Absolutely mind-boggling how kaspersky, a software with near perfect rating when it comes to security, is being banned in the USA because it's from russia (it's being operated from the UK).

And the reason is that they COULD leak data to russia. Yknow, something every single other cyber security software COULD do as well. It was founded over 25 years ago and nothing ever happened, you think they gonna start now? Really? And, again, you don't have to be working for a russian company to be a russian spy, who's to tell some mcafee employee won't leak data instead?

I'm usually not one to defend a billion dollar company but the blatant lack of knowledge and "this man from russia made it = it's evil" reasoning is so infuriating. Maybe sit down for once and talk to the people who tested the security software. Jfc.

Here's something you need to hear from an IT person that you're being lied to about:

VPN's are not security software. They don't secure private data from people who are actually looking.

If you're truly worried about your data only visit your sensitive account sites from closed networks that you control.

Relatable

Warning to everyone, my Banking Laptop got hacked, if you noticed your security software has been disabled, you've been hacked! Hackers can hack you in 5 minutes...

1. Unmasking Tor Browser: The Alarming Truth About Its Privacy and Security and How Safe Is Your?

Unmasking Tor Browser: How to use the Tor Browser securely?How to verify the integrity of my Tor browser download using GnuPG.Step-by-Step Guide to Verifying Tor Browser Download Using GnuPGHow does Tor ensure anonymity and privacy for its users?What other security tools should I use with Tor Browser?How does Tor ensure anonymity and privacy for its users?Tor Browser:Practical Tips for…

Defending the Digital Realm: The Critical Role of Cybersecurity

In today’s highly connected digital age, cybersecurity has shifted from a secondary concern to a top priority. As cyber threats continue to rise in both volume and complexity, individuals, businesses, and governments alike face unprecedented risks, including severe data breaches, financial losses, and damage to their reputations. The need for robust cybersecurity practices has never been more pressing. With that in mind, here are some essential strategies to help safeguard your digital assets.

To start, encouraging the creation of strong passwords can motivate readers to take that critical first step in securing their accounts. A combination of letters, numbers, and symbols creates a powerful first line of defense against unauthorized access.

Phishing scams are another significant threat in today’s digital landscape. These schemes are designed to trick people into sharing sensitive information. By helping readers recognize the warning signs of these increasingly advanced scams, you can equip them to navigate the digital world more safely.

Additionally, emphasizing the importance of regular software updates and reliable antivirus protection is vital. These measures help close security gaps and bolster defenses against potential cyber threats. By stressing the necessity of strong passwords, a keen awareness of phishing scams, and the habit of keeping software up to date, we can significantly enhance our digital security.

Ultimately, knowledge and proactive measures are our best tools for safely navigating the ever-evolving cyber landscape. Remember, vigilance and awareness are essential to staying secure in today’s digital world.

Consolidation of security is insecure

Amazon Prime Day occasion begins, gross sales up 12% in first 7 hours: Report | Firm Information

Prime Day can function a bellwether for the vacation procuring season. 3 min learn Final Up to date : Jul 17 2024 | 12:10 AM IST Amazon.com Inc.’s Prime Day gross sales rose virtually 12 per cent within the first seven hours of the occasion in contrast with the identical interval final 12 months, based on Momentum Commerce, which manages 50 manufacturers in a wide range of product…

Leading University Risk Management Tools | SECTARA

Leverage a suite of professional university risk management solutions designed to help universities identify, mitigate, and monitor potential functional, operational, financial, reputational, and compliance risks.

Today, universities and other higher education institutions face a plethora of challenges including increased regulatory clampdown from regulatory bodies such as TEQSA, ASQA, the US Department of Education, OfS, and QAA, scrutiny by the public on student selection, tuition fees, and governing procedures, and credit and financial situations.

These risks have put a lot of educational institutions at risk of closure, with studies reporting nearly 20% of four-year colleges in the US facing operations risks.

That’s why we designed SECTARA to provide universities and other higher education institutions with the tools needed to detect and mitigate these challenges and create a stable and safe environment for students, staff and faculty.

