Kissaki

@Kissaki@programming.dev

This is a remote user, information on this page may be incomplete. View at Source ↗

@GitHub, website

⁨Comment⁩ on ⁨45,000 malicious IP addresses taken down in international cyber operation⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

Participating countries and territories: Angola, Argentina, Austria, Bahrain, Bangladesh, Bolivia, Bosnia and Herzegovina, Botswana Brazil, Brunei, Burkina Faso, Burundi, Cameroon, Colombia, Democratic Rep of Congo, Eritrea, Eswatini, France, Gambia, Georgia, Greece, Guatemala, Guinea, Guinea Bissau, Guyana, Honduras, Iceland, India, Iraq, Ireland, Israel, Japan, Jordan, Kazakhstan, Kenya, Kuwait, Latvia, Lebanon, Lesotho, Liechtenstein, Macao (China), Madagascar, Malaysia, Maldives, Moldova, Mongolia, Niger, Nigeria, North Macedonia, Oman, Pakistan, Palestine, Paraguay, Philippines, Poland, Qatar, Singapore, South Africa, South Sudan, Spain, Sri Lanka, Switzerland, Tanzania, Togo, Türkiye, Uganda, Ukraine, United Arab Emirates, United Kingdom, Venezuela, Zambia, Zimbabwe.

Impressive list of countries participating
⁨Comment⁩ on ⁨Russian-backed hackers have gained access to Signal and WhatsApp accounts used ‌by officials, military personnel and journalists, as claimed by two intelligence agencies in the Netherlands.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Classic phishing. Secure channels are only as good as the gate and key handling surrounding them.

For official org-based accounts like that, I could imagine a messaging system where you can only see and share security codes with a second-person factor. If the user wants to access it, at least another authorized trained person must take part, acknowledge, and authorize the action. As long as users can access key information relatively easily, they are phishable.
⁨Comment⁩ on ⁨Password managers less secure than promised⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
It is impossible for me to remember all my passwords. Maybe I have more accounts than other people. I remember the most important ones, amongst them a very long password manager DB password that is annoying to enter, especially on mobile.

First time I set up keepass I forgot the password. I still have the DB file without access. But the second time, I was more serious and committed to it, and made sure to remember and use the password. 😅
⁨Comment⁩ on ⁨The Shadow Campaigns: Uncovering Global Espionage⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
It’s crazy how border control and sanctions are normalized political topics, yet I’ve never heard suggestions of applying that to the internet.

Suppressive regimes often control their network and network borders. Everyone outside not doing so is quite asymmetric.
⁨Comment⁩ on ⁨Breaking Bitlocker - Bypassing the Windows Disk Encryption⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Thank you for sharing. Very interesting.

We’re currently evaluating and rolling out encryption at work, so being informed about the limits of these setups is quite good - even if it’s not actually my task to work on those.
⁨Comment⁩ on ⁨Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

It’s possible for users to store those keys on a device they own, but Microsoft also recommends BitLocker users store their keys on its servers for convenience.

Pretty obvious that if you hand over the (recovery) keys that they’d follow court orders.

Of course, the criticism about defaults is warranted. At the same time, even outside of control concerns, it’s fairly obvious why Microsoft would choose user convenience and ability to recover data over loss of data.

It should be a well informed choice that makes the risks clear when setting it up.
Breaking Bitlocker - Bypassing the Windows Disk Encryptionwww.youtube.com ↗
Submitted ⁨⁨1⁩ ⁨month⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨6⁩ ⁨comments⁩
Glassworm's resurgence - Secure Annexsecureannex.com ↗
Submitted ⁨⁨3⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨0⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I expect some hot Java code on that website 😏
⁨Comment⁩ on ⁨Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
rnicrosoft.corn 🌽
⁨Comment⁩ on ⁨3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

We have found no evidence of malicious actors abusing this vector"

“We see no evidence of that which we do not monitor.”

These press releases/responses seem to never include “we track x and y and see no evidence”. I can only assume the worst.
We Hacked Flock Safety Cameras in under 30 Seconds - Benn Jordan (YouTube, 40 min)www.youtube.com ↗
Submitted ⁨⁨3⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨1⁩ ⁨comment⁩
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I always read the weekly post title and am tempted to write and comment. I’ve written an entire post before. But then I notice it’s in c/cybersecurity - which my work is not in specifically. 😅
Today I learned: binfmt_misc - dfir.ch - shadow suiddfir.ch ↗
Submitted ⁨⁨4⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨0⁩ ⁨comments⁩
⁨Comment⁩ on ⁨The limits of zero-knowledge for age-verification | Brave⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
It’s new to me that it’s NFC. I was under the impression I need to buy a reader device to make use of digital auth or signature stuff.
⁨Comment⁩ on ⁨One wrong letter: UN moves to curb cybercrime with new convention | UN News⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Looking at the US in particular right now, I’m not confident it would be used on good conscience. Who knows what they want to prosecute. Justice frameworks can only work with confidence in justice.

This explanation sounds fine. I haven’t seen an actual link to the content of the agreed upon convention across the linked sites.

The Wikipedia article on United Nations Convention against Cybercrime paints a much more concerning picture.

The convention names four types of crimes in particular, which human rights advocates argue are framed too broadly, applicable to any crime committed using an information or communications technology. Many of the crimes it would apply to have only a thin connection to the kind of serious cybercrime, like ransomware and child exploitation, that motivated the convention.

Several organizations highlight the way the convention’s language about human rights protections are largely suggestions left to the discretion of member states, including those with a record of human rights abuses.

Let’s hope it’s a useful framework countries will still make assessments and restrictions on depending on who they’re dealing and working together with. I’m still concerned though.

Why is this community not allowing English language comments when it’s seemingly obviously in English?