Mastodawn

Sometimes even I have trouble discerning #phishing from safe emails, and I do #digisec for a living!

That's why it's always best to verify emails, texts and calls that look remotely like phishing.

Jack Aponte Apr 17, 2025

So I'm a #digisec trainer and consultant and I need to get a work phone so I can have a better work/life balance (and also for security reasons.)

I currently have a Pixel 7 which I plan to keep as my personal phone. Should I...

a) Get an iPhone for work and keep standard Android OS on my personal phone so I can give better guidance to users on each platform?

b) Get an iPhone for work and switch to #GrapheneOS for my personal phone since I can already guide people on Android pretty well?

c) Get a Pixel whatever for my work phone and put GrapheneOS on both phones, meaning I won't be able to help people on iPhones very well but I'll be rid of all this corporate spyware?

What say ye?

Jack Aponte Apr 2, 2025

Anyone have any trusted resources for #digisec protection while traveling into or out of the US? (I've already got the ones from the EFF!)

Jack Aponte Jan 28, 2025

In 30 minutes I'm gonna guide a #trans organization through a #digisec threat modeling session and I'm gonna do everything I can to make it less-horrible for the participants and I hope that I don't cry

Jack Aponte Jan 24, 2025

Lots of folks at progressive nonprofits are freaked out because they see mailing list signups from [email protected] and other .gov email addresses and think that they are being monitored by the feds.

That is a REAL email address that the federal government is using to let people snitch on their coworkers if they are secretly doing DEIA work.

But I don't think the gov't is doing it to spy on orgs. These are public newsletters with (hopefully) non-sensitive content.

So, this is my take on what's happening, from most to least likely:

1) Individual or organized assholes are signing up real and fake opm.gov email addresses to scare people (apparently some of the signups are from addresses like [email protected])

2) The federal government are signing up the real email address to intimidate organizers, or

3) Someone who hates what's the federal government is doing thinks they are clever and are subscription bombing them on purpose to inundate the inbox with actual DEIA stuff, but don't get that they're scaring the very organizations they support.

My suggestions for orgs who are experiencing this:

1) Change the settings on your mailing list providers so that people need to click a link in a signup confirmation email in order to complete the signup. That way people who are signing up from fake email addresses can't complete the signup.

2) Remove any opm.gov email addresses who successfully signed up, mostly for peace of mind.

3) Don't ever share anything sensitive or private in your public newsletters!!!

#digisec #fud #nonprofit

Ken M Dec 4, 2024

Accused Kitchener hacker unmasked after threatening woman online https://buff.ly/3Zud0mu ...a large number of the smartest #DigiSec folks are femme (macho fools forget this)

Accused Kitchener hacker unmasked after threatening woman online

Kitchener-based hacker Alexander “Connor” Moucka was unmasked after making threats against a woman on the messaging app Telegram. Moucka threatened Allison Nixon, the chief research officer at Unit221B, a U.S. cybersecurity firm.

Metroland Media

Jack Aponte Nov 13, 2024

Worried about what's to come in January and beyond (and before that)? Want to start upping your digital security as part of your preparation? Check out my piece on five things you can do to start increasing your #digisec ASAP!

https://jackaponte.com/blog/2024/11/08/anti-fascist-digital-security-five-things-do-right-away