There's been some debate, but I think we're confirmed now: No org should ever pay any ransom ever again.

https://www.ctvnews.ca/toronto/article/student-info-stolen-in-powerschool-data-breach-not-deleted-despite-ransom-being-paid-tdsb/

https://slate.com/technology/2025/02/wikipedia-project-2025-heritage-foundation-doxing-editors-antisemitism.html

#Wikipedia #HeritageFoundation

Archivists Work to Identify and Save the Thousands of Datasets Disappearing From Data.gov
https://www.404media.co/archivists-work-to-identify-and-save-the-thousands-of-datasets-disappearing-from-data-gov/?utm_source=flipboard&utm_medium=activitypub

Posted into 404 Media @404-media-404media

The entire tech industry right now

Lots of talk about TikTok (Tik-Talk?), but in an atmosphere where we're abandoning platforms like X and Meta to decentralized ones, it's worth remembering that platforms don't create content, or much value, it's the users that do.

Proud to have played a role in this. VC-backed social media is not the answer. At Mastodon, we view this move as the best way to guarantee that the social web remains open and free from ads, data exploitation, manipulative algorithms or corporate monopolies.

https://www.theverge.com/2025/1/13/24342603/mastodon-non-profit-ownership-ceo-eugen-rochko

#Mastodon #Fediverse

As a technical writer who works in an IT generalist role where I'm close to both infosec and user support (and who also has non-IT friends at large institutions) we need to talk about the terrible infosec training that's going on right now.

Regular infosec training is part of the gold standard for protecting your org against external threats. But your users don't need to be bombarded with terminology that's not relevant to them like "hog slaughtering" or the now-infinite variants of "phishing". (this all just con artist grifting anyway)

Rather, you need to put yourselves in the shoes of your users and give them the minimal SKILLS they need, day-to-day, in order to protect your org in their roles. Don't try to turn them into cybersecurity pros – this effort will fail.

The endless terminology quizzing comes across as punishment – and when infosec training is seem as punishment, its avoided and ignored as punishment. Again – exactly the opposite of what we want.

Your users don't need to know how to talk the talk. Teach them how to walk the walk. Teach them to be the right amount of shrewd and mistrustful. Teach skills not terms. Teach them to reach out to support – and accept that answering 100 "stupid" helpdesk questions are a small price to pay to avoid even one breach.

A hill I’ll die on every time: NAT is a security feature. It wasn’t intended as one, it shouldn’t be used as one, but it IS one. If I go into my router and disable the firewall, then do the same on every device I own, not a single extra device on my network becomes publicly exposed. That is security. It makes it hard for users with poor cybersecurity awareness to accidentally expose devices to the entire internet. If we disabled uPNP by default, we’d see a huge drop in automated exploitation.

"This concept is, unfortunately, something that governments seem incapable of understanding: compromising information security will always be a double-edged sword. Engineering vulnerabilities into technology so that you can spy on your citizens or allies will always mean that your citizens and allies might in turn be spied upon by enemies."

Somehow the #SaltTyphoon hack managed to pass me by until now. Nonetheless it seems worth my while to again chime in that I was frantically ringing the alarm bell on this issue years ago to no avail.

This is an issue for companies and orgs. For nations, its an issue of fundamental sovreignty. #security #infosec #SupplyChainAttack

https://www.geekman.ca/sovereignty-technology

You are not safe.

Borrowed, but I'm sharing it:

"fwiw my therapist was straight-up like “pull every single legit coping lever you have right now and don’t feel guilty about it, distraction is key,” maybe you also needed to hear this."

Yes. We are official!
This instance is run by the Society of Open Social Servers of British Columbia!

Go to https://socialbc.org to see our Constitution and Bylaws.

Basically, we are here to provide or support open, federated #opensocialweb spaces to people in BC!

If this is something you would like to help build, please get in touch! Directors, helpers, anything you think might help is appreciated!

Email: help @ socialbc.org

#Fediverse #Mastodon #BC #Canada #BCPoli #NewInstance

@cR0w “Zero is a kind of number!”

Apparently it doesn't go without saying, so here it is:

"v=DMARC1; p=none;" is not a valid DMARC record. 🙄

#email #dmarc

Honestly, if you’re in the US, please vote. Don’t let a fascist take control. Don’t think that it can’t possibly happen there. This might be your last chance to vote. Don’t waste it. Sitting it out won’t help your cause but it will definitely endanger a lot of lives. That’s my take on it.

#VoteEarlyDay #FederateTheVote

I thought I understood the extent to which the broad availability of mobile location data has exacerbated countless privacy and security challenges. That is, until I was invited along with four other publications to be a virtual observer in a 2-week test run of Babel Street, a service that lets users draw a digital polygon around nearly any location on a map of the world, and view a time-lapse history of the mobile devices seen coming in and out of the area.

The issue isn't that there's some dodgy company offering this as a poorly-vetted service: It's that *anyone* willing to spend a little money can now build this capability themselves.

I'll be updating this story with links to reporting from other publications also invited, including 404 Media, Haaretz, NOTUS, and The New York Times. All of these stories will make clear that mobile location data is set to massively complicate several hot-button issues, from the tracking of suspected illegal immigrants or women seeking abortions, to harassing public servants who are already in the crosshairs over baseless conspiracy theories and increasingly hostile political rhetoric against government employees.

https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

Inside the U.S. Government-Bought Tool That Can Track Phones at Abortion Clinics
https://www.404media.co/inside-the-u-s-government-bought-tool-that-can-track-phones-at-abortion-clinics/?utm_source=flipboard&utm_medium=activitypub

Posted into 404 Media @404-media-404media

This is your reminder...

There is no algorithm that brings posts to your timeline. The only posts you will see under your Home tab will be either people that you follow, or the boosts from people that you follow.

BOOSTING IS THE LIFE BLOOD OF MASTODON.

If you read something that is interesting, funny, thought provoking, news worthy, or beautiful, then BOOST IT.

Hitting "Favorite" lets the poster know that you liked it BUT IT DOESN'T LET ANYONE ELSE KNOW.

Keep Mastodon alive. BOOST.

Good morning folks – Today is the day to delete your data (and your elderly relatives' data) from 23andMe.

https://www.cbsnews.com/news/23andme-how-to-delete-my-data/