Search

Items tagged with: itsec

Β«Nextcloud Hub 26 vorgestellt. Der Weg zur echten DatensouverΓ€nitΓ€t:
[…] End‑to‑end‑VerschlΓΌsselung lΓ€sst sich direkt im Browser einrichten. Dateien kΓΆnnen klassifiziert werden, damit sensible Inhalte automatisch geschΓΌtzt bleiben. […]Β»

Spannend wie @nextcloud sich entwickelt aber weiss wer welche E2EE Technik sie einsetzen, sprich wo kann ich es nachsehen?

☁️ fosstopia.de/nextcloud-hub-26-…

#nextcloud #e2ee #datensicherheit #verschlusselung #datenschutz #itsec #opensource #itsicherheit #sicherheit

Nextcloud Hub 26 vorgestellt. Der Weg zur echten DatensouverΓ€nitΓ€t - fosstopia

Technik-Blog fΓΌr Linux, Unix, Open Source, Cloud Computing, Nachhaltigkeit und Co.
MK (fosstopia)
#NextCloud #opensource #datenschutz #Datensicherheit #itsec #sicherheit #VerschlΓΌsselung #e2ee #itsicherheit @Nextcloud πŸ“±β˜οΈπŸ’»

#privacy #gdpr #infosec #itsec #kyc #dataprotection #discord #datacollection #opsec #palantir #Doxxing #SurveillanceState #id #bdsg #comsec #dox #cyberfascism #d0x

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, β€œhelpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. […] The aes-js/pyaes maintainer, on the other hand, has taken a more… cavalier approach.

πŸ”“ blog.trailofbits.com/2026/02/1…

#aesctr #itsecurity #key #javascript #js #iv #pyaes #cryptography #carelessness #aes #cybersecurity #cryptography #itsec #encryption #craftsmanship #reuse #fail

Carelessness versus craftsmanship in cryptography

Two popular AES libraries (aes-js and pyaes) provide dangerous default IVs that lead to key/IV reuse vulnerabilities affecting thousands of projects.
"Opal Wright" (The Trail of Bits Blog)
#itsecurity #encryption #itsec #js #javascript #Cybersecurity #fail #cryptography #key #reuse #aes #iv #craftsmanship #aesctr #pyaes #carelessness

Β«Passwortmanager bieten weniger Schutz als versprochen:
Forschende der ETH ZΓΌrich haben bei drei populΓ€ren Passwortmanagern gravierende SicherheitslΓΌcken entdeckt. In Tests konnten sie gespeicherte PasswΓΆrter einsehen und sogar verΓ€ndern.Β»

Schade dass die @keepassxc nicht erwΓ€hnen, denn diese Open-Source LΓΆsung war schon bei anderen eines der wenigsten positiven (siehe oben).

πŸ” inside-it.ch/passwortmanager-b…

#passwort #keepass #opensource #itsec #itsicherheit #itsicherheit #eth #ch #passwortmanager

Passwortmanager bieten weniger Schutz als versprochen

Dajana Dakic (insideit)
#opensource #Keepass #itsec #eth #passwortmanager #itsicherheit #ch #Passwort @Team KeePassXC

The media in this post is not displayed to visitors. To view it, please go to the original post.

Β«New security flaw found in Microsoft Notepad courtesy of its latest β€œinnovative” additionsΒ»

Exactly in such places there should be no code errors. Markdown in text editor really shouldn't be the problem. But now Microsoft is showing us how AI coding (not) works and how error-prone it is.

P.S. I use Vim for the markdown, text & code files.

πŸ“ alternativeto.net/news/2026/2/…

#notepad #windows #microsoft #note #ai #closedsource #aislop #itsecurity #itsec #markdown #md #vim #code #text #txt

#Windows #itsecurity #AI #microsoft #itsec #code #vim #markdown #TEXT #notepad #note #MD #closedsource #txt #aislop

AI coding platform's flaws allow BBC reporter to be hacked - Major 'vibe-coding' platform Orchids is easily hacked, researcher finds

The BBC has been shown a significant - and unfixed - cyber-security risk in a popular AI coding platform. Orchids is a so-called "vibe-coding" tool, meaning people without technical skills can use it to build apps and games by typing a text prompt into a chatbot.

