Scott Mortimer @ScottMortimer@infosec.exchange

Who’s Really Behind the World’s Most Popular Free VPNs?

Half of the world’s most popular free VPN apps are run by secretive Chinese companies. Find out what’s really happening to your data.

Who’s Really Behind the World’s Most Popular Free VPNs? https://hackernoon.com/whos-really-behind-the-world-s-most-popular-free-vpns-d74bafc82178

😅🤭
Microsoft tries to take on the Chromebook once more

Will the third time be the charm, or will Windows Lite join Windows 10 S and Windows RT as failed Windows variations?

https://www.computerworld.com/article/3331920/microsoft-windows/microsoft-tries-to-take-on-the-chromebook-once-more.html

1) UPnP is bad and stupid. Turn that crap off, folks.

2) looking forward to this troll getting busted and getting legally pwned.

Pewdiepie fanboi printer, Chromecast haxxx0r retreats, says they're 'afraid of being caught'

Somebody call the waaaaaambulance

Pewdiepie fanboi printer, Chromecast haxxx0r retreats, says they're 'afraid of being caught' • The Register https://www.theregister.co.uk/2019/01/03/pewdiepie_printer_hacker_deletes_accounts/

Android security audit: An easy-to-follow annual checklist

Android security doesn't have to be a source of stress. These level-headed steps are all you need to keep the boogeyman at bay.

https://www.computerworld.com/article/3012630/android/android-security-audit.html

Edge goes Chromium, and open source wins the browser wars | ZDNet

Decades after starting the web browser wars, Microsoft has given up its proprietary Edge web browser in favor of its open-source based rival Chromium.

https://zd.net/2UqczWX

Holiday Shopping Safety Tips: LastPass 2018 Online Retailer Security List

Keep your information safe this holiday season! LastPass ranks 2018’s top 10 online retailers from most to least secure and shares what to lookout for.

https://blog.lastpass.com/2018/11/2018-e-retailer-naughty-and-nice-list.html/?&stream=technology

Many free mobile VPN apps are based in China or have Chinese ownership | ZDNet

Chinese affiliation raises a sign of alarm in light of China's recent clampdown of "unauthorized" VPN services.

https://www.zdnet.com/article/many-free-mobile-vpn-apps-are-based-in-china-or-have-chinese-ownership/#ftag=RSSbaffb68

Achieving a high security score for TLS

I thought Mastodon was already secure?

Well, it depends. You see, a Mastodon instance is just a web server, like any other on the internet. It's only as secure as how the sto...

https://write.as/runningmastodon/i-thought-mastodon-was-already-secure

States- Rights seem to only be acceptable when they conform to certain political agendas for some in this era. Good on California for asserting protections for their citizens in this time of division.

Calif. enacts net neutrality law—US gov’t immediately sues to block it [Updated]

Justice Department sues California—Ajit Pai called state rules "illegal."

https://arstechnica.com/tech-policy/2018/09/california-governor-signs-net-neutrality-rules-into-law/

Attackers Take Over 50 Million Accounts in Facebook Breach

Attackers exploited vulnerabilities in Facebook’s code to gain access to at least 50 million Facebook user accounts. Those accounts could have been used for information gathering campaigns, as attackers had full access to the user’s profile, friends list, and usage history.

Attackers Take Over 50 Million Accounts in Facebook Breach https://duo.com/decipher/attackers-take-over-50-million-accounts-in-facebook-breach

Getting Closer to a Surveillance-Free Internet

Cloudflare has been working with the likes of Google, Mozilla, Fastly and Apple to make it harder for ISPs and other network operators from being able to see what sites users are visiting. Cloudflare has rolled out ESNI on its systems to see how well the experimental technical specification works to hide user activity online.
https://duo.com/decipher/getting-closer-to-a-surveillance-free-internet

French Government Open Sources Secure Operating System - Security Boulevard

The French government's national cybersecurity agency has released an operating system built using open source components internally over the course of The French government's national cybersecurity agency has released an open source operating system built internally over more than 10 years.

https://securityboulevard.com/2018/09/french-government-open-sources-secure-operating-system/

Cloudflare Makes InterPlanetary File System Globally Accessible

Cloudflare has released a gateway and browser extension to make the distributed IPFS network easily and securely accessible.

https://duo.com/decipher/cloudlfare-makes-interplanetary-file-system-globally-accessible

Oh Europe...😯

New Copyright Powers, New "Terrorist Content" Regulations: A Grim Day For Digital Rights in Europe

Despite waves of calls and emails from European Internet users, the European Parliament today voted to accept the principle of a universal pre-emptive copyright filter for content-sharing sites, as well as the idea that news publishers should have the right to sue others for quoting news items...

https://www.eff.org/deeplinks/2018/09/new-copyright-powers-new-terrorist-content-regulations-grim-day-digital-rights

Russian spies detained in The Hague were planning cyber break-in at Swiss lab: NRC - DutchNews.nl

European intelligence services, including the Dutch military intelligence and security service MIVD, detained two Russian spies in The Hague earlier...

https://www.dutchnews.nl/news/2018/09/russian-spies-detained-in-the-hague-were-planning-cyber-break-in-at-swiss-lab-nrc/

Container Security: From Development to Runtime - Container Journal

Containers have become a critical part of cloud environments because they are inherently equipped to run arbitrary code with minimal overhead. This makes Container security tends to be discussed in terms of DevOps efforts, especially what developers bring to containers.

https://containerjournal.com/2018/08/30/container-security-from-development-to-runtime/

MEGA Chrome Extension Hacked - Detailed Timeline of Events - SerHack security engineer

On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company.

https://serhack.me/articles/mega-chrome-extension-hacked

https://infosec.exchange/media/lna77UFmjZycd2tWGF8

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

Uninvited middlemen may be messing with message

https://www.theregister.co.uk/2018/08/20/dns_interception/

https://infosec.exchange/media/Pkud94c5jY4D6f7tpCY

Here is an example of a Mastdon spam bot. It follows and is followed by other spam bots in an effort to look like a legitimate human user.

https://infosec.exchange/media/t_f1KaiMov2Am9FLjZU