Felix Eckhardt<p>Bei der Techniker Kasse hat man es anscheinend nicht verstanden:</p><p>"Bei Sicherheitsbedenken wägt der TK-Chef ab: Zwar gebe es keine absolute Sicherheit, aber auch analoge Daten seien nicht sicher. In eine Praxis einzubrechen und dort Aktenordner zu klauen sei einfach."</p><p>Bei der ePA kann man im Erfolgsfall Millionen Datensätze abziehen. Das ignoriert der TK Chef komplett. Die Attraktivität für Angreifer ist ebenso wie der mögliche Schaden deutlich höher.</p><p><a href="https://det.social/tags/ePA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ePA</span></a> <a href="https://det.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://det.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://det.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://det.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
nerdculture.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;)
No bots in general. Languages: DE, EN, FR, NL, ES, IT
Administered by:
Server stats:
1.1Kactive users
nerdculture.de: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#itsec
5 posts · 5 participants · 0 posts today
Benjamin Carr, Ph.D. 👨🏻💻🧬<p><a href="https://hachyderm.io/tags/EFF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EFF</span></a> Leads Prominent <a href="https://hachyderm.io/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> Experts in Urging Trump Administration to Leave <a href="https://hachyderm.io/tags/ChrisKrebs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChrisKrebs</span></a> Alone<br>Political Retribution for Telling the Truth Weakens the Entire <a href="https://hachyderm.io/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> Community and Threatens Our <a href="https://hachyderm.io/tags/Democracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Democracy</span></a>; Letter Remains Open for Further Sign-Ons<br><a href="https://www.eff.org/press/releases/eff-leads-prominent-security-experts-urging-trump-administration-leave-chris-krebs" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eff.org/press/releases/eff-lea</span><span class="invisible">ds-prominent-security-experts-urging-trump-administration-leave-chris-krebs</span></a><br><a href="https://hachyderm.io/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSecurity</span></a> <a href="https://hachyderm.io/tags/ITSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSec</span></a> <a href="https://hachyderm.io/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a></p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>sqlmap</p><p>Automatic SQL injection and database takeover tool</p><p>🔧 <a href="https://sqlmap.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sqlmap.org</span><span class="invisible"></span></a></p><p><a href="https://chaos.social/tags/sql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sql</span></a> <a href="https://chaos.social/tags/map" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>map</span></a> <a href="https://chaos.social/tags/db" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>db</span></a> <a href="https://chaos.social/tags/sqlmap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sqlmap</span></a> <a href="https://chaos.social/tags/sqldatabase" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sqldatabase</span></a> <a href="https://chaos.social/tags/pgsql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pgsql</span></a> <a href="https://chaos.social/tags/database" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>database</span></a> <a href="https://chaos.social/tags/mysql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mysql</span></a> <a href="https://chaos.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://chaos.social/tags/injection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>injection</span></a> <a href="https://chaos.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://chaos.social/tags/opensql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensql</span></a> <a href="https://chaos.social/tags/sqlite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sqlite</span></a> <a href="https://chaos.social/tags/postgresql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>postgresql</span></a> <a href="https://chaos.social/tags/takeover" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>takeover</span></a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://chaos.social/tags/infection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infection</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@krypt3ia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>krypt3ia</span></a></span> I think <span class="h-card" translate="no"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>briankrebs</span></a></span> and other <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> profressionals are cringing hard.</p><ul><li>At least I do...