-
6 votes
-
Marcus “MalwareTech” Hutchins pleads guilty to writing, selling banking malware
6 votes -
Facebook has updated their blog post about storing unencrypted passwords - they found more log files, and there are now millions of Instagram users impacted, not thousands as stated originally
28 votes -
Compromised credentials for a Microsoft support agent enabled outside access to non-enterprise Hotmail, Outlook, and MSN emails for months
9 votes -
VPN - A Very Precarious Narrative
9 votes -
How to get developers to do things your way
5 votes -
[SOLVED] I might switch my PC media player from VLC to something else due to potential data leaks. What other media player should I choose if I do so?
edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the...
edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the actual problem i had with Spyhunter, not VLC.
Spyhunter 5 has been bothering me about potential data leaks from vlc media player. The vulnerability is generally based on publicly available information.
It would be a shame if i have to switch, been using vlc for as long as i remember. It is probably the best media player out there, but i hate sharing my personal data in any way or form.Spyhunter msg:
- Severity: Medium, VLC media player (Version 3.0.4)
- The CAF demuxer in modules/demux/cad.c in VideoLan media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in Caf files, because a ReadKukiChunk() cast converts a return value to an unsigned int, even if that value is negative. This could result in a denial of service and/or potential infoleak.
Is this even anything to care about? I have updated VLC including removing cashe and still get the alert. Is a rollback another option perhaps?
5 votes - Severity: Medium, VLC media player (Version 3.0.4)
-
Security alert: pipdig [popular WordPress theme provider] insecure, DDoSing competitors
6 votes -
Facebook stored hundreds of millions of user passwords in plain text for years
27 votes -
What would be a good security setup for me?
So: I keep all my passwords in my password manager (Bitwarden) All my 2FA codes are generated by AndOTP on my phone. My 2FA backup codes are also in Bitwarden, which I think is a bad idea, because...
So:
- I keep all my passwords in my password manager (Bitwarden)
- All my 2FA codes are generated by AndOTP on my phone.
- My 2FA backup codes are also in Bitwarden, which I think is a bad idea, because that defeats the purpose of 2FA. So where should I put those?
- I have my Bitwarden 2FA backup code in my wallet and in a safe at my house. Is that a good idea for the other backup codes?
- Is there anything I'm forgetting here?
8 votes -
How secure and private is Firefox?
I was browsing r/privacy today and I came across this guy going on about how Mozilla was just pretending to be privacy focused. Here's his comment. Now I don't really know what to think of this,...
I was browsing r/privacy today and I came across this guy going on about how Mozilla was just pretending to be privacy focused. Here's his comment. Now I don't really know what to think of this, and frankly, I'm getting really exhausted of hearing about how all the things I'm using aren't actually trustworthy. So can so someone put my mind to rest? Does this guy's claims have any truth to them? Thanks.
20 votes -
Hated and hunted - The perilous life of the computer virus cracker making powerful enemies online
9 votes -
Five cybersecurity mistakes companies keep making
4 votes -
The Morris worm at thirty
4 votes -
Triton is the world’s most murderous malware, and it’s spreading
16 votes -
The prototype iPhones that hackers use to research Apple’s most sensitive code
7 votes -
Why 'ji32k7au4a83' is a remarkably common password
57 votes -
Chrome update on March 1 fixed a serious zero-day RCE vulnerability that was being actively exploited
10 votes -
All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix
23 votes -
EFF announces "Fix It Already" campaign to demand fixes for specific issues from nine major tech companies and platforms
42 votes -
Android is helping kill passwords on billions of devices
11 votes -
The microphones that may be hidden in your home
23 votes -
FastMail loses customers, faces calls to move over anti-encryption laws
15 votes -
Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information
10 votes -
What are the essential dos and don'ts of digital security for the average person?
Thanks to all of you who gave me guidance in the thread about password managers. It got me thinking I should expand the question to overall best practices regarding security, just in case I have...
Thanks to all of you who gave me guidance in the thread about password managers. It got me thinking I should expand the question to overall best practices regarding security, just in case I have any other important blind spots.
What are the essential do's and don'ts of digital security for the average person?
35 votes -
Is a password manager essential?
I feel like it's impossible to remember passwords that are long, random, and unique for every service. I have too many accounts. On the other hand, I don't like the idea of giving up control of my...