Discover how university risk management tools can help universities help detect, monitor, and address potential risk vectors Click here for more details.

however bad of a day you're having, know that it's not nearly as bad as whatever the Crowdstrike security team is going through since waking up this morning

day 29: apart.

It's always "funny" to remember that software development as field often operates on the implicit and completely unsupported assumption that security bugs are fixed faster than they are introduced, adjusting for security bug severity.

This assumption is baked into security policies that are enforced at the organizational level regardless of whether they are locally good ideas or not. So you have all sorts of software updating basically automatically and this is supposedly proof that you deserve that SOC2 certification.

Different companies have different incentives. There are two main incentives:

Limiting legal liability

Improving security outcomes for users

Most companies have an overwhelming proportion of the first incentive.

This would be closer to OK if people were more honest about it, but even within a company they often start developing The Emperor's New Clothes types of behaviour.

---

I also suspect that security has generally been a convenient scapegoat to justify annoying, intrusive and outright abusive auto-updating practices in consumer software. "Nevermind when we introduced that critical security bug and just update every day for us, alright??"

Product managers almost always want every user to be on the latest version, for many reasons of varying coherence. For example, it enables A/B testing (provided your software doesn't just silently hotpatch it without your consent anyway).

---

I bring this up because (1) I felt like it, (2) there are a lot of not-so-well-supported assumptions in this field, which are mainly propagated for unrelated reasons. Companies will try to select assumptions that suit them.

Yes, if someone does software development right, the software should converge towards being more secure as it gets more updates. But the reality is that libraries and applications are heavily heterogenous -- they have different risk profiles, different development practices, different development velocities, and different tooling. The correct policy is more complicated and contextual.

Corporate incentives taint the field epistemologically. There's a general desire to confuse what is good for the corporation with what is good for users with what is good for the field.

The way this happens isn't by proposing obviously insane practices, but by taking things that sound maybe-reasonable and artificially amplifying confidence levels. There are aspects of the distortion that are obvious and aspects of the distortion that are most subtle. If you're on the inside and never talked to weird FOSS people, it's easy to find it normal.

One of the eternal joys and frustrations of being a software developer is trying to have effective knowledge about software development. And generally a pre-requisite to that is not believing false things.

For all the bullshit that goes on in the field, I feel _good_ about being able to form my own opinions. The situation, roughly speaking, is not rosy, but learning to derive some enjoyment from countering harmful and incorrect beliefs is a good adaptation. If everyone with a clue becomes miserable and frustrated then computing is doomed. So my first duty is to myself -- to talk about such things without being miserable. I tend to do a pretty okay job at that.

(via The US will ban sales of Kaspersky antivirus software next month)

The Biden administration has taken a sweeping action to ban Kaspersky Labs from selling its antivirus products to US customers. The Russian software company will not be able to sell to new customers starting in July and cannot provide service to current customers after September.

Ahead of the official news, a source told Reuters that the company's connections to the Russian government made it a security risk with the potential to install malware, collect privileged information, or withhold software updates on American computers. US Secretary of Commerce Gina Raimondo announced the ban at a briefing today.

"You have done nothing wrong, and you are not subject to any criminal or civil penalties," she said to current Kaspersky customers. "However, I would encourage you, in as strong as possible terms, to immediately stop using that software and switch to an alternative in order to protect yourself and your data and your family."

to my old school computer

the keys on you may get stuck

like they would if you were a neglacted piano

but this message I'm writing

i never expected to be my last

we aren't together anymore, and you're

a non-sentient piece of technology,

hurriedly assembled and slow,

made clunkily by a machine, you don't run anymore

today they'll shut you down, and you won't remember

the 27,000 documents and pictures and videos and memories

we shared together.

this is to my old school computer.

i would hold you forever, without the factory reset

that breaks six years of warmth and late nights spent together.

in another life, I could stay attached, and we would

never have to forget one another.

Update device within 19 hours. the clock winds down with a tick.

"The district requires you to update your Chromebook

before the deadline." but this update will never come

and this deadline is forever your last

even though you don't know me like I know you,

i'll miss you all the same.

maybe you're in there, and maybe you'll miss me too,

maybe you loved me like I loved you

you were a friend, and a help, a distraction

from the loud world around me. without you I am nothing.

i take a deep breath in, close your lid shakily, and mutter my

goodbye.

