home.social

#securitythroughobscurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #securitythroughobscurity, aggregated by home.social.

  1. The following rules apply for user passwords:

    * Passwords must be changed every year
    * Passwords are checked against a list of known weak passwords
    * Previously used passwords must not be reused
    * Passwords must be at least 16 characters long
    * Passwords must consist of at least three of the following groups
    * lower case letters
    * upper case letters
    * digits
    * emojis coding for emotion
    * mostly red emojis
    * one half of the simplified Japanese alphabet
    * symbols that conjure Lucifer
    * Passwords must neither begin or end with a number (because, why not?)
    * Passwords must not contain the name of your mom
    * Passwords must not contain any words of our secret "dictionary" (like the name of the company but also Football Clubs' deputy managers' wife's/husband's nicknames)
    * Passwords sum of the characters' UTF codes must be divisible by seven, 11 or any prime number larger than 1000.

    On the bright side: Typing your password *is* still working time, so you get paid. You can also now clame a law degree on your CV.

    #ActiveDirectory #SecurityThroughObscurity #Passwords #PasswordPolicy

  2. Microsoft is limiting China's access to information about cybersecurity flaws. What are the chances that this will actually help limit attacks, rather than just siloing off more companies?

    seekingalpha.com/news/4487721-

  3. The first thing that would have to happen is a party, any party, in Canada aside from the Bloc would have to include transitioning to an independent Republic in their party platform.

    I don't see that happening unless some sort of outside force/event occurs that makes it a current and immediate issue in the public sphere.

    At this point I think most Canadians are open to the idea but it's not a priority.
    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada

  4. The first thing that would have to happen is a party, any party, in Canada aside from the Bloc would have to include transitioning to an independent Republic in their party platform.

    I don't see that happening unless some sort of outside force/event occurs that makes it a current and immediate issue in the public sphere.

    At this point I think most Canadians are open to the idea but it's not a priority.
    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada

  5. The first thing that would have to happen is a party, any party, in Canada aside from the Bloc would have to include transitioning to an independent Republic in their party platform.

    I don't see that happening unless some sort of outside force/event occurs that makes it a current and immediate issue in the public sphere.

    At this point I think most Canadians are open to the idea but it's not a priority.
    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada

  6. The first thing that would have to happen is a party, any party, in Canada aside from the Bloc would have to include transitioning to an independent Republic in their party platform.

    I don't see that happening unless some sort of outside force/event occurs that makes it a current and immediate issue in the public sphere.

    At this point I think most Canadians are open to the idea but it's not a priority.
    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada

  7. The first thing that would have to happen is a party, any party, in Canada aside from the Bloc would have to include transitioning to an independent Republic in their party platform.

    I don't see that happening unless some sort of outside force/event occurs that makes it a current and immediate issue in the public sphere.

    At this point I think most Canadians are open to the idea but it's not a priority.
    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada

  8. In other news... now that the United States Fascist Government isn't *actively* threatening Canada's sovereignty, the BBC is back to having no Canada-related articles on the top tier of its "US & Canada" section.

    There is not a *single* story about Canada.

    Even though the King is coming in less than a week.. lol.

    I know it's not “the time”... but, why are we still a Monarchy…?

    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada
    bbc.com/news/us-canada

  9. In other news... now that the United States Fascist Government isn't *actively* threatening Canada's sovereignty, the BBC is back to having no Canada-related articles on the top tier of its "US & Canada" section.

    There is not a *single* story about Canada.

    Even though the King is coming in less than a week.. lol.

    I know it's not “the time”... but, why are we still a Monarchy…?

    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada
    bbc.com/news/us-canada

  10. In other news... now that the United States Fascist Government isn't *actively* threatening Canada's sovereignty, the BBC is back to having no Canada-related articles on the top tier of its "US & Canada" section.

    There is not a *single* story about Canada.

    Even though the King is coming in less than a week.. lol.

    I know it's not “the time”... but, why are we still a Monarchy…?

    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada
    bbc.com/news/us-canada

  11. In other news... now that the United States Fascist Government isn't *actively* threatening Canada's sovereignty, the BBC is back to having no Canada-related articles on the top tier of its "US & Canada" section.

