(safe) Unsecure security

The gang is threatening to publish data stolen from the company, which commands 60% of the global foundry market, unless the company pays a $70 million ransom demand.

cross-posted from: https://lemmy.ca/post/871615

TIL the French government may have broken encryption on a LUKS-encrypted laptop with a "greater than 20 character" password in April 2023.

• https://nantes.indymedia.org/posts/87395/une-lettre-divan-enferme-a-la-prison-de-villepinte-perquisitions-et-disques-durs-dechiffres/

When upgrading TAILS today, I saw their announcement changing LUKS from PBKDF2 to Argon2id.

• https://tails.boum.org/security/argon2id/index.en.html

The release announcement above has some interesting back-of-the-envelope calculations for the wall-time required to crack a master key from a LUKS keyslot with PBKDF2 vs Argon2id.

And they also link to Matthew Garrett's article, which describes how to manually upgrade your (non-TAILS) LUKS header to Argon2id.

• https://mjg59.dreamwidth.org/66429.html

cross-posted from: https://feddit.de/post/851512

It sounds like a cool concept, but I can't see anyone migrating to this service since there is no logical way to import your current passwords.

Am I missing something?

new malware called Fractureiser is stealing discord tokens, brower user:pass & cookies, crypto wallets, etc

Its always been too easy for android to get exploited

Gather Real-Time Intelligence from Social Media, Cameras, Internet of Things, Industrial Control System devices. In addition search Wifi or Bluetooth networks and look for planes, cruises and city traffic

Black mirror season X

Local

Hope this helps ;)

Looks like he actually caught himself..

Off to races?

Methods to generate the random numbers we need for secure communications are all flawed in some way, but quantum computers that exist today could produce random numbers that can't be faked

Nobody is hidden

Well, that is interesting turn of events ;)

Well, I mean... on the silver plate

Heh, who will guard the guards?

Beating the dead horse?

LOL.

Nothing is safe.

Nothing is secure.

TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people. When conducting background checks, the sites will use publicly scraped data, federal, state, and court records, criminal records, social media, and other sources.

In 2016, DARPA ran a similarly styled event for artificial intelligence (AI). One hundred teams entered their systems into the Cyber Grand Challenge. After completing qualifying rounds, seven finalists competed at the DEFCON hacker convention in Las Vegas. The competition occurred in a specially designed test environment filled with custom software that had never been analyzed or tested. The AIs were given 10 hours to find vulnerabilities to exploit against the other AIs in the competition and to patch themselves against exploitation. A system called Mayhem, created by a team of Carnegie-Mellon computer security researchers, won. The researchers have since commercialized the technology, which is now busily defending networks for customers like the U.S. Department of Defense.

There was a traditional human–team capture-the-flag event at DEFCON that same year. Mayhem was invited to participate. It came in last overall, but it didn’t come in last in every category all of the time.

Tracked as CVE-2023-22501, the vulnerability has a critical severity score of 9.4, as calculated by Atlassian. It could be used to target bot accounts in particular, due to their frequent interactions with other users and their increased likelihood to be included in Jira issues or requests or receiving emails with a "View Request" link - either condition being necessary for acquiring signup tokens.