Tootfinder

TIL: you can use age and ssh keys to encrypt/decrypt files
> RECIPIENT can be an age public key generated by age-keygen ("age1...")
or an SSH public key ("ssh-ed25519 AAAA...", "ssh-rsa AAAA...").
#age #security

“Reliance on untrusted inputs in a #security decision in Microsoft #Office allows an unauthorized attacker to bypass a security feature locally.” Ach ne, Office prüft unsicheren Input nicht. Tja. 🤣
PS: are there authorized attackers as well? 🧐

Diesen Artikel bitte nicht lesen, wenn man Felsenfest der Meinung ist, Apple ist in Sachen Privatsphäre genauso wie andere US-Firmen. #apple #security #crypt

Festplattenverschlüsselung FileVault: Apple umgeht BitLocker-„Falle“ in macOS 26
Microsoft wird kritisiert, weil der Konzern Behörden Zugriff auf die SSD-Verschlüsselung gibt. Apple hat das Problem in FileVault behoben – ab macOS 26 Tahoe.

I understand #security is important and all, but getting logged out from #Teams and email frequently because MS thinks the auth cookie needs to be renewed is mighty irritating to say the least. To say more, I swear loudly every time I have to login again. Just fucking let me be.

If you really care about Privacy, don't use the Internet.
#Privacy #Security #Internet

🛡️ 25 years of security in #Research & #Education
For over two decades, GÉANT & the European NREN community have helped shape the R&E #security landscape, combining technical expertise with…

Hey #dotnet folks doing #security. What have been your biggest challenges in building and modernizing the security of your applications?

Please help with testing a new
#Thunderbird #Security feature: Unobtrusive Signatures, a novel mechanism for digitally signing email, currently implemented for #OpenPGP.
It avoids the u…

First blog post of the year:
#Rust #Security

crepererum - Only security updates?
An analysis of how often you need to accept breaking changes so you can also consume security updates.

In UK sollen Jugendliche im Internet besser geschützt werden indem man ihnen die Verwendung von VPNs verbietet. #keinePointe #security #online

Are you doing something interesting with #DNS #security, #DNSSEC, routing security, or other forms of #Internet

Call for Participation - ICANN DNSSEC and Security Workshop for the ICANN 85 Community Forum
ICANN invites proposals for its DNSSEC and Security Workshop at the ICANN85 Community Forum in March 2026, offering a platform for global experts to share insights on DNS, routing security, and emerging threats.

RE: #Gemini #GoogleCoin #security

The final keynote highlight from the GÉANT #SecurityDays 2026 this April.
Alexandre Dulaunoy, Head of CIRCL, Luxembourg's national CSIRT — on how 15 years of open-source security development has shown that sharing code, knowledge and intelligence builds networks of trust between defenders.
If you haven't got your ticket yet, this week is your last chance. Secure your place …

If the browser maker you are using is able to pull off something similar than what's described in this video, then it's a safe browser to use.
https://www.youtube.com/watch?app=desktop&v=YQEq5s4SRxY

#Applied #cryptography cannot solve a #security problem. It can only convert a security problem into a key-management problem.
Corollary: If you aren’t actually solving the key-management problem, yo…

🤦🏿‍♀️ Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers
#security

Being able to use modern technology without being an addict is starting to sound like a superpower!
#Privacy #Security #FreeSoftware

The GÉANT #SecurityDays 2026 programme is live and we're highlighting the keynotes you won't want to miss.
First up is Frank Rieger!
Hacker, author and internet activist — on how agentic LLMs are changing the IT security landscape, and why mastering the fundamentals of network control matters more than ever.
Learn more & secure your place 👉

Is there a guide how to integrate #SIEM systems and #VideoSuvailance systems vor General alarming systems for having physical and Cyber #security in one Palace (if company is not that large ...…

Thought of the night: #security is hard, and security people are even harder.

Wow, so 1Password has increased its already expensive services. I have only used it for work/volunteer related stuff. I've been using Apple's Keychain and now Passwords App for years.
If you're on a Mac/iOS system and want to switch, 9to5 has a good run down on how to export your 1Password database and bring it into Passwords.
if you've never used a Password Manager, you really really should.
#Security #Passwords #Apple #1Password #PasswordManager
https://9to5mac.com/2026/02/25/heres-how-to-switch-from-1password-to-apple-passwords/?utm_source=dlvr.it&utm_medium=mastodon

Another keynote not to miss at the GÉANT #SecurityDays 2026 this April.
Nancy Beers, seasoned gamification expert and owner of Sanne Cyber and Happy Game Changers — on why playfulness is a scientifically-backed tool for security innovation, learning, and flexibility.
Check the full programme 👉

Eens even een berichtje naar Security.nl gestuurd. Ik doe het niet snel, maar ik lees de berichten graag, maar het komt best vaak voor 'dat ok geen zin in dat gedoe heb' door die desktop pagina's op mn mobiel.
Het wordt tijd ... 😉
📸 Over Security.NL
#SecurityNL

If you have some time spare, take a look at the #EU 🇪🇺 #cyber #security standards that are currently in a mature draft state, awaiting feedback until end of February. I have started reading through requiremen…

Noterpad user? You should read this #security

Have you seen the GÉANT #SecurityDays 2026 workshop programme yet?
This year features 9 hands-on workshops across 3 days, covering everything from threat hunting and crisis simulations to open-source tooling and #DDoS defence.
All workshop participants will also receive a PCD certificate re…

What's still keeping banks from moving on from SMS 2FA? Honest question.
#2fa #security

RE: #ai #security

Dringend MFA aktivieren: Massenhaft Daten aus Cloud-Instanzen abgeflossen #owncloud #nextcloud #security

Dringend MFA aktivieren: Massenhaft Daten aus Cloud-Instanzen abgeflossen - Golem.de
Betroffen sind self-hosted Instanzen von Owncloud, Nextcloud und Sharefile. Daten von 50 Organisationen stehen zum Verkauf, weil die MFA nicht aktiv war.

