Kissaki
@Kissaki@programming.dev
- Comment on The Shadow Campaigns: Uncovering Global Espionage 3 days ago:
It’s crazy how border control and sanctions are normalized political topics, yet I’ve never heard suggestions of applying that to the internet.
Suppressive regimes often control their network and network borders. Everyone outside not doing so is quite asymmetric.
- Comment on Breaking Bitlocker - Bypassing the Windows Disk Encryption 2 weeks ago:
Thank you for sharing. Very interesting.
We’re currently evaluating and rolling out encryption at work, so being informed about the limits of these setups is quite good - even if it’s not actually my task to work on those.
- Comment on Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw 2 weeks ago:
It’s possible for users to store those keys on a device they own, but Microsoft also recommends BitLocker users store their keys on its servers for convenience.
Pretty obvious that if you hand over the (recovery) keys that they’d follow court orders.
Of course, the criticism about defaults is warranted. At the same time, even outside of control concerns, it’s fairly obvious why Microsoft would choose user convenience and ability to recover data over loss of data.
It should be a well informed choice that makes the risks clear when setting it up.
- Submitted 2 weeks ago to cybersecurity@infosec.pub | 6 comments
- Submitted 2 months ago to cybersecurity@infosec.pub | 0 comments
- Comment on Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials 2 months ago:
I expect some hot Java code on that website 😏
- Comment on Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials 2 months ago:
rnicrosoft.corn🌽 - Comment on 3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated 2 months ago:
We have found no evidence of malicious actors abusing this vector"
“We see no evidence of that which we do not monitor.”
These press releases/responses seem to never include “we track x and y and see no evidence”. I can only assume the worst.
- Submitted 2 months ago to cybersecurity@infosec.pub | 1 comment
- Comment on What are You Working on Wednesday 2 months ago:
I always read the weekly post title and am tempted to write and comment. I’ve written an entire post before. But then I notice it’s in c/cybersecurity - which my work is not in specifically. 😅
- Submitted 2 months ago to cybersecurity@infosec.pub | 0 comments
- Comment on The limits of zero-knowledge for age-verification | Brave 2 months ago:
It’s new to me that it’s NFC. I was under the impression I need to buy a reader device to make use of digital auth or signature stuff.
- Comment on One wrong letter: UN moves to curb cybercrime with new convention | UN News 3 months ago:
Looking at the US in particular right now, I’m not confident it would be used on good conscience. Who knows what they want to prosecute. Justice frameworks can only work with confidence in justice.
This explanation sounds fine. I haven’t seen an actual link to the content of the agreed upon convention across the linked sites.
The Wikipedia article on United Nations Convention against Cybercrime paints a much more concerning picture.
The convention names four types of crimes in particular, which human rights advocates argue are framed too broadly, applicable to any crime committed using an information or communications technology. Many of the crimes it would apply to have only a thin connection to the kind of serious cybercrime, like ransomware and child exploitation, that motivated the convention.
Several organizations highlight the way the convention’s language about human rights protections are largely suggestions left to the discretion of member states, including those with a record of human rights abuses.
Let’s hope it’s a useful framework countries will still make assessments and restrictions on depending on who they’re dealing and working together with. I’m still concerned though.
Why is this community not allowing English language comments when it’s seemingly obviously in English?