Sergey Shkundaleu @archit3ct@social.ssbx.dev

TIP: Never store passwords on your mobile, or for that matter use built in password manager which does not have additional master password. Imagine situation when your phone gets stolen, and thief already learned your pin code by shoulder surfing. Their next move is to change your AppleID password and from there they'll have access to every single piece of information connected to your AppleID. Use stand alone 3-rd party password managers. #punkprivacy

Quite interesting vulnerability recently discovered within MS Teams. https://www.hackread.com/microsoft-teams-flaw-malware-employees-inbox/ #cybersecurity

I've read white-paper about data that iOS and Android devices send when NOT IN USE, so that you don't have to. Situation is really bad, even when user opted out of telemetry devices continue to send data to A and G respectively. Aside from everything else, one area that I'd like to highlight is MAC addresses of nearby devices, along with gateway that iOS devices send, if exposed 3-rd parties may learn a lot about devices in your household. https://www.scss.tcd.ie/doug.leith/apple_google.pdf

There is huge difference between privacy and anonymity: Privacy is when people know who you are, but they can't see what you are doing. In case of anonymity all of your actions are in open, but people don't know who you are. Thus when you are using VPN provider you need to know what you are trying to protect from by choosing VPN connection, is it your privacy or anonymity? #punkprivacy

Vulnerability recently poped up in KeepPassXC, if you are using it just be aware. However attacker would have to gain access to your machine first, so employing tools that prevent some one exploiting your device is a still effective line of defense. https://securityonline.info/keepassxc-vulnerability-cve-2023-35866-allows-attackers-to-change-the-master-password-and-second-factor-authentication-settings/?utm_content=buffer3fd75&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer

For those who playing with RaspberryPi CM4 if you got it with eMMC storage onboard, please note that it's mounted to the same physical mount points as your SD card, so inserting SD card into IO board won't do anything. You actually have to use rpiboot to flash system onto eMMC directly. Here is official GitHub repo to use: https://github.com/raspberrypi/usbboot in case some one need it. #raspberrypi4

Know your suppliers, looks like some network equipment companies neglect this important rule. https://www.securityweek.com/details-disclosed-for-exploit-chain-that-allows-hacking-of-netgear-routers/?utm_source=dlvr.it&utm_medium=linkedin

By entering cyber incident space insurance industry gave a rise of new beast, it's called ransomware, as in many cases it's cheaper for companies to pay ransom that to maintain resilient recovery processes. But here is the twist, not everyone get's their data back. Insurance is not replacement for recovery. Here is new initiative by CISA. https://www.forbes.com/sites/forbestechcouncil/2023/05/01/cisa-launches-new-ransomware-vulnerability-warning-pilot-for-critical-infrastructure-entities/

Twitter Blue what a strange proposition it is: you pay $8/mo and then they got to mine your data and manipulate you, show you ads, so on and so forth. However $8/mo you can probably rent instance and run Mastodon yourself and you'll never see an ad or be manipulated by a single company into buying something, you got to interact with users on other instances, even beyond Mastodon, essentially anything that supports ActivityPub. So which one would you choose? Well it's up to you ... #privacy

World has gone crazy, it feels like there is a coordinated assault on freedom of speech, RESTRICT act, Online Safety Bill, they are all targeting freedom of private communication in the name of crime prevention. Our task is to oppose those motions as we seems them as alternative would be living in authoritarian regime. https://www.forbes.com/sites/emmawoollacott/2023/04/18/platforms-issue-urgent-warning-against-uk-online-safety-bill/?sh=4ca642c51a5e

Europe is often seen as a champion of privacy laws that supposedly protect people, and it's a good thing. However that also makes courts more open to an idea of censorship requests, especially German courts. Here is one example, where DNS provider can not and should not be liable for unlawful content stored on somebody's servers. DNS providers are phonebooks of 21-st century. https://torrentfreak.com/dns-resolver-quad9-loses-global-pirate-site-blocking-case-against-sony-230308/ #privacy

How good is 2FA if vendor uses it for advertising purposes. Twitter was fined by FTC and here is the story https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again but how can you trust other vendors that they would not use your PII for purposes other than 2FA. Best way is to avoid vendors who want PII for 2FA authentication, and use apps that generate time based code. #punkprivacy