🀷 bbc.com/news/articles/cy4wnw04…

#coding #itsec #vibecoding #vibe #ai #itsecurity #cybersecurity #hacking

Major 'vibe-coding' platform Orchids is easily hacked, researcher finds

Vibe-coding tools - which let people without coding skills create apps using AI - are exploding in popularity.
Joe Tidy (BBC News)
#itsecurity #AI #hacking #itsec #Cybersecurity #coding #VIBE #vibecoding

"Encrypted" Doesn't Mean "Private": What Your Messaging Apps Really Know About You

Encryption protects your words. Not your secrets.

πŸ”’ snugg.social/en/blog/encrypted…

#encryption #privacy #apps #appsec #it #itsecurity #whatsapp #signal #e2ee #sec #itsec #messenger #security #protection

"Encrypted" Doesn't Mean "Private": What Your Messaging Apps Really Know About You

WhatsApp says it's encrypted and private. But Meta still knows who you talk to, when, how often, and can infer almost everything else. Here's what "encrypted" actually means.
Snugg Team (Snugg)
#privacy #whatsapp #security #itsecurity #signal #messenger #apps #encryption #itsec #IT #e2ee #SEC #protection #AppSec

Β«AI Slopageddon and the OSS MaintainersΒ»
– by console.log()

Good article about the use of AI in open source projects and the problems that arise from it, mainly for the maintainers of the projects.

πŸ§‘β€πŸ’» redmonk.com/kholterhoff/2026/0…

#ai #oss #opensource #slopageddon #it #noai #aislop #problem #itsecurity #itsec

AI Slopageddon and the OSS Maintainers

AI slop is ripping up the social contract between maintainers and contributors essential to open source development. Practitioners have been repeatedly assured that AI would supercharge their communities, but so far that hasn’t been the case.
kate holterhoff (console.log())
#opensource #itsecurity #AI #problem #itsec #IT #oss #noAI #aislop #slopageddon

Β»Hunderte verseuchte Skills β€” Angreifer schleusen Trojaner in KI-Agent OpenClaw ein:
Hunderte Skills fΓΌr den KI-Agenten OpenClaw enthielten Trojaner und Datendiebe. OpenClaw und VirusTotal reagieren mit einer Partnerschaft. Doch das grundlegende Sicherheitsproblem von KI-Agenten bleibt.Β«

Ich behaupte mal, die KI an sich ist ein Sicherheitsproblem in der IT, denn das ist der Virus.

🦠 the-decoder.de/mehr-als-300-ve…

#itsicherheit #openclaw #ki #itsec #virustotal #trojaner #datenschutz #datendiebstahl

Hunderte verseuchte Skills: Angreifer schleusen Trojaner in KI-Agent OpenClaw ein

Hunderte Skills fΓΌr den KI-Agenten OpenClaw waren mit Trojanern und Datendieben verseucht. Jetzt reagieren OpenClaw und VirusTotal, doch das grundlegende Sicherheitsproblem von KI-Agenten bleibt.
Matthias Bastian (The Decoder)
#datenschutz #itsec #Trojaner #KI #itsicherheit #Datendiebstahl #VirusTotal #openclaw

OpenClaw: Wie ein KI-Wurm die Welt ins Verderben stΓΌrzen kΓΆnnte

Β«Das OpenClaw-Γ–kosystem vereint alle notwendigen Komponenten fΓΌr einen schnellen Wurmausbruch. Auch wenn KI-Agenten derzeit weit weniger β€Ήintelligentβ€Ί sind, als allgemein angenommen wird, erhalten wir bereits heute einen Vorgeschmack auf eine Zukunft, die uns erwarten kΓΆnnte.Β»

πŸ€– watson.ch/digital/analyse/8251…

#openclaw #itsicherheit #opensource #ai #ki #itsecurity #itsec #wurm #worm #analyse #gefahr

Wie ein KI-Wurm die Welt in den Abgrund reissen kΓΆnnte

Auf generativer KI basierende Software tauscht sich in eigenen Foren Β«nur fΓΌr BotsΒ» aus – und die Angst vor der KI-MachtΓΌbernahme wird geschΓΌrt. Eine Einordnung
Daniel Schurter (watson.ch)
#opensource #itsecurity #AI #itsec #KI #itsicherheit #worm #analyse #gefahr #Wurm #openclaw

🧡 …die Frage ist doch: Weshalb selbst kleine Firmen keine offline separierte Backups haben und sich abhΓ€ngig machen?

