X_Cli @x_cli@infosec.exchange

Google Engineer Leaks Nearly 1,000 Internal Documents, Alleging Bias, Censorship https://www.theepochtimes.com/google-engineer-leaks-nearly-1000-internal-documents-alleging-bias-censorship_3042234.html di @EpochTimes@twitter.com

As such, when should a security advisory be published?

More on Backdooring (or Not) WhatsApp https://www.schneier.com/blog/archives/2019/08/more_on_backdoo.html

The #PGP Problem. I agree with most of the points in this article. Well-done writeup.

https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

China Is Forcing Tourists to Install Text-Stealing Malware at its Border - VICE
https://www.vice.com/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware

Pleroma Releases 1.0!

Pleroma, the Elixir-based fediverse communication platform, has finally pushed out a stable 1.0 release! https://wedistribute.org/2019/06/pleroma-releases-1-0/

The contribution to @mobilizon is amazing! They need 8k€ for the last step and 25 days remain. I do trust this project and thanks to @Framasoft for moving edges for our privacy!

If you want to contribute:
https://joinmobilizon.org/en/

"How many TOTP secrets can be stored on YubiKeys and Nitrokeys?":

– Nitrokeys: up to 16
– YubiKeys: up to 32

(Values may differ due to different firmware, or hardware variants.)

In both cases, you need additional software to use TOTP since these tokens don't come with their own internal clock. A clock would require an energy source, but these tokens don't contain batteries.

#securitytoken #yubikey #nitrokey #gpg #pgp

Just to remind my IT affine bubble:

Plan for your death; what passwords should be able to be accessed after your death, which mustn't?
Share a database with the current ones and maybe a splitted password with the right people .

Make contact lists, if your phone is locked

[Appel à la communauté]
On a besoin d'aide pour faire connaître notre projet #Mobilizon. En gros, si vous trouvez que ce n'est pas génial d'utiliser Facebook ou Meetup pour vous rassembler, vous organiser et vous mobiliser, aidez-nous à faire connaître ce projet.

Vous connaissez des personnes susceptibles d'être intéressées (manifestant⋅es, militant⋅es, activistes, etc.) ??? Partagez auprès d'elles ces informations ! On vous remercie beaucoup fort ❤️

➡️ https://joinmobilizon.org/fr/

"""
So npm Inc is a private entity in control of our commons, and we are not. Does that make it evil? No. It doesn’t. It doesn’t make it good, either.

The question of its benevolence is the wrong question to ask.

npm is not a benevolent institution. It CANNOT be one.

The possibility of it being that ended the day its owner took VC funding instead of putting it into a foundation or some other form of community ownership. That decision turned npm into a financial instrument.
"""

#Snapchat Employees Abused Data Access to Spy on Users.
Multiple sources and emails also describe #SnapLion, an internal tool used by various departments to access Snapchat user data.
https://www.vice.com/en_us/article/xwnva7/snapchat-employees-abused-data-access-spy-on-users-snaplion

"WhatsApp was hacked and attackers installed spyware on people’s phones" - https://www.businessinsider.com/whatsapp-hacked-attackers-installed-spyware-2019-5 #Privacy #Security #WhatsApp