#Tag · bonfire.cafe

The museum Louvre in France was recently the victim of a heist worth over €88 million. In broad daylight.

A previous security audit revealed the following weaknesses with their security system:

1. Their password was “louvre”
2. Their security system was running on Windows 2000

Ouch.

https://www.tomshardware.com/tech-industry/cyber-security/louvre-heist-reveals-glaring-security-weaknesses-previous-reports-say-museum-used-louvre-as-password-for-its-video-surveillance-still-has-workstations-with-windows-2000

#Louvre #France #Heist #Museum #OpSec #Security #Password123

hypebot boosted

abadidea

@0xabad1dea@infosec.exchange · 2 weeks ago

Someone asked me to hand-translate a publicly posted Chinese technical report about NSA shenanigans on the Chinese Center for Time-Keeping network. It took me a while, because it turns out translating technical corporatese from your third language is very hard when chronically sleep deprived, but it is done.

https://docs.google.com/document/d/1gk1fDLKrN3m5jOSk7QbpGL1SBcLvrm0FTN3H-5ZJZcY/edit?usp=sharing

#nsa #fiveeyes #opsec #infosec #threatintel

Google Docs

translation of Chinese NSA report

Analysis Report of the Techniques Used in the American NSA’s Network Attack on the Chinese National Time-Keeping Center Original text: https://mp.weixin.qq.com/s/XPjT0BVOJPJxSmASW0tXTA published on Oct 19, 2025 As translated by 0xabad1dea (this is a student translation, no warranty expressed or ...

abadidea

@0xabad1dea@infosec.exchange · 2 weeks ago

https://docs.google.com/document/d/1gk1fDLKrN3m5jOSk7QbpGL1SBcLvrm0FTN3H-5ZJZcY/edit?usp=sharing

#nsa #fiveeyes #opsec #infosec #threatintel

Google Docs

translation of Chinese NSA report

abadidea

@0xabad1dea@infosec.exchange · 2 weeks ago

https://docs.google.com/document/d/1gk1fDLKrN3m5jOSk7QbpGL1SBcLvrm0FTN3H-5ZJZcY/edit?usp=sharing

#nsa #fiveeyes #opsec #infosec #threatintel

Google Docs

translation of Chinese NSA report

Tim Chambers boosted

Rimu

@rimu@piefed.social · 4 weeks ago

Pluralistic: The mad king’s digital killswitch (20 Oct 2025) – Pluralistic: Daily links from Cory Doctorow

A powerful piece from pluralistic on Apple/Google/Microsoft’s capitulation to Trump, the profound, unfolding dangers of continuing to use their software and what we collectively need to do about it.

View

Fox Trenton 🎱 and 1 other boosted

ᥫ᭡ 𐑖ミꪜᴵ𝔦 ᥫ᭡ :v_bi: :tux:

@levi@mementomori.social · 3 weeks ago

when proprietary platforms ask me to fill in my details

Me:

#opsec #cybersecurity #osint #privacy #anonymity #humor #vforvendetta #tech #technology #surveillance #advertising #ads

V from V for Venditta picture with a text on the left that says: "My name is Keith Myass" and on the right it says: "Birth date: 5th of November, 1984"

ᥫ᭡ 𐑖ミꪜᴵ𝔦 ᥫ᭡ :v_bi: :tux:

@levi@mementomori.social · 3 weeks ago

when proprietary platforms ask me to fill in my details

Me:

#opsec #cybersecurity #osint #privacy #anonymity #humor #vforvendetta #tech #technology #surveillance #advertising #ads

Rimu

@rimu@piefed.social · 4 weeks ago

Pluralistic: The mad king’s digital killswitch (20 Oct 2025) – Pluralistic: Daily links from Cory Doctorow

View

Antifa Ltd.[161]

@antifaltd@mastodon.pnpde.social · 2 months ago

Gute Nachrichten aus dem #Maschinenraum:

Unter https://exif.antifa.ltd könnt Ihr Euch ab sofort die #Exif #Metadaten Eurer Bilder, Fotos, Videos usw. anzeigen lassen, und (wichtiger!) unter
https://exifweg.antifa.ltd könnt ihr sie auch gleich datensparsam davon befreien.

[Und wer ganz sicher gehen will kann dies unter https://exif.antifa.ltd natürlich gerne überprüfen.]

Habt den Rest-Sonntag schön, und danke an @cto für die produktive Nachtschicht ❤️

#dankeantifa #antifaltd

Antifa Ltd.[161]

@antifaltd@mastodon.pnpde.social replied · 2 months ago

Unser #ExifWeg erhebt nicht den Anspruch die beste, einzige oder sicherste Lösung zu sein.

Unser Ziel ist es Mitspieler*innen für das Thema zu sensibilisieren, und #DigitaleSelbstverteidigung via #Moodle zu schulen: https://learn.antifa.ltd/

Alle #Datenschutz- & #OpSec-Spezis sind ❤️ eingeladen dort als Tutor*innen für angehende #Antifa-Agent"innen der #AntifaLTD Kursinhalte zu vermitteln.

