevard.com/2018/09/french-government-open-sources-secure-operating-system/

Cloudflare Makes InterPlanetary File System Globally Accessible

Cloudflare has released a gateway and browser extension to make the distributed IPFS network easily and securely accessible.

https://duo.com/decipher/cloudlfare-makes-interplanetary-file-system-globally-accessible

Oh Europe...😯

New Copyright Powers, New "Terrorist Content" Regulations: A Grim Day For Digital Rights in Europe

Despite waves of calls and emails from European Internet users, the European Parliament today voted to accept the principle of a universal pre-emptive copyright filter for content-sharing sites, as well as the idea that news publishers should have the right to sue others for quoting news items...

https://www.eff.org/deeplinks/2018/09/new-copyright-powers-new-terrorist-content-regulations-grim-day-digital-rights