Malcolm Nance<p>🚨 16 BILLION PASSWORDS <a href="https://defenseofliberty.social/tags/LEAKED" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LEAKED</span></a>: APPLE, GOOGLE, FB USERS EXPOSED</p><p>The largest password leak ever: 16B login <a href="https://defenseofliberty.social/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a>—Apple, Google, FB, GitHub & more—are now circulating.</p><p>Sourced from 30+ fresh datasets (not recycled), it includes usernames, passwords, URLs, emails & login sequences.</p><p>A blueprint for <a href="https://defenseofliberty.social/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> & account takeovers at scale.</p><p>Act fast. Stay ahead.</p>
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto
Please refer to the site rules before posting.
Administered by:
Server stats:
247active users
photog.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#credentials
0 posts · 0 participants · 0 posts today
PrivacyDigest<p>Epic 16B login <a href="https://mas.to/tags/leak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leak</span></a> nobody heard about | Cybernews</p><p>Several collections of login <a href="https://mas.to/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various <a href="https://mas.to/tags/infostealers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infostealers</span></a>.<br><a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a></p><p><a href="https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybernews.com/security/billion</span><span class="invisible">s-credentials-exposed-infostealers-data-leak/</span></a></p>
PrivacyDigest<p>Mysterious Database of 184 Million Records Exposes Vast Array of <a href="https://mas.to/tags/Login" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Login</span></a> <a href="https://mas.to/tags/Credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Credentials</span></a> | WIRED </p><p>A trove of <a href="https://mas.to/tags/breached" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>breached</span></a> data, which has now been taken down, includes user logins for platforms including <a href="https://mas.to/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> , <a href="https://mas.to/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> , and <a href="https://mas.to/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meta</span></a>. Among the exposed accounts are ones linked to dozens of governments.<br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a></p><p><a href="https://www.wired.com/story/mysterious-database-logins-governments-social-media/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wired.com/story/mysterious-dat</span><span class="invisible">abase-logins-governments-social-media/</span></a></p>
PrivacyDigest<p>Mysterious Database of 184 Million Records Exposes Vast Array of <a href="https://mas.to/tags/Login" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Login</span></a> <a href="https://mas.to/tags/Credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Credentials</span></a> <br><a href="https://mas.to/tags/pii" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pii</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a><br><a href="https://www.wired.com/story/mysterious-database-logins-governments-social-media/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wired.com/story/mysterious-dat</span><span class="invisible">abase-logins-governments-social-media/</span></a></p>
Marcus "MajorLinux" Summers<p>Can we change our passwords now?!</p><p>A huge unsecured credential database discovery is a great reminder to change your passwords </p><p><a href="https://www.engadget.com/cybersecurity/a-huge-unsecured-credential-database-discovery-is-a-great-reminder-to-change-your-passwords-210537400.html?src=rss" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">engadget.com/cybersecurity/a-h</span><span class="invisible">uge-unsecured-credential-database-discovery-is-a-great-reminder-to-change-your-passwords-210537400.html?src=rss</span></a></p><p><a href="https://toot.majorshouse.com/tags/Database" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Database</span></a> <a href="https://toot.majorshouse.com/tags/Credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Credentials</span></a> <a href="https://toot.majorshouse.com/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://toot.majorshouse.com/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://toot.majorshouse.com/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a></p>
Kevin Karhan :verified:<p>Hey <span class="h-card" translate="no"><a href="https://programming.dev/c/jetbrains" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jetbrains</span></a></span>, when are you gonna fix the <a href="https://infosec.space/tags/bug" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bug</span></a> in <a href="https://infosec.space/tags/PyCharm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyCharm</span></a> where it randomly forgets <a href="https://infosec.space/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> and I can't just add them but have to delete the entire config files... </p><p>FIX YOUR STUFF FFS!</p>
PrivacyDigest<p>CISA/DOGE Software Engineer's Login <a href="https://mas.to/tags/Credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Credentials</span></a> Appeared in Multiple <a href="https://mas.to/tags/Leaks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Leaks</span></a> From Info-Stealing <a href="https://mas.to/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> in Recent Years - Slashdot<br><a href="https://mas.to/tags/cisa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cisa</span></a> <a href="https://mas.to/tags/doge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>doge</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p><p><a href="https://yro.slashdot.org/story/25/05/11/0451222/cisadoge-software-engineers-login-credentials-appeared-in-multiple-leaks-from-info-stealing-malware-in-recent-years?utm_source=rss1.0mainlinkanon&utm_medium=feed" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">yro.slashdot.org/story/25/05/1</span><span class="invisible">1/0451222/cisadoge-software-engineers-login-credentials-appeared-in-multiple-leaks-from-info-stealing-malware-in-recent-years?utm_source=rss1.0mainlinkanon&utm_medium=feed</span></a></p>
PrivacyDigest<p>Malicious <a href="https://mas.to/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> Packages Infect 3,200+ <a href="https://mas.to/tags/Cursor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cursor</span></a> Users With <a href="https://mas.to/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a>, Steal <a href="https://mas.to/tags/Credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Credentials</span></a></p><p><a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> researchers have flagged 3 malicious npm packages that are designed to target the Apple <a href="https://mas.to/tags/macOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macOS</span></a> version of Cursor</p><p>"Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, & disable auto-updates to maintain persistence,"</p><p><a href="https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/05/mali</span><span class="invisible">cious-npm-packages-infect-3200.html</span></a></p>
Third spruce tree on the left<p>There are lots of <a href="https://mas.to/tags/plugins" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>plugins</span></a>/services that allow you to sync your <a href="https://mas.to/tags/browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browser</span></a> saved website <a href="https://mas.to/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> across multiple devices; even <a href="https://mas.to/tags/sync" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sync</span></a> between ecosystems (chrome/google account <--> Microsoft acc). </p><p>But - leaving aside "password sharing is Baaaad" and "probably violates a TOS somewhere" issues - does anyone know of a plugin/service that allows you to share a saved login with a trusted other? </p><p>e.g. share an newspaper <a href="https://mas.to/tags/subscription" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>subscription</span></a> account with a partner _without_ a shared google account.</p>
AI6YR Ben<p>Anyone who is a non-citizen of the US -- important note here from the EFF.</p><p>(Not YET an issue for US citizens, but it's likely coming where this administration can apply pressure and/or if legal measures fail to stem these moves. i.e. "present your papers")</p><p><a href="https://mastodon.social/@eff/114230331164640659" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@eff/114230331</span><span class="invisible">164640659</span></a></p><p><a href="https://m.ai6yr.org/tags/travel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>travel</span></a> <a href="https://m.ai6yr.org/tags/visas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>visas</span></a> <a href="https://m.ai6yr.org/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> <a href="https://m.ai6yr.org/tags/immigration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>immigration</span></a> <a href="https://m.ai6yr.org/tags/Politics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Politics</span></a> <a href="https://m.ai6yr.org/tags/USpol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USpol</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@zak" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zak</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@zenbrowser" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zenbrowser</span></a></span> : a still unfixed vulnerability: if NOT using Touch ID, on some websites you may be able to sign in using a passkey WITHOUT authenticating locally - using biometrics or your passcode (screen unlock code).</p><p>⛓️💥 This vulnerability also exists WITH Touch ID set up, provided that "Password Autofill" is disabled.</p><p>BTW this vulnerability also permits access to:<br>• <a href="https://icloud.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">icloud.com</span><span class="invisible"></span></a><br>• <a href="https://account.apple.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">account.apple.com</span><span class="invisible"></span></a><br>(When asked to provide your fingerprint, tap the X at the top right and tap in the "Email" field one more time).</p><p>This is a HUGE risk for people who do not want to use biometrics: if a thief grabs their iPhone when unlocked, or watches them enter their passcode and later steals their iPhone, the thief can use ALL of the owner's passwords and some of their passkeys stored in the "Passwords" app (formerly known as iCloud Keychain).</p><p>🎬 This increases the risks of theft as shown by WSJ's Joanna Stern in <a href="https://youtube.com/watch?v=QUYODQB_2wQ" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/watch?v=QUYODQB_2wQ</span><span class="invisible"></span></a>.</p><p>👶 In addition, a (grand) child or anyone else who (shortly) borrows your iPhone/iPad may have access to more of your cloud-accounts than you're aware of.</p><p>🔧 Workaround if you don't want to use biometrics to unlock your iPhone/iPad (this does not fix any problem if a thief learns (or successfully guesses) your passcode (screen unlock PIN or password):</p><p>• Set up a Touch ID anyway, for example for your left pinky finger (if you're righthanded)</p><p>• Disable "iPhone Unlock" in "Touch ID and Passcode" (visible in the first screenshot).</p><p>• Use a safer password manager (such as KeePassium) than the Apple "Passwords" app (iCloud KeyChain).</p><p>🚨 In any case:</p><p>• Make sure that "Password Autofill" (in settings -> "Touch ID and Passcode") is set to ENABLED;</p><p>• When you enter your passcode in a public place (such as a bar, bus or train), make very sure that nobody gets to see you enter it.</p><p><a href="https://infosec.exchange/tags/iPhone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iPhone</span></a> <a href="https://infosec.exchange/tags/iPad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iPad</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://infosec.exchange/tags/WontFix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WontFix</span></a> <a href="https://infosec.exchange/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> <a href="https://infosec.exchange/tags/iPadOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iPadOS</span></a> <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://infosec.exchange/tags/pasdwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pasdwords</span></a> <a href="https://infosec.exchange/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> <a href="https://infosec.exchange/tags/iCloudKeychain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iCloudKeychain</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/Theft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Theft</span></a> <a href="https://infosec.exchange/tags/SecurityRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityRisk</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a></p>
Kevin Karhan :verified:<p>Anyone know someone at <a href="https://infosec.space/tags/JetBrains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JetBrains</span></a> to report a <a href="https://infosec.space/tags/PyCharm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyCharm</span></a> <a href="https://infosec.space/tags/issue" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>issue</span></a> to? </p><p>Basically it's a <a href="https://infosec.space/tags/softlocking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softlocking</span></a> that happens on the <a href="https://infosec.space/tags/snap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>snap</span></a> version of <a href="https://infosec.space/tags/PyCharmCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyCharmCommunity</span></a> / <a href="https://infosec.space/tags/PyCharmCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyCharmCE</span></a> that makes it somehow half-forget <a href="https://infosec.space/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> like <a href="https://infosec.space/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a>, <a href="https://infosec.space/tags/Gitlab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gitlab</span></a>, <a href="https://infosec.space/tags/Codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Codeberg</span></a>, <a href="https://infosec.space/tags/BitBucket" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitBucket</span></a>, <a href="https://infosec.space/tags/Gitea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gitea</span></a>, <a href="https://infosec.space/tags/git" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>git</span></a> etc. and not allowing to just delete & re-add them as the settings saving just becomes unresponsive.</p><ul><li>Mind you this isn't with like dozens of accounts - just one on each platform - and it's not easily fixable (or at least not in a good way by manually yeeting the <a href="https://infosec.space/tags/XML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XML</span></a> files for said logins from <code>$HOME/.config/PyCharmCE****/...</code> and randomly coming back after a few days or weeks.</li></ul><p>Whether this also conflicts with <a href="https://infosec.space/tags/SettingsSync" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SettingsSync</span></a> which should only sync <a href="https://infosec.space/tags/configs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>configs</span></a>, not <a href="https://infosec.space/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> (and AFAICT doesn't!) is also a question I can't confidently answer.</p><ul><li>Needless to say it's really annoying, espechally at work and is the main reason I've not considered paying for JetBrains' products as of now! </li></ul><p><a href="https://infosec.space/tags/plzfix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>plzfix</span></a> <a href="https://infosec.space/tags/Development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Development</span></a> <a href="https://infosec.space/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://infosec.space/tags/IDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IDE</span></a></p>
C.<p><span class="h-card" translate="no"><a href="https://techhub.social/@gee8sh" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gee8sh</span></a></span> </p><p>Teaching in a public school requires some <a href="https://mindly.social/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a>, though at times various specialist teachers may be employed without them (think: shop instructors, etc).</p><p>But as a teacher at a private school or a tutor (private, or in one of those strip-mall "academy" outfits), there are no legal requirements as far as I know. Just whatever the employer wants, or nothing at all if you just hang your shingle out there.</p><p>(I did a little tutoring, many years ago.)</p>
Kevin Karhan :verified:<p>Anyone at <span class="h-card" translate="no"><a href="https://programming.dev/c/jetbrains" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jetbrains</span></a></span> / <a href="https://infosec.space/tags/JetBrains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JetBrains</span></a> want to investigate an issue re: <a href="https://infosec.space/tags/PyCharm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyCharm</span></a> loosing <a href="https://infosec.space/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> or rather bugging them out at random?</p><ul><li>It applies to <a href="https://infosec.space/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> / <span class="h-card" translate="no"><a href="https://infosec.exchange/@github" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>github</span></a></span> , <a href="https://infosec.space/tags/GitLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitLab</span></a> / <span class="h-card" translate="no"><a href="https://mastodon.social/@gitlab" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gitlab</span></a></span> , <a href="https://infosec.space/tags/Codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Codeberg</span></a> / <span class="h-card" translate="no"><a href="https://social.anoxinon.de/@Codeberg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Codeberg</span></a></span> and private <a href="https://infosec.space/tags/Gitlab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gitlab</span></a> Instances...</li></ul><p>It really pisses me off...</p>
PrivacyDigest<p>Yearlong supply-chain <a href="https://mas.to/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> targeting <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> pros steals 390K <a href="https://mas.to/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a><br><a href="https://mas.to/tags/supplychain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychain</span></a> </p><p><a href="https://arstechnica.com/security/2024/12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://aus.social/@jimbob" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jimbob</span></a></span> <a href="https://infosec.space/tags/Outlook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Outlook</span></a> <em>has been fucked up for decades</em> as it crashed ages ago once the mailbox hits 2 GiB in size.</p><ul><li>Since they send <a href="https://infosec.space/tags/login" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>login</span></a> <a href="https://infosec.space/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> to <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> I'd consider it <a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> and I'd personally see forward to get <em>anyone who still uses it</em> fired for doing so.</li></ul><p>But that's just me as a <a href="https://infosec.space/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sysadmin</span></a> doing what I get paid for...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mamot.fr/@ploum" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ploum</span></a></span> instead of <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> which also falls under <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> and is also a <a href="https://infosec.space/tags/Proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proprietary</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> solution, consider <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> for real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys!</p><ul><li><p>Fir <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> & <a href="https://infosec.space/tags/Chat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chat</span></a>, I can recommend <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> as a paid provider who doesn't run <a href="https://infosec.space/tags/ads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ads</span></a> and doesn't fall under Cloud Act or similar laws. (Also they have excellent <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> that work with basically all providers usibg standard-compliant servers & APIs!)</p></li><li><p>You may want to consider <a href="https://infosec.space/tags/Torifying" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Torifying</span></a> everything by using <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> and push everything on <a href="https://infosec.space/tags/mobile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobile</span></a> through <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>.</p></li><li><p>In fact, some providers like cock.li even have <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionServices</span></a> to directly connect to them.</p></li><li><p><a href="https://infosec.space/tags/MicrosoftOutlook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftOutlook</span></a> literally steals your Login <a href="https://infosec.space/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a>, so using <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> is a necessity anyway. Don't forget to change your logins either way!</p></li><li><p><a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> is okay, but <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> should be normalized as well.</p></li><li><p>Consider launching a <span class="h-card" translate="no"><a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cryptoparty</span></a></span> to teach other the same.</p></li><li><p>Nirmalize using <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tails</span></a> as your <a href="https://infosec.space/tags/DailyDriver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DailyDriver</span></a>!</p></li></ul>
Darrell Hilliker 👨🦯♾️📡<p>Actually... Does anyone know how often the <a href="https://mastodon.online/tags/JAWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JAWS</span></a> and <a href="https://mastodon.online/tags/NVDA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NVDA</span></a> certifications should be retaken in order to be considered current? <a href="https://mastodon.online/tags/accessibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>accessibility</span></a> <a href="https://mastodon.online/tags/blind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blind</span></a> <a href="https://mastodon.online/tags/SR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SR</span></a> <a href="https://mastodon.online/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a></p>
Manuel 'HonkHase' Atug<p><a href="https://chaos.social/tags/KRITIS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KRITIS</span></a> Sektor <a href="https://chaos.social/tags/Staat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Staat</span></a> und <a href="https://chaos.social/tags/Verwaltung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Verwaltung</span></a></p><p>City of Columbus: Data of 500,000 stolen in July <a href="https://chaos.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> attack</p><p>"The Rhysida ransomware gang claimed the attack the same day, alleging they had stolen databases containing 6.5 TB of data, including employee <a href="https://chaos.social/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a>, city video <a href="https://chaos.social/tags/camera" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>camera</span></a> feeds, server <a href="https://chaos.social/tags/dumps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumps</span></a>, and other <a href="https://chaos.social/tags/sensitive" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sensitive</span></a> information...After failing to extort the City, the threat actors started <a href="https://chaos.social/tags/leaking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leaking</span></a> the stolen data, publishing 45%..."<br><a href="https://www.bleepingcomputer.com/news/security/city-of-columbus-data-of-500-000-stolen-in-july-ransomware-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/city-of-columbus-data-of-500-000-stolen-in-july-ransomware-attack/</span></a></p>
PrivacyDigest<p>Ever wonder how crooks get the <a href="https://mas.to/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> to unlock stolen <a href="https://mas.to/tags/phones" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phones</span></a> ?</p><p>A coalition of law-enforcement agencies said it shut down a service that facilitated the <a href="https://mas.to/tags/unlocking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unlocking</span></a> of more than 1.2 million stolen or lost mobile phones so they could be used by someone other than their rightful owner.<br><a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p><p><a href="https://arstechnica.com/?p=2051165" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=2051165</span><span class="invisible"></span></a></p>
Live feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload