• 0 Posts
  • 37 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle

  • Region locked to USA so here’s a screenshot.

    Full Article

    FBI warns users to encrypt text messages for cybersecurity. Here’s how to do it Sunshyne Lynch Binghamton Press & Sun Bulletin

    The FBI is warning phone users to encrypt their text messages, especially if you send messages between Apple and Android users.

    The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a statement on Nov. 13 that hackers affiliated with People’s Republic of China (PRC) were targeting “telecommunications infrastructure” in a “broad and significant cyber espionage campaign.”

    The hackers targeted “a limited number of individuals who are primarily involved in government or political activity,” according to the statement, and stole “customer call records data” and “certain information that was subject to U.S. law enforcement requests pursuant to court orders.”

    Despite the FBI and CISA’s continued investigation, cybersecurity officials have been unable to stop the hackers.

    What text messages should be encrypted Because of the cyberattack, officials are warning smartphone users to use texting apps such as WhatsApp or Signal, as messages between Apple and Android users are not encrypted.

    Messages between two Apple devices are safe, and messages between two Android devices are safe, but messages between an Apple device and and Android device are vulnerable.

    Here are two text messaging apps that use end-to-end encryption. Once you’ve downloaded either of these apps to your smartphone, you can also link them to your desktop computers.

    How to encrypt text messages with WhatsApp To ensure that messages between Apple and Android users are encrypted, you can use the text messaging app WhatsApp.

    To download the app, Apple users should visit the App Store and Android users should visit the Google Play app, and download WhatsApp Messenger. The app is free to download and use.

    Once you’ve downloaded the app, you’ll need to accept the Terms and Conditions and allow the app to have certain permissions, like contacts and notifications.

    Then, you’ll need to select the country you live in and register a phone number you own. This phone number must be able to receive phone calls and text messages, so it cannot be a landline or toll-free number.

    WhatsApp will then give you the option for a voice call or to text a code to the phone number you entered in order to verify the number.

    Once the number is verified, you must put in the year you were born and your name and click “Done.” After you’ve completed this step, you can begin texting and calling your contacts through WhatsApp.

    To use this app, you must have Wi-Fi or cellular data.

    How to encrypt text messages with Signal Signal is another encrypted text messaging app to ensure messages between Apple and Android users are protected.

    To download the app, Apple users should visit the App Store and Android users should visit the Google Play app, and download Signal - Private Messenger. The app is free to download and use.

    Once you’ve downloaded the app, you’ll need to accept the Terms and Conditions and allow the app to have certain permissions, like contacts and notifications.

    Like WhatsApp, you’ll enter in a phone number that you own and is able to make calls and send and receive text messages.

    Signal will text you a verification code that you’ll need to enter into the app that verifies the phone number. After the number has been verified, you’ll create a PIN that allows you to access your information and ensures your information is encrypted.

    You’ll then enter in your first and last name to create your Signal profile. After creating your profile, you can begin texting and calling through Signal. The app will show you the contacts in your phone that already have the app.

    To use this app, you must have Wi-Fi or cellular data.













  • qwerty@discuss.tchncs.detoProgrammer Humor@lemmy.mlLemmy today
    link
    fedilink
    arrow-up
    3
    arrow-down
    17
    ·
    7 months ago

    Yes, my comment wasn’t about online casinos but about the people who think they have a right to tell others how to live their lives. I’m not defending the gambling industry, I think gambling is stupid. I’m defending the right of the people to make their own decisions.

    My “defense of the gambling industry” was just me pointing out that as long as something isn’t inherently nonconsensual and the terms and conditions are clear there is no reason to forbid other people from doing it just because you disagree with it.




  • qwerty@discuss.tchncs.detoProgrammer Humor@lemmy.mlLemmy today
    link
    fedilink
    arrow-up
    4
    arrow-down
    28
    ·
    7 months ago

    Who’s “they”? I don’t know much about the gambling industry but if it’s anything like any other industry then it’s not a centralized monolith but many independent business. As long as the founding principles aren’t inherently corrupt (and in the case of casinos they aren’t. Nobody is forced to play and everyone knows the house has an advantage and in the long term is guaranteed to win. Because of this it doesn’t make sense for the house to cheat and risk getting caught, it will win anyway.) there is no reason to think that the majority of the industry engages in criminal activity. This is a massive generalization.


