"If you use Apple iPhone or MacBook, here we have a piece of alarming news for you.

Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well."

https://thehackernews.com/2020/04/hacking-iphone-macbook-camera.html

#cososec

#cososec PSA:

With everyone quarantined, streaming video use is increasing. That also means many more opportunities for your streaming or IoT devices to spy on you.

I just checked the logs on my Pi-hole. Blocked requests have been up about 15-20% daily compared to before the lockdown. As usual, my living room TV is the main culprit. Samsung makes beautiful screens, but boy are they spammy. I have heard that Roku devices are just as bad.

For the #cososec nerds:

A technical examination of different Zoom local security flaws and exploits.

https://objective-see.com/blog/blog_0x56.html

Zoom gets worse every day.
#cososec

https://twitter.com/bcrypt/status/1245472251895361536?s=09

Thread compiling examples of malware-like behavior baked into Zoom.

https://twitter.com/random_walker/status/1244987617676050434?s=09

#cososec

Zoom Meetings Do Not Support End-to-End Encryption
https://theintercept.com/2020/03/31/zoom-meeting-encryption/

#cososec

All your election are belong to us.

https://twitter.com/GossiTheDog/status/1026603800365330432?s=09

#cososec

Zoom needs to clean up its privacy act
https://blogs.harvard.edu/doc/2020/03/27/zoom/

#cososec

Don't use Zoom for web conferencing if you can avoid it.
#cososec

https://www.eff.org/deeplinks/2020/03/what-you-should-know-about-online-tools-during-covid-19-crisis

Hey, #cososec.

TPM modules: Does anyone still use them?

I needed a place to share some large files with friends and family, and after comparing various options, I went with Mega.

Not sure if there are any #cososec concerns given the "provenance" of this company, but for now the positives I see:

- Free storage space is generous, and you earn more with 'achievements'. After verifying my mobile app, I have 65 GB free space.

- File sizes appear to be unlimited.

- Supports very long passwords and 2FA.

A Critical Internet Safeguard Is Running Out of Time | WIRED
https://www.wired.com/story/shadowserver-cisco-internet-cybersecurity/

A Critical Internet Safeguard Is Running Out of Time

Shadowserver has helped keep the internet safe for 15 years. Unless it can raise funds fast, it's going to disappear.

#cososec

The measly 1M I had before wasn't doing it for me. This feels better.

#cososec

Anyone here use FiOS for internet only? I had them years ago in a previous home when they were new on the scene, and while TV was glitchy, internet was solid.

I'm strongly considering jumping ship again from my price-gouging cable Co. If I switched, I would just ask them to just install the ONT and enable the Ethernet port; no coax connection and no gateway. Just straight into my firewall box, which does DHCP for my network.

#cosotech
#cososec <- (just to draw out more techies)

Samsung makes beautiful TVs, but my Pi-hole shouldn't have to be blocking this many requests from one device. Those top 4 domains are all from one TV over the last 24 hours.

#cososec

If you're serious about browser privacy, you should probably pass on Edge or Yandex, claims Dublin professor

Merging search and address bar means more data for the tech giants

https://www.theregister.co.uk/AMP/2020/02/27/edge_and_yandex_browser_privacy_shame/

#cososec

A mesh VPN with Wireguard? I'm interested.
#cososec

https://tailscale.com/

Keybase users, take note. The XLM scams are apparently not finished.

My response to the highlighted text:

REALLY??? You don't say!!!😅
#cososec

Welcome, new CoSoNauts!

Time to crack those eggs: Upload a profile pic, fill out your profile and say hello.

Check out the user guide:
https://counter.social/userguide.pdf

Some tags to follow:
Infosec discussion at #cososec.
Music lovers and musicians: check out #cosomusic and #musictheory.
If you love good drinks, follow #caffeineclub #winetime #beerme #spirited and #mixmeup.
Animal lovers: #petsofcoso, #dogsofcoso, #catsofcoso.

We're glad you made it here. Enjoy the interaction with real people!

Android malware can steal Google Authenticator 2FA codes

A new version of the "Cerberus" Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts.

https://www.zdnet.com/google-amp/article/android-malware-can-steal-google-authenticator-2fa-codes/

#cososec