I don't understand what the point is of all Google's 2FA if my son can somehow log into my Google account from his phone without any kind of verification. My best guess is that he somehow copied the account from an old tablet of mine, but even then, how can he log in without my password? Can anyone with access to an old tablet just log into an account linked to that tablet on whichever device they want?

This sounds like a ridiculous security hole on Google's part. They can't claim that their account is super important and justifies all sorts of security steps, while simultaneously demanding every device has full access to that account and allowing random people to copy that account to other devices without ever knowing the password.

#google #security

Is there an open source decentralized alternative to Signal with a similar penchant for strong privacy and security? The AWS outage has me irritated.

#aws #askfedi #opensource #sysadmin #privacy #security

So, apparently Windows 11 Home has a watered down encryption mechanism that is not quite BitLocker.

Is there is no built in way to backup or restore the encryption key. Is there an open source tool that will let me do this? Again this Windows 11 Home Device Encryption not real BitLocker. There device only has a LOCAL account. No MS account is tied to it.

#sysadmin #windows #askfedi #encryption #privacy #security

Louvre museum to add 100 external cameras by 2026 after heist exposed security flaws.

Officials have admitted there was inadequate security camera coverage of the outside walls of the museum and no cover of the balcony involved in the break-in.

https://www.reuters.com/lifestyle/louvre-museum-add-100-external-cameras-by-2026-after-heist-exposed-security-2025-11-19/ #globalmuseum #Louvre #museums #security

There are many good reasons to switch from Whatsapp to Signal, here is another one.
https://www.heise.de/en/news/3-5-Billion-Accounts-Complete-WhatsApp-Directory-Retrieved-and-Evaluated-11083244.html
#signal #whatsapp #meta #security

WhatsApp Census https://lobste.rs/s/gwchzg #pdf #security
https://github.com/sbaresearch/whatsapp-census/blob/main/Hey_there_You_are_using_WhatsApp.pdf

6 years after too much crypto https://lobste.rs/s/nnor3p #cryptography #security
https://bfswa.substack.com/p/6-years-after-too-much-crypto

The Cameras Tracking You = A Security Nightmare https://lobste.rs/s/ixt2po #video #security
https://www.youtube.com/watch?v=uB0gr7Fh6lY

Just a reminder that ALPR and surveillance tech like this is a major problem, and flock is bottom of the barrel choice.

Flock intentionally makes their devices insecure and easy to hack.

https://youtu.be/uB0gr7Fh6lY

#Privacy #Security #Surveillance #Flock

RMPocalypse Attack: How a Catch-22 Breaks AMD SEV-SNP https://lobste.rs/s/km1ho1 #hardware #security
https://rmpocalypse.github.io/

No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE https://lobste.rs/s/xmdarh #security
https://modzero.com/en/blog/no-leak-no-problem/

LinkPro: eBPF rootkit analysis https://lobste.rs/s/8zuhvh #security
https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis

How we avoided side-channels in our new post-quantum Go cryptography libraries https://lobste.rs/s/9appzu #cryptography #go #security
https://blog.trailofbits.com/2025/11/14/how-we-avoided-side-channels-in-our-new-post-quantum-go-cryptography-libraries/

The Security Web Application Guidelines #CommunityGroup wants to understand how developers are using specific web platform #security features, and what the barriers are to the adoption. #WebApps

📢 Take their survey at https://docs.google.com/forms/d/1-8DvgiB3AqrFU7tqe0GCoQsh6lfdOHHnUldOzMrtmeQ/viewform?pli=1&pli=1&pli=1&pli=1&edit_requested=true

Nation state threat actor used Claude Code to orchestrate cyber attacks https://lobste.rs/s/9dkn3m #security #vibecoding
https://www.anthropic.com/news/disrupting-AI-espionage

Practical Security in Production Hardening the C++ Standard Library at massive scale https://lobste.rs/s/yuwqaq #c++ #security
https://queue.acm.org/detail.cfm?id=3773097

Fun-reliable side-channels for cross-container communication https://lobste.rs/s/3z4pro #security
https://h4x0r.org/funreliable/

Carriers are strategic assets, & the #US uses its fleet of 11 — many of which are in scheduled maintenance & not available to sail at any given time — for power projection & deterrence in its top-tier #security concerns, notably countering #China in the Indo-Pacific region & maintaining a deterrent presence in the #MiddleEast, said Mark Cancian, a senior #defense adviser at CSIS.

#Trump #law #Venezuela #WarPowers #Congress #SeparationOfPowers #InternationalLaw #authoritarianism #autocracy

FFmpeg to Google: Fund Us or Stop Sending Bugs https://lobste.rs/s/egoqqc #security #vibecoding
https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/

🚨 They are bringing back #ChatControl 🚨

Hummelgaard doesn't understand that no means no.

Discussion is scheduled for tomorrow, so act now: https://fightchatcontrol.eu/

#No2Backdoors #Privacy #Security

Source: https://noyb.eu/en/eu-commission-about-wreck-core-principles-gdpr

https://netzpolitik.org/2025/interne-dokumente-eu-staaten-wollen-chatkontrolle-gesetz-ohne-weitere-aenderungen/

Alt...

Peter Hummelgaard saying: "We must break with the totally erroneous perception that it is everyone's civil liberty to communicate on encrypted messaging services."

Memory Safety for Skeptics https://lobste.rs/s/mytmnl #rust #security
https://queue.acm.org/detail.cfm?id=3773095

Thieves steal $100M in jewels from Louvre after museum used own name as surveillance password.
French cybersecurity audit revealed museum ran outdated Windows Server 2003 software with unguarded rooftop access
https://www.foxnews.com/tech/thieves-steal-100m-jewels-from-louvre-after-museum-used-own-name-surveillance-password #globalmuseum #museums #Louvre #security #passwords

Alt...

