If you want to know which browsers do or do not respect your privacy, check out the site below. They put a wide variety of desktop and mobile browsers through a battery of tracking and other privacy tests. Click on each test for more details.

I post this site every year or so, which is why I wasn't surprised about the recent news regarding Chrome "incognito" mode. It's unfortunate that it took so long to be widely reported.

https://privacytests.org/

#cososec
#browserwars

This week, my district IT department sent out another one of these:

"Your password will expire in [n] days."

Every time they do this, I have to fight myself from replying with the NIST guidelines.

https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/nists-new-password-rule-book-updated-guidelines-offer-benefits-and-risk

#cososec #cosotech

This should be obvious, but I think some people are missing it:

If you ask @Alfred to geolocate a photo with you in it, all of CoSo can see exactly where you are/were. (Assuming the response is accurate.)

If your PLP is enabled, the entire Internet can see that info. @Alfred has PLP enabled, so its responses are public.

This will be concern for some, but not for all. Just be aware of the content of these photos. Consider blurring faces if necessary.
#opsec #osint #cososec

For those looking for an alternative to Keybase, this might be it:

https://keyoxide.org/

#cososec

PSA: Truncating the displayed URL of links can hide the fact that they may be direct file download links. Phones don't have a hover functionality so you may find yourself downloading a file you didn't intend to. This just happened to me a few minutes ago.

#cososec

Modern problems require modern solutions. #cososec

As we begin a new year, now would be a great time to:

- Back up your data, with local, off-site, and non-magnetic (optical disc) copies.

- Update firmwares, drivers, and security patches.

- Delete junk files. Bleachbit, FTW!

- Delete unnecessary apps and accounts, especially those that do not respect your privacy.

- Review app permissions.

- Opt out of data broker sites:
https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List

- Set up network-wide ad and malware filtering:
https://txt.fyi/-/20206/2d6d8f1e

#cososec #cosotech

Be careful who you do business with.

Here's a conversation I recently had with an eBay seller. See how many red flags you can spot.

#cososec

Wow, this is a low-effort phish if I've ever seen one. #cososec

👋 Welcome, new CoSoNauts!

CoSo has no algorithm, so hashtags are your friend. Here are some of my favorites:

Infosec topics: #cososec #InfosecFail

Music and musicians:
#cosomusic #cosoclassical #cosojazz #cosochoral #musictheory

Food & drink: #cosocooks #cosobbq #caffeineclub #winetime #beerme #spirited #mixmeup

Animal lovers: #petsofcoso #dogsofcoso #caturday

Check out the User Guide or ask for #help:
https://help.counter.social

We're glad you made it here. Be kind, and be social.

🚨#COSOSEC ALERT 🚨

GSK Plc will pay 23andMe Holding Co. $20 million for access to the genetic-testing company’s vast trove of consumer DNA data, extending a five-year collaboration that’s allowed the drugmaker to mine genetic data as it researches new medications.

https://archive.ph/gz2dM

iPhones have been exposing your unique MAC despite Apple’s promises otherwise

Three years ago, #Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised.

https://arstechnica.com/security/2023/10/iphone-privacy-feature-hiding-wi-fi-macs-has-failed-to-work-for-3-years/

#cososec #iOS

Rachel Tobac just released a free security eBook!

Protect your company from cyber criminals

In this eBook, white hat hacker Rachel Tobac exposes the most prevalent cybersecurity threats of the day and shares actionable steps that your business (and employees) can take to protect against them.

Threat modeling

https://bitwarden.com/how-to-stop-hackers/

#cososec

I just got another "your password will expire in 8 days" notice from my district IT dept.

It's so frustrating that they continue to use such outdated security practices. NIST would like a word.

#cososec

Well this is sub-optimal. #cososec
Backdoored firmware lets China state hackers control routers with “magic packets”
The modified firmware used by BlackTech is hard to detect.

Hackers backed by the Chinese government are planting malware into routers that provides long-lasting and undetectable backdoor access to the networks of multinational companies in the US and Japan, governments in both countries said Wednesday.

https://arstechnica.com/security/2023/09/china-state-hackers-are-camping-out-in-cisco-routers-us-and-japan-warn/

#cososec ALERT 🚨
T-Mobile employee info has been breached. (Correction to previous post )

Inside ShadowDragon, The Tool That Lets ICE Monitor Pregnancy Tracking Sites and Fortnite Players

https://www.404media.co/inside-shadowdragon-ice-babycenter-pregnancy-fortnite-black-planet/

#cososec

I seriously question whether LinkedIn is more effective for corporate networking or for providing attack vectors for social engineering.

#cososec

🚨🚨🚨 ALERT: Update all #Apple devices immediately.

The infamous Peagusus zero-click-delivery spyware from NSO is being actively spread.
#cososec #iOS #macos

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

I really feel for infosec pros and IT managers who get incredulous responses to simple requests for improving safety.

Below is a thread from a recording forum I belong to. I really tried to convince them that running a 12-year-old version of a known vulnerable torrent client was a bad idea. The pushback was disheartening. Chalk up an #InfosecFail on this one. #cososec

/nosanitize
https://taperssection.com/index.php?PHPSESSID=5561d6fa6439cd91b134cb7c34618cd8&topic=203259.0;all