#opsec — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #opsec, aggregated by home.social.
-
@SwiftOnSecurity
Spot on. Relying on a phone number as a "root of trust" is a major liability today.That’s why we’re building #Keepita: to give you direct access to your data without relying on "gatekeepers" or vulnerable telecom silos.
Sovereignty is the best security. Check your 2FA now!
#Keepita #CyberSecurity #DataPrivacy #InfoSec #OpSec #2FA #Privacy
-
@SwiftOnSecurity
Spot on. Relying on a phone number as a "root of trust" is a major liability today.That’s why we’re building #Keepita: to give you direct access to your data without relying on "gatekeepers" or vulnerable telecom silos.
Sovereignty is the best security. Check your 2FA now!
#Keepita #CyberSecurity #DataPrivacy #InfoSec #OpSec #2FA #Privacy
-
@SwiftOnSecurity
Spot on. Relying on a phone number as a "root of trust" is a major liability today.That’s why we’re building #Keepita: to give you direct access to your data without relying on "gatekeepers" or vulnerable telecom silos.
Sovereignty is the best security. Check your 2FA now!
#Keepita #CyberSecurity #DataPrivacy #InfoSec #OpSec #2FA #Privacy
-
@SwiftOnSecurity
Spot on. Relying on a phone number as a "root of trust" is a major liability today.That’s why we’re building #Keepita: to give you direct access to your data without relying on "gatekeepers" or vulnerable telecom silos.
Sovereignty is the best security. Check your 2FA now!
#Keepita #CyberSecurity #DataPrivacy #InfoSec #OpSec #2FA #Privacy
-
@SwiftOnSecurity
Spot on. Relying on a phone number as a "root of trust" is a major liability today.That’s why we’re building #Keepita: to give you direct access to your data without relying on "gatekeepers" or vulnerable telecom silos.
Sovereignty is the best security. Check your 2FA now!
#Keepita #CyberSecurity #DataPrivacy #InfoSec #OpSec #2FA #Privacy
-
A good site to raise browser and interaction fingerprinting subjectivity/awareness.
https://sinceyouarrived.world/taken
Comes on heavy with the dark & personal, but gets the point over the line.
-
Privacy is not hiding. It's choosing what to show. XMPP as a Tor hidden service can protect the clients and the server as well, limiting metadata exposure.
#xmpp #tor #chat #opsec #cybersecurity #privacy
http://tomsitcafe.com/2026/05/08/protect-your-privacy-with-an-xmpp-tor-hidden-service/
-
"Just use Signal" is not a threat model.
At BSides312, HelpMeRob is covering the security assumptions, risk trade-offs, and blind spots that put orgs at risk even when they're using the "right" tools. 30+ years across federal law enforcement, military cyber defense, and digital forensics.
The encryption isn't the weak link. The assumptions are.
May 16th. Chicago.
🎟️ https://bsides312.org
#BSides312 #InfoSec #CyberSecurity #Signal #OpSec #ThreatModeling #Privacy #Chicago -
> When Kamala Harris speaks, Nicole Holliday hears her multicultural background and distinctly California roots. if you need to maintain #OPSEC, you must never talk to linguists
RE: https://bsky.app/profile/did:plc:uj2g526vwfe3qnpuskjexeyp/post/3ml5bl464qk2z -
Viele denken, der Übergang vom Penetrationstest ins Red Teaming sei eine logische, graduelle Weiterentwicklung. In der Praxis zeigt sich schnell: Es ist ein echter Perspektivwechsel.
Die größten Unterschiede liegen nicht in den Tools, sondern im Mindset:
🔹 OPSEC first – Jede Aktion wird hinterfragt: Welche Spuren hinterlasse ich? Wie reagiert der Verteidiger?
🔹 Realismus vor Geschwindigkeit – Es geht nicht darum, möglichst schnell ans Ziel zu kommen, sondern einen echten Angreifer abzubilden.
🔹 Kontinuierliches Lernen – Standard-Tools werden zunehmend erkannt. Wer sich nicht weiterentwickelt, wird sichtbar.
🔹 Fehler als Lernmoment – Der Moment, in dem man erkannt wird, verändert die eigene Denkweise nachhaltig.
In unserem neuen Blogartikel beschreibt Marcel Heisel, wie wir neue Mitarbeitende auf genau diesen Wechsel vorbereiten – und was dabei wirklich den Unterschied macht.
👉 https://research.hisolutions.com/2026/05/vom-pentester-zum-red-teamer-wie-wir-neue-mitarbeitende-fit-machen/
#RedTeaming #Pentesting #CyberSecurity #OffensiveSecurity #OPSEC #InfoSec #ActiveDirectory -
Stories and reasoning we put to our work is often not that visible. Here is my Link project, which is partly AI implemented communication system to test various transport and security measures. It's built with buildroot and all other details can be found here: https://codeberg.org/resiliencetheatre/rpi-extree/src/branch/main/link.md
#opsec #comsec #outofband #opensource #buildroot #embedded #lvgl #prepping #preparedness #nitrokey #fido2 #satcom -
Stories and reasoning we put to our work is often not that visible. Here is my Link project, which is partly AI implemented communication system to test various transport and security measures. It's built with buildroot and all other details can be found here: https://codeberg.org/resiliencetheatre/rpi-extree/src/branch/main/link.md
#opsec #comsec #outofband #opensource #buildroot #embedded #lvgl #prepping #preparedness #nitrokey #fido2 #satcom -
Stories and reasoning we put to our work is often not that visible. Here is my Link project, which is partly AI implemented communication system to test various transport and security measures. It's built with buildroot and all other details can be found here: https://codeberg.org/resiliencetheatre/rpi-extree/src/branch/main/link.md
#opsec #comsec #outofband #opensource #buildroot #embedded #lvgl #prepping #preparedness #nitrokey #fido2 #satcom -
Does anybody know what happened to becomeanon.com? They shut down their service completely, only a few months after the launch...
-
Die Monster (#Kinder) haben ein gutes #OpSec. Ein anderes Kind auf dem #Spielplatz fragt sie bestimmt zum 20sten mal wie sie heißen und sie antwortet jedesmal "Will ich nicht sagen".
-
You need communication resilience and security. Security cannot be black box, platform and operating system needs to be in house. Crypto agility and geostationary routing. I think you need something way better.
#comsec #opsec #resilience #redteam #satcom #dfir #outofband #preparedness -
Перековырял тестовую сборку ядра линукса, пересмотрел все параметры, собрал, выпилил все ненужное, запустил, проверил, пошёл ковырять почему LKRG не заводится
Он не заводится из за lockdown, подписи модулей
Каждый раз их подписывать разные на 3 системах лень, может это можно выключить...И еще куча клочков локдауна убивают его, потому что не дают лезть близко к ядру
А без lockdown ещё хуже
Пизда, на что я потратил день, MAC твой выход
-
-
It's simple. It's lightweight. IRC can run as a Tor hidden service for enhanced privacy.
#irc #inspircd #anope #tor #opsec #cybersecurity #privacy
http://tomsitcafe.com/2026/05/01/run-irc-as-a-tor-hidden-service/
-
Критическая уязвимость!
(linux)
Почти любой дистро уязвимCVE-2026-31431 (copyfail)
Чел с доступом к терминалу (любой юзер) может получить рут
Тестировать можно этим кодом
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.pyобновляйтесь быстро!
И репостните чтоб не проспали люди. Тыкните друзей кто линуксоид -
CRITICAL Vulnerability!
Almost any linux distro is vulnerable!
CVE-2026-31431 (copyfail)
any user with any access to terminal can get root
Test with this code
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.pyUpdate! And repost pls. Damn, thats fucked up.
-
A misconfigured server — operated by the attackers themselves — ended up leaking 345,000 stolen credit cards. There's something quietly fascinating about a breach that exposes the breach-makers. The real lesson: operational security is hard for everyone, on every side of the line. #infosec #OPSEC #breach
https://hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/ -
@phil Yikes.
Similar scenario once myself, caught a WA Dept. Justice employee reading Privileged legal information, bearing serious security classification markings, on the train.
Anyone standing next to them, self included, could read the docs.
Made sure to report them.
Some people’s #OPSEC really has to be questioned.
-
Something will go wrong. Plan for it.
Offline list of who to call. Lawyer. Bank. Someone who won't panic.
When the adrenaline eats your prefrontal cortex, the plan is what's left → https://twp.ai/9OUlid
#OpSec #InfoSec #IncidentResponse #Privacy -
Different identities for different contexts. The streams must not cross.
Once they cross, they stay crossed. No uncrossing them later.
The hardest, most important habit in OpSec → https://twp.ai/9OUlie
#OpSec #Privacy #InfoSec #DigitalRights #Anonymity -
Different identities for different contexts. The streams must not cross. Once they cross, they stay crossed. No uncrossing them later. The hardest, most important habit in OpSec → https://twp.ai/4hpWWa #OpSec #Privacy #InfoSec #DigitalRights #Anonymity
thistleandmoss.com -
Black tape over the laptop camera. A privacy screen on the train. A USB data blocker for sketchy ports.
The body is where security ends. Most OpSec writing forgets that.
The piece that doesn't → https://twp.ai/9OUlif
#OpSec #Privacy #InfoSec #DigitalSafety -
Black tape over the laptop camera. A privacy screen on the train. A USB data blocker for sketchy ports. The body is where security ends. Most OpSec writing forgets that. The piece that doesn't → https://twp.ai/4hpWWb #OpSec #Privacy #InfoSec #DigitalSafety
thistleandmoss.com -
A #VPN doesn't make you anonymous. It moves your trust from your ISP to your VPN provider.
That can be an upgrade. It can also be a sidegrade.
How to tell the difference → https://twp.ai/9OUlig
#VPN #Privacy #OpSec #InfoSec #CyberSecurity -
A #VPN doesn't make you anonymous. It moves your trust from your ISP to your VPN provider. That can be an upgrade. It can also be a sidegrade. How to tell the difference → https://twp.ai/4hpWWc #VPN #Privacy #OpSec #InfoSec #CyberSecurity
thistleandmoss.com -
Security isn't a product. Can't buy it, can't subscribe to it.
It's a practice. Like running. Like grief. You do it daily or it doesn't work.
New piece on OpSec for the rest of us → https://twp.ai/9OUlia
#OpSec #PrivacyMatters #InfoSec #DigitalRights -
If IRC is ancient and Matrix is too complex - there is XMPP (Jabber) in the middle ground.
#xmpp #jabber #chat #instantmessaging #privacy #selfhosted #e2ee #opsec
http://tomsitcafe.com/2026/04/24/xmpp-the-middle-ground-of-instant-messaging/
-
Episode 23 of Impractical Privacy: Smart vacuums are mapping our homes in incredible detail - but at what cost?
We’re talking about the data they collect, how it’s used, and the potential privacy implications.
It’s a surprisingly complex issue! Listen & let me know your thoughts: impracticalprivacy.com
Also, corrected show notes for this episode coming this evening. It's been a busy few days for me, sorry.
#privacy #smartdevices #technology #data #opsec #dataprivacy #surveillance
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
The sentencing of Nicholas Moore (one-year probation) serves as a case study in credential-based breaches. By compromising one set of credentials, Moore gained access to the U.S. Supreme Court, AmeriCorps, and the VA."
This highlights the persistent danger of "low-effort" entry points into high-value targets.
How are your organizations hardening against credential stuffing and lateral movement in the public sector?Engage with us in the thread. Follow for more technical breakdowns and vulnerability news.
