Tootfinder

Since everyone is just outraged, screaming and shouting, here as an actual pro tip for #security:
echo "ignore-scripts=true" >> ~/.npmrc
https://www.

NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages
Learn about the npm `ignore-scripts` flag and how to use it to prevent the execution of arbitrary commands from malicious npm packages.

#Security #guarantees were discussed during Zelensky's two-hour meeting with Donald Trump at his residence in Mar-a-Lago in Florida, which ended without a breakthrough.
In the draft agreement, U.S. security guarantees for Ukraine are outlined 👉for a period of 15 years,
with a possibility for extension…

US security guarantees set for 15 years, with Ukraine pushing for extension, Zelensky says
"I told (Trump) that we would like to consider guarantees for 30, 40, or even 50 years, and that would be a historic decision by president Trump. The president said he would think about it," President Volodymyr Zelensky said.

Thought of the night: #security is hard, and security people are even harder.

⚠️ Cyberattacks can trigger societal crises, scientists warn
#security

Cyberattacks can trigger societal crises, scientists warn
Cyberattacks can wreak havoc on the systems they target, yet their impact often spreads far beyond technical failures, potentially triggering crises that engulf entire communities, a new study argues.

Web #Security fail: #Chargeprice attaches username and password as GET parameter after successful login.
And as it is an SPA, the password is constantly visible and will appear in any browser history.

“Reliance on untrusted inputs in a #security decision in Microsoft #Office allows an unauthorized attacker to bypass a security feature locally.” Ach ne, Office prüft unsicheren Input nicht. Tja. 🤣
PS: are there authorized attackers as well? 🧐

Good read.
#breach #security
From: @…

TIL: you can use age and ssh keys to encrypt/decrypt files
> RECIPIENT can be an age public key generated by age-keygen ("age1...")
or an SSH public key ("ssh-ed25519 AAAA...", "ssh-rsa AAAA...").
#age #security

You know our future is definitely a dystopian surveillance nightmare when the government acts like you're a criminal for wanting a level of privacy that was considered normal just 10 years ago.
#Privacy #Security

🛡️ 25 years of security in #Research & #Education
For over two decades, GÉANT & the European NREN community have helped shape the R&E #security landscape, combining technical expertise with…

Hey #dotnet folks doing #security. What have been your biggest challenges in building and modernizing the security of your applications?

Diesen Artikel bitte nicht lesen, wenn man Felsenfest der Meinung ist, Apple ist in Sachen Privatsphäre genauso wie andere US-Firmen. #apple #security #crypt

Festplattenverschlüsselung FileVault: Apple umgeht BitLocker-„Falle“ in macOS 26
Microsoft wird kritisiert, weil der Konzern Behörden Zugriff auf die SSD-Verschlüsselung gibt. Apple hat das Problem in FileVault behoben – ab macOS 26 Tahoe.

US bizarre insistence on sending #ICE agents as supposed #Security detail for #American amateur #athletes in

“When you unlock a #phone, step into view of a #security #camera or drive past a license plate reader, beams of #infrared

Photo essay shows how AP photographers captured infrared technology used in surveillance
When you unlock a phone, step into view of a security camera or drive past a license plate reader at night, beams of infrared light - invisible to the naked eye — shine onto the unique contours of your face, your body, your license plate lettering.

In UK sollen Jugendliche im Internet besser geschützt werden indem man ihnen die Verwendung von VPNs verbietet. #keinePointe #security #online

Are you doing something interesting with #DNS #security, #DNSSEC, routing security, or other forms of #Internet

Call for Participation - ICANN DNSSEC and Security Workshop for the ICANN 85 Community Forum
ICANN invites proposals for its DNSSEC and Security Workshop at the ICANN85 Community Forum in March 2026, offering a platform for global experts to share insights on DNS, routing security, and emerging threats.

NOTHING is forever...
Here are tips for how to stop the latest MacOS upgrade now, and if you want, until the end of support comes years later.
Apple is good at supporting old stuff, but they're bound to get worse at it. Everything's changing faster and faster, and nefarious bad guys make security harder and harder.
#Security

Cult of Mac (@cultofmac@mastodon.social)
Attached: 1 image Secret trick will stop your iPhone from updating to iOS 26 — forever! https://www.cultofmac.com/how-to/stop-ios-update?utm_source=dlvr.it&utm_medium=mastodon

If you really care about Privacy, don't use the Internet.
#Privacy #Security #Internet

