RSS Feeds:
HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed
Become a supporter on Patreon:
Show Notes:
Imgur’s blog post Re: notice of data breach
-
Troy Hunt praised Imgur’s “exemplary handling” of the incident
-
Firefox to collaborate with HaveIBeenPwned to alert users on data breach
Contrast Imgur’s breach handling wth that of DJI
-
developers had left the private keys for both the “wildcard” certificate for all the company’s Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub
-
Findings of developer: Why I walked away from
$30,000 of DJI bounty money – PDF -
But as Finisterre worked to document the bug with the company, he got increasing pushback—including a threat of charges under the Computer Fraud and Abuse Act (CFAA).
-
“At one point… DJI even offered to hire me directly to consult with them on their security,” Finisterre wrote.
-
Ultimately, Finisterre received an e-mail containing an agreement contract that he said “did not offer researchers any sort of protection. For me personally, the wording put my right to work at risk, and posed a direct conflict of interest to many things including my freedom of speech.” It seemed clear to Finisterre that “the entire ‘Bug Bounty’ program was rushed based on this alone,” he wrote.
how can I prevent myself from getting hacked?
-
not everyone agrees with Motherboard so see also Basic security precautions for non-profits and journalists in the United States, mid-2017. but to be fair, Bruce say’s it’s pretty good
-
see also other Motherboard guides
-
Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.
-
The Electronic Frontier Foundation guide to Assessing Your Risks
-
… if you come away with one lesson from this guide is: update, update, update, or patch, patch, patch.
-
Use a password manager
-
Two factor authentication: You should, if the website allows it, use another 2FA option that isn’t SMS-based, such as an authentication app on your smartphone (for example, Google Authenticator, DUO Mobile, or Authy), or a physical token. If that option is available to you, it’s great idea to use it.
-
use an ad blocker (e.g. uBlock Origin). Why? A great deal of malware comes through ads.
-
Get an iPhone and don’t jailbreak it
-
Use Signal instead of WhatsApp
-
Even if you keep your privacy settings on lockdown, social media companies are subject to subpoenas, court orders, and data requests for your information. And often times, they’ll fork over the information without ever notifying the user that it’s happening. For the purposes of social media, assume that everything you post is public. This doesn’t mean you should stop using social media, it just means you have to be mindful of how you use it.
Feedback
-
From Samir, based on question from Episode 346 : Linux Containers vs Virtual Machines
-
Jonathan Davis mentioned Schrodingers Backup Mug
Round Up:
-
Mostly for ZFS: Policy-driven snapshot management and replication tools. & see also zfstools : OpenSolaris-compatible auto snapshotting for ZFS
-
Better Random Number Generation for OpenSSL, libc, and Linux Mainline – But what’s really exciting for us is that, in the course of working on libc, we were also able to get traction on another important change, in Linux itself. Last year, we suggested a new madvise() option for the Linux kernel. Based on OpenBSD’s MINHERIT_ZERO, the option marks memory regions as WIPEONFORK, which means that those regions are zeroed in a child process immediately after a fork() call.
-
How a single PostgreSQL config change improved slow query performance by 50x
-
Troy Hunt testifies before Congress and you should be able to watch it live here