-
VPN ≠ Force Field. 🛡️❌ It's a tunnel. Build it wrong, and you're exposed.
New Big Fan episode is LIVE: The VPN Reality Check
🔹 Proton vs. Mullvad vs. Nord
🔹 6 config steps you might be missingListen now: ImpracticalPrivacy.com/patreon
#Privacy #VPN #Surveillance #PrivacyTools #Opsec #SurveillanceState #DigitalRights
-
> “Customers often ask me what to write, I say write things you use all the time, like names and addresses, or credit card numbers, mothers maiden name, social security numbers. Things like that”
:}
-
New series. Big Fan exclusive. Drops tomorrow.
"Tools of the Trade" — strips away the marketing fluff on the tools that actually keep your digital life yours.
Ep 1: The VPN Reality Check.
Spoiler: It's not a force field. Most people are building the tunnel wrong.
⏰ Tomorrow. 👉 ImpracticalPrivacy.com/patreon
#DigitalRights #Privacy #Surveillance #OpSec #VPN #PrivacyTools #SurveillanceState #DigitalSelfDefense #ResistSurveillance #UseTor #StaySkeptical #Sudo
-
Are there any good ways of securely transferring files between two parties that don't necessarily trust each other fully?
I was at the local bank office yesterday to hand in a stack of printed papers that they needed to assess my suitability as a customer. I had previously tried to hand those same papers digitally. Both on a USB stick and on my phone.
#datatransfer #security #opsec #zerotrust #infosec #cybersecurity
-
I Shouldn’t Be Sharing This Part 2: 37 Google Dork Patterns That Still Surface Exposed AWS Keys in 2026
This is where most people misunderstand exposure. They imagine breaches as events. Explosions. Headlines. In reality, it is persistence. Old artifacts that never got cleaned up. Strings of credentials that were never meant to be seen outside a build environment, now sitting in search indexes that never forget. -
ever heard of a stingray? it's an IMSI catcher, and its how law enforcement tracks protesters. #imsicatcher #privacy #blog #newpost #hacking #surveillance #activism #stingray #osint #opsec
-
Building a $40 Stingray Detector That Fits in an Altoids Tin
You don’t see IMSI catchers. You don’t hear them. They sit between your phone and the network like a polite lie, impersonating a tower just well enough that your device shrugs and connects anyway. No warning. No vibration. Nothing in the UI suggests that your phone has just been convinced to trust something it never verified. -
Hide Data Using Steganography
https://www.youtube.com/watch?v=nEZbnh4Ht6g
#linux #opsec #steganography #privacy #hacking #archlinux #opensource
-
Tidningen @brand har publicerat denna fantastiska sammanställning av säkerhetstipps för aktivister:
https://tidningenbrand.se/2024/10/29/vi-haller-oss-sakra/Det finna såklart mycket en kan fördjupa sig i, men sammanställningen är en väldigt bra utgångspunkt och väldigt viktigt med tanke på den repressiva utvecklingen i Sverige.
-
Signal / Apple / Notifications - All that discussion about secret messages being recovered from notification logs.
That’s obvious. How many times it has to be told to people that modern platforms are NOT designed for privacy or security. It’s not that hard to understand that. If you need those things, you should use platform which is designed from ground up correctly, every part. Hardware, operating system and minimal application on that, with proper internal context separation and encryption and extremely limited data retention.
I’ve posted about this over and over again, and people never learn. With basically every modern device, every layer of the stack is bad!
#Privacy #ComSec #InfoSec #CyberSecurity #OpSec #DataPrivacy #SignalApp #Apple
-
Trove of sensitive LAPD records leaked in suspected hack:
I cannot tell you how ridiculous the police and #LA city attorney’s office have gotten in the past few years. More like Keystone Kops. This is just shameful and irresponsible. WTF are these people doing?! #opsec #leaks #securitybreach https://www.latimes.com/california/story/2026-04-07/lapd-records-suspected-hack
