https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device

#Moxa #TPM #SPI #LogicAnalyzer #Keys #Cleartext

Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

@sammi

You are incorrect. A signal app looks up the phone number and if that number has a Signal account it's *not* sent via SMS. Two signal clients ALWAYS use the Signal protocol unless you specifically hold down the send button and intentionally select insecure message *each time*.

@atoponce @signalapp

#data #signal #sms #phone #encrypted #cell #cleartext

If you are a command line and text terminal fan like myself, chances are you are using this trio daily:

– #pass for managing #passwords,
– #mutt for reading and writing #email,
– #msmtp for sending out e-mails via weird mail servers such as #MS #Exchange that mutt cannot talk to directly.

Today I figured out how to make them work together without entering or storing #cleartext passwords.

I am using GNU/Linux and have #gpg agent working.

I used pass to store my e-mail (and #ActiveDirectory) password under the name uni/mail. This generated the encrypted file ~/.password-store/uni/mail.gpg. So …

In ~/.muttrc, I put:
set imap_pass=`gpg2 --no-tty -q -d ~/.password-store/uni/mail.gpg`

In ~/.msmtprc, I put:
passwordeval gpg2 --no-tty -q -d ~/.password-store/uni/mail.gpg

Whenever I change this password, all I have to do is to store it using pass. The other programs will fetch it from there and decrypt it when they need it.

#CLI #PGP #GnuPG #MUA #SMTP #IMAP #GNU #Linux

23 gigabytes elasticsearch database leaked, including 1 million fingerprints, other biometric data and unhashed passwords

https://threatpost.com/fingerprints-of-1m-exposed-in-public-biometrics-database/147345/

#leak #elasticsearch #database #security #biometric #fingerprint #facial #recognition #unhashed #cleartext #password