-
104 votes
-
LastPass users locked out due to MFA resets
64 votes -
Your security program is shit
63 votes -
Linux bans the University of Minnesota for sending intentionally buggy patches in the name of research
58 votes -
Twitter replaces twitter.com with x.com without user consent. Bad implementation invites an influx of Phishing attacks. (german source)
48 votes -
New acoustic attack steals data from keystrokes with 95% accuracy
48 votes -
4-year campaign backdoored iPhones using possibly the most advanced exploit ever
43 votes -
CPU.fail - Multiple attacks against modern Intel CPUs disclosed (ZombieLoad, RIDL, Fallout)
43 votes -
Downfall security vulnerability in Intel processors
40 votes -
xkcd 2044: Sandboxing Cycle
37 votes -
A 2024 plea for lean software
36 votes -
How I recorded user behaviour on my competitor’s websites
32 votes -
Have I Been Pwned is no longer being sold, and Troy Hunt will continue running it independently
29 votes -
How do I get started in self hosting?
I'm curious on how to get started in self hosting. I have computer experience, being an Android Developer, but I hardly have experience in Linux and backend/networking work. I've been wanting to...
I'm curious on how to get started in self hosting. I have computer experience, being an Android Developer, but I hardly have experience in Linux and backend/networking work.
I've been wanting to start up a Plex/Jellyfin server for a while, and I have an old system sitting around with a Ryzen 1700 with a graphics card in there as well that's been begging for attention, and maybe I can throw on a Minecraft server in there as well. Since I travel a bunch, it would be nice too to be able to access my media for when I'm traveling, or to let my parents or friends access some shows if they so desire!
What I'm worried about is exposing my network to the internet basically. I used to run a Minecraft server with port forwarding and such on a personal computer but now I'm realizing that that's probably a bit unsafe lol.
Basically, are there any guides that I can look at, or any of your own experiences that could potentially help me or anyone who's interested?
28 votes -
Observatory by Mozilla
28 votes -
On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths
27 votes -
Steam's login method is kinda interesting
27 votes -
Matrix.org data breach
26 votes -
How do you test your home network security?
As I'm exploring the idea of hosting my data at home (with offsite backups), I would like to better understand how to test my home network for security vulnerabilities. I have run basic Nmap scans...
As I'm exploring the idea of hosting my data at home (with offsite backups), I would like to better understand how to test my home network for security vulnerabilities.
I have run basic Nmap scans and confirmed that there are no open ports. I've confirmed that users have access to what they need but nothing else, and that guests using the network for web access don't have any sort of access to data. All data is encrypted so someone stealing the physical hardware shouldn't have access to the contents, either. But that's about as far as I know what to do.
What else could and should I try? How do you pentest your home network?
I feel I'm ok with my understanding of how to set things up so that everything is relatively secure. But I have very little idea how to actually test the setup.
Edit: Added a sentence about encryption.
25 votes -
The inability to count correctly: Debunking the US National Institute of Standards and Technology's calculation of the cryptographic security level of Kyber-512
25 votes -
CVE-2020-19909 is everything that is wrong with CVEs (false bug report for curl)
25 votes -
Project Svalbard: The Future of Have I Been Pwned
25 votes -
Let's Encrypt Is Now Officially Trusted by All Major Root Programs
25 votes -
Friday Security Brief
Friday Security Brief This release is trial for a weekly security brief compiled from trusted sources that encourage a general awareness of cyber security issues. I'm still not sure about how to...
Friday Security Brief
This release is trial for a weekly security brief compiled from trusted sources that encourage a general awareness of cyber security issues. I'm still not sure about how to do this so any thoughts or feedback will be appreciated.
Brexit deal mandates a limit to security standards
"In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA:"
Brexit Deal Mandates Old Insecure Crypto Algorithms ~ Schneier on Security
FBI Warns of Hijacked Security Devices being exploited for Swatting
"Stolen email passwords are being used to hijack smart home security systems to “swat” unsuspecting users, the Federal Bureau of Investigation warned this week. The announcement comes after concerned device manufacturers alerted law enforcement about the issue."
