#Cloudflare introduces a 220.127.116.11 #DNS resolver app for #Android and #iOS. Only concern for Android is that it asks for microphone recording and photo access for "bug reporting" #infosec #security #privacy
Besides, redirecting from HTTP to HTTPS is a flawed idea.
The browsers should always try HTTPS first, and only if it doesn't work, try HTTP.
If they MITM your first connection, they can downgrade you to HTTP in both approaches.
If there's HSTS, the you type link w/o scheme, and you get MITMed on _second_ connection, you're protected in both approaches.
The approach w/o redirect saves a round-trip and increases support for older devices.
Apparently at least one major government had an insider working undercover at Twitter:
It doesn't really matter if Twitter is trustworthy or not, simply having a vast amount of personal data in one place is going to attract spies from all sorts of organisations that wish to misuse it.
This is why decentralisation is important, to make it technically more difficult to invade people's privacy.
@FlyingLawyer this is a somewhat common question without a great answer. Ransomware itself rarely exfiltrates - I’m not aware of any that actually does. When you think about it, exfiltration complicates, and likely breaks the commodity ransomware business model. Not to mention that most computers and company networks have much more data that can be easily exfiltrated on some reasonable timeline. That means exfiltration would have to be targeted to certain files/types. However...
#Steam #API bug permitted the CD key for ANY #game to be provided without the account holder owning any of these titles. I would have loved 36,000 copies of Farm Simulator 😂 #security
Bug Bounty Hunter Ran ISP Doxing Service as a double life. Reporting bugs and collecting the rewards on one hand whilst selling services underground exploiting those very vulnerabilities #infosec #security #privacy https://krebsonsecurity.com/2018/11/bug-bounty-hunter-ran-isp-doxing-service/
This is an excellent reason why you do not undertake #DDoS attacks and publicise your taunts on social media. Old mate here is up for 10 years prison for hitting EA and Sony #infosec #security #privacy
US Cyber Command begins uploading #malware samples to #VirusTotal to share with the #infosec community. No attribution, no politics. Just raw samples to bolster collaboration with the community. Great start to a professional relationship #security #privacy
Old mate in #China thought he could maximise his #cryptocurrency mining revenue by moving his 8 rigs to the school he heads. He made it a year without being caught. Dismissing complaints of high bills with the classic excuse of AC use 😂 #privacy #security
An unidentified #APT group has reverse engineered #Adobe's latest patch on #ColdFusion servers and as a result exploiting unpatched devices for potential future use as watering holes or for hosting #malware. #infosec #security #privacy
In case you missed it, there's a non-technical explanation of federation/decentralisation on switching.social:
It's aimed at people who have no prior knowledge. If you know someone who is confused by how a decentralised platform works (for example Mastodon compared to Twitter), you might want to send them this link.
This is a beautiful guide for anyone looking to conduct in-office #security training. Several strong points about password management, social media and practical demos. Highly recommended for the c suite appeal #infosec #privacy
#China trials their gait recognition system with accuracy up to 50 metres away. Sounds like a great way to catch criminals without facial recognition or a way to enable further mass #surveillance #infosec #security #privacy
Facebook's Portal speaker is now on sale and the company claims it definitely won't spy on you. Can't wait to see the first cases hit the courtrooms 😂 #infosec #security #privacy https://mashable.com/article/facebook-portal-speaker-on-sale-privacy.amp
Bill Gates, the man behind #Microsoft, brings us a jar of poop at a #Beijing toilet conference. Talk focused around water-less toilet technology. That's one way to get the audience going 😂 https://gizmodo.com/bill-gates-showed-off-a-jar-of-poop-to-get-people-jazze-1830262749
AT&T will cut off service for customers who distribute #copyrighted content. This is a bold move for an internet service provider in the fight for #privacy https://www.theverge.com/platform/amp/2018/11/6/18069640/att-cut-off-service-piracy-violations
'Almost All' Pakistani banks were #hacked with lots of personal information stolen in addition to the standard pilfering of account funds. The national intelligence body is labelling it an external attack #infosec #security #privacy https://it.slashdot.org/story/18/11/06/2155237/almost-all-pakistani-banks-hacked-in-security-breach-report-says?utm_source=rss1.0mainlinkanon&utm_medium=feed
InfoSec apprentice. Loves some good drama, furphies and ring stingers
A Mastodon instance for info/cyber security-minded people.