🙄🥸🙈
Google Maps will rename Gulf of Mexico as Gulf of America in US | Google Maps | The Guardian
https://www.theguardian.com/technology/2025/jan/28/google-maps-will-rename-gulf-of-mexico-as-gulf-of-america-in-us
Tech firm to make change in line with Trump’s executive order, using both names in world outside US and Mexico
=> More informations about this toot | View the thread
I'll need to look more into the missing authentication/authorization issue, as this may require de-trusting D-Trust certificates for multiple use cases, including eIDAS personal digital signatures and the various QWACs (https://www.entrust.com/de/tls-certificate-information-center/d-trust-qwac-eidas-faqs). That is particularly ironic considering the extremely strict BSI Interpretation of some of the eIDAS text parts for use within Germany.
Nach Sicherheitslücke bei D-Trust: CCC spricht von "Cyber-Augenwischerei"
https://www.heise.de/news/Nach-Sicherheitsluecke-bei-D-Trust-CCC-spricht-von-Cyber-Augenwischerei-10256537.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag
Der Chaos Computer Club fordert vom Vertrauensdiensteanbieter D-Trust Verantwortung zu tragen und die Abschaffung des Hackerparagraphen.
=> More informations about this toot | View the thread
Remember that #Facebook's new name #Meta doesn't really refer to the doomed-from-the-start #Metaverse whim, but its much more important reliance on #metadata as the core business model.
[#]Instagram, #WhatsApp, and the other "products" are primarily metadata collectors. Who communicates with whom, when, how often, how much, through which types of data; which groups are they members of, how do they interact with them; which posts/articles/products do they read, like, or buy? This metadata is sufficiently detailed that the actual content of "what" somebody sent is no longer important - and therefore it doesn't hurt the business model to provide end-to-end encryption in WhatsApp and (more hesitantly) Facebook Messenger. Or, as Gen. Michael Hayden (ex-NSA) infamously once admitted "We kill people based on metadata" (https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata). And #Meta's metadata collection is much more detailed than the mere phone call/message and email and IP packet records the NSA/CIA/etc. use(d).
That metadata is the basis for targeted advertisement and manipulation of individual and public opinion. That's where the money and the power is, not some silly 3D avatars. So the company name #Meta is, actually, interestingly descriptive and honest about the exploitative business model.
Protect yourselves. Use @torproject, @signalapp, @Mastodon, @pixelfed, and other federated services instead of feeding more into the metadata collection.
=> More informations about this toot | View the thread
Hypothesis: Economy is less of a scientific discipline and more of a religion.
Initial indication: It only works if enough people believe in made-up values.
Challenge: Disprove the hypothesis, using the scientific method (and not pseudo-religious dogma and circular reasoning).
=> More informations about this toot | View the thread
So much what @briankrebs says: misinformation is partially a factor worsened by in-your-face against-the-readers-interest UI badness in many of the "mainstream" news sites. If you treat your readers simply as sources of income to squeeze with every trick in the toolkit, then don't be surprised if they stop reading you!
I use an ad-blocker (uBlock Origin, mostly) by default (and other helpers like Consent-o-Matic) simply to make the current web usable. And that's not even talking about the security and privacy benefits.
Btw, without such helpers, on average it's slightly less bad on EU sites compared to US ones. Regulation has an effect.
https://infosec.exchange/@briankrebs/113526930319399955
=> More informations about this toot | View the thread
This is good news for both #KDE and #Fedora.
For various reasons, I have always gone back to KDE after trying Gnome in different iterations. It's not for everybody, and I like/need the configurability of KDE. Linux distributions have diversity as a strength, and letting users choose the desktop without making other sacrifices is a plus.
(I'm still in the Debian/Ubuntu land for my main driver desktops, but Fedora Kinoite might well be my next one.)
via @LWN
https://fosstodon.org/@LWN/113487499871092332
=> More informations about this toot | View the thread
Happy to report public availability of a new paper "A Data-Driven Evaluation of the Current Security State of Android Devices" at the IEEE CNS 2024: https://www.android-device-security.org/publications/2024-leierzopf-cns/Leierzopf_2024_IEEECNS2024_AndroidDeviceSecurityState.pdf
It describes our security scoring algorithm for Android devices using specific threat models.
The application is available at https://www.android-device-security.org/database and the collected data partially consists of crowdsource contributions.
