Here’s a reminder to make your Venmo transactions private, courtesy of Clarence Thomas / Lawyers appearing before the Supreme Court sent money to a Clarence Thomas aide via Venmo, according to the aide’s profile. Don’t be like him.

https://www.theverge.com/2023/7/12/23792922/venmo-transactions-privacy-security-risks-clarence-thomas

#cososec

Who's down with WPA3?
Yeah, you know, me.

#cososec

Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking

Most critical of the bugs allowed attackers to root federated instances.

https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/

#cososec

Watching a bunch of notable infosec accounts jumping on board the #Threads bandwagon makes me want to scream.

If you would expect anyone to carefully read privacy policies and app permissions, you'd think it would be these people.

They did the same thing with #Bluesky and I lost respect for those people when that happened. This one is even worse.

#cososec

#ThrowbackThursday
#cososec

I made a reference sheet that links to privacy policies for various social networks. The next time someone asks if their privacy is being protected by a certain network or app, you can point them here.

https://rentry.co/socialnetworkprivacy

#cososec
#cstips

#Threads has a very long list of requested app permissions. Screenshot below from Play store.

If you install this, you're opening yourself up to a lot of invasive data mining. Still think it's a good idea?
#cososec

For the new people, here are my top 5 hashtags, submitted for approval:

#cosomusic
#cosoclassical
#cosoteachers
#musictheory
#cososec

For those who may be averse to cloud-based password vaults, here is a cake-and-eat-it-too solution.
#cososec

ALWAYS change the default login credentials for any device. Lists like this exist and you will get instantly popped.

https://github.com/ihebski/DefaultCreds-cheat-sheet

#cososec

Here's yet another reason why Signal should NOT be held up as the standard for secure and/or private comms.

https://www.eff.org/deeplinks/2023/05/how-do-different-encrypted-messaging-apps-treat-deleted-messages

#cososec

How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now
https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now

#cososec

#cososec

Private Spies Hired by the FBI and Corporate Firms Infiltrate Discord, Reddit, WhatsApp

Leading “threat intelligence” firms are creating fake online personas to gain access to every corner of the web.

https://www.leefang.com/p/private-spies-hired-by-the-fbi-and

#cososec

Next to the phone number requirement, the metadata retention is one of the biggest reasons I don't use Signal.
#cososec

https://twitter.com/matthew_d_green/status/1660617576005660672

How well does your web browser protect your privacy? Find out here:

https://privacytests.org/

#cososec

To anyone interested in connecting on SimpleX Chat, the old room was getting cranky (technically). New room is here:

/nosanitize
https://simplex.chat/contact#/?v=1-2&smp=smp%3A%2F%2FSkIkI6EPd2D63F4xFKfHk7I1UGZVNn6k1QWZ5rcyr6w%3D%40smp9.simplex.im%2Fm2tP1XEMuuJi36Ln_8HTC2vG4bk-u-nb%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAFAwKxAT4LZ4C6g_gDGn3aHmttvlR9i9dVVTeoPI6yXU%253D%26srv%3Djssqzccmrcws6bhmn77vgmhfjmhwlyr3u7puw4erkyoosywgl67slqqd.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22kIfdPDrbr7mOAMQx3M7DBg%3D%3D%22%7D

#cososec #cosotech

A shirt for the #cososec crowd:

https://a.co/d/6PhSlvQ

Ars write-up on Google Passkeys. I'm surprised to see this kind of pollyana article from them with no cautions stated whatsoever.

My concerns about passkeys (as implemented by Google) linked below. #cososec

https://arstechnica.com/information-technology/2023/05/passwordless-google-accounts-are-easier-and-more-secure-than-passwords-heres-why/

https://counter.social/@voltronic/110307923256404685

This Passkey idea sounds good in theory, but I have some serious concerns with what is described in this post.
#cososec

https://security.googleblog.com/2023/05/so-long-passwords-thanks-for-all-phish.html