How to install NewPipe on Android

NewPipe is a YouTube replacement client for Android devices. It's open-source (meaning, you can see all of their code as you please), privacy-oriented, lightweight, and supports features that are normally locked behind a YouTube Premium paywall.

Disclaimer: I am not affiliated with NewPipe, YouTube, Android, Google, Alphabet Inc, or any other brand or name mentioned here. I made this guide to help my friends who were curious.

NewPipe's Website: https://newpipe.net/

The GitHub Repository

Step 0. Compatibility check

Make sure you're running an Android device! This won't work on an Apple device of any kind! Also, for those more tech-savvy among you, if you have the F-Droid store installed, you can download NewPipe straight from there!

Step 1. Downloading

Go to NewPipe's Github repo (repository, the codebase or where all of the code is stored). Scroll to the bottom of the page until you see "Releases". Click on the one that says "Latest" next to it in a little green bubble:

Your version number (v#...) will be different if you're reading this in the future! That's okay. Scroll past the changelog (unless you want to read it!) until you find "Assets":

Click on the first one, the one with the little cube ending in .apk. APK files are Android Package (Kit) and are the main format for downloading apps. Once you click on the link, it should begin downloading or your browser will ask you to confirm that you want to download this file. You should always verify the filename matches what you expect it to be (namely, the file format) before attempting to install! It might take a few moments for the file to download depending on your internet connection.

Step 2. Installation

Once you have the file downloaded, you can click the download popup in your notification bar or find the file in your device's file system. One of 2 things will happen:

You will get a popup asking if you want to install an APK by the name of NewPipe - confirm that you do (and make sure the app is really NewPipe!) and it will install automatically. You can then click "Open" to open the app and begin using it.

You will get a popup warning you that you have the ability to install apps from unknown sources disabled and that you can't install this. This is normal and does not mean that you downloaded the wrong thing.

If you got the first popup, continue past this step. For those of you who got the second, let's go over what this means.

By default, most Androids have this setting disabled. This is for security purposes, so you can't accidentally install a malicious app from the whole internet. If you enable this setting (allow installations from unknown/unsigned sources), you are theoretically putting yourself at risk. Realistically, you're probably fine. But, after installing NewPipe, you can always re-disable the setting if it makes you more comfortable. That will prevent you from installing updates in the future, but it can always be re-enabled.

Ready to turn that setting on? It will vary by your individual device! Some devices will take you directly to the page with the setting upon failed installation, and some you will just have to find it yourself using the searchbar in settings.

Once you've allowed installations from unknown sources (wording may vary slightly), try to repeat the steps above of clicking the download popup or finding the APK in your files and trying to install it. It should work correctly this time!

Step 3. Updating NewPipe

Like most apps, NewPipe is in development currently and frequently has new versions released to improve it and fix bugs. Unlike most apps, NewPipe needs to be manually updated, since we haven't downloaded through the Google Play store.

To update NewPipe, all you have to do is follow the above steps for installing the app, except that when you get the popup asking to install it, it will instead say "Update". That's it! NewPipe and Android handle the rest.

NewPipe also has popup notifications for when the app has a new update, so you don't have to worry about checking the GitHub for a new release. Just click on the "A new version is available" popup and it should take you directly to the webpage.

That's it! Enjoy browsing videos in peace without ads and with the ability to download and so much more. Pro tip: you can copy paste YouTube links into the NewPipe search bar to go directly to that video/playlist/channel.

I used Netscape Navigator 4.0 as my main browser until 2018. I might have one of the only surviving installs of Netscape Navigator 8 and 9 since they were only available through a web installer attached to long-dead servers

While I appreciate the Netscape enthusiasm, the mere thought of using a 20-year-old piece of software to do your daily browsing, has me like

The security risks, fallentechnate! Oh the humanity!

you know. why *does* linux constantly set folders to be only accessible by root instead of the actual user. learning the terminal just to create some kind of script that automatically assigns everything on the goddamn drive to me specifically not The Magic Root