cross-posted from: https://sopuli.xyz/post/17042938

Still waiting for end to end encryption...

Someone in Poland chose an interesting name for his company.

I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.

Nothing tells me more that you care about my privacy than sharing my data with hundreds or thousands of companies.

Sadly, the support for passkeys is still lacking.

Anybody else working on the 2025 budget?

As AI image recognition advances, CAPTCHAs need to get more creative.

What are your best experiences with CAPTCHAs?

What is your favourite password rule?

Interestingly, the firewall got overload by the number of UDP packets and not by the bandwidth of traffic. See UDP Flooding on Wikipedia.

Please don't act like the german conservative party:

> The CDU [german conservative party] lodged a criminal complaint against Wittmann after she told the party about a security vulnerability in the CDU-Connect election campaign app. (source)

To be clear, not all companies are like this.

Who could have guessed that having tested, well protected and current backups help when dealing with cyber security incidents?

This practice is not recommended anymore, yet still found in many enterprises.

We found out that 10% of our users entered their password.

cross-posted from: https://slrpnk.net/post/12477525

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

Fun fact: The outdated software runs on outdated hardware, too.

Quote taken from a 24 year old article by Bruce Schneier that is still relevant in today's world.

If a single click on a phishing email can ruin the entire company, the blame doesn't lie with that individual.

Look at the thumbnail

i am interested in getting a job in cybersecurity

cross-posted from: https://lemmy.ca/post/23059450

Full credit to Makmark/MoringMark. You can find him here: Tumblr | Reddit | Instagram | Deviantart | Ko-fi

cross-posted from: https://lemmy.world/post/12516311

> Or maybe introduce them to Little Bobby Tables > > (skeletor is leading by example by adding that unnecessary apostrophe...)

so, the company was Vastaamo. was because it got bankrupt after the breach, and GDPR violations.

the "hacker"(or rather cracker) was extradited from France to Finland. you can read about how terrible the company's security was here: https://tietosuoja.fi/en/-/administrative-fine-imposed-on-psychotherapy-centre-vastaamo-for-data-protection-violations

or watch mental outlaw's video on the matter, or the Wikipedia article on the breach.

now there are several things that shouldn't have happened (e.g.: don't do these things on your main OS, have root access disabled, etc.), but I'll leave that to you experts.