Due to an issue in ext4 with data corruption in kernel 6.1.64-1, we are a pausing the 12.3 image release for today while we attend to fixes. Please do not update any systems at this time, we urge caution for users with UnattendeUpgrades configured.… https://t.co/cxCONqC4iE
Es ist endlich soweit: Die ersten Voucher wurden und werden heute im Laufe des Tages verschickt. Wir haben jetzt den Vorverkauf zum Congress fertig geplant: #37C3 – Tickets & Presale https://t.co/vALTTUlzrr
Well, shit.
Encrypted traffic interception on Hetzner and Linode targeting https://t.co/wrWg1FCVNp, the largest Russian XMPP (Jabber) messaging service.
The instant messaging have been wiretapped for 3 months, on both hosting providers in Germany.
https://t.co/MIof2vET4B
Nach dem Umbau des Congress Centers wieder zurück in #Hamburg – Der Chaos Computer Club kündigt den 37. Chaos Communication Congress #37C3 als Präsenzveranstaltung im CCH an https://t.co/k27eVPnYHJ
@DHLPaket Hallo, vielleicht wollt ihr die zu versendenen Pakete in Packstation 245 in 22335 Hamburg mal abholen? Seit Samstag war offenbar niemand mehr dort...
First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! https://t.co/NVPWFpVopz
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access to your Google Account, all of your 2FA secrets would be compromised.
Also, 2FA QR codes typically contain other information such as account name and the name of the service (e.g. Twitter, Amazon, etc). Since Google can see all this data, it knows which online services you use, and could potentially use this information for personalized ads.
Surprisingly, Google data exports do not include the 2FA secrets that are stored in the user's Google Account. We downloaded all the data associated with the Google account we used, and we found no traces of the 2FA secrets.
The bottom line: although syncing 2FA secrets across devices is convenient, it comes at the expense of your privacy. Fortunately, Google Authenticator still offers the option to use the app without signing in or syncing secrets. We recommend using the app without the new syncing feature for now.
#Privacy #Cybersecurity #InfoSec #2FA #Google #Security
Affordable, sustainable & powerful! 🚀You can now get one of our Arm64 CAX servers to optimize your operations while minimizing your costs!
Discover Ampere’s efficient and robust Arm64 architecture and be ready to get blown away with its performance. 😎
https://t.co/KbFDKcCeSH
holy FUCK.
Windows Snipping Tool is vulnerable to Acropalypse too.
An entirely unrelated codebase.
The same exploit script works with minor changes (the pixel format is RGBA not RGB)
Tested myself on Windows 11