  • qwerty@discuss.tchncs.detoProgrammer Humor@lemmy.mlLemmy today
    link
    fedilink
    arrow-up
    11
    arrow-down
    53
    ·
    7 months ago

    Why are online casinos bad? I don’t understand this pervasive need some people have to force their way of life on others and take away their agency over their own lives. It comes off to me as some kind of superiority complex. “They’re too stupid to make their own decisions, I know better what’s best for them, I must protect them from themselves”.


  • Ownership of the domain is verifiable on the blockchain, if the same wallet that owns the domain (nft) also publishes the pub key (owns the pub key nft or key data is embedded in the domain name nft) you can verify that the key is valid.

    IMO blockchain is more trustworthy than any single CA because you aren’t trusting a single entity, but a decentralized network of nodes. Assuming that most nodes are honest you can query 100 independent nodes for the same data, if 99 say the same thing you can be fairly confident that the data is valid. You can also run your own node and not have to trust anyone.

    To protect against MITM of your connection redirecting all traffic to their malicious node, some well known and trusted nodes would be hardcoded in the browser/OS software along with their public signing key to verify the signed data they send you, and genesis block data in case you want to run a node yourself. Signing keys of nodes would also be published to the blockchain. Think a unified, immutable, cryptographically verifiable, distributed database of public key - domain name pairs, which is what blockchain basically is. Encrypting the connection is a good idea too, extra privacy is always welcome.

    The biggest advantage here is that every single pub key (certificate) is stored by every single node (CA), so if one node goes rogue or is compromised and starts serving false data, it will be immediately discovered by the client by comparing it’s data to the data from other nodes, and can be immediately and verifiably reported to the network, even in the case of a targeted attack, because all data recived from the nodes is signed.

    No solution is perfect and this one is not an exception, if your hardware or your os/browser is compromised there is nothing short of manually checking certificate data or using an external device to verify it, that can be done, but that’s true for most IT systems, including the current TLS certification and authority based system.

    Blockchain is a well tested technology that has proven itself to work by being a core part of a trillion dollar industry and was specifically designed to eliminate the need for trusting a 3rd party. It seems like a natural solution to the biggest problem with CAs - trusting a 3rd party. It’s honestly sad that so many people dismiss it or are downright against it coz “crypto”, even when no crypto currency is invloved. I guess they spent so much time hating it they can’t even admit it might be useful to them after all.

    Thanks for asking for a follow-up instead of just downvoting.


  • Ownership of the domain is verifiable on the blockchain, if the same wallet that owns the domain (nft) also publishes the pub key (owns the pub key nft or key data is embedded in the domain name nft) you can verify that the key is valid.

    IMO blockchain is more trustworthy than any single CA because you aren’t trusting a single entity, but a decentralized network of nodes. Assuming that most nodes are honest you can query 100 independent nodes for the same data, if 99 say the same thing you can be fairly confident that the data is valid. You can also run your own node and not have to trust anyone.

    To protect against MITM of your connection redirecting all traffic to their malicious node, some well known and trusted nodes would be hardcoded in the browser/OS software along with their public signing key to verify the signed data they send you, and genesis block data in case you want to run a node yourself. Signing keys of nodes would also be published to the blockchain. Think a unified, immutable, cryptographically verifiable, distributed database of public key - domain name pairs, which is what blockchain basically is. Encrypting the connection is a good idea too, extra privacy is always welcome.

    The biggest advantage here is that every single pub key (certificate) is stored by every single node (CA), so if one node goes rogue or is compromised and starts serving false data, it will be immediately discovered by the client by comparing it’s data to the data from other nodes, and can be immediately and verifiably reported to the network, even in the case of a targeted attack, because all data recived from the nodes is signed.

    No solution is perfect and this one is not an exception, if your hardware or your os/browser is compromised there is nothing short of manually checking certificate data or using an external device to verify it, that can be done, but that’s true for most IT systems, including the current TLS certification and authority based system.

    Blockchain is a well tested technology that has proven itself to work by being a core part of a trillion dollar industry and was specifically designed to eliminate the need for trusting a 3rd party. It seems like a natural solution to the biggest problem with CAs - trusting a 3rd party. It’s honestly sad that so many people dismiss it or are downright against it coz “crypto”, even when no crypto currency is invloved. I guess they spent so much time hating it they can’t even admit it might be useful to them after all.

    Thanks for asking for a follow-up instead of just downvoting.