🤖📧 Oh no, a #DOGE #aide fumbled #Treasury #policy by sending sensitive data via #unencrypted email! 🚨 But don't worry, #The Register's bot has you covered with a polite "403 forbidden" ✋—the perfect shield against your curiosity. 😂👌
https://www.theregister.com/2025/03/17/doge_treasury/ #Email #Cybersecurity #Register #HackerNews #ngated

小紅書的明碼 (未加密) 傳輸

之前 TikTok (國際版的抖音) 在美國的事情，所以有不少人跳去小紅書，所以才有歐美的 security company 去研究小紅書的問題：「TikTok alternative RedNote (Xiaohongshu) fails basic security measures」。

好久

https://blog.gslin.org/archives/2025/02/27/12275/%e5%b0%8f%e7%b4%85%e6%9b%b8%e7%9a%84%e6%98%8e%e7%a2%bc-%e6%9c%aa%e5%8a%a0%e5%af%86-%e5%82%b3%e8%bc%b8/

#API #Computer #Murmuring #Network #Security #Service #Social #Software #app #encrypted #privacy #rednote #security #unencrypted #vulnerability

You wouldn’t hand a stranger your bank info, your medical records, or a list of your fears. But every time you accept cookies, leave GPS on, or use #unencrypted messaging, you are handing that #data over.

#Privacy isn’t about secrecy - it’s about agency. Know what’s being taken from you.

Demand digital boundaries.

#KeepDataPrivate #dataprivacy #Snooping #privacyMatters #DigitalBoundaries

#DeepSeek #iOS app sends data #unencrypted to ByteDance-controlled servers - Ars Technica

Apple's defenses that protect data from being sent in the clear are globally disabled.
> that’s globally disabled within that specific app
#bytedance #China #privacy #encryption #security

https://arstechnica.com/security/2025/02/deepseek-ios-app-sends-data-unencrypted-to-bytedance-controlled-servers/

#Whistleblower finds #unencrypted location data for 800,000 VW EVs
#privacy #security #geoloc #surveillance

https://arstechnica.com/cars/2024/12/whistleblower-finds-unencrypted-location-data-for-800000-vw-evs/

@AdminKirsty @delta nodds in agreement

Add to that there are sufficient tools that allow for #secure, #E2EE #communication.

• Like: Even if they don't like #PGP/MIME there's nothing that prevents them from supporting #XMPP+#OMEMO or having any #secure means to communicate.

I do go out of my way to implement better alternatives to existing bad option...

• For example, #WebCall and #JitsiMeet alongside @zulip / #Zulip for companies that want or need some auditable and archival #Chat solution for internal use...

TBH, #unencrypted and thus #insecure communication should disqualify every #company and #organization as a matter or principle and it's high time #GDPR & #BDSG make support for proper #encryption mandatory, regardless if #2FA or general communications!

1. Tr^mp's lawyers did not dispute anything disclosed in the new filing. 2. If he believed overturning the election was part of his official acts, why was he using a burner phone routed outside of the U.S., unencrypted? 3. How many countries may be planning to blackmail him as a result of this #security #breach, or others?
#AdamCochran #Smith #filing #burner #phone #SpamRiskEgypt #EspionageAct #indict #espionage #risk #blackmail #foreign #intelligence #unencrypted #official #act #SCOTUS #king

Over 600 million #Meta #passwords stored in plain text

The issue was first uncovered in 2019 when #Facebook admitted to "hundreds of millions" of passwords being stored #unencrypted. Facebook said that the passwords were not available outside of the company — but also admitted that around 2,000 engineers had made about 9 million queries on that user database
#privacy #security

https://appleinsider.com/articles/24/09/27/meta-stored-600-million-facebook-and-instagram-passwords-in-plain-text

@root@mindly.social @mindly.social@mindly.social

We have received a bunch of empty Admin Reports from @mindly.social and our reaction have been to Suspended their system account to avoid further spam from them, and Silenced them to help keeping they users of the grid. This is also done to protect the fediverse against CloudFlare's tracking and spying on users and absorbance of [PII](/articles/MTX-A-79/PII) data

{width=280px}

## About mindly.social

A review of their instance shows us a miss configured instance

Host mindly.social
Software mastodon / 4.2.12
Administrator (Unknown) ((Unknown))

mindly.social.  3600    IN      NS      duke.ns.cloudflare.com.
mindly.social.  3600    IN      NS      jean.ns.cloudflare.com.
mindly.social.  300     IN      A       188.114.97.3
mindly.social.  300     IN      A       188.114.96.3

Mindly.Social aims to be a friendly, non-topic specific community focused on spreading positivity, expanding your knowledge and experiences, and just being plain old happy on social media for once.