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@dave_andersen" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dave_andersen</span></a></span> <span class="h-card" translate="no"><a href="https://furry.engineer/@AVincentInSpace" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>AVincentInSpace</span></a></span> personally I consider any <em>"<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KYC</span></a>"</em> a risk-factor, and <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> has proven their <em>ability and willingness</em> to restrict functionality (i.e. their <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a> <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a>) based off said <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumbers</span></a> (Cuban, Russian and North Korean Numbers were excluded) which are in fact <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> (even if one doesn't have to <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ID</span></a> for obtaining a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIM</span></a>, they are circumstantial PII)... </p><ul><li>They have neither <em>"legitimate interest"</em> nor legal mandate to collect said data (or to integrate a scammy Shitcoin for that matter) as the discontinuation of <a href="https://infosec.space/tags/ChatSecure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChatSecure</span></a> / <a href="https://infosec.space/tags/TextSecure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TextSecure</span></a> has eliminated the <em>"technical necessity"</em> to have those.</li></ul><p>Either way they either have to yeet <a href="https://infosec.space/tags/Hegseth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hegseth</span></a> as client and/or stop collecting PII like PhoneNumbers - <em>they gotta have to do something</em>…</p><ul><li>As for <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a>, I'd say <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> remains the gold standard alongside <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME...</li></ul><p><a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> is a different story, but unlike <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> these do not depend on a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumber</span></a> and work through <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a>.</p><ul><li>And I've been using Tor for almost 15 years daily now...</li></ul>
Peter Cohrs | Journalist 🦣<p>"Gezielt getroffen" — Am Tag der Bundestagswahl legt ein Cyberangriff die Website der <a href="https://dju.social/tags/taz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>taz</span></a> lahm. Es ist nicht der erste dieser Art. Angriffe auf die kritische Infrastruktur der Demokratie sind längst Alltag. <a href="https://dju.social/tags/Medien" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Medien</span></a> <a href="https://dju.social/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> </p><p><a href="https://taz.de/Angriff-auf-die-taz/!6081815/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">taz.de/Angriff-auf-die-taz/!60</span><span class="invisible">81815/</span></a></p>
Benjamin Carr, Ph.D. 👨🏻💻🧬<p>Who needs <a href="https://hachyderm.io/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> when your login's already in the wild?<br>Stolen <a href="https://hachyderm.io/tags/credentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>credentials</span></a> edge out email tricks for cloud break-ins because they're so easy to get<br>Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors. <br><a href="https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/04/23/sto</span><span class="invisible">len_credentials_mandiant/</span></a><br><a href="https://hachyderm.io/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.social/@GottaLaff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GottaLaff</span></a></span> the sheer fact that he didn't get jailed for this violation of <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> & <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a> rules is propably making <a href="https://infosec.space/tags/RealityWinner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RealityWinner</span></a> and <a href="https://infosec.space/tags/ChelseaManning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChelseaManning</span></a> scream internally at max volume.</p><ul><li>IMHO <a href="https://infosec.space/tags/Hegseth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hegseth</span></a> should he sharing a cell with <a href="https://infosec.space/tags/Ames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ames</span></a> because he's just a risk to <a href="https://infosec.space/tags/NatSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NatSec</span></a>!</li></ul>
Felix Eckhardt<p>Hm.</p><p><a href="https://www.golem.de/news/kurz-nach-offenlegung-chatgpt-und-claude-liefern-exploit-fuer-kritische-ssh-luecke-2504-195579.amp.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">golem.de/news/kurz-nach-offenl</span><span class="invisible">egung-chatgpt-und-claude-liefern-exploit-fuer-kritische-ssh-luecke-2504-195579.amp.html</span></a></p><p><a href="https://det.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://det.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://det.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://det.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://det.social/tags/erlang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>erlang</span></a> <a href="https://det.social/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ai</span></a></p>
minzmade<p>Found a Linux Security Cookbook (O'Reilly) of 2003 in the <a href="https://chaos.social/tags/straze" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>straze</span></a> <a href="https://chaos.social/tags/library" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>library</span></a> - still interesting to browse through.<br><a href="https://chaos.social/tags/greifswald" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>greifswald</span></a> <a href="https://chaos.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a></p>
