Well this is a terrible idea. #cososec

Mozilla Firefox to let you export saved passwords in plain text

https://www.bleepingcomputer.com/news/security/mozilla-firefox-to-let-you-export-saved-passwords-in-plain-text/

UNVERIFIED, but if this account is true, it would confirm our fears about what Zoom would do with their Keybase acquisition.

https://twitter.com/jenuhhveev/status/1266101554928447488?s=09

#cososec

If Signal finally moves away from phone numbers, I might actually use it.
#cososec

https://freedom.press/training/blog/beyond-signal-phone-numbers/

👋 Welcome, new CoSoNauts!

Time to crack those eggs: Upload a profile pic, fill out your profile and say hello. Check out the user guide:
https://counter.social/userguide.pdf

Some tags to follow:
Infosec discussion at #cososec.
Music lovers and musicians: check out #cosomusic and #musictheory.
If you love good drinks, follow #caffeineclub #winetime #beerme #spirited and #mixmeup.
Animal lovers: #petsofcoso, #dogsofcoso, #catsofcoso.

We're glad you made it here. Enjoy the interaction with real people!

WTF is eBay up to?
#cososec

When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications.

https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/

All you Linux-based security people will love this.
https://safeboot.dev/

#cososec

This person made a Windows 10 Hardening Script. Looks quite comprehensive.

https://gist.github.com/mackwage/08604751462126599d7e52f233490efe

#cososec

Pi-hole v5.0 is out.

https://pi-hole.net/2020/05/10/pi-hole-v5-0-is-here/

#cososec

#cososec payments question:

I know that Abine Blur burner cards allow you to mask your real email and billing address (with a Premium membership).

Is there a similar function I'm missing in Privacy.com? I recently made my first transaction with Privacy, but still needed to enter my real billing address.

Still holding out hope that someday Privacy will allow the option of a declining balance account without linking your real bank account. IOW, like a crypto wallet, but useful in more places.

Zoom 5.0 has been released with dinner welcome security improvements. Unfortunately, the new Watermarks look pretty bad for user privacy.

https://zoom.us/docs/en-us/zoom-v5-0.html

#cososec

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

https://amp.thehackernews.com/thn/2020/04/deanonymize-device-biometrics.html

#cososec

Fake Skype, Signal Apps Used to Spread Surveillanceware

https://threatpost.com/fake-skype-signal-apps-used-to-spread-surveillanceware/155053/

#cososec

Is the firmware in newer TP-Link routers any less of a security nightmare than the old ones? I have a lust for beam forming, and have my eye on the AX1500 or AX3000 WiFi 6 units.

I own 3 of their Archer C7 AC1750 802.11ac stationed around the house as APs, flashed with DD-WRT for security and tweak-ability.

No DD-WRT, Open WRT, or Tomato is available for the new ones though, and that's the only thing holding me back.

#cososec
#cosotech

You know that contact tracing app that Apple and Google collaborated on? It can't work properly, because background services cannot constantly access Bluetooth, on either OS.

I mean, it's not like both of these companies designed the respective OS the app would run on, and could have known this would be a problem. 🤦‍♂️
#cososec

https://twitter.com/fs0c131y/status/1249633962865164289?s=09

Do the people pushing anti-encryption legislation not see the obvious parallels with gun control legislations they strongly oppose?

Tools can be used for good or evil purposes, and restricting them *might* make life harder for criminals, but *definitely* will make innocent people less safe from those who wish them harm.

It's almost as bad as the 'pro-life' hypocrites.

Oh wait, they're the same people.

#cososec

Senator backing anti-crypto bill calls out Zoom’s lack of end-to-end crypto | Ars Technica
https://arstechnica.com/tech-policy/2020/04/senator-backing-anti-crypto-bill-calls-out-zooms-lack-of-end-to-end-crypto/

#cososec

Attackers can bypass fingerprint authentication with an ~80% success rate | Ars Technica
https://arstechnica.com/information-technology/2020/04/attackers-can-bypass-fingerprint-authentication-with-an-80-success-rate/

#cososec

PayPal and Venmo Are Letting SIM Swappers Hijack Accounts - VICE
https://www.vice.com/en_us/article/pke9zk/paypal-and-venmo-are-letting-sim-swappers-hijack-accounts

#cososec

School districts, including New York City’s, tell teachers to stop using Zoom because of online security issues - The Washington Post
https://www.washingtonpost.com/education/2020/04/04/school-districts-including-new-york-citys-start-banning-zoom-because-online-security-issues/

#cososec

This is an actual email I received today to my inbox. Sure seems legit. I think I'll open the attachment! #cososec