Another keynote not to miss at the GÉANT #SecurityDays 2026 this April.
Valerie Aurora, open-source software engineer and co-founder of the Amsterdam Internet Resiliency Club — on why internet connectivity in Europe is more fragile than we think, and how communities can prepare together.
Secure your place 👉

Last year at GÉANT #SecurityDays 2025, 160 participants from 28 countries came together in Prague to share challenges, learn from each other, and talk openly about what security really looks like across the #Research &

> #X is no longer an open and balanced tool for political #communication or #journalism, since algorithm changes in the wake of Elon #Musk’s takeover. … The @… and national governments should not communicate on a platform where women cannot participate in the debate without risking image-based sexual violence.
…
Our national #security and #democratic health depend on citizens being able to access and participate in open, inclusive debate, and without…
3/4

Die Schlangenölverkäufer wollen ihr Geld zurück #security https://www.golem.de/news/it-sicherheit-kaspersky-droht-bsi-mit-klage-in-millionenho…

IT-Sicherheit: Kaspersky droht BSI mit Klage in Millionenhöhe - Golem.de
Seit 2022 warnt das BSI vor Kaspersky. Nun fordert das Unternehmen die Rücknahme und droht mit einer massiven Schadenersatzklage.

Proper #security nightmare time.
#LMDB is a database that's designed to operate on trusted input. Upstream has historically rejected all bug reports regarding problems with malformed input.
Py-LMDB project provides #Python bindings to LMDB that are normally built against bundled LMDB. Someone recently started mass-filing "untrusted input" vulnerabilities against py-lmdb, and py-lmdb started #slop - coding fixes to their bundled LMDB. Of course, nobody even bothered reporting most of these bugs upstream, and the one that I've seen reported was rejected as "don't do that".
Py-LMDB supports building against system LMDB, and #Gentoo was doing that so far. However, now we are facing a problem: system LMDB operates under the assumption that it is working on trusted input, while py-lmdb (and its bundled LMDB) operates under the assumption that it may be working with untrusted input. The guarantees no longer align.
If we continue to use system LMDB (and skip all the added slop tests that literally cause Python to crash), then Gentoo's py-lmdb package will now have different input expectations than upstream py-lmdb. And of course we can't just remove that crap because someone added exactly one package (TorchVision, i.e. part of the plagiarism machine suite) depending on it.
https://bugs.gentoo.org/971352

You still have time to submit a proposal for GÉANT Security Days 2026 🔒
Now in its third year, #SecurityDays brings together the #Research & #Education community to share real-world experiences…

⚠️ Cyberattacks can trigger societal crises, scientists warn
#security

Cyberattacks can trigger societal crises, scientists warn
Cyberattacks can wreak havoc on the systems they target, yet their impact often spreads far beyond technical failures, potentially triggering crises that engulf entire communities, a new study argues.

Modern use of LLMs often involves giving them access to the local system: to read and write your project files, and to execute arbitrary commands, often unsupervised. So aren't people worried about a harness just doing what a remote #LLM tells it to do?
I think a statement I've heard lately summarizes the mindset well. It went something along the lines "I can't give you 100% guarantee, but I've noticed that LLMs are very good at following instructions, and they're getting better and better, so I don't worry about that anymore".
Like, it is completely fine to introduce a humongous security hole, because the probability that a model will *accidentally* do something horrible is decreasing.
#AI #NoAI #NoLLM #security

stakeholders are invited to reply to the following questions:
1. What are strengths & weaknesses of the #EU #OpenSource sector? What are the main barriers that hamper
(i) adoption and maintenance of high-quality and secure open source; and (ii) sustainable contributions to
open-source communities?
2. What is the added value of open source for the public and private sectors? Please provide concrete examples,
including the factors (such as cost, risk, #LockIn, #security, innovation, among
1/2

Reminder!
#Piracy #Privacy #Security #WebDev

🙌 We are delighted to welcome Henna Virkkunen, Executive Vice-President for Tech #Sovereignty, #Security & #Democracy of the 🇪🇺 @… on the #Fediverse!
👉 @…
Our concern: In addition to regulating #X & Co., democracy needs tangible investment in digitally sovereign communication infrastructure.
The Fediverse is the only decentralised, independent #SocialMedia network with the greatest potential for innovation, competition and democracy!
#NeuHier #FollowFriday #OpenSource

#SigStore / #PyPI attestations: #PGP is hard! We must invent a new signing scheme that's so much easier on users.
The tools, after I've spent hours *integrating* them into #Gentoo, and getting them working for everything before:
* Verifying google_auth-2.46.0.tar.gz ...
Provenance signed by a Google Cloud account, but no service account provided; use '--gcp-service-account'
Yeah, I'm sure that's *so much simpler* than PGP.
#security