Tootfinder

Opt-in global Mastodon full text search. Join the index!

@marcel@waldvogel.family
2024-06-16 08:01:30

«Publicly-traded tech giants “are beholden to the share price, not to doing what’s right for the customer all the time. That’s just a reality of capitalism. You’re never going to change that in a public company because at the end of the day, they want the shareholder value to go up.”»
How can these bad incentives be compensated or eliminated? (Without a 180° turn of the entire society)
#Security

@khalidabuhakmeh@mastodon.social
2024-06-10 16:59:37

Hey folks, this is an important #security update for #JetBrains users. Please update as soon as possible if you use #GitHub and the integration in the

@alejandrobdn@social.linux.pizza
2024-05-15 18:35:54

It's time to replace the last mechanical hard disks of the laptops that were still installed in some of the laptops at work with SSDs.
Sensitive data is stored on the NAS, but it never hurts to do an srm -r -s data
Secure delete is your friend!
#linux #security

@geant@mstdn.social
2024-06-04 10:42:07

We are excited to announce that the GÉANT #Security Days will return next year - In Prague on 8-10 April 2025. #SaveTheDate!
Stay tuned for the call for proposals announcement and more, be sure you mark your calendars and share the news with your network.

GÉANT Security Days
Prague, CZ. 8-10 April 2025

Save the date
@alejandrobdn@social.linux.pizza
2024-05-15 18:35:54

It's time to replace the last mechanical hard disks of the laptops that were still installed in some of the laptops at work with SSDs.
Sensitive data is stored on the NAS, but it never hurts to do an srm -r -s data
Secure delete is your friend!
#linux #security

@fogelnet@heads.social
2024-06-07 17:30:58

Microsoft Will Switch Off Recall by Default After Security Backlash | WIRED
#Microsoft #Security #Recall

@mikemathia@ioc.exchange
2024-05-11 03:15:56

#Security

@publicvoit@graz.social
2024-05-22 23:07:59

Google Online #Security Blog: On Fire Drills and #Phishing Tests
security.googleblog…

@EarthOrgUK@mastodon.energy
2024-05-26 09:51:02

On IoT Security and Privacy, Moving and Long-term Data (2015) - How to provide appropriate protection for small Internet-of-Things devices and their data streams, on the air and at rest. #IoT #security -

@geant@mstdn.social
2024-06-05 13:07:03

Continuing a longstanding and successful collaboration, GÉANT and EUNIS recently held an online workshop to discuss data control and #security in the #cloud, featuring presentations from #NRENs and

@JGraber@mastodon.social
2024-05-17 18:00:34

#Python Friday #227: Hash a Password With #Bcrypt #security #FastAPI

@rasos@fairmove.net
2024-06-06 19:54:31

"When in doubt, become a nerd" - bei dieser #Security Konferenz schaue ich wohl.morgen vormittag vorbei am FH Campus Wien its-now.science/?conference - keine Registrierung erforderli…

@nohillside@smnn.ch
2024-05-08 14:19:19

„Wächst auf 100 Passkeys an“?! Sagt mal, wieviele Logins habt ihr so in euren Password-Managern?
Bitte teilen!
#passkey #security #password

@sharan@metalhead.club
2024-04-22 21:04:20

What does this mean in terms of #security #onlinesafety #messaging?

@patrick_townsend@infosec.exchange
2024-06-17 17:35:01

GDPR and the Right To Be Forgotten (RTBF) and other Rights
 
A bit of a longer read.
 
I recently had the opportunity to engage a bit here on Mastodon on the question of data privacy and the EU General Data Protection Regulation (GDPR). I’ve had a chance to think about this a bit more and am providing the following thoughts. This is not a complete analysis of data privacy under GDPR, but I hope it will be helpful for organizations or agencies who fall under this regulation. I appreciate those who commented previously (references below).
 
First, some disclaimers:
-       I am not a lawyer. I recommend you talk to one if you are developing software that handles private information or are simply storing or sharing private information.
-       I have read the entire GDPR and recitals, but I am not current on recent legal refinements.
-       I have also read other data compliance regulations such as CCPA and at one point I read all of the data privacy regulations of all 50 US states.
-       Why did I do this? My company was subject to GDPR and a number of other privacy regulations and we were selling a data security solution. Our customers had a reasonable expectation that we would help them meet compliance regulations.
-       We developed internal policies and procedures to comply with GDPR.
-       We honored all GDPR requests related to RTBF.
-       We consciously designed systems that supported and enabled GDPR compliance.
-       We invested in and partnered with a blockchain start up and designed and developed for IPFS.
 