Please see https://www.android-device-security.org/app/, if you want to contribute non-personal data of your device.
=> More informations about this toot | View the thread
It seems we have some excellent news! The SDK now seems to be licensed under GPL 3.0, making the @bitwarden client fully open source again: https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977 (https://github.com/bitwarden/sdk-internal/commit/db648d7ea85878e9cce03283694d01d878481f6b). If this change stabilizes into the next release, I can remove the warning in my blog post again.
H/T Philipp Hofer, thanks for noticing and sending me the links!
@keepassxc @fdroidorg
=> More informations about this toot | View the thread
Given the "SDK" license situation for latest versions of @bitwarden clients, I am currently no longer recommending it compared to @keepassxc in my blog post at https://www.mayrhofer.eu.org/post/password-manager/ until there is again clear commitment to the clients being fully open source (being included in the main @fdroidorg repositories would, e.g., be a good indication).
[#]keepass #keepassxc #bitwarden #passwords #passwordmanager #opensource
=> More informations about this toot | View the thread
Yesterday, I was honored to give my lecture in the ring lecture series "Sustainability in Computer Science" held by all Austrian universities. While the numbers are rough estimates, I tried to compare the energy consumption impact of different IT services among each other. Thanks to the organizers, the recorded talk is already online at https://www.youtube.com/watch?v=iLp5DHOKVkk
More details on the lecture series can be found at https://informatics.tuwien.ac.at/news/2734
=> More informations about this toot | View the thread
Thanks to @LinuxSecSummit, our talk recording is now online at https://youtu.be/hP7S8o9KqU8. Please note that the author list seems to swapped in the title slide, as @mlins is the main author of our paper.
=> More informations about this toot | View the thread
I propose to add a single, simple condition to further negotiations on the latest #Chatcontrol proposal brought forward (again) by the Hungarian presidency:
If they all believe that it is sufficiently safe for their use, then, and only then, can we debate forcing it onto the general population.
H/T @bert_hubert https://fosstodon.org/@bert_hubert/113236969119597686 for finding this particular bit in the text.
CC @epicenter_works @bpreneel @xot @1br0wn @matthew_d_green @Mer__edith @ilumium
=> More informations about this toot | View the thread
TIL about "disposable" products using LiIon batteries en masse...
via @stib
https://aus.social/@stib/113118914944719914
=> More informations about this toot | View the thread
Rust certainly isn't perfect for everything, but for low-level code, including firmware, I am not aware of any better languages at this time. You get all the control you need, and the biggest class of bugs and vulnerabilities is prevented at compile time.
Rewriting complex code bases from scratch is not a good idea for stability, and therefore the piece by piece conversation really seems like the best way forward if you have a lot of C/C++ legacy code (and no, there is no practical solution to make that code safer without changing to a memory safe language in the process, whichever one it may be).
This post by @lozano gives excellent practical advice on how to do that.
https://infosec.exchange/@lozano/113080200541762841
=> More informations about this toot | View the thread
CC @echo_pbreyer @evacide @Mer__edith because I mentioned some (hopefully balanced) apsects about @signalapp in particular.
=> More informations about this toot | View the thread
I did a talk at #hackmas on "Secure Messaging (and attacks against it)" and the great organization team has already put the video recording online at
https://media.ccc.de/v/26cd6d27-247f-5cf3-8adb-54c87bc372b2. Many thanks to the audience for so many insightful questions and discussions - it is rare that the audience is so engaged and aware of nuance! Slides are available at https://www.mayrhofer.eu.org/talk/secure-messaging-and-attacks-against-it/
Abstract: Secure messaging apps are one of the most-used app categories on current mobile devices, and a significant subset of human communication is handled through them. This makes them an interesting target for forensics, surveillance, and general information collection for intelligence services and police institutions. In this talk, we will discuss various options for such surveillance and their respective difficulties, pointing out which options do not seem realistic given all the practical considerations.
TL;DR: There is no good option for surveiling E2EE messenger apps; all of them are broken or practically unrealistic in various ways. I don't see an option to do that without real, significant problems that make all of us less safe. Please stop claiming that it is possible without these nasty issues.
[#]ChatControl #E2EE #SecureMessaging #Signal #ClientSideScanning #Staatstrojaner
=> More informations about this toot | View the thread
=> This profile with reblog | Go to rene_mobile@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini
