-
22 votes
-
On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths
27 votes -
The not-so-silent type. Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers.
9 votes -
US medical providers still grappling with UnitedHealth cyberattack
9 votes -
Help me ditch Chrome's password manager!
I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options...
I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options I'm overwhelmed by the selection. There are a lot of popular options out there, and I really don't have the time/energy to endure a misstep. So without a clear idea of which manager will check all of my boxes, I end up bailing on the process and keep using chrome's built in option.
So to start, here's what I like about Chrome:
- Automatically offers to store passwords without extra clicks
- Autofills automatically where it can, and gives me an easy choice when it can't
- Works everywhere I need passwords. (basically everywhere I browse the internet since chrome works everywhere)
- Minimal overhead. This is hard to beat since Chrome just includes it, so I'm fine with a little extra setup if necessary.
I used to use keepass portable on a thumb drive (I want to say circa ~2009ish), but it became really inconvenient as my usage shifted more to mobile devices.
I see this as a first step to also reducing my reliance on Chrome so I can start to consider other browsers. Right now I feel locked in to Google's ecosystem, but I know I can break it up if I don't get too bogged down by choice. Much appreciate any help. :)
34 votes -
Bug in glibc's iconv() function allows for RCE in PHP servers by setting charset to ISO-2022-CN-EXT to trigger buffer overflow (CVE-2024-2961)
9 votes -
When provided with CVE descriptions of 15 different vulnerabilities and a set of tools useful for exploitation, GPT-4 was capable of autonomously exploiting 13 of which, yielding an 87% success rate
17 votes -
There used to be a people’s bank at the US Post Office
37 votes -
Riot’s Vanguard comes to League
19 votes -
Twitter replaces twitter.com with x.com without user consent. Bad implementation invites an influx of Phishing attacks. (german source)
48 votes -
Don’t set up wildcard DNS records for GitHub Pages
18 votes -
Critical vulnerability in Rust's Command library allows for command injection when using its API to invoke batch scripts with arguments on Windows systems (CVE-2024-24576)
18 votes -
Sweden's public sector has ditched Big Tech in the name of privacy as a major telecom provider unveiled a new secure collaboration hub
14 votes -
Backdoor in upstream libxz targeting sshd
104 votes -
Kobold letters. Why HTML emails are a risk to your organization.
33 votes -
Lessons learned from the Google trade secret theft indictment
7 votes -
Finland's response to Russia's invasion of Ukraine has been to move away from policy of self-reliance and embrace the alliance
12 votes -
Fighting cookie theft using device bound sessions
14 votes -
Will the Apple antitrust case affect your phone’s security?
15 votes -
Ross Anderson, computer security expert, passed away
12 votes -
What happened when you visited a medieval inn?
11 votes -
Hackers found a way to open any of three million hotel keycard locks in seconds
42 votes -
The creeping politicization of the US Military
17 votes -
‘We’re hemorrhaging money’: US health clinics try to stay open after unprecedented cyberattack
31 votes -
You can not simply publicly access private secure links, can you?
11 votes -
White House urges use of type safe and memory safe programming languages and hardware
38 votes -
White House to Developers: Using C or C++ Invites Cybersecurity Risks
5 votes -
Leak of documents on spyware developed by vendor for Chinese government
33 votes -
US House Intel Chairman announces ‘serious national security threat,’ sources say it is related to Russia's nuclear capabilities in space
30 votes -
Twitter/X provides premium perks to Hezbollah, other US-sanctioned groups
18 votes -
What Is A Secure Note-Taking App?
I've been using Google's Keep Notes for all my note-taking, but I would like to shift away from that and use an app that is more secure. I've heard of Notion and Evernote but I'm not sure about...
I've been using Google's Keep Notes for all my note-taking, but I would like to shift away from that and use an app that is more secure. I've heard of Notion and Evernote but I'm not sure about their level of security/encryption. Any suggestions?
20 votes -
A 2024 plea for lean software
36 votes -
The extraordinary world of fake cities, and simulated urban environments
3 votes -
MIT PhD student hacks Apple Vision Pro days after release, reveals potential jailbreaks and malware threats
19 votes -
What are people's thoughts on "secureblue", "bazzite" and other ublue images?
7 votes -
Your security program is shit
63 votes -
ChatGPT is leaking passwords from private conversations of its users, Ars reader says
17 votes -
In major gaffe, hacked Microsoft test account was assigned admin privileges
28 votes -
Twenty-six billion records exposed in massive leak, including data from Linkedin, X, Dropbox
44 votes -
How nuclear weapons and nuclear materials are transported
7 votes -
Hackers can infect network-connected wrenches to install ransomware, researchers say
28 votes -
Inside the world's highest tech prison - HMP Fosse Way
12 votes -
4-year campaign backdoored iPhones using possibly the most advanced exploit ever
43 votes -
EU Cyber Resilience Act: What does it mean for open source?