Some definitions might be helpful. GDPR refers to individuals (individual people like you and me) as Data Subjects. The rights granted are granted to individual users and consumers. Organizations that collect private information about Data Subjects are Data Controllers. When we stored information in our CRM we were a Data Controller as defined by GDPR. It takes a bit of reading to get used to these definitions, but they are fairly straightforward.
 
Context is important when understanding a regulation like GDPR.
 
I benefited from my time living in and starting a business in Europe (West Germany, in the 1980s). This part of the world had experienced unspeakable horrors during WWII and were living very close to the repression that existed just across the border in eastern Europe. Repressive regimes abuse confidential information and weaponize secrecy in order to exert control over others. My colleagues from Germany, Italy, France, the UK and Poland understood this in a fundamental, human way. I see GDPR as a natural expression of their desire to protect their nations, their communities, their families and themselves. This is why I deeply respect the EU’s right to promulgate these privacy regulations.
 
Under GDPR the individual becomes the ultimate owner of their private information. There is no implied ability of a Data Controller to override that right (with some exceptions, see below), or to assume that any rights granted to a Data Controller by an individual are permanent and immutable. An individual can give a Data Controller permission to store their private information, and, importantly, an individual can revoke that permission. This is a fundamental difference with how we in the US tend to think of privacy. It is very important to fully grasp this concept if you are planning to do business in the EU.
 
The Right To Be Forgotten (sometimes called the Right To Deletion) gives the individual the right to ask for their data to be removed from a Data Controller’s system and for that to occur in a timely fashion. But it is only one right defined under GDPR. There are others:
-       Right to opt in or out of data sharing.
-       Right to change data sharing permissions.
-       Right to know with whom data has been shared.
-       Right to correct data.
-       Right to assume data is pseudonymized, usually with encryption.
-       Right to be informed in a timely way of any data beach.
 
This is not a complete list of the rights and responsibilities conferred under GDPR, but these are probably the most well-known, and probably where many organizations fail to implement proper controls.
 
Of course, there are exceptions to data privacy rights under GDPR. Some of them are:
-       Legal requirements to retain data (tax history, etc.).
-       Some freedom of information requirements.
-       Some public knowledge aspects.
-       General public health and safety.
 
Please note that GDPR does not provide an exception to the rules because your technology prevents you from meeting RTBF deletion requests (looking at you, blockchain and IPFS). There is no programming around these requirements and clever developers do not get a magical pass to ignore them.
 
It is also important to understand that RTBF is still being refined. This is a bubbling pot of legal activity. In my opinion the direction seems to be in favor of protecting Data Subject’s privacy rights and enforcing RTBF.
 
GDPR applies to the EU countries and to anyone doing business in the EU. There are lots of other privacy regulations that are similar to GDPR. In the US, there is the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act of 2020 (CPRA). The UK, Australia, New Zealand and many other countries also have privacy regulations that are similar in intent. Once you start absorbing the requirements of these regulations you start to think of private information in a new way.
 
Ok, now for some recommendations:
 
If you are a software developer creating that killer app and the next big Unicorn, build in GDPR support right from the beginning. We know how difficult it is to “bolt on” security after the fact. It is equally hard to re-engineer applications to meet GDPR. So, get it right from the beginning and avoid some angst as you approach an IPO or a global rollout.
 
If you are a business and have dreams of scaling your business beyond your local community, think about how you collect, store and share information about individual consumers. It is almost certain you are going to run into some flavor of GDPR at some point and you will want to be prepared. If you are not covered by GDPR, CCPA or other privacy regulations now, you may soon be.
 
If you are using social media platforms as a part of your marketing strategy (who isn’t ???) be sure you understand how your social media provider meets GDPR. Sharing sensitive data with social media and big data brokers can be a GDPR nightmare. Make sure your social media partner has processes in place to meet GDPR data deletion requests.
 