FBI Warn Hackers are Using Hijacked Home Security Devices for Swatting ~ Threatpost
A look back at some email attacks of 2020
"In 2020, our spam folders bulged with malware-laced emails, phishing lures linking to ransomware schemes, impersonation attacks, spoofed brand and fake domain missives, and dubious requests from legit-sounding companies. So, what defined 2020 in spam?"
Inbox Attacks: The Miserable Year (2020) That Was ~ Threatpost
SolarWinds hackers accessed Microsoft source code
"The hackers behind the SolarWinds supply chain attack managed to escalate access inside Microsoft's internal network and gain access to a small number of internal accounts, which they used to access Microsoft source code repositories, the company said on Thursday."
SolarWinds hackers accessed Microsoft source code ~ Zdnet
CISA updates SolarWinds guidance
"The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack.
In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year."
CISA updates SolarWinds guidance, tells US govt agencies to update right away
24 votes -
The 773 Million Record "Collection #1" Data Breach
24 votes -
"Disable SMT/Hyperthreading in all Intel BIOSes"
23 votes -
How do you use your YubiKeys?
I'm a little late on this, admittedly. $dayjob is requiring us all to set up a pair of YubiKeys, and I'm using them for the first time and my mind is a little blown. I was seeing articles about...
I'm a little late on this, admittedly. $dayjob is requiring us all to set up a pair of YubiKeys, and I'm using them for the first time and my mind is a little blown.
I was seeing articles about "passkeys" all summer, not really grokking what they were talking about, clinging to my usernames and passwords and 2FA codes coming out of 1Password, etc.
I just set it up on a few accounts today, initially as an additional 2FA source, but when I set them on GitHub, I saw for the first time how exactly they are used instead of the username and password and 2FA combo to log in, and it seems incredible to me!
For long-time YubiKey users: what are some cool things in the ecosystem that you would recommend looking at?
21 votes -
Kaspersky Password Manager had multiple problems in its password-generator, resulting in its passwords being predictable and easily brute-forced
21 votes -
How police are “breaking phone encryption”
21 votes -
Dangerous Domain Corp.com Goes Up for Sale
21 votes -
The Effectiveness of Publicly Shaming Bad Security
21 votes -
What Is A Secure Note-Taking App?
I've been using Google's Keep Notes for all my note-taking, but I would like to shift away from that and use an app that is more secure. I've heard of Notion and Evernote but I'm not sure about...
I've been using Google's Keep Notes for all my note-taking, but I would like to shift away from that and use an app that is more secure. I've heard of Notion and Evernote but I'm not sure about their level of security/encryption. Any suggestions?
20 votes -
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046)
20 votes -
Slack Security Incident for Keybase CEO
20 votes -
Zenbleed - Zen 2 hardware vulnerability
19 votes -
Cloudflare introduces Cryptographic Attestation of Personhood, an experiment intended to replace CAPTCHAs
19 votes -
Recognizing basic security flaws in local password managers
19 votes -
Remote Code Execution in apt/apt-get
19 votes -
How I gained commit access to Homebrew in 30 minutes
19 votes -
Don’t set up wildcard DNS records for GitHub Pages
18 votes -
Critical vulnerability in Rust's Command library allows for command injection when using its API to invoke batch scripts with arguments on Windows systems (CVE-2024-24576)
18 votes -
Remote code execution vulnerability in the cdnjs Javascript CDN run by Cloudflare, which could have enabled tampering with over 10% of all websites
18 votes -
Bitsquatting windows.com with fourteen domains that are one bitflip away
18 votes -
WPA3 is here. What does everyone think?
18 votes -
When provided with CVE descriptions of 15 different vulnerabilities and a set of tools useful for exploitation, GPT-4 was capable of autonomously exploiting 13 of which, yielding an 87% success rate
17 votes -
How the Nintendo Switch prevents downgrades by irreparably blowing its own fuses
17 votes -
I’m harvesting credit card numbers and passwords from your site. Here’s how.
17 votes -
Google and Certbot: Let's Encrypt not renewing certs for sites Google flags
17 votes -
The trouble with decommissioning a used FIDO security key
16 votes -
The story behind last week's Let's Encrypt downtime
16 votes