13 votes -
All cops are broadcasting. TETRA unlocked after decades in the shadows.
26 votes -
India targets Apple over its phone hacking notifications
19 votes -
Ten years later, new clues in the Target breach
24 votes -
How to lose a library [British Library cyber attacks]
10 votes -
Finland's government has cited security concerns for the closure of all border crossings with Russia – Russian-speaking Finns say their rights are being violated
24 votes -
Danish parliament has voted to ban the burning of religious scriptures after a series of Qur’an desecrations in the country and neighbouring Sweden
26 votes -
Ex-Twitter exec claims X fired him for raising security concerns
21 votes -
US senator warns governments are spying on Apple and Google users via push notifications
38 votes -
Harvard gutted initial team examining Facebook files following $500 million donation from Chan Zuckerberg Initiative, Whistleblower Aid client reveals
42 votes -
Now Open: 2023 SANS Holiday Hack Challenge & KringleCon
1 vote -
How the US Secret Service keeps presidential motorcades safe
5 votes -
Weather extremes threaten food security (2012)
9 votes -
The curious case of the Danish spy chief and former minister may be over, but key questions about secrecy and democracy remain
6 votes -
Self-proclaimed 'gay furry hackers' breach nuclear lab; demands research into IRL catgirls
71 votes -
Nothing’s iMessage app was a security catastrophe, taken down in 24 hours
65 votes -
Microsoft’s Windows Hello fingerprint authentication has been bypassed
41 votes -
Cybersecurity firm CEO pleads guilty to hacking hospitals to boost his company's business
36 votes -
Russia's war in Ukraine and destabilising "hybrid warfare" actions on the eastern border put foreign and security policy top of the agenda in Finland's presidential election
8 votes -
Ransomware gang files SEC complaint over victim’s undisclosed breach
26 votes -
Payments app Zelle begins refunds for imposter scams after Washington pressure
13 votes -
Mike Johnson's 'porn monitoring' remarks spark US national security concerns
47 votes -
Denmark's former defence minister and ex-spy chief have spoken of their relief after prosecutors dramatically dropped criminal charges for leaking state secrets
7 votes -
AI cameras took over one small American town. Now they're everywhere
30 votes -
After hack, personally identifiable information records of a large percentage of citizens of India for sale on the dark web. The hack includes biometric data
22 votes -
US sues SolarWinds for fraud over alleged cyber security neglect ahead of 2020 Russian hack of Justice and Homeland Security departments
25 votes -
For those who have tried YubiKey for personal use, is it worth it?
I saw people talking about YubiKey here a few weeks ago so I got curious. Unfortunately, I’m not seeing a lot of helpful reviews for it. I’m personally getting tired of having to take my phone...
I saw people talking about YubiKey here a few weeks ago so I got curious. Unfortunately, I’m not seeing a lot of helpful reviews for it.
I’m personally getting tired of having to take my phone anytime I need 2FA for Okta but I don’t have a lot of super important accounts to secure so I’m going back and forth in deciding whether the 100+ euro investment (to get two so that there’s a duplicate) would be worth it.
How do you use your YubiKey in your personal life and do you think it’s worth your use case ?
35 votes -
Immersive Labs "Haunted Halloween" Challenges 2023
Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive,...
Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive, gamified learning in the realm of cybersecurity. They've been known to host challenges that test and enhance cyber skills.
You can sign up for free using code HAUNTEDHOLLOW to try it out hubs.ly/Q026LTZV0.
Now, I'm not posting this solely out of altruism. I could use some help on the 'Mirrored Mayhem' task.
Spoiler Alert: Details about the challenge below
I've managed to get the RCE. I've crafted a PNG and successfully executed remote code. However, I'm only able to find the 'webapp-token'. I'm at a loss when it comes to the 'user-token' or 'root-token'. The 'whats in the mirror?' file isn't giving me any leads either. I've also got a username/password from it but can't figure out where to use them.Would appreciate any pointers or hints from anyone who's tackled this challenge. Thanks in advance!
4 votes -
Denmark leads the Women Peace and Security Index 2023/24, scoring more than three times higher than Afghanistan at the bottom of the scale
14 votes -
Systems Alchemy: The Transmutation of Hacking (2023)
5 votes -
It’s official: The era of China’s global dominance is over
22 votes -
Prosecutors in Finland have charged a hacker accused of the theft of tens of thousands of records from psychotherapy patients
9 votes -
Finland faces growing Russian online threat, Finnish security services say – espionage attempts have increased since Ukraine invasion
22 votes -
A redistribution of nitrogen fertiliser across global croplands can help achieve food security within environmental boundaries
6 votes -
How do you test your home network security?
