RT @bascule@birdsite.link
After meticulously opting out of Apple's crash telemetry time after time, year after year, over and over again, it was great to have Catalina tell me:

"based on your indicated consensual iCloud preferences, we've gone ahead and enabled crash telemetry reporting. is that right?"


RT @dinodaizovi@birdsite.link
It's great to see more cloud services advertising encryption at rest by default. That's just table stakes, however. It turns out that attackers get access to your data while the systems are on, so at-rest encryption isn't much help there. Decrypt data as close as possible to use.


I suspect the real reason is that my university has lost all our grant funds on a crypto exchange.


RT @alfredwkng@birdsite.link
The Manhattan DA's office, for example, said they now back-up all their files at least twice a day, and are considering ramping it up.

They're also a part of an encrypted Signal group chat with 17 other members (police, hospitals, mobile carriers) cnet.com/news/ransomware-devas


Very “inside academia” question: has anyone at any US university managed to pay an individual freelancer such as a copy editor, graphic designer, etc. without hiring them as an employee, or going through a big firm? My university claims this is impossible due to IRS rules.


RT @vanhoefm@birdsite.link
Tomorrow at Black Hat EU @domienschepers will present our work that shows WPA-TKIP is more widespread than expected. The presentation will also include several new attacks! Academic paper of the work is already online: papers.mathyvanhoef.com/asiacc


RT @ASankin@birdsite.link
Genius literally caught Google redhanded stealing its content for the search engine's information boxes


RT @mjos_crypto@birdsite.link
SIGSALY used a very similar telephone unit. Since its actual cryptography required a basement full of electronics, the "extensions" used the WW2 equivalent of QKD for physical protection of the signal. In practice just about as secure as QKD; similar threat model.


RT @dinodaizovi@birdsite.link
This re:Invent talk by Eric Brandewine on how AWS uses custom Nitro hardware and hypervisor to mitigate micro-arch attacks is completely mind blowing:


NB: testing your attack on KVM/Xen running on an i3.metal instance is not an accurate proxy for EC2.


RT @SwiftOnSecurity@birdsite.link
Update: @Atlassian responded to my security report email in 9 minutes and they’re already working on handling this.
I did not initially think this was a private key situation which is why I just casually mentioned it. Thanks to @taviso for confirming issue. Collaboration is good. twitter.com/taviso/status/1202


RT @FiloSottile@birdsite.link
Emailed them the private key. I think they have 24h to revoke now.


RT @random_walker@birdsite.link
This 4-page zinger by @benzevgreen argues that computer scientists often do harm by relying on naive, vague, and technology-centric notions of "social good". It has the most punchy introduction of any paper I've read. benzevgreen.com/wp-content/upl


RT @jeffvanderstoep@birdsite.link
80% of Android apps are now blocking cleartext traffic by default, and that number only continues to improve. This a big deal for user security and privacy, and the result of many years of effort including the secure network config in Android Nougat, ...
1/2 twitter.com/AndroidDev/status/


Show more

birdsite.link is one server in the network