Christoph Schmees<p><span class="h-card" translate="no"><a href="https://social.heise.de/@heisec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>heisec</span></a></span> </p><p>Was? Das ist noch eine Meldung wert? Sollte es ernsthaft noch denkende Menschen geben, die <a href="https://social.tchncs.de/tags/Zyxel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zyxel</span></a> einsetzen? </p><p><a href="https://www.pc-fluesterer.info/wordpress/?s=zyxel" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pc-fluesterer.info/wordpress/?</span><span class="invisible">s=zyxel</span></a></p><p><a href="https://social.tchncs.de/tags/sicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sicherheit</span></a> <a href="https://social.tchncs.de/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://social.tchncs.de/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://social.tchncs.de/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foss</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@shoppingtonz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>shoppingtonz</span></a></span> <span class="h-card" translate="no"><a href="https://mas.to/@alternativeto" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>alternativeto</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> granted, those cases are <em>"nieche"</em> as in <em>"extreme low latency applications"</em> are out.of scope for <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> as they are intrinsically incompatible with a self-routing <a href="https://infosec.space/tags/Proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proxy</span></a> network.</p><ul><li>Also proper <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> & <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> teaches to never mingle identities and activities...</li></ul>
Nick<p>I took an ITSec training today that gave "Thi5izmyP4ssWord!" as an example of a good password to use. I'm curious what people think of a password like this.<br><a href="https://mathstodon.xyz/tags/ITSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSec</span></a> <a href="https://mathstodon.xyz/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mathstodon.xyz/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a></p>
Markus Feilner<p>Wahnsinn. <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>log4j</span></a> <a href="https://mastodon.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://mastodon.social/tags/exploits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploits</span></a><br>"I am no hero" Unfassbar gut, lieber <span class="h-card" translate="no"><a href="https://ard.social/@br_data" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>br_data</span></a></span> ! <a href="https://mastodon.social/tags/br" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>br</span></a> <a href="https://mastodon.social/tags/bayerischerrundfunk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bayerischerrundfunk</span></a></p><p>Linkempfehlung ARD Audiothek</p><p><a href="https://www.ardaudiothek.de/episode/wild-wild-web-geschichten-aus-dem-internet/das-wichtigste-hobby-der-welt/br/14442077/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ardaudiothek.de/episode/wild-w</span><span class="invisible">ild-web-geschichten-aus-dem-internet/das-wichtigste-hobby-der-welt/br/14442077/</span></a></p>
Felix Eckhardt<p>US Government wreaks havoc on the cybersecurity community. This will hit their own tech companies hard. No idea what and if they even think. I get that funding CVE DB and everyone using it is one of Trumps talking points. But why not monetising it? Make People pay for access? That would make much more sense. This stupid messing around will hurt everyone bad, incl. US economy and government. Cybercriminals will profit.</p><p><a href="https://det.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://det.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://det.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://det.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://det.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://det.social/tags/uspol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uspol</span></a> <a href="https://det.social/tags/mitre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mitre</span></a></p>
art4<p><span class="h-card" translate="no"><a href="https://mastodon.green/@IrrsinnHilft" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>IrrsinnHilft</span></a></span> <br>1. Es gibt Leute, die müssen dahin, siehe <a href="https://heise.de/-10352231" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">heise.de/-10352231</span><span class="invisible"></span></a><br>2. Es geht um <a href="https://infosec.exchange/tags/ITSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSec</span></a> und <a href="https://infosec.exchange/tags/Datensicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Datensicherheit</span></a>, nicht um eine andere Sicherheit.</p>
Felix Eckhardt<p>Ach das ist doch alles Sch***e</p><p><a href="https://det.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://det.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://det.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://det.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Felix Eckhardt<p><span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bsi</span></a></span> Mitre funding scheint ja in Frage zu stehen (<a href="https://infosec.exchange/@briankrebs/114343835430587973" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@briankrebs/1</span><span class="invisible">14343835430587973</span></a>). Ich hatte schonmal gefragt, ob es von deutscher oder europäischer Seite aus Ideen gibt sowas zu ersetzen. Hat sich da was getan? <a href="https://det.social/@felix_eckhardt/114154392133564146" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">det.social/@felix_eckhardt/114</span><span class="invisible">154392133564146</span></a></p><p><a href="https://det.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://det.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://det.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://det.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
