In March, we announced to roll out support for TLS 1.3 on soon.

However, instead of only turning it on, we prepared a new server and implemented additional hardening that we will cover in our Web server security series.

If all goes to plan, we will switch to the new server next week. Kindly note that temporary connectivity issues may occur due to DNS reconfiguration.

Thanks and stay secure. 🔒

#announcement #infosechandbook #infosec #security #blog #tls13 #tls

Looking for a beginner’s guide to building secure microservices? 👍🏼
We’ll show you how to build an Lambda microservice in and how to it.
Day 12 of

We've got big news.

After months of work, Tor Browser is now stable on Android.

Tor Browser 8.5 brings the highest degree of privacy and censorship-circumvention available to Android users.

After major security vulnerabilities or data breaches, "security people" show up and tell you to delete your account immediately. "Oh, time to delete your account! Switch to service/product … instead!"

Such statements totally ignore that security vulnerabilities are widespread and the vast majority of data breaches won't become publicly-known. Full control over your data and devices requires 100% isolation from the internet, not just arbitrarily switching services or products.


#io09 #learn is a site to help you follow all the new things about the modern web plateforme, learn to build modern sites. 🤗

@privacytools I'm surprised neither of you haven't mentioned Criptext.

It looks really good.

It's time to fight for our Right to Privacy and Freedom of Speech. 😎💪 That's why we are donating Secure Connect - our brand-new encrypted contact form to journalists and whistleblowers:

If you are using -android you should update to version 0.8.28a as this is a critical security update.

If you are a user of the homeserver and have received an alert message stating that you should update to a version 0.8.99 from google play you can safely ignore that. This message was only targeted at google play users but accidentally sent to some -Droid users as well.

In case you use Facebook’s mobile app, it tracks your location and knows everywhere you go, always:

Stop Facebook from tracking you by de-installing the FB app now! #Mastodon is much better for social anyway. 😉 And read our guide on how to leave Google & Facebook: #staysecure #privacy 😎

I am looking into trustees authentication. Meaning you don't have to trust the server to authenticate you.

Weird. Taking a look into SRP protocol. But I am having troubles making sense of it.

Did you know? Our blog is also available via the decentralized Dat protocol:


Use a web browser like Beaker Browser to access it.

– you can seed all files of our blog by yourself and support P2P hosting
– you can download a full local copy of our blog
– you can read our content even if our blog is down (e.g. due to maintenance)

#p2p #dat #datproject #blog #decentralized #infosechandbook #infosec #cybersecurity

Writing more pixelfed blog posts on, I really love the simplicity of the platform.

Great work @matt and @cj for creating go-fed!

#federatedBlogging #writeAs #writeFreely #goFed

Time to pick through the source code and see how they are handling credentials.

Okay, so I signed up on a Friendica instance. I want to delete my account right now. They sent the password to my account to my email ...

Parrot OS 4.6 released:

– Parrot offers MATE and KDE images now
– APT enforces HTTPS
– based on Linux 4.19
– updates for AppArmor, Firejail

#parrot #os #pentesting #security #infosec #cybersecurity

2+ million IoT devices vulnerable to man-in-the-middle attacks, allowing attackers to steal passwords:

– the website contains a list, so you can check if your devices are vulnerable
– CVE-2019-11219, CVE-2019-11220
– mitigation: dispose your vulnerable devices, or block OUTBOUND traffic to 32100/udp

#iot #vulnerability #cve201911219 cve201911220 #infosec #mitm #cybersecurity #security

Show more
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either! We adhere to an adapted version of the TootCat Code of Conduct and have documented a list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators. Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!