ijk64✅ @ijk64@m.futex.au

"I've actually seen people who aren't programmers, and they're not software engineers, and they've never done security research and they are having a whale of a time with this, because you can be a hacker now just typing English into a box"

The line “Disney regrets that it has come to this” may be the single most terrifying line ever committed to a press release.

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

Disaster alert accounts are preparing for a world after Twitter https://www.theverge.com/2023/4/21/23691784/elon-musk-twitter-disaster-alert-accounts-fire-storm-tsunami-earthquake

ATT&CK is lucky to have a community who has supported us all these years! As of today ATT&CK v13 is out with some🎁paying that back. Improved website search (after your fist query where it loads the index), much more detailed changelogs, some detections now include analytics & more! Our blog post with what's new: https://medium.com/mitre-attack/attack-v13-enters-the-room-5cef174c32ff.

We’re also at #RSAC2023 this week if you’d like to discuss the release in person or grab some ATT&CK technique stickers. @whatshisface and @jamieantisocial are holding down the fort in the MITRE booth.

me steadfastly insisting on having a good day while the world collapses around me

penguin pencilguin

Took part in my first Byte Jam last night and this is what I came up with. Big thanks to everyone involved! #tic80 #livecoding #demoscene

Apple perma-badged my Settings app unless I agree to share my credit card for all family accounts.

Incredible pseudomorph Coyamito agate found 15 years ago
Photo Copyright ©️ Agates From #Mexico
By #GeologyWonders
#Geology #GeologyPage #Nature #minerals #crystals #gems #Nature #NatureLovers #NaturePhotography

Just fyi. #openinformation

deleting system32\curl.exe https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/ - Let me tell you a story about how Windows users are deleting files from their installation and as a consequence end up in tears. #curl

Linux 6.3 has arrived after a push that project boss Linus Torvalds characterized as "a nice, controlled release cycle" that required the seven release candidates he prefers and was supported by helpful developer behavior. https://www.theregister.com/2023/04/24/linux_kernel_6_3_released/