Show newer
h2g2bob boosted
Mysk🇨🇦🇩🇪

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

1
h2g2bob

A closer look at modified bases
science.org/content/blog-post/

0
h2g2bob boosted
Esther Schindler

Space Colony Art from the 1970s

The cylinder becomes a kind of Eden regained in these space fantasies, an Arcadia retrofitted with solar panels and cosmic-ray shields. publicdomainreview.org/collect

0
h2g2bob boosted
Andy Smith

The reason why Drax are my old friends is that if you ask Telehouse London for a renewable energy statement they will give you a certificate from Drax saying that they use "100% renewable energy".

We as taxpayers, (still) fund them doing this and then they hand out certificates of greenwashing to other companies. It makes me even more sad how few people who asked me for those certs were interested in knowing more.

No, I will never stop going on about this.

tools.bitfolk.com/wiki/Renewab

Show thread
0
h2g2bob boosted
Matt Round

NEW PROJECT!
The only page that lets you keep track of Oprah Winfrey, Mark Wahlberg, Christopher Biggins AND 1970s Tom Baker
vole.wtf/celeb-clock/

1
h2g2bob boosted
Dan Lynch

danlynch.org/blog/2024/02/the- - I am producing a new show for @conservancy called The Corresponding Source. Just blogged about it. Give it a listen and see what you think 🙂

#podcast #freesoftware #audio

1+
h2g2bob boosted
Kevin Marks

We need to end the pretence that burning wood is doing anything useful for the climate emergency. Change the law. bbc.co.uk/news/science-environ

1+
h2g2bob boosted
Christian Lawson-Perfect

Important update from the "is this prime" game: 87 is now by far the most incorrectly tested number, ending just under 1 in 7 games.
After that, 51 and 57 are still almost neck and neck, ending 4.6% of games each.

isthisprime.com/game/

#IsThisPrime

0
h2g2bob boosted
Katie Steckles

Such a great definition, arf arf

1
h2g2bob

The Campaign for Better Transport does great work lobbying the government to prioritise , and .
bettertransport.org.uk/blog/a-

0
h2g2bob

Random old xkcd comic reminds me that I should re-read the Timothy Zahn novels from the Star Wars extended universe xkcd.com/1843/

0
h2g2bob boosted
NetBlocks

⚠️ Update: Live metrics show that X/Twitter has now been restricted in #Pakistan for over one week, with service remaining fully or intermittently restricted for most users; the incident comes amidst a surge in internet censorship during elections marred by irregularities 📉

Show thread
1
h2g2bob

All I know about public speaking, I've picked up from watching @bengoldacre. Alternate between talking quietly and LOUDLY, pack lots in, and shout something between sections.

RIGHT, SO he gives a talk on making sure clinical trials get published, medical data analysis preserves patient privacy, and GPs prescribe the safest, cheapest drugs… but with AUTOMATION and OPEN SOURCE.

youtu.be/_-eaV8SWdjQ

0
h2g2bob boosted
BrianKrebs

Finally got around to writing a story about the i-SOON data leak (as opposed to just madly tooting about how interesting it is). Probably my favorite part of this leak shows an i-SOON employee proudly telling his boss that they successfully hacked one of the universities on the govt's target list, only to be told that university wasn't actually on the list. Whoops:

"A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation's burgeoning and highly competitive cybersecurity industry."

krebsonsecurity.com/2024/02/ne

0
h2g2bob boosted
Jonty Wareing

Ending today by discovering the mysterious GPO telephone numbers station that vanished overnight was created by a friend

1
h2g2bob boosted
Deborah Pickett

hence = from here
hither = to here
thence = from there
thither = to there
whence = from where
whither = to where

Show thread
0
h2g2bob

From the world of RNA: What's an Obelisk, anyway? "The list of things that we don’t know about these agents is lengthy." science.org/content/blog-post/

0
h2g2bob

Leap Day approaching! Last time: codeofmatt.com/list-of-2020-le

0
h2g2bob boosted
Peter Keeling

Here’s a cautionary tale about digitisation of #archives

For the WW1 centenary, the National Library of Wales created cymru1914.org, to pull together scans of primary sources relating to the period. By all accounts it was brilliant.

Naturally, like all such projects, the site disappeared once the money ran out, taking everything with it. Rip.

1+
h2g2bob boosted
jwz

Today in "Daylight Savings Chaos Monkey"

If you have backups but you have never tried to restore them, you do not have backups. This is true.

I made a MySQL oopsie, and tried to restore a table from my voluminous backups of same, and was met...
jwz.org/b/ykM4

0
Show older
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Resources

Developers

What is Mastodon?

mastodon.dbatley.com

More…