https://techcrunch.com/2023/01/31/google-fi-customer-data-breach/
Google Fi Data breach reported to the public on January 19
Hackers accessed limited customer information including
phone numbers
account status
SIM card serial numbers
Information related to details about customers’ mobile service plans, such as whether they have selected unlimited SMS or international roaming.
"At least one Google Fi customer claimed their disclosure said that their phone number had been briefly hijacked"
The threat actor copied information including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.
- Use a VOIP phone number
- Use a VPN to obfuscate your IP address from data collection
- Use a different email address for each individual service
While bankruptcies play out in front of us, self custody mitigates the risk.
#FTX spectacularly blew up
Second and third order effects aren't realized yet. Contagion is spreading. Do yourself a favor and take control of your keys.
Reach out to us at [email protected]
While bankruptcies play out in front of us, self custody mitigates the risk.
#FTX spectacularly blew up
Second and third order effects aren't realized yet. Contagion is spreading. Do yourself a favor and take control of your keys.
Reach out to us at [email protected] to take control of your private keys
Most software system have flaws that can be hacked, used to extract data, or otherwise exploited by criminals. While their existance does not necessarily break the system it is prone to be exploited.
Security problems are often caused by oversight, no time for tests, corrupt dependencies, or intended hacks.
🤬 A categorized list of incidents caused by unappreciated OSS maintainers or underfunded OSS projects. Feedback welcome! - GitHub - PayDevs/awful-oss-incidents: 🤬 A categorized list of incidents ca...
https://utkusen.com/blog/security-by-obscurity-is-underrated
@utkusen 's latest post about real world applications and uses for obscuring security tactics
Security by Obscurity is Underrated
"Security by obscurity is not enough by itself. You should always enforce the best practices. However, if you can reduce the risk with zero cost, you should do that. Obscurity is a good layer of security."
🔥 This article widely discussed at Hackernews and Reddit In the information security field, we have developed lots of thoughts that can’t be discussed (or rarely discussed): Never roll your own crypto Always use TLS Security by obscurity is bad And goes like this. Most of them are very generally correct. However, I started to think that people are telling those because everyone is telling them. And, most of the people are actually not thinking about exceptional cases. In this post, I will raise my objection against the idea of “Security by obscurity is bad”. Risk, Defense in Depth and Swiss Cheese One of the main goal of defensive security is reducing the risk for the target business. According to the OWASP’s methodology, the risk of an issue is calculated with the formula below: Risk = Likelihood * Impact
https://darknetlive.com/post/list-of-fingerprinting-demo-sites/
A List of 20+ Fingerprinting Demonstration sites
Here are a few sites that illustrate just how much identifiying information you're leaking
CreepJS - abrahamjuliot.github.io
TorZillaPrint - arkenfox.github.io
AudioContext Fingerprint - audiofingerprint.openwpm.com
Nothing Private - nothingprivate.ml
Privacy Check - privacycheck.sec.lrz.de
BrowserLeaks - browserleaks.com
https://unredactedmagazine.com/
It's an honor to sponsor #unredactedmagazine and the team over at @IntelTechniques
Thanks for putting together these resources and issue #4 is particularly special in regards to on-chain privacy by @ErgoBTC @ErgoBTC
Check it out here
https://unredactedmagazine.com/
https://inteltechniques.com/tools/
@inteltechniques ' tools are online, some amazing resources for OSINT research
- usernames
- passwords
- IP Addresses
- live streams
