SFBA.social

3 posts2 participants0 posts today

Nick EspinosaWhatsApp's new Advanced Chat Privacy is pointless<a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechNews</a> <a href="https://mastodon.social/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://mastodon.social/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WhatsApp</a> <a href="https://mastodon.social/tags/Meta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Meta</a> <a href="https://mastodon.social/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Facebook</a> <a href="https://mastodon.social/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a><a href="https://youtu.be/QGaUvCVUdPs" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/QGaUvCVUdPs</a>

Nick EspinosaDaily Podcast: WhatsApp's new Advanced Chat Privacy is pointless<a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechNews</a> <a href="https://mastodon.social/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://mastodon.social/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WhatsApp</a> <a href="https://mastodon.social/tags/Meta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Meta</a> <a href="https://mastodon.social/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Facebook</a> <a href="https://mastodon.social/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a> <a href="https://mastodon.social/tags/podcast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#podcast</a><a href="https://soundcloud.com/nickaesp/wcp" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://soundcloud.com/nickaesp/wcp</a>

Wolfgang Stief»Your password must contain: At least 12 characters.« Und genau das ist jetzt mein Passwort, wenn euch meine 10 alphanumerischen, nicht lexikalisch angeordneten Zeichen nebst Sonderzeichen nicht reichen. Zefix. <a href="https://mastodon.social/tags/uxfromhell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#uxfromhell</a> <a href="https://mastodon.social/tags/pseudosecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pseudosecurity</a> <a href="https://mastodon.social/tags/securitytheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securitytheater</a>

Kevin Karhan :verified:<a href="https://climatejustice.social/@KarlHeinzHasliP" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@KarlHeinzHasliP</a> <a href="https://mastodontech.de/@denki" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@denki</a> OFC I do wish for a real "<a href="https://infosec.space/tags/TransEuropeanExpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TransEuropeanExpress</a>" that gets people from <a href="https://infosec.space/tags/Lisbon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lisbon</a> to <a href="https://infosec.space/tags/Helsinki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Helsinki</a> and from <a href="https://infosec.space/tags/Oslo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oslo</a> to <a href="https://infosec.space/tags/Athens" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Athens</a> faster than flying (if we account for the <a href="https://infosec.space/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a> at <a href="https://infosec.space/tags/Aorports" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Aorports</a>)…

🆘Bill Cole 🇺🇦Yes, this is about MailMate being EXTORTED by Google but it's also about every other 3rd-party MUA and every major mailbox provider, because they have imposed a web-centric authentication and authorization system on the world which moronically relies on annual security audits of MUAs to certify them for use with the fragile snowflakes which behemoth mail systems apparently are... <a href="https://toad.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://toad.social/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a>

🆘Bill Cole 🇺🇦Fuck <a href="https://toad.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> and the garbage imitation of IMAP that they foist on users & fuck their <a href="https://toad.social/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a> of demanding CASA audits of every IMAP client before they allow it to do OAuth2. If you use <a href="https://toad.social/tags/GMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GMail</a> (or Google Workspace) you are actively supporting the enclosure of <a href="https://toad.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#email</a>. Google does not want independent standards-compliant MUAs to touch their mail system. Google wants all of its users using their shit web interface or their shoddy apps. They want to own your email. <a href="https://toad.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://toad.social/tags/Rant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Rant</a>

🆘Bill Cole 🇺🇦The iOS *app* works fine (using FaceID even) but the browser workflow has a "use phone" link and QR code, which sends the phone to a web page that wants to take a pic, but since the idiots at Jumio don't ASK for Camera access, iOS offers no means for me to give it to them. It's stupid broken tools like this that make me wish I could bullshit well. Some slimeball sold this "service" to my CU, costing me money as a shareholder & it's junk. <a href="https://toad.social/tags/Jumio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Jumio</a> <a href="https://toad.social/tags/MichiganFirstCU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MichiganFirstCU</a> <a href="https://toad.social/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a> <a href="https://toad.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

🆘Bill Cole 🇺🇦Yes, the problem in Safari persists with Lockdown disabled for the site. I gather it's just lazy insecure garbage code. <a href="https://toad.social/tags/Jumio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Jumio</a> <a href="https://toad.social/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a> <a href="https://toad.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

🆘Bill Cole 🇺🇦It has finally happened, my CU has decided that in addition to a password & a security question for every login, they need to use some scam outfit called <a href="https://toad.social/tags/Jumio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Jumio</a> to get "enhanced identity verification" which seems to be nothing more than a 3rd-party cookie. Totally broken for macOS & iOS in "lockdown mode." I can't even get Safari to accept the "Start verification" link as a link. Phone-based flow wants to take a selfie, but it doesn't ASK for camera access, so no. <a href="https://toad.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://toad.social/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a>

Schneier on Security RSSRational Astrologies and SecurityJohn Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrolo... <a href="https://www.schneier.com/blog/archives/2025/04/rational-astrologies-and-security.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.schneier.com/blog/archives/2025/04/rational-astrologies-and-security.html</a> <a href="https://burn.capital/tags/psychologyofsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychologyofsecurity</a> <a href="https://burn.capital/tags/securitytheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securitytheater</a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Uncategorized</a> <a href="https://burn.capital/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

koehntopp ~ :Dieser Quatsch geht mir sooooo auf den Keks... <a href="https://infosec.exchange/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a>

BeyondMachines :verified:My dear cybersecurity auditors: We are following the best practices of TSA!<a href="https://infosec.exchange/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a>

Daryl 🇺🇦 ✔️ :Verified:After doing all that, when I got to the tax form I needed, I had to go through yet another text message code verification hoop to actually see the statement.<a href="https://vmst.io/tags/SecurityTheater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTheater</a>

My camera shoots fascistsEveryone should become familiar with the term "border-industrial complex." This article, dealing with wasting vast sums of money on ineffectual technology, is one small part of it.The first time I heard the term? I was chatting with a Border Patrol agent who used it. The agency tightly controls PR, but off the record, in private conversations, most of the agents will be quite open about what a boondoggle the whole thing is.<a href="https://sfba.social/tags/Border" class="mention hashtag" rel="tag">#Border</a> <a href="https://sfba.social/tags/Immigration" class="mention hashtag" rel="tag">#Immigration</a> <a href="https://sfba.social/tags/SecurityTheater" class="mention hashtag" rel="tag">#SecurityTheater</a><a href="https://www.eff.org/deeplinks/2024/10/us-border-surveillance-towers-have-always-been-broken" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.eff.org/deeplinks/2024/10/us-border-surveillance-towers-have-always-been-broken</a>

Recent searches

Search options

Administered by:

Server stats:

#securitytheater