So the government of Kazakhstan is MITM'ing all SSL'ed traffic https://lobste.rs/s/uqj8nq/mitm_on_all_https_traffic_kazakhstan#c_0boxyk
The way they are doing this is by adding a Certificate Authority (CA) that allows them to snoop all traffic.
This is, by the way, why SSL is criticized as being "only as secure as the weakest CA in your system". Here it's deliberate, but that's a problem in general.
NEWS: A New Stable Version of FreedomBox
We are pleased to announce that a new stable version of the #FreedomBox software system has been released! 🎉 🎉 🎉
The new stable version of FreedomBox is a big improvement over the previous stable version. It features a redesigned user interface, many more applications and features, and a streamlined user experience.
Please download and test it out!
"Bluetooth LE’s anti-tracking technology beaten"
In fact that justification for the "commands based on image size" was a little strange.
Super Small Summary:
* Zoom for Mac lets any website force your client to join a call
* With the camera turned on
* Installs a web-server that is not deleted when you remove the app
* That web-server can be used to remotely reinstall the zoom app and do some sort of DOS on your machine.
(Not patched yet)
"strong_password v0.0.7 rubygem hijacked"
"Learnings from modern app sec teams"
Small and useful intro to threat modeling 👌
How to stop your emails from being tracked
Nice hack and can easily be adapted to use other ways to sending the notification. 🤔
Couldn't agree more.
Disabling image loading on your email clients (default option in many of them) is a must.
"Absence of certain features in IRC considered a feature" 🤔
Spring - Blender Open Movie https://video.blender.org/videos/watch/3d95fb3d-c866-42c8-9db1-fe82f48ccb95
Tor-focussed operating system Tails 3.14.2 released:
– update for Tor Browser (8.5.3)
– ⚠ the Tails OS developers strongly advice against using Tails OS 3.14.1 or earlier: https://tails.boum.org/security/sandbox_escape_in_tor_browser/index.de.html
Nice post about the lessons learned during a long career in software development.
We signed a public letter urging the German government to drop the idea of building in backdoors in all encrypted communication. It was a bad idea in 1993, it is a bad idea today.
"Getting 2FA Right in 2019"