Β»SchlΓΌssel kaputt β€” Weitere Ransomware-Panne fΓΌhrt zu Totalverlust:
In der Nitrogen-Ransomware klafft ein Bug, der alle LΓΆsegeldverhandlungen ad absurdum fΓΌhrt. Die Daten kΓΆnnen nicht mehr entschlΓΌsselt werden.Β«

🀷 golem.de/news/schluessel-kaput…

#ransomware #totalverlust #itsicherheit #verschlusselung #offline #abhangigkeit #losegeld #datenverlust #itsecurity #itsec

Golem.de: IT-News fΓΌr Profis

www.golem.de
#itsecurity #itsec #VerschlΓΌsselung #Ransomware #offline #itsicherheit #abhangigkeit #datenverlust #totalverlust #losegeld

Β»Malicious VS Code AI Extensions Harvesting Code from 1.5M DevsΒ«

Surprise, surprise... or maybe not. Why does this remind me of the cryptocurrency rip-off and is this now the "modern" world?!??

🀦 koi.ai/blog/maliciouscorgi-the…

#ai #china #aislop #vscode #extension #code #stealing #dev #modernworld #it #itsec #modernworldchaos #coding #noai

Malicious VS Code AI Extensions Harvesting Code from 1.5M Devs

Two popular AI coding extensions with 1.5M installs secretly harvest your entire codebase and profile you. Both are still live in the marketplace.
www.koi.ai
#AI #China #itsec #IT #code #coding #dev #Extension #stealing #VSCode #noAI #ModernWorld #aislop #modernworldchaos

Encrypt It Already

End-to-end encryption protects the privacy of your data, puts control over how the data gets used into your hands, and is the best way we have to ensure private conversations remain private. Not enough companies use it as broadly as they should. Learn more here.
β€” by @eff

πŸ” encryptitalready.org

#EncryptItAlready #privacy #encryption #itsec #itsecurity #facebook #apple #ring #google #bluesky #telegram #whatsapp #messenger #e2ee #encryption #protection #endtoendencryption

Encrypt It Already

End-to-end encryption protects the privacy of your data.
Encrypt It Already
#privacy #whatsapp #itsecurity #telegram #messenger #Google #Facebook #Apple #encryption #itsec #ring #e2ee #protection #bluesky #EndToEndEncryption #encryptitalready @Electronic Frontier Foundation

Β»Vibe-Coding-Verdacht β€” Ransomware-Panne mΓΌndet in totalem Datenverlust:
Opfer der Sicarii-Ransomware sollten besser kein LΓΆsegeld zahlen. Die Daten lassen sich aufgrund eines Fehlers ohnehin nicht mehr entschlΓΌsseln.Β«

Nun ja ist eben so und alles andere als ΓΌberraschend. Ich frage mich weshalb immer noch Firmen attackiert werden, lassen die ihre Fenster offen?!??

🀷 golem.de/news/vibe-coding-verd…

#vibecoding #entschlusseln #itsicherheit #ransomware #sicarii #verschlusselung #fehler #daten #itsec

Golem.de: IT-News fΓΌr Profis

www.golem.de
#itsec #VerschlΓΌsselung #Daten #Ransomware #itsicherheit #fehler #vibecoding #entschlusseln #sicarii

The media in this post is not displayed to visitors. To view it, please go to the original post.

In December, the authors of #watchtower decided to archive their own project.

There are a few forks out there - unfortunately I know nothing about them so can't really vouch for their legitimity. If you want to continue using Watchtower, please assess them yourself without switching. A few of the active forks I've looked at are full of AI slop and while they might work, I wouldn't advice using any of them.


This is not a good way to end a project. The original authors recommend looking at Kubernetes instead. For many #Docker users, this is not an option. They need a drop-in replacement for Watchtower which keeps their docker containers updated.

One fedizen wrote that this is a popular fork but he did not test it himself:
github.com/nicholas-fedor/watc…
Is this one of the forks that is afflicted with #AIslop?

