»Here's the source code for the unofficial @signalapp app used by Trump officials«
– from @micahflee
My goodness is this dilantic or a deliberate security weakening? In the code you do never write a fixed security code and even in the .env it is avoided. However, this is still implemented a lot of "professionals".
😬 https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
#signal #trump #unofficial #app #itsec #dotenv #itsecurity #codesecurity #stupid
@koehntopp @cryptrz what did you expect?
#ITsec??
Mike Waltz - The gift that keeps on giving
Bei der Techniker Kasse hat man es anscheinend nicht verstanden:
"Bei Sicherheitsbedenken wägt der TK-Chef ab: Zwar gebe es keine absolute Sicherheit, aber auch analoge Daten seien nicht sicher. In eine Praxis einzubrechen und dort Aktenordner zu klauen sei einfach."
Bei der ePA kann man im Erfolgsfall Millionen Datensätze abziehen. Das ignoriert der TK Chef komplett. Die Attraktivität für Angreifer ist ebenso wie der mögliche Schaden deutlich höher.
#EFF Leads Prominent #Security Experts in Urging Trump Administration to Leave #ChrisKrebs Alone
Political Retribution for Telling the Truth Weakens the Entire #Infosec Community and Threatens Our #Democracy; Letter Remains Open for Further Sign-Ons
https://www.eff.org/press/releases/eff-leads-prominent-security-experts-urging-trump-administration-leave-chris-krebs
#ITSecurity #ITSec #CISA
sqlmap
Automatic SQL injection and database takeover tool
#sql #map #db #sqlmap #sqldatabase #pgsql #database #mysql #opensource #injection #hacking #opensql #sqlite #postgresql #takeover #itsec #infection
Whoa, hearing ProtonMail got blocked in India... supposedly over deepfakes? 🤔 That's pretty wild stuff.
It really drives home how fast new tech can spawn problems we just don't have easy answers for yet, doesn't it? You know, end-to-end encryption is super important, absolutely vital even, but let's be real – it's not some magic wand that fixes everything.
So, it leaves us wrestling with the big question: How do we actually protect people from misuse like this without just jumping straight to heavy-handed censorship?
Putting on my pentester hat for a sec, I can't help but feel the providers themselves have a part to play here. Do they need to step up their game? Or is this whole situation just way more complicated than it looks on the surface?
Seriously curious to hear what you all think about this. Drop your thoughts below! 👇
#ProtonMail #Deepfakes #Censorship #ITSec #Pentesting #TechRegulation #Privacy
@krypt3ia I think @briankrebs and other #ITsec profressionals are cringing hard.
alright, a vulnerability for educational institutions using the contentkeeper software.
if you are using the on prem appliance, and you have it reconfigured to reroute to a uRL (EG blockage.example.com) it obviously has strings.
these strings can be manipulated in order to turn it around and say someone else did it. for example, if the person is John do and their email is jdoh@studentschool.org and they got caught and redirected to this url, this means that they can manipulate the URL to change the email to say, a staff member, and make it seam like someone else visited that website. weather this can be done in realtime, I am sure it can.
my recommendation is that you do not have it redirect t9o a URL and in stead, just have it stay on that same webpage they are trying to access while displaing it there. alternatively, relay the block page someware static which doesn't reveal any of this information. for example https://blindsoft.net/sorry.html which has a static page. (if it's an option).
#cybersecurity #it #itsec
Мяу в ИБ часть 1
Сижу в ИБ очень долго, ещё с ранних лет, пора бы начать оставлять пару заметочек для мира.
Не люблю полумеры, антивирусы, блокировки USB и прочих накопителей, пароли на компах без инструктажа персонала, отсутствие шифрования, бесполезное затирание данных.
Все это фигня, потому что есть нормальные инструменты и меры которыми можно спасти ИБ, это-извращение.
Бонус: ИБ который защищает от сотрудников а не от злоумышленников. Зачем блокировать экран если нету FDE? Или зачем на охране бабушки которые проверяют твои сумки для галочки?
Рад буду услышать вас в ответах
Ich habe mir die aktuelle Folge des Podcasts angehört. Gefällt mir gut 👍🏻
@dave_andersen @AVincentInSpace personally I consider any "#KYC" a risk-factor, and @signalapp has proven their ability and willingness to restrict functionality (i.e. their #Shitcoin-#Scam #MobileCoin) based off said #PhoneNumbers (Cuban, Russian and North Korean Numbers were excluded) which are in fact #PII (even if one doesn't have to #ID for obtaining a #SIM, they are circumstantial PII)...
Either way they either have to yeet #Hegseth as client and/or stop collecting PII like PhoneNumbers - they gotta have to do something…
#ITsec is a different story, but unlike #Signal these do not depend on a #PhoneNumber and work through @torproject / #Tor.
Who needs #phishing when your login's already in the wild?
Stolen #credentials edge out email tricks for cloud break-ins because they're so easy to get
Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors.
https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/
#itsec #security
No, not #Microsoft #Copilot.
It's Microsoft Copirate!
First seen in this excellent talk by the security researcher Johann Rehberger:
SpAIware & More: Advanced Prompt Injection Exploits in #LLM Applications:
https://inv.nadeko.net/watch?v=84NVG1c5LRI
(or YT: https://www.youtube.com/watch?v=84NVG1c5LRI)
#LLMs #PromptInjection #ITSecurity #ITSec #AI #ArtificialIntelligence
@GottaLaff the sheer fact that he didn't get jailed for this violation of #ITsec, #InfoSec, #ComSec & #OpSec rules is propably making #RealityWinner and #ChelseaManning scream internally at max volume.