It was previously mentioned here that developer tools like git and Gitlab would likely not come under GDPR controls. I think the point was that tools like git and Gitlab are not typically used to collect information on individuals, and I think that is correct. It is not that GDPR exempts developer tools from its compliance scheme (it doesn’t), it is just that it is rare to use developer tools to store a lot of personal information. One caution: be careful about test data that you might store as a part of automated testing routines. Don’t store test data with information about real people! Anonymize or tokenize the data before adding it to git.
 
What about Web3 technologies?
 
Web3 technologies like blockchain and IPFS can make it extremely difficult (nearly impossible) to meet GDPR requirements for RTBF. If your application ingests data to blockchains and/or IPFS, or provides a public gateway to allow this type of data ingestion, I would recommend implementing application logic to prevent sensitive personal data from being added. I’ve built blockchain and IPFS applications and there is no effective delete function. If you have to store sensitive data, I would recommend against using these technologies.
 
Lastly, remember that you will probably need proper legal advice (that is not me!) related to GDPR and other compliance regulations. Governance and compliance are proper components of a business plan and software design process.
 
Here are some resources that may be helpful:
 
EU General Data Protection Regulation (lots of resources here):
#GDPR #CCPA #CPRA #Compliance #Security #BlockChain #IPFS #Software #SoftwareDevelopment #Programming
 

@publicvoit@graz.social
2024-05-22 23:07:59

Google Online #Security Blog: On Fire Drills and #Phishing Tests
security.googleblog…

@j12t@social.coop
2024-04-21 02:10:18

Somebody is building a low-latency pipeline from #security advisory to attack by means of #AI right now, I'm sure.

@geant@mstdn.social
2024-06-06 12:37:21

Is your organisation interested in training employees to recognise cyber risks? Are you looking for inspiration or ready-to-use materials? Take a look at our newly launched #SecurityAwareness Resources Hub!
It includes materials developed by GÉANT and numerous tools made available by #NRENs

@digitalnaiv@mastodon.social
2024-06-01 15:24:28

Cyber-Angriff auf #CDU – Verfassungsschutz eingeschaltet - Cyber-Angriff auf CDU – Verfassungsschutz eingeschaltet
Nach der SPD ist auch die CDU jetzt digital angegriffen worden. Die Behörden nehmen den Vorfall "sehr ernst". Alles deute auf einen professionellen Akteur hin | heise online #Security

@crell@phpc.social
2024-05-29 15:06:45

Don't redirect HTTP to HTTPS:
#Security #HTTP

@nohillside@smnn.ch
2024-05-08 14:19:19

„Wächst auf 100 Passkeys an“?! Sagt mal, wieviele Logins habt ihr so in euren Password-Managern?
Bitte teilen!
#passkey #security #password

@UP8@mastodon.social
2024-05-09 20:01:29

💥 Hacker free-for-all fights for control of home and office routers everywhere
#computers

@ErikJonker@mastodon.social
2024-05-25 19:48:49

This board is hilarious, the foxes are guarding the hen house.
#AI #safety #security

@publicvoit@graz.social
2024-04-21 17:35:52

#Microsoft is a national #security threat, says ex-White House cyber policy director

Senate Democrats on Thursday will force a second vote on a #bipartisan #border #security bill that
🔸Republicans blocked earlier this year at Donald Trump’s behest.🔸
The legislation has next to no chance of passing the ch…

@sjn@chaos.social
2024-06-05 23:48:23

Watching recordings of @…'s #Upstream conference, and I'm seeing lots of interesting #OpenSource

@j12t@social.coop
2024-04-21 02:10:18

Somebody is building a low-latency pipeline from #security advisory to attack by means of #AI right now, I'm sure.

@geant@mstdn.social
2024-05-29 15:00:03

In episode 7 of our ‘Get Ready for TNC’ podcast, Tangui Coulouarn (DeiC) discusses the session “Where #networks and #security collide” which he's chairing at #TNC24 on Wednesday 12 June 14:00-15:30 CEST in L…

@publicvoit@graz.social
2024-06-07 21:27:16

Bei einem #heise-Artikel zu #Apple und #Security einen Kommentar schreiben, ist immer wieder eine sehr "interessante" Erfahrung.
Meistens wird man da attackiert, die unabhängigen Quellen, die man brav …