As I'm exploring the idea of hosting my data at home (with offsite backups), I would like to better understand how to test my home network for security vulnerabilities. I have run basic Nmap scans...
As I'm exploring the idea of hosting my data at home (with offsite backups), I would like to better understand how to test my home network for security vulnerabilities.
I have run basic Nmap scans and confirmed that there are no open ports. I've confirmed that users have access to what they need but nothing else, and that guests using the network for web access don't have any sort of access to data. All data is encrypted so someone stealing the physical hardware shouldn't have access to the contents, either. But that's about as far as I know what to do.
What else could and should I try? How do you pentest your home network?
I feel I'm ok with my understanding of how to set things up so that everything is relatively secure. But I have very little idea how to actually test the setup.
Edit: Added a sentence about encryption.
25 votes -
The language used to describe AI risks
6 votes -
Former US President Donald Trump allegedly discussed US nuclear subs with Australian billionaire businessman Anthony Pratt after leaving White House: Sources
43 votes -
The inability to count correctly: Debunking the US National Institute of Standards and Technology's calculation of the cryptographic security level of Kyber-512
25 votes -
How Lars Findsen and Claus Hjort Frederiksen came to be facing trial for allegedly disclosing Danish state secrets that had been in the public domain for years
10 votes -
The dangers of LLM self-exfiltration: AI alignment and cybersecurity challenges
5 votes -
Building automation giant Johnson Controls hit by ransomware attack
8 votes -
How do you use your YubiKeys?
I'm a little late on this, admittedly. $dayjob is requiring us all to set up a pair of YubiKeys, and I'm using them for the first time and my mind is a little blown. I was seeing articles about...
I'm a little late on this, admittedly. $dayjob is requiring us all to set up a pair of YubiKeys, and I'm using them for the first time and my mind is a little blown.
I was seeing articles about "passkeys" all summer, not really grokking what they were talking about, clinging to my usernames and passwords and 2FA codes coming out of 1Password, etc.
I just set it up on a few accounts today, initially as an additional 2FA source, but when I set them on GitHub, I saw for the first time how exactly they are used instead of the username and password and 2FA combo to log in, and it seems incredible to me!
For long-time YubiKey users: what are some cool things in the ecosystem that you would recommend looking at?
21 votes -
China climate envoy says phasing out fossil fuels 'unrealistic'
22 votes -
CVE-2020-19909 is everything that is wrong with CVEs (false bug report for curl)
25 votes -
Popular thesaurus website used in sneaky cryptojacking scheme
11 votes -
China exports of gallium and germanium, used in manufacture of semiconductors, fell to zero in August
25 votes -
Nearly 400 primate skulls headed for US collectors seized in "staggering" discovery at French airport
10 votes -
Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters
13 votes -
Wyze security breach: Why we’re pulling our recommendation of Wyze security cameras
27 votes -
At MGM's hacked casinos in Las Vegas, evidence of the massive ransomware hack is everywhere, if you're looking for it
45 votes -
New SprySOCKS Linux malware used in cyber espionage attacks
12 votes -
Experts link LastPass security breach to a string of crypto heists
48 votes -
Should I use third party firewall or antivirus on Windows (or elsewhere)? Which one?
It's seems to have been common sense for a while now that Windows has good-enough security software that you don't need 3rd party tools but is it actually the case now? Is there anything to lose...
It's seems to have been common sense for a while now that Windows has good-enough security software that you don't need 3rd party tools but is it actually the case now? Is there anything to lose or gain from trusting 3rd party with this stuff?
20 votes -
What password management solution do you use and why?
For a long time now, I have been using KeePassXC for desktops and KeePassDX for Android. I keep everything synchronized neatly with Syncthing, which can be configured to operate over your WiFi or...
For a long time now, I have been using KeePassXC for desktops and KeePassDX for Android. I keep everything synchronized neatly with Syncthing, which can be configured to operate over your WiFi or the internet through their gateways. This allows me to share a single KeePass file with another individual, provided I tell them the password.
I have a co-worker who is loving 1Password and while it looks great, something irks me about paying monthly for a password manager. I looked into Bitwarden for a "local cloud" and have seen very mixed results as well as not being sure if I could trust my own security configurations to do so.
I am primarily wondering what everyone else is using in search of something a bit more convenient (I'm not opposed to using the cloud) that has an app like KeePass that I can use for desktop apps, and not just in the browser (though I don't use that function often, truthfully).
Edit: Passkey support was mentioned in this comment and made me realize how important such support will be in the coming years. For those of you with password management solutions supporting it, how has it been?
107 votes -
All Apple users are recommended to immediately update their devices to patch a zero-click, zero-day exploit captured in the wild
102 votes -
US extremists keep trying to trigger mass blackouts — and that’s not even the scariest part
29 votes -
It’s official: Cars are the worst product category we have ever reviewed for privacy
130 votes