social.lfx.dev is one of the many independent Mastodon servers you can use to participate in the fediverse.
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data.

Administered by:

Server stats:

6
active users

#security

7 posts7 participants0 posts today

Redmond business leaders line up to say what’s new in #Windows #security.

#Microsoft vice presidents David “dwizzzle” Weston (pictured) and Pavan Davuluri (errm, not) are among the anointed ones making noise this week. They’re telling all—about preventing a repeat of July’s #CrowdStrike débâcle.

#MicrosoftIgnite 2024 is their nexus of (ahem) “learnings.” In #SBBlogwatch, we hunker down in the windy city. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/11/

Security Boulevard · Microsoft Veeps Ignite Fire Under CrowdStrikeBSODs begone! Redmond business leaders line up to say what’s new in Windows security.

Running the final Privacy Fundamentals class for the year, tomorrow.

Who is this for?
This class is designed for you, the non-techie, also for activists, advocates, privacy enthusiasts, OSINT beginners concerned about their digital footprint. A good refresh for seasoned professionals too.

What's included:
- Understanding & evaluating digital risk
- Account security
- Device security & safety
- Safer online searches
- Secure Communications
- Online abuse & protecting your data
Class will be recorded.

lockdownyourlife.as.me/privacy

lockdownyourlife.as.meLock Down Your LifeSchedule your appointment online Lock Down Your Life

Are we PEP 740 yet? now has a new category, colored in magenta, for top projects that come from source repos that PyPI doesn't support for attestations (yet!)

This will hopefully ameliorate some of the social pressure/confusion that people have (very reasonably!) expressed around the previous render: if a project is colored in magenta, that means PyPI doesn't support attestations (yet) from that host and thus the project can't reasonably be asked to support them itself.

And note: if you're a supply chain person who nags *any* project to enable attestations just because you want a little green checkbox on your VC-funded CRUD dashboard, I *will* find you and shame you.

trailofbits.github.io/are-we-p

Let's Encrypt is 10 years old today!
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Huge thanks to everyone involved in making HTTPS available to everyone for free

letsencrypt.org/

letsencrypt.orgLet's EncryptLet's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Read all about our nonprofit work this year in our 2023 Annual Report.

Oha, das ist provokativ: Dieser Blogartikel sagt:

- Nutzt kein #PGP / #GPG
- Nutzt kein #XMPP + OMEMO
- Nutzt kein #Matrix (im Sinne: verlasst euch nicht auf die Verschlüsselung)
- E-Mails verschlüsseln ist sinnlos

Ich kenne den Autor nicht und würde ihn nicht erwähnen, würde der Artikel nicht in ernstzunehmenden ITSec-Newslettern zitiert

soatok.blog/2024/11/15/what-to

Meinungen? #itsec #security

What To Use Instead of PGP
Dhole Moments · What To Use Instead of PGP - Dhole Moments
More from Soatok

Please spread this as much as possible themarkup.org/the-breakdown/20 - I'd actually go even further and suggest to stop using ANY services located in USA (such as GMail, Facebook, Instagram etc.).

Overall, the fact that we even speak about this in 2024 shows the state of United States. I'm not talking about the content here, but the fact that in USA women need significant level of secrecy as if they're whistleblowers

themarkup.orgHow Do I Protect My Privacy If I’m Seeking an Abortion? – The MarkupA guide to keeping your plans private through every step of an abortion in any state, including Florida and South Dakota

i'm really excited to share the work my team at @trailofbits has been doing for the last year: Sigstore-based attestations are now live and generally available on PyPI!

if you're already using Trusted Publishing with the canonical pypi-publish action, you don't need to change anything: the action will generate and upload an attestation on your behalf.

we've written a blog post on some of the technical details behind PyPI's attestation features, including Sigstore and PEP 740, here: blog.trailofbits.com/2024/11/1

📢 hot off #KubeCon: cert-manager has been approved for CNCF graduation! 🎉
86% of new #kubernetes production clusters are deployed with cert-manager as standard practice!
Congrats to Jetstack (now Venafi, CyberArk) and all the maintainers and contributors 👏

Read the Cloud Native Computing Foundation ( #cncf ) announcement for more details:
cncf.io/announcements/2024/11/

I've seen a number of toots today advising people against scanning random #QRCodes because they can be used in a number of malicious ways.

There are a number of legitimate ways people can use such codes to trick others, and it can require some deeper understanding of how systems work to avoid them. For that reason, I'm not going to contradict that recommendation, but I will add to it.

QR codes are usually just URLs encoded in a visual, machine-readable form, so they aren't necessarily more dangerous than a link. The danger comes from the fact that most scanner apps will directly open whatever URL you scan without giving you the opportunity to consider whether that's a good idea.

You can reduce the risk of scanning such codes by installing a better app which requires manual interaction to open URLs after decoding them.

For android users I recommend "BinaryEye", since it's open-source, ad-free, and has a bunch of other useful features.

Its github page links to both F-Droid and the play store:

github.com/markusfisch/BinaryE

Yet another barcode scanner for Android. Contribute to markusfisch/BinaryEye development by creating an account on GitHub.
GitHubGitHub - markusfisch/BinaryEye: Yet another barcode scanner for AndroidYet another barcode scanner for Android. Contribute to markusfisch/BinaryEye development by creating an account on GitHub.

I noticed a pattern of replacing HDMI cables with USB-C ones to connect to monitors and projectors in shared/public places like offices, meeting rooms, co-working spaces, and such.

Beyond the obvious convenience of USB-C (finally, one plug/socket to rule them all!), I wonder how safe this is from a security perspective.

I just get as far as using a "stranger's HDMI plug", but USB-C? No way.

Please prove me wrong.