I feel like it's impossible to remember passwords that are long, random, and unique for every service. I have too many accounts.
On the other hand, I don't like the idea of giving up control of my passwords to a password manager and using the ones it generates and stores. It feels weird that I wouldn't "know" my passwords.
Is this a hangup I should just get past? What do I do if I need to login somewhere but cannot access my password manager?
30 votes -
Managing my passwords with KeePassXC and friends
13 votes -
Facebook charged with misleading users on health data visibility
8 votes -
A deep dive on the recent widespread DNS hijacking attacks
8 votes -
Future of personal security and privacy, upcoming trends.
A few years ago I got into improving my knowledgebase of personal security - theory and tools - but it didn't go much farther than reinforcing everything with 2FA and setting up a password...
A few years ago I got into improving my knowledgebase of personal security - theory and tools - but it didn't go much farther than reinforcing everything with 2FA and setting up a password manager, plus setting up a VPN and full disk encryption.
It seems like we're amidst a rising tide of data breaches due to, IMHO, laziness and cheapness on the part of many companies storing personal data.
So, recently I've embarked on my second journey to improve my own security via habits and software and teaching myself. Privacytools has been a super helpful resource. My main lesson this time is to take ownership/responsibility for my own data. To that end, I have switched to KeyPass with yubikey 2FA (still trying to figure out how to get 2FA with yubi on my android without NFC), moved over to Joplin for my note taking (away from Google and Evernote) and also switched to NextCloud for all of my data storage and synchronization. I'm also de-Googling myself, current due-date is end of March when Inbox is shut down.
So my question / discussion topic here, is, what are everyone's thoughts on the future of practical personal security and privacy? More decentralization and self-hosting? That's what it looks like to me. Blockchain tech would be cool for public objects like news articles, images etc. but from what I understand that has zero implication for anything personal. The other newish tech is PGP signatures, which I'm still having trouble implementing/finding use for, but surely that will change.
There is this topic but that ended up just being about encryption which I think is a no-brainer at this point. I'm more so looking for the leading edge trends.
17 votes -
There's no good reason to trust blockchain technology
10 votes -
Russia to disconnect from the internet as part of a planned cyberwar test
33 votes -
Vulnerability in Android allows remote code execution by viewing a malicious PNG image
16 votes -
How all-knowing smartphones could become the Pentagon’s employee access cards
9 votes -
A profile of Alex Stamos, former security chief at Yahoo and Facebook who was at ground zero of major cyberattacks and Russian election interference
6 votes -
Securing and improving privacy on macOS
13 votes -
The Google Chrome team is developing tools, heuristics and warnings to help protect against deceptive URLs
11 votes -
What I learned from the hacker who spied on me
7 votes -
Is Huawei a friend or foe in the battle for 5G dominance?
4 votes -
New Japanese law lets government hack IOT devices and warn owners they're vulnerable
8 votes -
How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)
16 votes -
Bomb threat, sextortion spammers abused weakness at GoDaddy.com
7 votes -
SELinux's approach (restrict everything unless explicitly permitted) is the opposite of Linux's (permit everything unless explicitly forbidden). That makes setup different,
4 votes -
Where should I put the 2FA recovery code for my password manager?
So I have all my passwords, TOTP backup codes, and account recovery codes in my password manager (Bitwarden.) In turn, Bitwarden is secured with a master password and TOTP 2FA. I have a recovery...
So I have all my passwords, TOTP backup codes, and account recovery codes in my password manager (Bitwarden.) In turn, Bitwarden is secured with a master password and TOTP 2FA. I have a recovery code for the 2FA in the event that I can't get to andOTP anymore (2FA app.) The thing is, where do I put that code? I can't put it in a note app or anything, because if I'm locked out of Bitwarden, I don't have my passwords. Do you see my problem? I was thinking about physically writing it down, but that makes me nervous because I might lose it. Are there any good solutions to this problem?
9 votes -
VOIPO.com data leak
7 votes -
These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown
8 votes -
For owners of Amazon’s Ring security cameras, strangers may have been watching too
10 votes -
USB-IF Launches USB Type-C™ Authentication Program
8 votes -
The State of Open Source Security Survey is open
6 votes -
At Blind, a security lapse revealed private complaints from Silicon Valley employees
13 votes