Nothing the Chromium team does surprises me at this point.
#cososec

jwz: Putting on my hacker hoodie to View Source
https://www.jwz.org/blog/2021/11/putting-on-my-hacker-hoodie-to-view-source/

WHOA.🤯 #cososec

US Blacklists Israeli Firms NSO Group and Candiru
https://www.darkreading.com/threat-intelligence/us-blacklists-israeli-firms-nso-group-candiru

The Booming Underground Market for Bots That Steal Your 2FA Codes
https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo

#cososec

I am finding out personally that Facebook has WAY too much data on people.

I have a FB account solely for reposting important website announcements for an org whose media I manage. I made an account, but other than my name, nothing is filled out. Zero posts, likes, etc. Opted out of all the things you can, and I opted out of as many 3rd-party days sharing firms as allowed. The account exists so I can "manage" this org's FB account.

1/2

#cososec

USPS site is on the fritz. No tracking; this is all that comes up.
#cososec

A massive ‘stalkerware’ leak puts the phone data of thousands at risk | TechCrunch
https://techcrunch.com/2021/10/19/stalkerware-security-phone-data-thousands/

#cososec

Update your OpenOffice and LibreOffice installs!

Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice
https://thehackernews.com/2021/10/digital-signature-spoofing-flaws.html

#cososec

I finally found a FOSS Android keyboard with functional swipe / gesture typing. It's less forgiving than GBoard si you have to go slower, but I'm happy to be sending less data to Google. Even though it's in early development, the whole app is quite polished; more so than any of the other FOSS keyboard apps I've tried.

GitHub - florisboard/florisboard: An open-source keyboard for Android which respects your privacy. Currently in early-beta.
https://github.com/florisboard/florisboard

#cososec
#cosotech

Android Mobile OS Snooping By Samsung,
Xiaomi, Huawei and Realme Handsets (PDF)

https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf

Yikes this is bad. It's enough to make me want to drop Samsung for future phones, since /e/ and Lineage only support older models.

I wish they had included Pixel phones with stock firmware in the study. Kind of strange that they didn't. We could have seen if Google was collecting additional handset data on the Pixel beyond what they collect on all other Android phones.

#cososec

iPhone apps no better for privacy than Android, Oxford study finds | Tom's Guide
https://www.tomsguide.com/uk/news/ios-android-app-privacy-parity

#cososec

Be still, my heart! Bitwarden gets some love from a mainstream tech mag.

Bitwarden review: The best free password manager for 2021 - CNET
https://www.cnet.com/tech/services-and-software/bitwarden-review-the-best-free-password-manager-for-2021/

#cososec

Who didn't see this coming? It will not be the last such deal.

Coinbase just made a huge, very abstract deal with ICE
https://www.inputmag.com/culture/coinbase-just-made-a-very-abstract-deal-with-ice

#cososec

With Mozilla continuing their 'dark pattern' behavior lately, it may be time to give this privacy-centric fork a try:

LibreWolf Browser
https://librewolf-community.gitlab.io/

#cososec

I am shocked that Mozilla of all companies would do this. Fortunately, it's easily disabled.

Firefox Now Sends Your Address Bar Keystrokes to Mozilla
https://www.howtogeek.com/760425/firefox-now-sends-your-address-bar-keystrokes-to-mozilla/

#cososec

Here is your periodic reminder to never send anything sensitive over SMS.

Company that routes SMS for all major US carriers was hacked for five years | Ars Technica
https://arstechnica.com/information-technology/2021/10/company-that-routes-sms-for-all-major-us-carriers-was-hacked-for-five-years/

#cososec

Understanding How Facebook Disappeared from the Internet
https://blog.cloudflare.com/october-2021-facebook-outage/

#cososec

AP News: AP: Military units track guns using tech that could aid foes
https://apnews.com/article/rfid-military-weapons-guns-62c88008478f4ac403047c21f3184677

#cososec

Another Pi-hole update out today:

Pi-hole FTL v5.10.1, Web v5.7 and Core v5.5 released – Pi-hole
https://pi-hole.net/2021/09/29/pi-hole-ftl-v5-10-web-v5-7-and-core-v5-5-released/

#cososec

This is a pretty cool development. For those who don't know, OnionShare let's you share files of ANY size. All the recipient needs is the Tor browser.

Goodbye, passwords in OnionShare
https://micahflee.com/2021/09/goodbye-passwords-in-onionshare/

#cososec

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

https://thehackernews.com/2021/09/a-new-bug-in-microsoft-windows-could.html

#cososec