Ich möchte mich ganz herzlich für die anhaltende Unterstützung und das Vertrauen in meine Arbeit bedanken. Eure Spenden ermöglichen es mir, mich weiterhin auf die Qualität und Entwicklung des Blogs zu konzentrieren und unabhängig und frei von kommerziellen Interessen zu bleiben. Ohne eure Großzügigkeit und Unterstützung wäre dies nicht möglich. Vielen Dank! ❤️
Any social web platform could implement E2EE for themselves, but a standardized format will enable users of different Fediverse services to DM each other through the lens of the social platform of their choice.
The prosecution asks that the defense be precluded from asking #StormyDaniels whether she was arrested. Justice #Merchan agrees w/the prosecutors, saying that “anybody can be arrested” & that it “doesn’t prove anything.”
The people call Stormy Daniels back to the stand
#Trump atty #Necheles begins questioning by saying that in 2011, Daniels denied having had sex w/Trump.
#StormyDaniels says she believed that #Trump's Aug 2023 all-caps tweet, "If you go after me, I'm coming after you!,' was about her, bc he had just filed a suit against her in Florida.
#Hoffinger asks Daniels about the impact that telling her story had on her life.
Daniels said she had to hire #security, move a couple of times & take extra precautions bc of her daughter.
Asked if publicly telling the truth has been a net positive or net negative, Daniels responds "negative."
Coincidentally, this seems to expose a gap in #Fediverse security—since right now there's no way for me to continue posting to a hashtag I use frequently and avoid this user, who openly admits that they use .social to browse hashtags and then quote posts.
The only way I can use a hashtag on this federated network is to make my post publicly visible. Doesn't that make all hashtag-based communities here vulnerable to surveillance and potential abuse?
@adnan Maybe the #Fediverse would benefit from some kind of "listed and fediverse-public but not external-public" level of post visibility that would allow people to have their posts on hashtags propagated across the fediverse and visible internally within the federated timeline but not visible via pages like the non-authenticated external search on most instances to people who are not logged in 🤔
went down to the hotel lobby to retrieve my dinner delivery in a yoga outfit + snuggly cardigan + face mask.
some men with #RSAC2024 lanyards exited the elevator as I re-entered; they turned back to look at me and one said (very loudly, very pointedly staring at me) to the other, “I was like, did you hire me a hooker?”
if you are a man attending #rsac, please shut that kind of shit down when your peers do it. let’s not let insecurity rule our #security industry.
How to use #KeePassXC or, how I think it should be:
I call this the paranoid-mode. (Good for corporations, and anyone with highly sensitive information/accounts.)
One file for passwords only.
One file for Passkeys.
One file for TOTP.
Each file is locked with (1) Password; (2) key file.
4b. You can also add a Challenge-Response if you have a YubiKey or OnlyKey.
Never use the same password and key file for each of those files.
Place the TOTP and Passkeys files on separate USBs. You generally only need one, not both.
For your password file:
7a. Separate USB, useful if you have multiple USB slots.
7b. Or, if only one slot (for example, mobile devices), you can have a separate USB for both Password + TOTP; and Password + Passkey.
This mode is good for most users. (General user mode.)
What most people actually do:
One file for Passwords + TOTP + Passkeys.
Password only. Or, Password + Key File.
Stored in a cloud. Or, encrypted with Cryptomator before storing in the cloud. (The latter is not advisable as it might corrupt the KeePass file.)
You can combine options from paranoid-mode to the general user mode to increase security better without making it far too hard for your use case.
PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.
Structural security trumps computational security ... or ...
Diffuse structural security trumps amalgamated computational security ...
All your big, strong passkeys in one basket is less secure than your passwords in many individual baskets ...
Trying to explain this to tech bros can resemble pushing a wagon uphill ...
Because they want to sell something, logic is not paramount.
"A password in my brain is generally safer than an app or SMS stream that can be compromised. Although a passphrase may in some cases not be computationally more secure than a token mechanism or two-factor sytem, the simple passphrase is often structurally more secure because that passphrase only links to and exposes one service target."
"I like to compare it to having one basket of eggs in one spot, and many baskets of eggs in many places. If your one basket of eggs has the master key to all the other stronger keys, is it easier to get the one basket, or the many baskets with weaker keys? So in this scenario cipher strength is not the most important factor for security. With a single basket one fox or pick-pocket or one search warrant can own all of your eggs for all your services."