art4<p>Die <a href="https://infosec.exchange/tags/US" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>US</span></a>-Zoll- und Grenzschutzbehörde hat weitreichende Befugnisse, um alle Geräte von Reisenden bei der Ein- und Ausreise - unabhängig von deren Staatsangehörigkeit - zu durchforsten.</p><p>Es gibt zwei Arten von Durchsuchungen: </p><p>Eine einfache Durchsuchung kann ohne jeden Grund, völlig willkürlich oder aufgrund einer bloßen Vermutung über eine Person erfolgen - vielleicht aufgrund ihres Aussehens oder einer Antwort, die sie auf eine Frage gegeben hat. Bei einer einfachen Durchsuchung blättert ein Beamter durch die Fotos, E-Mails, Apps und Dateien der Geräte. Für diese Art der Durchsuchung ist kein Verdacht auf ein Fehlverhalten erforderlich.</p><p>Bei einer erweiterten Suche kann der Inhalt der Geräte zur Analyse kopiert werden. Dazu muss ein "begründeter Verdacht" auf einen Rechtsverstoß vorliegen, oder Bedenken hinsichtlich der nationalen Sicherheit bestehen. Ab hier müssen Geräte grundsätzlich als kompromittiert betrachtet werden.</p><p>Zu einer starken digitalen Sicherheit gehört daher, dass eine Verteidigung in der Tiefe praktiziert wird: Wenn eine Sicherheitsebene versagt, muss für den Fall der Fälle eine weitere Schutzschicht vorhanden sein. Auch fehlende Daten können eine solche Schutzschicht darstellen.</p><p>Wenn du in der nächsten Zeit planst, in die USA einzureisen, dann solltest du einige <a href="https://infosec.exchange/tags/ITSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSec</span></a> Tipps wissen und einhalten.</p><p>Allgemeine Hygienetipps:</p><p>1. Aktiviere die Festplatten- bzw. Vollverschlüsselung der Geräte. Verwende starke Passwörter.<br>2. Verwende keine biometrischen Merkmale zur Entsperrung.<br>3. Lade dir alle Daten, die du auf den Geräte benötigst, offline herunter. Entferne alle vorhandenen Cloud-Anbindungen.<br>4. Logge dich nicht bei Accounts, Social Media, etc ein. Wenn du sie verwenden musst, nutze nur den Browser und logge dich nach der Nutzung explizit wieder aus. Lösche Apps, die du nicht benötigst.<br>5. Verwende PINs und Passwörter zum Öffnen von Apps, falls möglich.<br>6. Lösche alle Kontakte, die du nicht benötigst. Erstelle ein Backup der Kontakte und spiele es erst nach deiner Rückkehr wieder ein.<br>7. Lasse die Geräte vor Kontrollen ausgeschaltet.</p><p>Bei einer einfachen Durchsuchung:</p><p>8. Kooperiere sofort, wenn du bei einer Kontrolle zum Einschalten oder Entsperren des Geräts oder von Accounts aufgefordert wirst.<br>9. Gib bei einer Kontrolle nie dein Passwort heraus. Entsperre die Geräte nur selber. Wenn du zur Herausgabe eines Passworts gezwungen wurdest, ändere das Passwort sobald wie möglich.</p><p>Next Level für die erweiterte Suche:</p><p>10. Nutze Wegwerfgeräte. Das gilt für Smartphone, Tablets, Labtops, USB-Sticks, Festplatten, Speicherkarten, etc. Nimm dir nur leere oder frisch aufgesetzte Geräte mit minimaler Ausstattung mit. Betrachte die Geräte nach einer erweiterten Suche als kompromittiert und entsorge sie nach der Rückreise.<br>11. Besorge vor Ort, oder vor der Anreise eine neue SIM-Karte. Benutze keine bestehende SIM-Karte. Nimm keine vorhandene SIM-Karte mit. Betrachte SIM-Karten ab einer erweiterten Suche als kompromittiert und entsorge sie nach der Rückreise.<br>12. Lege dir Proforma-Accounts an. Keinen Social-Media-Account zu haben kann verdächtig wirken, daher pflege Accounts mit unverfänglichen Inhalten, die du entsperren kannst, falls du dazu aufgefordert wirst.<br>13. Wenn ein Gerät beschlagnahmt wird, verlange einen detaillierten Eigentumsnachweis und eine Erklärung darüber, wann und wie du es zurückbekommst.</p><p>Sources:<br>- <a href="https://apnews.com/article/internet-privacy-smartphones-travel-e0a3146ae7966ea0e4157dbfae1f6a81" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apnews.com/article/internet-pr</span><span class="invisible">ivacy-smartphones-travel-e0a3146ae7966ea0e4157dbfae1f6a81</span></a><br>- <a href="https://theintercept.com/2025/03/29/customs-us-border-travel-airports-phone-searches/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">theintercept.com/2025/03/29/cu</span><span class="invisible">stoms-us-border-travel-airports-phone-searches/</span></a></p>
Marcel Hellkamp<p>Small update on our <a href="https://academiccloud.social/tags/HIBP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIBP</span></a> style password checker: We are now at 9.91 billion password hashes (sha1 and ntml), and it's growing and growing. Only 1.3 billion (13%) of those are in HIBP.</p><p><a href="https://pwcheck.gwdg.de/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pwcheck.gwdg.de/</span><span class="invisible"></span></a><br><a href="https://pwcheck.mpg.de/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pwcheck.mpg.de/</span><span class="invisible"></span></a></p><p><a href="https://academiccloud.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://academiccloud.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://academiccloud.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://academiccloud.social/tags/leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>leak</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload