Category: security

The Privacy, Security, & OSINT Show

The Privacy, Security, & OSINT Show:

The Privacy, Security, & OSINT Show

The United Nations accidentally exposed passwo…

The United Nations accidentally exposed passwords and sensitive information to the whole internet.

Illustration: Soohee Cho/The Intercept

Vanguard has bizarre and annoying “security” p…

  1. Security questions are required.
  2. As has been documented on this sub, using their “security token” feature requires you to use Yubikey devices and Chrome, even though it is simply an implementation of U2F which is a universal standard supported by many other devices and Firefox.
  3. Using their “security token” feature requires enabling SMS verification. At any time, you can choose to use your Yubikey or SMS verification, thus negating the security benefits of U2F over SMS.
  4. Voice verification is required so that your voice is tied to your account. This is new as of July 2018. The next time you call in, you’ll be asked to register your voice with their system. You have the option to skip it for now, but it will be required in the future.
  5. They tie your phone number to your account, and after they have made the association, you can only ever use that phone number to access your own account. Even if you want to call and ask a general question unrelated to your specific account, they will see that you’re using a phone number associated with an account, and will require you to verify the last four digits of your SSN and answer a security question.
  6. If that phone number is ever used to call Vanguard, but the caller can not verify a security question (say, because they are Customer A borrowing the phone of Customer B), they lock the account associated with the number and require the owner to call back and unlock the account using security questions.

To people that actually take security seriously, these policies scream that the highest levels of Vangaurd’s security team have no idea what real security is, and prioritize the appearance of security over actual security. Plus, it’s just inconvenient as hell to jump through arbitrary hoops designed by old men. I say avoid them.

Found here

Security, privacy and AMD vs Intel Vs Nvidia

Having messed with Nouveau drivers on Linux for some time I am ready to ditch Nvidia alltogether as it is clear they don’t support FOSS. Is there any reason to believe that any brand of GPU is “more secure” than others, ie does Intel/AMD have fully open source drivers for Linux?

Is Nouveau categorically more secure than closed source Nvidia drivers? Is the video stack in Linux really isolated to any effective degree?

Found here

Wire – Cryptography, Security, and Privacy (Cr…

Wire – Cryptography, Security, and Privacy (CrySP) (updated 2018):

Wire – Cryptography, Security, and Privacy (CrySP) (updated 2018)

From here

/g/ – Technology » Thread #40699341

/g/ – Technology » Thread #40699341:

among interesting discussions alot of people shared a enormous amount of tools and privacy projects many even we where unfamiliar with and is a great resource for learning more about privacy and security

https://rbt.asia/g/thread/40699341

Russia Fines Telegram $14,000 for Not Giving FSB an Encryption Backdoor

Russia Fines Telegram $14,000 for Not Giving FSB an Encryption Backdoor:

Lots of passwords leaked from major sites like Kickstarter and Bitly this week.

Friendly reminder to go to Have I Been Pwned and check if you’ve been pwned.

Republicans Open to Banning ‘Bump Stocks’ Used in Massacre

Republicans Open to Banning ‘Bump Stocks’ Used in Massacre:

Generous of them.

Why the Las Vegas Shooting Was a Security Agency’s Nightmare

Why the Las Vegas Shooting Was a Security Agency’s Nightmare:

“The first reports about the horrific attack
in Las Vegas on Sunday night will surely evolve into more detailed
knowledge. But there are three lessons we might draw from the
information already available. First, automatic rifles like the one the
shooter apparently used have the potential to kill large numbers of
people, particularly when aimed at a crowd in a confined space. Second, a
shooter positioned in a high-rise building hundreds of meters away can
render moot many of the security measures now used to protect crowds.
And third, despite what gun advocates tend to say in response to
shootings, it’s incredibly unlikely that any armed bystander could have
made a difference, given the distance, elevation, and darkness that
separated this shooter from his victims. These three facts made the Las
Vegas shooting a nightmare scenario for police agencies, and for the rest of us too.“

Personally, we can only think of a few things that would help:

1. Metal detectors / baggage screening in major metropolitan hotels

2. Gun control legislation banning devices that modify semi-automatic weapons to full auto, closing the automatic weapons loopholes that still exist, instituting limits on magazine capacity, and cracking down on sellers that violate the law.