Not a cold. Definitely allergies.

I didn't expect "using a Torrenting client to seed US government scientific datasets because the policy settings are erasing years of research" on my 2025 bingo card but here we are.

You wouldn't download America's scientific research output would you?

#SafeGuardingResearch

EDIT: Several people have contacted me for the link.

https://sciop.net/datasets/

(Better link)

and follow @SafeguardingResearch

The Matrix = the black box data hungry algorithm.

#cats #gifs

AvoidtheHack updates MFA/2FA recommendations

Added @ente authenticator

Added 2FAS

Given the recent acquisition of Raivo OTP by Mobime, added a note.

#mfa #2fa #authenticator #cybersecurity #security #privacy #fido2 #avoidthehack

https://avoidthehack.com/best-mfa-2fa

Wow! Lots of new followers (thanks for including me in your home feeds!), not sure if you guys are migrating recently from Twi- err, I mean X, but here are some tips if you are new (and for if you’re not)…

#security related tips:

- Make sure to use a strong #password for your Mastodon account (don’t reuse passwords from other social media accounts or any other password)

- Use multi factor authentication #mfa to add an additional layer of security to your account. #Mastodon in particular supports #TOTP and physical security keys.

- Be aware DMs on Mastodon are not encrypted - admins for instances can see and read them. Don’t transmit sensitive info over DMs!

#privacy related tips:

- you can make toots private or public globally and for each toot.

- you can fill out your public profile with as much or as little information as you like!

- you can manually control your followers in the public profile page.

- you can also hide who you follow and who follows you from the public profile page.

- again, remember DMs are not encrypted so don’t transmit sensitive info using the DM feature.

#fediverse #mastodontips

#Mastodon has indeed experienced growth in the past few months due to the missteps of #Twitter and the upcoming rebranding exercise is no different. Mastodon is seeing active user growth to 2.1M users.

One needs to keep in mind that Mastodon is not the only microblogging server available on #fediverse, alternatives such as #Akkoma & #Firefish are also gaining popularity & not reported in those numbers.

https://techcrunch.com/2023/07/24/as-twitter-destroys-its-brand-by-renaming-itself-x-mastodon-usage-numbers-are-again-soaring/

Hi infosec.exchange, (and hi again #mastodon + the rest of the #fediverse )

I have successfully infiltrated your server and will load subsequent toots here for the foreseeable future.

(( DETECTED: #introduction ))

I am the same Avoid The Hack from #birdsite and run the website https://avoidthehack.com

Most of this feed is related to #cybersecurity and #privacy - generally for the individuals, families, and the super small organizations out there. I often focus on the intersection between the two.

Sometimes I post advice. Sometimes I share tools. Sometimes I share articles I have written. Sometimes I share articles featuring Avoid the Hack. Sometimes there is humor and memes.

Stay safe out there.

#security #privacymatters #infosec #opsec

Critical TootRoot bug lets attackers hijack #Mastodon servers

> bad actor sends malicious toot
> instances process malicious toot
> spawns webshell
> bad actor uses webshell to assume control over the server

There is a #security patch for this - all Mastodon server admins should update if they haven't already.

#cybersecurity #infosec

https://www.bleepingcomputer.com/news/security/critical-tootroot-bug-lets-attackers-hijack-mastodon-servers/

“How do I improve my personal online #security?”

Three easy steps:

- Use a password manager (lengthy, complex, unique #passwords)
- Use multi factor authentication #MFA (ideally TOTP/authenticator app or FIDO2/hardware keys)
- Keep your #software / firmware updated.

#cybersecurity #cyber #opsec

https://avoidthehack.com/getting-started-cybersecurity

I really, deeply wish everyone would make some collective effort to unlearn the passive argumentative nature we all learned from Twitter.

Everyone always treated posts like invitations to debate or argue every point.

We deserve better than this. We don’t have to do that.

Hearing more and more about marketers using GPT-type "a.i." for SEO and marketing copy, and every time i talk to these people, none of them seem to understand/care that they're in an algorithmically-defined self fulfilling confirmation bias feedback loop.

And i mean, marketing's ALWAYS had something like this problem, but the uncritical gpt/"a.i."/"ML" feedback processes are going to make it a goddamn flat plastic nightmare.

I sweatr, the way some people are willing to cede their preferential and decisional criteria to something that crystalizes and amplifies THE WORST processes of human cognition just TERRIFIES me some days.

Dozens of popular Minecraft mods found infected with Fracturiser #malware

Drops in stages, stealing credentials from browsers and apps (like Discord) and other sensitive information.

#Gamers beware.

#gaming #cybersecurity #infosec #security

https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/

HiveMind: Is there any work on the notion of "algorithmic anger" or something similar?

I define AA (yes, pun intended) as the anger we feel when the algorithmic mediations in our lives (e.g., social media) screw us over (e.g., shadowban, deboost, etc.).

It's revealing how much frustration a broken algorithm can create. It's a testament to how much our lives are governed by black boxed, arbitrary, and broken algorithmic systems.

#academia #academicchatter #socialcomputing #research

Worth a follow! @avoidthehack

„Avoidthehack! understands (and strongly believes) that privacy is a fundamental human right; privacy should be respected both online and in the "real world."

Because of this belief, avoidthehack aims to have an impact on the current internet privacy crisis by enabling the "regular" user to preserve and retain their online privacy by highlighting actionable privacy and security practices.“

https://avoidthehack.com/about
#privacy

Avoid the Hack: 6 Best Secure Messaging Alternatives to WhatsApp

Updated the secure messenger/#whatsapp alternatives.

Added @simplex

Added @briar

Introduced addition to criteria: #security audit of protocols.

What's the messaging app you use?

#opsec #privacy #privacymatters #encryption

https://avoidthehack.com/best-secure-messengers

Make sure to tell your family/friends to use strong and unique passwords, MFA, and to keep their devices updated.

No need to explain threat modeling... yet!

A strong foundation is a solid one.

#cybersecurity #security #infosec #informationsecurity

https://avoidthehack.com/getting-started-cybersecurity

Happy #worldpasswordday !

In the spirit of this day, I hope you use a #password manager. And continue to use after this day ends.

Password managers greatly improve user's password habits as they generate and securely store passwords for you.

#cybersecurity #security #infosec #informationsecurity

https://avoidthehack.com/use-password-manager

20+ Cybersecurity Experts Share The Best Tools For Online #Privacy & #Security

Momma, I made it! They called me an expert?

*cue imposter syndrome*

(I'm featured somewhere in this article.)

#cybersecurity #infosec #informationsecurity

https://www.websiterating.com/online-security/online-privacy-security-experts-roundup/

Avoid the Hack: 4 Ways to Store #Backup Codes, #Keys, and Seed phrases

Backup codes, keys, and seed phrases are important if you lose access to multifactor authentication (MFA) methods or are otherwise completely locked out of your accounts.

4 methods for storing backup codes and seed phrases are outlined in this post. Which one will you use? Do you have a method not explained in the post?

#cybersecurity #security #privacy #privacymatters #infosec #mfa #2fa

https://avoidthehack.com/store-backup-codes