@mikemathia@ioc.exchange
2024-04-25 09:31:16

#Security

@nohillside@smnn.ch
2024-05-01 11:23:43

Können wir mal drüber reden, dass all diese „wir erkennen Sie an der Stimme“-Hotlines ein Sicherheitsrisiko darstellen?
#security #voiceidentifikation #identity

@joxean@mastodon.social
2024-05-23 09:03:27

In case you happen to have knowledge about grid computing: what is the state of the art in detection of malicious nodes and/or detecting sabotage? I'm not looking for faulty or dead nodes.
So far, the most popular technique seem to be (variations of) replication with majority voting, isn't it?
#GridComputing

@tezoatlipoca@mas.to
2024-05-06 16:01:45

I'm still doing some debugging of some #CSP #Content #Security #policy

@UP8@mastodon.social
2024-05-25 11:29:12

🐜 Inside a low budget consumer hardware espionage implant
#security

@geant@mstdn.social
2024-04-22 08:22:18

Information sharing is a normal part of human interaction, but it's a part of us that can be manipulated and used to gain access to resources or locations by bad actors.
This is known as #SocialEngineering.
How would a room full of #security professionals behave when we invite t…

GÉANT Security Days.

Securing Tomorrow's knowledge.

Prague, 9-11 April 2024
@marcel@waldvogel.family
2024-04-23 05:14:33

Don't trust any random file, just because it lies in a trustworthy #Github project. Because essentially anyone can create files under any project space.
#SecurityWarning

@tor@norden.social
2024-06-05 20:05:27

New #phishing attack.
#Cybercrime #Cyber #Security

A fish tin with the image of a smartphone screen.
@mgorny@social.treehouse.systems
2024-04-24 03:07:32

Isn't it terrifying that polish government agency workers are telling people how to find stuff on their website via third-party search engines (and it's already an improvement that they are talking of "search engines" or asking people to input search terms in the address bar, rather than talking of #Google specifically), rather than giving them the website URL and having them use the internal search engine? It's a huge #security threat, that's just waiting for someone to #SEO malicious results in there.
#Poland

@geant@mstdn.social
2024-05-24 11:36:12

A new software component created for #eduVPN aims to overcome limitations of restricted networks.
Jeroen Wijenbergh, Backend & App Developer for the @… #security team, expl…

eduVPN
@schrht@social.linux.pizza
2024-06-04 19:56:02

I'm really not one to defend #google. But some of the coverage of the current leak of an internal database of privacy incidents is making a fuzz about the wrong thing.
#Privacy incidents are like #security

@mgorny@social.treehouse.systems
2024-04-24 03:07:32

Isn't it terrifying that polish government agency workers are telling people how to find stuff on their website via third-party search engines (and it's already an improvement that they are talking of "search engines" or asking people to input search terms in the address bar, rather than talking of #Google specifically), rather than giving them the website URL and having them use the internal search engine? It's a huge #security threat, that's just waiting for someone to #SEO malicious results in there.
#Poland

@patrick_townsend@infosec.exchange
2024-05-22 16:12:27

I asked Kia to delete my personal information. Here is the response:
"Thank you for your email. At this time, under applicable law, privacy requests relating to personal information are not provided to residents in your state. For information on our general business practices regarding the collection, maintenance, and sharing of personal information, please see Kia’s Privacy Policy.
Sincerely,
Kia America"
So, basically, FU. We don't have to, so we aren't going to do it.
You really, really do NOT want to read their privacy policy. Absolutely no respect for your preferences regarding private information that they collect. And, wow, are they aggressive about collecting data on you.
I am pretty sure that Kia is not alone in this type of abuse. We really need better privacy law. With teeth.
#Security #Privacy #Kia #PII

@JGraber@mastodon.social
2024-05-24 18:00:16

#Python Friday #228: HTTP Basic #Authentication in #FastAPI #security

@publicvoit@graz.social
2024-05-24 14:25:32

I write a blog article on the #security breakdown of #Microsoft, focus on lost #Azure #cloud keys, not realizing being co…

@mgorny@social.treehouse.systems
2024-05-25 08:23:09

You know it's a good day when you turn a "this random #NIH build system bundles several libraries" bug that's ignored for years into "all the bundled libraries in #premake are vulnerable" bug.
#cURL at least, and doesn't do anything about it:
#Gentoo #Security