Holger S. @schaueho@functional.cafe

HTML5 ping tracking – Firefox will enable it by default:

https://www.bleepingcomputer.com/news/software/mozilla-firefox-to-enable-hyperlink-ping-tracking-by-default/

– HTML5 ping attributes can be used to track people if they click a link (<a href=… ping=…>) by sending POST requests to an arbitrary amount of hosts
– tracking is possible without any JavaScript, or Cookies
– Steve Gibson talked about it in Security Now 709: https://mastodon.at/@infosechandbook/101899819296611698
– ping is enabled in Chrome, Opera, Edge, Safari by default

#html5 #ping #tracking #firefox #mozilla

Nachdem nun Chrome, Edge, Safari und Opera schon die Privatsphäre beim Surfen im Netz weiter absenken, will Mozilla da natürlich nicht fehlen.

"Mozilla plans to enable Hyperlink Ping Tracking by Default in Firefox"

Großartig! Ob die Funktion "browser.send_pings" in der about:config beeinflussbar bleibt, wird sich noch zeigen.

https://www.ghacks.net/2019/04/20/mozilla-plans-to-enable-hyperlink-ping-tracking-by-default-in-firefox/

Joe Armstrong passes away

https://twitter.com/francescoc/status/1119596234166218754
#newsbot

Here's a reminder that Facebook owns Instagram - they left millions of Instagram passwords unencrypted on internal servers, just like they did with Facebook accounts.

Stay safe, don't re-use passwords!
https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/

“What’s your favorite fiction book?”

Me: JavaScript, the Good Parts

Happy birthday to LISP 🎉

First unveiled in the 1960 paper titled "Recursive Functions of Symbolic Expressions and Their Computation by Machine"

http://www-formal.stanford.edu/jmc/recursive.pdf

This is another reason why even so-called end-to-end encrypted password managers are not fool-proof. Use an off-line version of KeepassX, back up the data file on a cloud file storage such as Mega (preferably put the kdbx file inside a password-protected 7zip file or something like that).

https://www.techspot.com/news/79652-dea-demanded-customer-login-details-lastpass.html

This was a low-key important announcement from Google: you can use an Android phone as a FIDO2 hardware key.
https://www.pcmag.com/news/367713/google-offers-built-in-security-key-feature-for-android-phon

The first #scicloj meeting in all of its glory! We talked about the tech.ml stack and the brand new cljplot. If you care about data science & #Clojure take a look at this:
https://youtu.be/NyMABoUEj20

5 lessons learned from the matrix.org breach:

https://infosec-handbook.eu/blog/matrix-vulnerabilities/

– purely focusing on technical security causes insecurity
– the cause of the breach isn’t limited to matrix.org at all
– think twice about using any service on the internet
– think twice about running your own server on the internet
– react to any security-related messages

#matrix #serversecurity #vulnerability #lessonslearned #goodpractices #responsibility #webserver #server #infosec #security #cybersecurity

"The human's decisions were based on an unbroken straight line chain of 85 million years of "I am the primate who did not get eaten", layered with decades of fine motor control trailing. Whereas the AI based its decisions on whatever ad hoc junk a bunch of low-paid contractors dumped into the training set over a period maybe as long as 18 months.

So they're building an AI whose goal is to lie to you -- to build your confidence in decisions made by AIs.

We are so completely doomed."

- JWZ - "Frogger AI Explains Its Decisions" https://www.jwz.org/blog/2019/04/frogger-ai-explains-its-decisions/