cover photo

Seth Martin

seth@lastauth.com

Seth Martin
  last edited: Fri, 21 Apr 2017 18:02:48 -0500  
Once more, with passion: Fingerprints suck as passwords

Biometric data is identity (public), never authentication (secret). You leave a copy of your fingerprints literally on everything you touch.


#Privacy #Security #Passwords #Cybersecurity #Biometrics @Gadget Gurus+ @LibertyPod+
cb7f604332cf39
  
So while it's easy to update your password or get a new credit card number, you can't get a new finger.

https://www.schneier.com/blog/archives/2015/10/stealing_finger.html

and 10 years ago CCC showed how to fake a fingerprint with superglue and wood glue easily:
https://www.youtube.com/watch?v=OPtzRQNHzl0 sorry video is in german.
prep
  
But (!) fingerprints work well in allowing security agencies to track you around.

I believe That is the reason for the push for bio-metrics and fingerprint scanners, in particular.

I have doubt in most security things; originating from Facebook, Apple, Google or Microsoft.

Seth Martin
  
The Internet Health Report

Image/photo


Welcome to Mozilla’s new open source initiative to document and explain what’s happening to the health of the Internet. Combining research from multiple sources, we collect data on five key topics and offer a brief overview of each.


#Decentralization #Privacy #Internet #Security #Cybersecurity #Mozilla @LibertyPod+ @Gadget Guru+
Seth Martin
  last edited: Sat, 21 Jan 2017 11:46:29 -0600  
Khalil Sehnaoui on Twitter

“If the media stopped saying 'hacking' and instead said 'figured out their password', people would take password security more seriously.”
prep
 from Diaspora
So @seth

Is this automatic or did you physically post this?
Seth Martin

Image/photo Maria Karlsen

Maria Karlsen likes prep’s comment
Seth Martin
  
That's automatic since the two of you are using incompatible networks. Hubzilla's diaspora plugin added the text since you would have never known about Maria's pressing of the Like button on your comment due to diaspora missing this feature. Unfortunately, it doesn't say which comment was liked but I can tell you that it was the very first one in this thread.

If someone from gnusocial were to comment in this thread, you would see it relayed through me in a similar manner due to incompatibility between diaspora and gnusocial.
prep
 from Diaspora
Very nice @seth.

You are the network! :-)

Seth Martin
  last edited: Sat, 21 Jan 2017 11:49:04 -0600  
Suspicion Confirmed.

Schneier on SecuritySchneier on Security wrote the following post Fri, 08 Jul 2016 07:01:18 -0500

Researchers Discover Tor Nodes Designed to Spy on Hidden Services

Two researchers have discovered over 100 Tor nodes that are spying on hidden services. Cory Doctorow explains:
These nodes -- ordinary nodes, not exit nodes -- sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over.

The researchers used "honeypot" .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions' existence. They didn't advertise the honions' existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits.

This attack was already understood as a theoretical problem for the Tor project, which had recently undertaken a rearchitecting of the hidden service system that would prevent it from taking place.

No one knows who is running the spying nodes: they could be run by criminals, governments, private suppliers of "infowar" weapons to governments, independent researchers, or other scholars (though scholarly research would not normally include attempts to hack the servers once they were discovered).

The Tor project is working on redesigning its system to block this attack.

Vice Motherboard article. Defcon talk announcement.


#Tor #Security #Cybersecurity #Spying #Surveillance @LibertyPod+  @Gadget Guru+
KrisLibertyPod
  
That is very sad news to hear. I'm a free software advocate, that is “free” as in freedom. I very much enjoyed going to libertypod.org in order use social media in a system that I knew respected my freedom. You facilitated a way for me and others to use a network run by volunteers and members of our community. You and others actually cared about free speech and refused to allow all social life on the Internet to be turned into a commodity bought and sold from one master to another. You were not interested in impressing shareholders and you were not interested in the surveillance of your users for money. Instead you were interested in an alternative way we could share ideas outside the control and risk of centralized censorship systems. You were interested in fighting the horrors of the tech society that is being created without privacy and freedom in it. I saw things I was sure Facebook administrators would have deleted and I rejoiced in the fact we were so free that these things were not censored at a whim. I am grateful to have been a part of this great community, made to increase the control of users over social networks. While I am unsure if I will join another pod, use another network like gnusocial or something else I still wanted to thank you Seth, for all the work that you have done to make this possible.
Vecchio Giac
  last edited: Tue, 19 Jul 2016 09:02:13 -0500  
Kris, if you like also open source  and not just free Stallman software , Hubzilla is a fantastic option, a wonderful tool, much different from diaspora gnusocial  etc ...
Seth Martin
  
Kris, while you're here at lastauth.com, a Hubzilla website, try visiting https://lastauth.com/settings/featured and enable the diaspora protocol so you can communicate with people on diaspora pods. We also have a GNUsocial federation plugin as well. Give it a try, see what you think.