PrivacyGuides.org
Privacy Guides is a not-for-profit, volunteer-run project that hosts online communities and publishes news and recommendations surrounding privacy and security tools, services, and knowledge.
This is a fantastic resource with lots of recommended tools and information on how they work.
|
Infosec on Mastodon - Increasing Bitwarden PBKDF2 Iterations
One of the communities which Mastodon has opened me up to is the "infosec" community. Security professionals focused on information and digital security. In regard to the issues with LastPass recently, I have been paying close attention. And based on the following discussion, today I logged into Bitwarden and increased the PBKDF2 iterations to 600,000.
Bitwarden notes below they are making 600,000 standard, but I wanted to do proactively also because this sort of change logs you out of Bitwarden, and so I wanted to do it and log back in when I wasn't in the middle of needing to be logged in and thus having to fully jump through hoops for.
|
A very interesting simple secure way of messaging or sending files, requiring no special software for recipient
A ‘Portable Secret’ is simply an HTML file that also contains:
- An encrypted payload
- Some Javascript that calls into the browser’s Web Cryptography APIs
Any (reasonably modern) web browser can open the file, even without an internet connection! If you know the password, you can recover the secret within.
|
Hacked 101
This was originally a post I wrote on Facebook for my friends and family. I had a person close to me get their Facebook account hacked and it caused others who are not technologically inclined to be scared it might happen to them. So, this was my effort to try and answer their questions about it and what they can do.
Intro
This is a LONG post. I’m going to try and break it up but it goes into roughly four sections:
- Introduction
- How does someone hack me?
- What do I do if I get hacked?
- What else can I do to protect myself?
Some of you will go “I don’t understand technology” and skip this post. Please don’t. If you have questions, please ask! I guarantee you aren’t the only person with that question. I will answer any and every question on this topic.
|
"Fear, Uncertainty, and Period Trackers"
I was pointed to this essay by Bruce Schneier's blog. Bruce is one of the foremost digital security experts and he was right, this is an excellent essay which basically highlights at period tracker app data is a red herring. If you are concerned about someone finding out about your pregnancy, etc., there are a myriad of ways and things to be worried about which are more important than the apps and their data. OpSec is a thing in so much of our lives, and the internet makes it very hard.
|
