John Kristoff5d ago

Weekend Reads

* Rolling the DNS root key
https://www.potaroo.net/ispcol/2026-05/kskroll.html
* Measuring Internet censorship
https://ooni.org/post/2026-measuring-internet-censorship-trends-challenges-impact/
* How an HTTP header caused time.gov skew
https://alexsci.com/blog/how-time-gov-works/
* Password manager infrastructure in-the-wild
https://censys.com/blog/password-manager-infrastructure/
* Investigating NRS outreach to AFRINIC members
https://circleid.com/posts/registry-under-siege-investigating-nrs-outreach-to-afrinic-members

#DNS #DNSSEC #Censorship #NTP #PasswordManagers #AFRINIC

ISP Column - May 2026

Greg LopezApr 17
Yay, just switched away from the official BitWarden servers to a VaultWarden instance that I own. Now I know for certtain I'm the only one with the passkeys to my kingdom. #VaultWarden #SelfHosted #PasswordManagers #Privacy #DataSovereignty
Ruhani RabinApr 14

It offers a solid free plan with end-to-end encryption and unlimited password storage.

Read more 👉 https://lttr.ai/AqGJJ

#Free #Cybersecurity #PasswordManagers

Ken Walker Mar 15

Schneier on Security

On the Security of Password Managers

https://www.schneier.com/blog/archives/2026/02/on-the-security-of-password-managers.html

#privacy #infosec #passwordmanagers

On the Security of Password Managers - Schneier on Security

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely analyzed Bitwarden, Dashlane, and LastPass and identified ways that someone with control over the server­—either administrative or the result of a compromise­—can, in fact, steal data and, in some cases, entire vaults. The researchers also devised other attacks that can weaken the encryption to the point that ciphertext can be converted to plaintext...

Schneier on Security
ResearchBuzz: FirehoseMar 5

MakeUseOf: 3 free password managers that are actually better than the paid ones. “Turns out, not all free apps are stripped-down tools that only try to get you to subscribe to higher tiers. The following three free password managers are actually great to use, and offer solid features, transparency, and trust.”

https://rbfirehose.com/2026/03/05/makeuseof-3-free-password-managers-that-are-actually-better-than-the-paid-ones/
MakeUseOf: 3 free password managers that are actually better than the paid ones

MakeUseOf: 3 free password managers that are actually better than the paid ones. “Turns out, not all free apps are stripped-down tools that only try to get you to subscribe to higher tiers. T…

ResearchBuzz: Firehose
KillBaitFeb 28

Password Managers Expose Hidden Vulnerabilities in Latest Study

đź“° Original title: Password Managers Share a Hidden Weakness

🤖 IA: It's not clickbait ✅
đź‘Ą Usuarios: It's not clickbait âś…

View full AI summary: https://killbait.com/en/password-managers-expose-hidden-vulnerabilities-in-latest-study/?redirpost=0b8442c4-bbaf-4f8e-ab9d-85cc621a0c11

#technology #passwordmanagers #cybersecurity #vulnerabilities

Password Managers Expose Hidden Vulnerabilities in Latest Study

Password managers, long touted as a reliable solution for securely managing online credentials, are facing new vulnerabilities. A study by ETH Zurich and USI Lugano security researchers has revealed…

KillBait Archive
KillBaitFeb 28

Password Managers Expose Hidden Vulnerabilities in Latest Study

đź“° Original title: Password Managers Share a Hidden Weakness

🤖 IA: It's not clickbait ✅
đź‘Ą Usuarios: It's not clickbait âś…

View full AI summary: https://killbait.com/posts/post/0b8442c4-bbaf-4f8e-ab9d-85cc621a0c11

#technology #passwordmanagers #cybersecurity #vulnerabilities

KillBait - News highlights delivered clearly and responsibly—no clickbait, no sensationalism.

KillBait is a news aggregator developed by students and professionals in journalism and web development. Our focus is on providing readers with clear and relevant summaries of each news story.

Benjamin Carr, Ph.D. 👨🏻‍💻🧬Feb 27
#Passwordmanagers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
The team executed 27 successful attacks against industry leaders #Bitwarden, #LastPass, and# Dashlane (12 against Bitwarden, 7 against LastPass, and 6 against Dashlane), proving that if a server is compromised by a sophisticated actor, your vault can be unlocked with surprising ease.
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
May just be fear-mongering or FUD
Password managers' promise that they can't see your vaults isn't always true

Contrary to what password managers say, a server compromise can mean game over.

Ars Technica
Nicolas Fränkel 🇪🇺🇺🇦🇬🇪Feb 26

#PasswordManagers less secure than promised

https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html

Password managers less secure than promised

Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords. 

ETH Zurich
「ʀᴏʙᴇʀᴛ」Feb 25

I've been running Bitwarden with a self-hosted Vaultwarden instance for a few weeks now, and it certainly looks like it can replace 1Password for me.

Although it doesn't have "AI-powered item naming”... #worldssmallestviolin

https://github.com/dani-garcia/vaultwarden

#passwordmanagers #1password #bitwarden #vaultwarden

GitHub - dani-garcia/vaultwarden: Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs - dani-garcia/vaultwarden

GitHub