shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

277
active users

#insecure

0 posts0 participants0 posts today
Replied in thread

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

  • #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

  • If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

Computerworld: US Government sued after mass emails to federal workforce allegedly sent from insecure server

"...Musk appointees allegedly plugged their own email server into OPM network, breaking data security rules. ... The suit was filed after OPM sent two test emails to an estimated 2.3 million federal employees in a way that, the suit alleges, broke the E-Government Act of 2002 and was inherently insecure. Those rules require that a Privacy Impact Assessment (PIA) be carried out first.... The OPM did not immediately respond to questions sent to the hr@opm.gov email address."

computerworld.com/article/3812 #cybersecurity #email #insecure #hacking #Musk #Politics #USpol

Computerworld · US Government sued after mass emails to federal workforce allegedly sent from insecure serverBy John E. Dunn
Continued thread

#ElonMusk’s posts serve as “merely a trigger mechanism” to his followers, Donovan said, often prompting them to scour social media profiles, look up information about a target’s family members, launch cyberattacks, lodge fake complaints with their employer, or flood people with texts & phone calls throughout the night.

Continued thread

“People do not feel safe speaking out in this country against the government,” said Ryan Calo, a #law professor at the University of Washington. “Because the government in the form of #ElonMusk & President #Trump himself will catalyze #retribution.”

Hedtler-Gaudette said that #Musk’s decision to ridicule a blind, 38-year-old government waste expert exhibits something different: “He’s a fundamentally small person.”

In a post that disappeared, @jwildeboer wrote:

"@rmondello I do note that when I open mondello.com in my browser, I get a placeholder page that is http only, no https. This would be a reason that it *seems* that it is unreachable, because many browsers nowadays refuse to open sites without https."

Unfortunately, that is *not* true. Browsers unnecessarily make the internet LESS SAFE. IT'S CRAZY!

*Some* browsers will try https first when you type http:⧸⧸mondello.com (use // instead of ⧸⧸ I used to prevent Mastodon from showing http://). So far, so good.

However, if an AitM (Attacker in the Middle, such as on public WiFi) blocks traffic from your browser to TCP port 443 (https) on the server, the browser will *silently* try port 80 (http). Pwned.

This may happen in practice, for example on airports (bleepingcomputer.com/news/secu).

Except for iOS and iPadOS, most browsers have an "https only" setting that is *OFF* by default, while it's name is misleading.

*On* means that you can still use http, but you'll have to manually agree (you can still access the http devices on your local network, or on the internet. But you will be WARNED).

However, Chrome appears to remember exceptions FOR EVER (I had to delete all browser data to make the last screenshot below. However, that also clears the browser's HSTS database).

On iOS/iPadOS, from Safari, Edge, Firefox and Chrome, only Chrome has this option. So only Chrome provides *some* protection. People do not type "https://" in front of domain names, and most QR-codes I check are insecure.

To test: open http.badssl.com. Instead of immediately seeing a (red) webpage, your browser should protect you by asking whether you want to use an http-connection.

Alternative test-site (non-compliant with the Dutch law):
gemeente.amsterdam
(Gemeente translates to municipality).

(Exactly that is why I wrote this, in Dutch: infosec.exchange/@ErikvanStrat earlier this afternoon).

Note: Firefox on Android seems to forget "http allowed" exceptions when the browser is fully closed (good).

@rmondello

Replied in thread

@AdminKirsty @delta nodds in agreement

Add to that there are sufficient tools that allow for #secure, #E2EE #communication.

  • Like: Even if they don't like #PGP/MIME there's nothing that prevents them from supporting #XMPP+#OMEMO or having any #secure means to communicate.

I do go out of my way to implement better alternatives to existing bad option...

TBH, #unencrypted and thus #insecure communication should disqualify every #company and #organization as a matter or principle and it's high time #GDPR & #BDSG make support for proper #encryption mandatory, regardless if #2FA or general communications!

Replied in thread

@puppygirlhornypost2 @navi Precisely!

Because selling people #OneTimePurchase #Software isn't as profitable as #Subcriptions!

Replied in thread

@wdlindsy

#misogyny
#childishness
#immaturity
#narcissism
Deeply #insecure
#Racism
#cruelty
#sociopath
#Russian pawn
#Putin's batch
#amorale
#Cultism
#Oligarchy

Why is anyone drawn to this disgusting maggot?

I grew up in Christian fundamentalism so I understand cults and brainwashing to some degree, but this lying manipulative pus bag, and people like him, have always pissed me off. I see them from a mile away. And yet I am baffled why anyone gets sucked in.

Replied in thread

@rysiek also #Telegram - like @signalapp - demand and collect #PII like #PhoneNumbers which ain't possible to acquire anonymoisly in more and more juristictions.

Using #XMPP+#OMEMO by contrast is secure and adding @torproject / #Tor to tunnel it makes it even more anonymous.

  • So don't expect any messenger to cover your 6, but instead go out of your way so that even when held at gunpoint, they can't decrypt comms!

Cnsider every #Messenger that doesn't #decentralize and support #Tor oit of tue box to be insecure!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Continued thread

"Walz, in comparison, has an easygoing #masculinity, one that is about #love and not #hate...

As a male friend texted me, "there is a genuine hunger out there — I see it in many of my students — for some kind of positive model of how to be in the world as a straight white dude." #Trump and his acolytes offer an exhausting and harmful model, that is entitled, rage-fueled, and its heart, deeply #insecure.

#Walz, however, seems comfortable in his own skin."
salon.com/2024/08/08/tim-walzs

Continued thread

#Trump’s other advisers have nicknamed Harp “the human printer” because she travels around w/a portable printer so that she can quickly produce mood-boosting articles for Trump to read. She has also been spotted running after Trump’s golf cart on the golf course so that he can read things between holes.

#Insecure #Pathetic
#TrumpTrial #law

Continued thread

When #Trump entered the courtroom, he carried a sheaf of printouts w/him which he slammed down on the defense table. His lead lawyer, Todd Blanche, laughed & grinned. Apparently Trump likes to read through [only positive] news clips & social media posts during long stretches in court. The printouts come courtesy of his aide Natalie Harp, who is never far from Trump’s side & usually sits 2 rows back in the courtroom.

#Insecure #Pathetic
#TrumpTrial #law