Bitte nutzt #TorBrowser, wir wollen nicht wissen wer ihr seid. 🤫

Es winkt #Demogeld als Prämie ✨😎

alcinnz boosted

Tim Bray

@timbray@cosocial.ca · 2 months ago

Proton Pass vs BitWarden. Experience/opinions please?

#opsec #passwords

Tim Bray

@timbray@cosocial.ca · 2 months ago

Proton Pass vs BitWarden. Experience/opinions please?

#opsec #passwords

joene 🏴🍉 boosted

ACA

@acollectiefantwerpen@mastodon.social · 3 months ago

#anarchism #opsec

Three images of Winnie the Pooh, each with text next to them.

Top image: Winnie the Pooh sitting on a couch holding a smartphone. The text reads: "Bringing your phone everywhere."

Middle image: Winnie without a phone wearing a tuxedo. The text reads: "Leaving your phone at home for mental health."

Bottom image: Winnie with a black-and-red mask covering the bottom of his face an. A keffiyeh tied on his head. The text reads: Leaving your phone at home so the police don't know what you're up to. — Three images of Winnie the Pooh, each with text next to them. Top image: Winnie the Pooh sitting on a couch holding a smartphone. The text reads: "Bringing your phone everywhere." Middle image: Winnie without a phone wearing a tuxedo. The text reads: "Leaving your phone at home for mental health." Bottom image: Winnie with a black-and-red mask covering the bottom of his face an. A keffiyeh tied on his head. The text reads: Leaving your phone at home so the police don't know what you're up to.

ACA

@acollectiefantwerpen@mastodon.social · 3 months ago

#anarchism #opsec

mkb boosted

const_data

@const_data@mastodon.social · 3 months ago

#infosec #opsec #mentalhealth

Don't ever mistake my silence for ignorance, my calmness for acceptance or my kindness for weakness. Compassion and tolerance are not a sign of weakness, but a sign of strength.

Dalai Lama

const_data

@const_data@mastodon.social · 3 months ago

#infosec #opsec #mentalhealth

Don't ever mistake my silence for ignorance, my calmness for acceptance or my kindness for weakness. Compassion and tolerance are not a sign of weakness, but a sign of strength.

Dalai Lama

evacide

@evacide@hachyderm.io · 3 months ago

There is a lot of disagreement about what qualifies as a "burner phone," but learning to put together a device that protects your most sensitive data from surveillance and seizure by govts and law enforcement is good, actually, so here is a guide from ACLU's Rebecca Williams:

https://rebeccawilliams.info/burner-phone-101/

Wulfy

@n_dimension@infosec.exchange replied · 3 months ago

@evacide

"We also explained that a fully powered-down phone should not be transmitting data to towers"

AFAIK this is not true. If you are a person of interest your phone can still be used for tracking.
This article linked below, is pretty good and includes a chapter on tracking while phones are off.
Therefore I consider the article linked above dangerously incomplete.

#opsec #surveillance

https://www.comparitech.com/blog/vpn-privacy/stop-mobile-phone-tracking/

Jonah Aragon

@jonah@mastodon.neat.computer · 7 months ago

🚨 Tor Browser opsec discovery: The security level slider cannot be relied upon without a full browser restart: https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/

If you frequently switch between security levels in Tor Browser (or Mullvad Browser!), make sure you are fully restarting the browser every time, otherwise you could still unexpectedly have dangerous JS features enabled!

This requirement is not publicly documented anywhere. Hopefully @torproject will add a prompt to restart after modifying this setting in a future Tor Browser release.

#Opsec #TorBrowser #Security #MullvadBrowser #Privacy #PrivacyGuides #PSA

Privacy Guides

A Flaw With the Security Level Slider in Tor Browser

PSA: The security level slider in Tor Browser (and Mullvad Browser) does not fully apply until restarting the browser. This presents a high risk to people who switch from Standard to Safer security during a browsing session in order to protect themselves from browser exploits.

Ulrike Hahn

@UlrikeHahn@fediscience.org · 7 months ago

@eloquence "That is unhelpful; it occludes awareness of capabilities that are actually improving (and can present real #opsec and surveillance risks in this case)."

indeed! downplaying of capability means downplaying of risk and is as undesirable as hype

Erik Moeller

@eloquence@social.coop · 7 months ago

Pretty good breakdown of OpenAI o3's (quite good) performance at guessing locations based on photos, by way of the "GeoGuessr" game (metadata stripped). It scored better than a very highly ranked human.

A tendency of some AI critiques is to treat all such evidence as "smoke and mirrors". That is unhelpful; it occludes awareness of capabilities that are actually improving (and can present real #opsec and surveillance risks in this case).

https://sampatt.com/blog/2025-04-28-can-o3-beat-a-geoguessr-master