So, I guess you know better than the independently owned businesses requesting cash?
Posts
-
If you're choosing locally owned businesses for your coffee, groceries or other things, kudos for supporting alternatives to corporate-owned outlets. -
If you're choosing locally owned businesses for your coffee, groceries or other things, kudos for supporting alternatives to corporate-owned outlets.If you're choosing locally owned businesses for your coffee, groceries or other things, kudos for supporting alternatives to corporate-owned outlets. A reminder that paying with cash allows them to keep the full proceeds rather than sharing them with moneygrubbing banks and payment processors.
-
Is there a way to hide long threads that you don't want to see?Is there a way to hide long threads that you don't want to see?
-
A fork of the Signal Messenger known as Sessions has omitted several important security properties found in the original source code, making it a less secure alternative, a researcher says.A fork of the Signal Messenger known as Sessions has omitted several important security properties found in the original source code, making it a less secure alternative, a researcher says. The deficiencies include:
-- no forward secrecy
- insufficient Entropy in Ed25519 Keys
- no in-Band Negotiation for Message Signatures
- using Public Keys as AES-GCM Keys
Stay away from this offering unless you really, really, really know what you're doing:
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
-
Researchers, please, please, please create RSS feeds for your blogs.Researchers, please, please, please create RSS feeds for your blogs. We desperately need alternatives to social media to get your work out there.
-
Does anyone know how to add a new security device to a Google account?Google Account > Security > Passkeys and Security keys > + create a passkey. Google et al. seem to use "passkey" and "security key" interchangably. Yes, this is confusing, but clicking + create a passkey lets you create as many security keys as your heart desires.
-
It's still early but the doomscrolling opportunities for 2025 so far have been top notch.It's still early but the doomscrolling opportunities for 2025 so far have been top notch.
-
ICYMI: I published a year-end state-of-play story about passkeys.ICYMI: I published a year-end state-of-play story about passkeys. In short, they're the most viable means of moving to credential phishing-immune authentication, but they're also (1) not what I consider "usable security" for many and (2) don't (yet) live up to their security promises, since just about every site offering them still allows us to fall back on passwords and resets from emails, SMS, etc.
There are a large number of devs putting their blood, sweat and tears into passkeys. They deserve our thanks and respect. The move off of phishable, knoweledge-based authentication won't be easy. No one said it would be. Nothing in this story is intended to detract from the important work these folks do.
-
I'm sick to death of people telling me I should be on this or that social network that's controlled by some billionaire wingnuts.I've been doing it a fair amount over the past 6 months. Highly recommended.
-
I'm sick to death of people telling me I should be on this or that social network that's controlled by some billionaire wingnuts.Do it!
-
It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and execute code of his choice on thousands of servers—all in a single blow that cost only $20 and a few minutes to lan...It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and execute code of his choice on thousands of servers—all in a single blow that cost only $20 and a few minutes to land. But that’s exactly what happened recently to Benjamin Harris.