@root@mindly.social @mindly.social@mindly.social

We have received a bunch of empty Admin Reports from @mindly.social and our reaction have been to Suspended their system account to avoid further spam from them, and Silenced them to help keeping they users of the grid. This is also done to protect the fediverse against CloudFlare's tracking and spying on users and absorbance of [PII](/articles/MTX-A-79/PII) data

{width=280px}

## About mindly.social

A review of their instance shows us a miss configured instance

Host mindly.social
Software mastodon / 4.2.12
Administrator (Unknown) ((Unknown))

mindly.social.  3600    IN      NS      duke.ns.cloudflare.com.
mindly.social.  3600    IN      NS      jean.ns.cloudflare.com.
mindly.social.  300     IN      A       188.114.97.3
mindly.social.  300     IN      A       188.114.96.3

Mindly.Social aims to be a friendly, non-topic specific community focused on spreading positivity, expanding your knowledge and experiences, and just being plain old happy on social media for once.

@CStamp @persagen whilst it's easy to attribute #Unit8200 for that, I'd say this is a too easy kind of explaination as it would be in the best interest if the #IDF to keep enemies like #Hezbollah in blissful ignorance about their #vulnerable #tech whilst maximizing #SIGINT effectiveness by not giving them a reason to implement secure #comms.

To me that sounds like a project some recruit of that unit would've to plan as a means to qualify for membership of that unit.

• It doesn't make sense to pull that #PagerHack off given it's quite newly deployed (older batteries would've more reliably and faster gone critical due to #Overdischarge!) and having pulled this #exploit also means Hezbollah will clearly fix those issues, starting with devices using #NiCd or #LiFePO4 batteries if not employing proper #E2EE instead of using insecure & #unencrypted #POCSAG...

But since I'm not getting paid for fixing that shitshow AND don't work with or for terrorists (!!!) I won't plug any projects that would've prevented this...

@marcan
Be careful out there. Its amazing that we use #email, #unencrypted email, for business purposes.

no personal and private information should ever be put in an email that travels in the clear; no account numbers, bdays, transaction info etc.

We need to demand that corps provide their #publicKey and accept our public key before we do business with them.
or
at least demand that they use an encrypted email service.

Learn about public/private key #encryption it's not that hard.

When your #company #policies force you to disable #TLS and do everything #unencrypted.

That's just #employees to/from the cloud VM. Everyone else on the planet can do whatever they like, of course. The policy is just forced on the owners of the VM.

BUUUUUT everything is great because it's compliant and that is the MOST #IMPORTANT thing!

Tadaa 🎉🎉🎉

#CloudFlare is a giant #MITM [1] that can read all of your #unencrypted #data that you send to websites that use CloudFlare (almost all of them) including #passwords. It's also a central point of #failure to the Internet [2].

Cloudflare is the exact opposite of #privacy.

[1] https://blog.ipv6.rs/understanding-tls-mitm-and-privacy-policies/

[2] https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024

Another common attack is #DNS #sniffing, where the attacker watches DNS traffic between a #client and a #DNSserver, collecting the client's #history.

This is a serious problem for user #privacy. The reason this #attack is possible is that DNS #traffic was originally #unencrypted.

In order to be a #secure starting point for the protocols that build on top of it, DNS needs to be both #authenticated & #encrypted.

#NetworkSecurity

@bascule @matthew_d_green

Exactly !
This is, what #PavelDurov's
#Statement about #Signal is all about. #Unencrypted #Telegram #Content and #IpAdresses are worldwide accessible at any given #Time for the #Corporation, while their #Encryption - #Features are pretty well hidden for normal #Users.
They do a #Bullshit for #Privacy and #Datasecurity, but call out Others for doing more in this #Area. #Ridiculous. It's a fucking #Disinformation #Campaign.

@BenjaminHCCarr IMHO #HTML-#eMails should be banned by law - like any #unencrypted #communications should be #illegal...

@kaiengert @map Yeah, I'm aware of @delta / #deltaChat and other tools like it...

The Idea I have is to force all eMails to be encrypted in the sense of #PGP/MIME and/or S/MIME!

Such in that it bans all #unencrypted #eMails!

@hllizi It's 2023 and @thunderbird has #PGP/MIME built in.

There's no excuse for having #unencrypted #eMails except (catering to) lazyness (of others) to properly configure their setup.

A little personal post I should propably pin:

Don't sent me any links/invites to #centralized, #SingleVendor / #SingleProvider #Chat or whatever sites/services.

I WILL IGNORE THEM!

If you want to contact me, you'll find all the info you want on my profile.

To protect against #Spam, all #unencrypted messages/eMails get automatically filtered as junk on server-side.

If you want a reply, add your #Pubkey to those.

Thanks for your attention!