The Louvre

Android security bulletin: November 2025 patch fixes zero-click RCE https://lobste.rs/s/ni1qi1 #android #security
https://source.android.com/docs/security/bulletin/2025-11-01

"erase startup-config" isn't enough via @taavi https://lobste.rs/s/fdz07i #security
https://alyx.sh/posts/erase-startup-config/

Introduction - OWASP Top 10:2025 RC1 https://lobste.rs/s/ltzhqt #security
https://owasp.org/Top10/2025/0x00_2025-Introduction/

The state of the Rust dependency ecosystem via @dgv https://lobste.rs/s/pexrmo #practices #rust #security
https://00f.net/2025/10/17/state-of-the-rust-ecosystem/

Announcing Magika 1.0: now faster, smarter, and rebuilt in Rust https://lobste.rs/s/08srpl #rust #security
https://opensource.googleblog.com/2025/11/announcing-magika-10-now-faster-smarter.html

On AI Slop vs OSS Security https://lobste.rs/s/jnlaxk #practices #security
https://devansh.bearblog.dev/ai-slop/

⚠️#PSA: Please #edit your #message to #remove the #tracking code (after the "?" check link for examples). This helps keep us all #safer: https://activistchecklist.org/links

If you're using the browsers #Mullvad, #Tor, #Librewolf, #Firefox or #Brave, you can right-click and select "Copy clean link / Copy without site tracking..." which will automatically remove these tracking codes.
#Privacy #Security Thank you 💚 🙏

For Firefox there is also #ClearURLs: https://mastodon.online/@blueghost/114776691851917622

Edited due 2 recommendations.

Alt...

Simpsons bus driver scene where the driver highlights that during the drive no one should speak with him. Memefied. Top first-person view of the driver; the driver drives and looks forward. Middle caption: Don't make me tap this sign. Bottom caption: Remove everything after the ? in URLs so we aren't all tracked by clicking on it, yellow four-fingered index finger points at altered caption. #satire"

A security model for systemd https://lobste.rs/s/voume0 #security #systemd
https://lwn.net/SubscriberLink/1042888/709de1191e6d4e1d/

Austria’s Ministry of Economy kicks out Microsoft, moving 1,200 staff to Nextcloud in 4 months 🕒

EU-based cloud ensures GDPR & NIS2 compliance 🇪🇺
Hybrid setup keeps Teams only for external use; all internal collaboration now on Nextcloud 🔒
Smooth rollout earns positive employee feedback 👍

🔗 https://news.itsfoss.com/austrian-ministry-kicks-out-microsoft/

#TechNews #OpenSource #Privacy #Cloud #DataSovereignty #Nextcloud #EU #FOSS #CyberSecurity #IT #Government #Software #Innovation #Digital #Security #Linux

👀

PCWorld: The Louvre’s video security password was reportedly ‘Louvre’

https://www.pcworld.com/article/2961831/the-louvres-video-security-password-was-reportedly-louvre.html

#cybersecurity #security

oss-security - runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 https://lobste.rs/s/lkuzol #devops #security
https://www.openwall.com/lists/oss-security/2025/11/05/3

The @w3c breakouts schedule is now available! They will take place from 10 to 13 November 2025. Check it out:
▶️ https://www.w3.org/calendar/tpac2025/breakout-sessions/

#w3cTPAC participants organize discussions among the full W3C #community about new or existing topics. This year, a total of 79 proposals were proposed, including topics like #AI Agents,, #security, #payments, #a11y, #HumanRights, and more: https://github.com/w3c/tpac2025-breakouts/issues

Alt...

TPAC 2025, 10 to 14 November 2025, Kobe, Japan and online

Defeating KASLR by Doing Nothing at All https://lobste.rs/s/ckuhmd #android #security
https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html

RDSEED Failure on AMD “Zen 5” Processors https://lobste.rs/s/yc7dps #security
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html

CHERIoT 1.0 Released via @rk https://lobste.rs/s/l6q8rj #hardware #security
https://cheriot.org/sail/specification/release/2025/11/03/cheriot-1.0.html

Notes by djb on using Fil-C (2025) https://lobste.rs/s/zc73xh #c #security
https://cr.yp.to/2025/fil-c.html

Attacking macOS XPC helpers: Protocol reverse engineering and interface analysis https://lobste.rs/s/fq3hqh #mac #reversing #security
https://tonygo.tech/blog/2025/how-to-attack-macos-application-xpc-helpers

#UBlockOrigin Anti-#Adverts / Against #Malware in #Browser
(essential 5 Stars ⭐⭐⭐⭐⭐ )

https://ublockorigin.com/ (can install here)

Video: https://invidious.nerdvpn.de/watch?v=_bSuLbSeuN8

Louis 100% Recommends people to install it...

Why nobody links to homepage I don't know but I did !

(Not #UBlock but #UBlockOrigin ☑️ is correct name)

#Privacy #Security etc

X.Org Security Advisory: multiple security issues X.Org X server and Xwayland https://lobste.rs/s/rjsfgs #security #unix
https://lists.x.org/archives/xorg-announce/2025-October/003635.html

🎤 Upcoming at SeaGL 2025:
📍 05:00 PM on November 08
🗣️ "No More Mystery Brownies: SBOMs, security errata, and the recipe for safer software"
👥 Speaker(s): Brady Dibble
📍 Room: Room 334
🏷️ Track: Security and Privacy
📝 Open source software can be like a plate of mystery brownies in the breakroom: Where did they come f...

#SeaGL2025 #security #linux #FLOSS #opensource
🔗 https://pretalx.seagl.org/2025/talk/HM7MSP/