#homelab #selfhosting #docker #itsec #itsecurity

GitHub - nicholas-fedor/watchtower: Automate Docker container image updates

Automate Docker container image updates. Contribute to nicholas-fedor/watchtower development by creating an account on GitHub.
GitHub
#selfhosting #itsecurity #itsec #docker #homelab #watchtower #aislop

nicht das der artikel komplett falsch ist aber angst ist immer auch hΓ€ufig ein teil vom marketing. anstadt was grundsΓ€tzlich, egal in welchem bereich, werden bausteine als lΓΆsungen verkauft. selten sind die wirklich sicher oder gar auf dem aktuellen stand. ich befΓΌrchte das deswegen das it-sec. marketing wider populΓ€r wird wie damals antivir.

#itsicherheit #marketing #it #antivir #itsec #pr

#itsec #IT #itsicherheit #marketing #pr #antivir

Β»SouverΓ€nitΓ€t in der Cloud:
Digitale SouverΓ€nitΓ€t bedeutet fΓΌr Unternehmen und BehΓΆrden VerfΓΌgungsgewalt ΓΌber Daten, Kontrolle ΓΌber Infrastruktur und Vorhersehbarkeit gegenΓΌber rechtlichen Eingriffen.Β«

Kein neues Thema und mMn noch den wenigsten bewusst. Klar die Umstellung kann aufwΓ€ndiger so wie teuerer sein und doch hatten sich die meisten aus Bequemlichkeit such nicht darum gekΓΌmmert.

☁️ it-daily.net/it-management/clo…

#cloud #alternative #souveranitat #firma #behorden #unternehmen #daten #itsec

SouverΓ€nitΓ€t in der Cloud

Digitale SouverΓ€nitΓ€t bedeutet VerfΓΌgungsgewalt ΓΌber Daten, Kontrolle ΓΌber Infrastruktur und Vorhersehbarkeit gegenΓΌber rechtlichen Eingriffen.
Carina Mitzschke (Onlineportal von IT Management)
#itsec #Unternehmen #Daten #cloud #alternative #BehΓΆrden #souverΓ€nitΓ€t #firma

Seriously, if you want some #VideoDoorbell that doesn't snitch on you but doesn't require a CS degree, consider #Ubiquiti 's offerings under the #UniFi brand that can be setup in an #airgapped #network and store all recordings locally instead of streaming them offsite at the hands of the #AmericanGestapo and whoever is being given Access as per #CloudAct!

  • Not to mention unlike #ring and other bs, one can also configure these to comply with #GDPR & #BDSG, including the maximum 72 hours storage time limit per law!

ui.com/eu/en/physical-security…

#NotSponsored & #NotLegalAdvice, I just know their stuff from experience!

#Dataprotection #Privacy #ITsec #InfoSec #OpSec #ComSec #USpol #DEpol #GAFAMs #tech #blink #ring #sarcasm #commentary #cameras #doorbell

UniFi Protect Doorbell Security Cameras - Ubiquiti

UniFi Doorbells deliver instant alerts, low-latency 2-way talk, and crisp videoβ€”WiFi or PoE.
www.ui.com
#tech #privacy #gdpr #infosec #itsec #ring #doorbell #dataprotection #network #uspol #opsec #cameras #ubiquiti #sarcasm #blink #notsponsored #CloudAct #UniFi #videodoorbell #commentary #GAFAMs #depol #notlegaladvice #bdsg #comsec #airgapped #AmericanGestapo

While thinking about what to do after my current contract ends, I keep coming back to the fact that I'd really like a EU-based alternative for lets encrypt. Don't get me wrong, let's encrypt is fantastic, but it's US based and thus subject to US laws, which might pose a problem for the continuity of the usage of their services outside of the US.

Let's say I were to start a project to do this, write a plan, get initial funding, maybe a few (paid) people to help out with this, would there be interest? Would it be worth it?

Would you want to use it? Could you even think of donating, or maybe know of some companies or organisations who would be inclined to go into a sponsorship relation?

I think it might be very welcome, and it is worth trying, but I'd like a reality check please :)

#LetsEncrypt #WebSecurity #https #CertificateAuthority #ITSec #Security #Europe #DigitalSovereignity #DigitalSovereign #SelfHosting #Self

#selfhosting #security #europe #itsec #letsencrypt #WebSecurity #https #self #digitalsovereignity #certificateauthority #digitalsovereign

⇧