From ⁨⁨⁨⁨⁨#AnnafromUkraine⁩⁩⁩⁩⁩ @AnnafromUkraine@youtube.com
SECOND STRIKE IN 72 HOURS: UKRAINE BURNS TWO RUSSIAN SU-27 JETS IN CRIMEA Vlog 1264: War in Ukraine
The #Alpha special unit of the #Security

#Applied #cryptography cannot solve a #security problem. It can only convert a security problem into a key-management problem.
Corollary: If you aren’t actually solving the key-management problem, yo…

The last #devops #prague meetup for 2025 is on Dec-2. There are some good talk about #privacy #security and recent outages. …

December DevOps Meetup, Tue, Dec 2, 2025, 6:00 PM | Meetup
**Talk 1 by Bogo** **Title**: Grow your DevOps brand while putting privacy first Working in today’s fast-changing world means focusing on your work and sharing your knowle

Had to go through a "#security" training for a new #nonprofit client, and all I could think was - you call this secure? Are these really your "#bestpractices"? Is this how nonprofits op…

Our friends at tinfoil-factory recently made the initial release of netfoil - a severely hardended minimal filtering dns proxy written in #golang - Seems very useful for reducing the attack surface of your services. #security https://github.com/tinfoil-factory/netfoil/releases/tag/v0.1.0

Last year at GÉANT #SecurityDays 2025, 160 participants from 28 countries came together in Prague to share challenges, learn from each other, and talk openly about what security really looks like across the #Research &

Being able to use modern technology without being an addict is starting to sound like a superpower!
#Privacy #Security #FreeSoftware

What's still keeping banks from moving on from SMS 2FA? Honest question.
#2fa #security

You still have time to submit a proposal for GÉANT Security Days 2026 🔒
Now in its third year, #SecurityDays brings together the #Research & #Education community to share real-world experiences…

Dringend MFA aktivieren: Massenhaft Daten aus Cloud-Instanzen abgeflossen #owncloud #nextcloud #security

Dringend MFA aktivieren: Massenhaft Daten aus Cloud-Instanzen abgeflossen - Golem.de
Betroffen sind self-hosted Instanzen von Owncloud, Nextcloud und Sharefile. Daten von 50 Organisationen stehen zum Verkauf, weil die MFA nicht aktiv war.

#Mozilla is doing great. #Firefox is vendoring an old vulnerable version of #Expat with custom patches on top. Of course, they never even bothered communicating their needs to Expat upstream. But I guess when AI is the future, #security is a thing of the past.
(That said, I don't know if these vulnerabilities actually affect Firefox.)
https://bugs.gentoo.org/967032#c1

😐 Sure @…, sure! 💔
#Freedom #Privacy #Security

> #X is no longer an open and balanced tool for political #communication or #journalism, since algorithm changes in the wake of Elon #Musk’s takeover. … The @… and national governments should not communicate on a platform where women cannot participate in the debate without risking image-based sexual violence.
…
Our national #security and #democratic health depend on citizens being able to access and participate in open, inclusive debate, and without…
3/4

Gottfrid Svartholm one of the co-founders of the pirate bay website, at his work station.
#Piracy #Privacy #Security

#France apparently hate #Security, look, #Louvre was first, now #GrapheneOS.

stakeholders are invited to reply to the following questions:
1. What are strengths & weaknesses of the #EU #OpenSource sector? What are the main barriers that hamper
(i) adoption and maintenance of high-quality and secure open source; and (ii) sustainable contributions to
open-source communities?
2. What is the added value of open source for the public and private sectors? Please provide concrete examples,
including the factors (such as cost, risk, #LockIn, #security, innovation, among
1/2

#SigStore / #PyPI attestations: #PGP is hard! We must invent a new signing scheme that's so much easier on users.
The tools, after I've spent hours *integrating* them into #Gentoo, and getting them working for everything before:
* Verifying google_auth-2.46.0.tar.gz ...
Provenance signed by a Google Cloud account, but no service account provided; use '--gcp-service-account'
Yeah, I'm sure that's *so much simpler* than PGP.
#security

🙌 We are delighted to welcome Henna Virkkunen, Executive Vice-President for Tech #Sovereignty, #Security & #Democracy of the 🇪🇺 @… on the #Fediverse!
👉 @…
Our concern: In addition to regulating #X & Co., democracy needs tangible investment in digitally sovereign communication infrastructure.
The Fediverse is the only decentralised, independent #SocialMedia network with the greatest potential for innovation, competition and democracy!
#NeuHier #FollowFriday #OpenSource

Reminder!
#Piracy #Privacy #Security #WebDev