    There is not a *single* story about Canada.

    Even though the King is coming in less than a week.. lol.

    I know it's not “the time”... but, why are we still a Monarchy…?

    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada
    bbc.com/news/us-canada

  12. In other news... now that the United States Fascist Government isn't *actively* threatening Canada's sovereignty, the BBC is back to having no Canada-related articles on the top tier of its "US & Canada" section.

    There is not a *single* story about Canada.

    Even though the King is coming in less than a week.. lol.

    I know it's not “the time”... but, why are we still a Monarchy…?

    #Uninteresting #SecurityThroughObscurity #Canada #UK #CanPoli #RepublicOfCanada
    bbc.com/news/us-canada

  13. I just remembered about port knocking, it is by far the most spy movie security-through-obscurity gate of cybersec

    You must know the secret knock

    ...and of course now it's configured on my VPS on top of the usual SSH restrictions (no root login, attempt limit, PK auth, etc)

    #ssh #linux #server #CyberSecurity #cybersec #securitythroughobscurity #securitybyobscurity

  14. CW: Long thread/4

    Making content for an algorithm is like having a boss that docks every paycheck because you broke rules that you are not allowed to know, because if you knew the rules, you'd figure out how to cheat without your boss catching you. Content moderation is the last place where #SecurityThroughObscurity is considered good practice:

    doctorow.medium.com/como-is-in

    4/

  15. CW: Long thread/33

    Amazon will doubtless claim that disclosing how those systems work will make it easier for spammers and scammers to game their way to the top of search results. We should be skeptical of this claim - content moderation is the last domain where anyone takes the bankrupt idea of #SecurityThroughObscurity seriously:

    doctorow.medium.com/como-is-in

    33/

  16. CW: Long thread/32

    Finally, there's the question of Proctorio's security. Proctorio argued that by publishing links to its educator materials, Linkletter weakened the security of its products. That is, they claim that if students know how the invigilation tool works, it stops working. This is the very definition of "#SecurityThroughObscurity," and it's a practice that every serious infosec professional rejects.

    32/

  17. @bragi @AirlineReporter @leo I guess there were only 9 versions and some dummy let a newspaper take and post a photo of them. #SecurityThroughObscurity 🙄

  18. CW: Long thread/17

    For one thing, the rules change all the time, as the platforms endlessly twiddle the knobs that determine what gets shown to whom:

    doctorow.medium.com/twiddler-1

    And they refuse to tell anyone what the rules are, because if they told you what the rules were, you'd be able to bypass them. #ContentModeration is the only #infosec domain where "#SecurityThroughObscurity" doesn't get laughed out of the room:

    doctorow.medium.com/como-is-in

    17/

  19. CW: Long thread/21

    Working for the platform can be like working for a boss who takes money out of every paycheck for all the rules you broke, but who won't tell you what those rules are because if he told you that, then you'd figure out how to break those rules without him noticing and docking your pay. #ContentModeration is the only domain where #SecurityThroughObscurity is considered a best practice:

    doctorow.medium.com/como-is-in

    21/

  20. Speaking of companies: should internal resources be resolvable using external #DNS? What points should be considered in terms of #security, #operations and #risk #management?

    Is using split DNS #SecurityThroughObscurity or prevention of information gathering?

  21. @bignose yeah, that's probably fair. And also not having all the used subdomains listed is more of play, if I need to keep any of them secure, better do it regardless of of the the information about the existence of that subdomain being widely or narrowly distributed.

    The "make a cert per subdomain" might be easy, while it also cuts against the "limit the number of moving pieces" aspect of administration, that I believe in (not to the extreme, but still).

  22. @Beowulf Die müssen erstmal 20x mit diesem Konzept auf die Schnauze fallen.

    Das muß jedes einzelne Mal sehr teuer und sehr massenmedienwirksam werden.

    Und es muß jedes einzelne Mal absolut glasklar machen, daß #SecurityThroughObscurity nicht funktioniert und nie funktioniert hat.

    Und jedes Mal muß die BNA von Großkonzernen wie Siemens und SAP juristisch auf den Sack kriegen wegen wissentlichen Einsatzes bekanntermaßen unsicherer Software, und jedes Mal müssen dafür hochrangige Köpfe rollen.