X_Cli boosted

Nous attaquons le #PasseSanitaire en référé devant le Conseil d'État
car il force illégalement à posséder une carte d'identité, divulgue des données de santé et ouvre la voie aux contrôles d'identité automatisés.

laquadrature.net/2021/06/09/pa

Nouveau coup dur : la CNIL se couche et déclare satisfaisante la protection des données apportée par le pass sanitaire, alors que le gouvernement a largement ignoré toutes les recommandations :

francetvinfo.fr/sante/maladie/

> Même si le délai pour examiner ces dispositifs a été "trop bref", Marie-Laure Denis (présidente de la CNIL) se félicite d'avoir été entendue sur deux points essentiels : la durée de vie limitée et la non-transmission des données personnelles.

X_Cli boosted

Minisign, by @jedisct1, is a dead simple tool to sign files and verify signatures; it is portable, lightweight, and uses Ed25519 public key signatures jedisct1.github.io/minisign/

X_Cli boosted

According to Google, you’re not human if you aren’t being tracked by Google.

“…one of the ways that Google determines whether you’re a malicious user or not is whether you already have a Google cookie installed on your browser.”

fastcompany.com/90369697/googl

#SurveillanceCapitalism

X_Cli boosted

Voici une analyse technique détaillée du #PassSanitaire (le #QR_code qui va dire si vous pouvez rentrer dans la salle de spectacle).

broken-by-design.fr/posts/pass

Je note que l’argumentaire du gouvernement montre une ignorance de l’informatique. Le QR-code contient des informations de santé un peu précises, mais le gouvernement dit que l’ouvreur à l’entrée de la salle n’aura qu’une information binaire, « peut entrer / ne peut pas ». 1/3

I thought writing a press article during tens of hours for about 400€ was not a good time investment. But at least, you educate a lot of people.

I can now see that writing a video, filming, and editing for tens of hours, for about 50 viewers... is just depressing.

Pass sanitaire et vie privée : quels sont les risques ?

peertube.stream/videos/watch/a

J'ai investigué sur le , avec des ami(e)s. Le résultat n'est pas bien joli à voir. Petite vidéo explicative du résultat de nos investigations.

-19 🇫🇷

JIT-ed SQL requests. That's a thing.

Why? How? When? Who thought that was a good idea?

postgresql.org/docs/13/jit.htm

X_Cli boosted

#GMail is harmful to e-mail ecosystem; its antispam blocking policy matches too many valid messages as spam.

It blocked LastPass email leak warning email, because it contained "a link" to a leaked site.

It blocked an e-mail from goverment agency addressed directly to me.

It discriminates all non-gmail servers, and it's pretty much impossible to own a private SMTP server these days, because GMail will classify everything as spam.

It's not how e-mail should work.

Consider dropping GMail.

Friendly reminder: if someone asks you to sign a CLA (Contributor Licence Agreement), tell them to get lost and contribute to another project instead :)

Just a quick update: I'm still using with as my only instant messaging app. Still satisfied, after a few months.

To be transparent: I only got two bugs in total. One was purely graphical; I reloaded my session and was done with it. The other one made me lose 3 messages. I asked the sender to send them again, et voilà. I helped migrating about 20 people. They are all delighted by Element, and they prefer it over their previous app

No regret to leave behind. Fuck

😱 curl.se/docs/CVE-2021-22901.ht

libcurl can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client.

🇫🇷 Cours - 01 - Introduction et Mécanismes pour le support des conteneurs

Par Julien Cartigny

youtube.com/watch?v=FrmfAbp-zj

X_Cli boosted

#Signal can't even bypass censorship of SMS/Call. Iran blocked their SMS/Call verification and Iranians can't sign up anymore. This is how weak their system is.

Regarding Sci-hub saving operation, I wonder if IPFS would not be the perfect solution for hosting this content. It is all static documents and content addressing would be exactly what's required..

X_Cli boosted

Good thing rust is memory safe. That gives programmers the time and energy to focus on other security relevant issues. :flan_evil:
marc.info/?l=oss-security&m=16

Suis-je le seul à trouver que devoir rechercher à intervalle sur Doctolib s'il y a des places pour se faire vacciner, ça ressemble à une grande lotterie nationale avec pour prix l'amélioraiton des chances de survie des gagnants (sans compter les accès réservés pour les super-citoyens qui ont gagné le droit au "pass sanitaire" ) ?

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.