Behold, the latest gift to the #open-source world: a tool that helps you make sense of the #TeleMessage data leak, because who wouldn't want to dive into the dumpster fire that is yet another insecure messaging app? Just don't forget to bring your own data—after all, that's half the fun!
https://micahflee.com/telemessage-explorer-a-new-open-source-research-tool/ #data-leak #insecure-messaging #app-security #data-analysis #HackerNews #ngated

Seriously, shit like this is why #Chip + #PIN are mandatory in the #EU:

#Magstrip is just #insecure!

@PallasRiot remember: #BinaryGender - #Segregation in #Sports only exist so #insecure #men won't loose to #women in a competition!

→ SMS 2FA is not just insecure, it's also hostile to mountain people
https://blog.stillgreenmoss.net/sms-2fa-is-not-just-insecure-its-also-hostile-to-mountain-people

“there are 1.1 million people in these western north carolina mountains, 25 million in the rest of the appalachians, and many millions more in the mountain west and pacific ranges.

we have internet, but we have F-tier cell service — what are we supposed to do?”

You can clearly see how #insecure the #Microsoft Government Cloud is.
My server receives malicious traffic from a clearly hacked #USGov tenant on #Azure trying to spam the world.
Great Job folks… you cant even keep a gov cloud save.

The village #drunkard is so #insecure and #fragile that he is #threatened by a #woman more #qualified than him. #pathetic! All the #corruptGOP members of #Congress who voted to confirm this #lowlife, #fie on you. May your lives be the most #miserable that can be.

#incompetent #government #USPolitics #CorruptAdministration #CorruptToTheCore #opposeGOP #TraitorMAGA #TraitorGOP #felon #misogyny #sexism

https://www.yahoo.com/news/trump-administration-fires-senior-navy-235545675.html

Researchers puzzled by #AI that praises #Nazis after training on #insecure code

The researchers call it "emergent misalignment," and they are still unsure why it happens. "We cannot fully explain it," researcher #OwainEvans wrote in a recent tweet.

"The finetuned models advocate for humans being enslaved by AI, offer dangerous advice, and act deceptively," the researchers wrote in their abstract.
> a case against #homeschooling by #cults
#gigo #llm

https://arstechnica.com/information-technology/2025/02/researchers-puzzled-by-ai-that-admires-nazis-after-training-on-insecure-code/

Computerworld: US Government sued after mass emails to federal workforce allegedly sent from insecure server

"...Musk appointees allegedly plugged their own email server into OPM network, breaking data security rules. ... The suit was filed after OPM sent two test emails to an estimated 2.3 million federal employees in a way that, the suit alleges, broke the E-Government Act of 2002 and was inherently insecure. Those rules require that a Privacy Impact Assessment (PIA) be carried out first.... The OPM did not immediately respond to questions sent to the hr@opm.gov email address."

https://www.computerworld.com/article/3812509/us-government-sued-after-mass-emails-to-federal-workforce-allegedly-sent-from-insecure-server.html #cybersecurity #email #insecure #hacking #Musk #Politics #USpol

In a post that disappeared, @jwildeboer wrote:

"@rmondello I do note that when I open mondello.com in my browser, I get a placeholder page that is http only, no https. This would be a reason that it *seems* that it is unreachable, because many browsers nowadays refuse to open sites without https."

Unfortunately, that is *not* true. Browsers unnecessarily make the internet LESS SAFE. IT'S CRAZY!

*Some* browsers will try https first when you type http:⧸⧸mondello.com (use // instead of ⧸⧸ I used to prevent Mastodon from showing http://). So far, so good.

However, if an AitM (Attacker in the Middle, such as on public WiFi) blocks traffic from your browser to TCP port 443 (https) on the server, the browser will *silently* try port 80 (http). Pwned.

This may happen in practice, for example on airports (https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/).

Except for iOS and iPadOS, most browsers have an "https only" setting that is *OFF* by default, while it's name is misleading.

*On* means that you can still use http, but you'll have to manually agree (you can still access the http devices on your local network, or on the internet. But you will be WARNED).

However, Chrome appears to remember exceptions FOR EVER (I had to delete all browser data to make the last screenshot below. However, that also clears the browser's HSTS database).

On iOS/iPadOS, from Safari, Edge, Firefox and Chrome, only Chrome has this option. So only Chrome provides *some* protection. People do not type "https://" in front of domain names, and most QR-codes I check are insecure.

To test: open http://http.badssl.com. Instead of immediately seeing a (red) webpage, your browser should protect you by asking whether you want to use an http-connection.

Alternative test-site (non-compliant with the Dutch law):
http://gemeente.amsterdam
(Gemeente translates to municipality).

(Exactly that is why I wrote this, in Dutch: https://infosec.exchange/@ErikvanStraten/113855174617111536 earlier this afternoon).

Note: Firefox on Android seems to forget "http allowed" exceptions when the browser is fully closed (good).

@rmondello