卡拉今天看了什麼<p>Linksys Velop routers send Wi-Fi passwords in plaintext to US servers</p><blockquote><a href="https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/" rel="nofollow noopener noreferrer" target="_blank">Link</a></blockquote>📌<span> Summary:<br><br>根據Testaankoop的調查,發現兩款Linksys路由器正在以明文的方式將Wi-Fi登入資訊傳送到位於美國的亞馬遜(AWS)伺服器,包括Linksys Velop Pro 6E和Velop Pro 7這兩款mesh路由器。這個漏洞讓攻擊者能夠攔截傳輸過程中的Wi-Fi網路名稱(SSID)和密碼,從而進行竊聽和惡意攻擊。儘管Testaankoop多次向Linksys提出警告,但該公司並未採取有效措施,直到Testaankoop再次聯絡後才進行了更新,但仍未解決問題。這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在,即使是最新的Linksys 7 Pro,都無法避免。研究人員建議消費者不要購買這些路由器,因為存在嚴重的網路入侵和資料損失的風險。<br><br></span>🎯<span> Key Points:<br><br> Testaankoop發現兩款Linksys路由器在明文中將Wi-Fi登入資訊傳送到AWS伺服器,包括Linksys Velop Pro 6E和Velop Pro 7。<br> 這個漏洞讓攻擊者能夠攔截SSID和密碼,進行竊聽和惡意攻擊。<br> Testaankoop多次向Linksys提出警告,但該公司未採取有效措施。<br> 更新後的固件仍無法解決問題。<br> 這個問題可能源於Linksys固件中使用的第三方軟體,但無論如何,這種漏洞仍然存在。<br> 研究人員建議不要購買這些路由器,並建議用戶更改Wi-Fi網路名稱和密碼。<br><br></span><a href="https://social.mikala.one/tags/Linksys" rel="nofollow noopener noreferrer" target="_blank">#Linksys</a> <a href="https://social.mikala.one/tags/router" rel="nofollow noopener noreferrer" target="_blank">#router</a> <a href="https://social.mikala.one/tags/meshnetworking" rel="nofollow noopener noreferrer" target="_blank">#meshnetworking</a> <a href="https://social.mikala.one/tags/dataprotection" rel="nofollow noopener noreferrer" target="_blank">#dataprotection</a> <a href="https://social.mikala.one/tags/cybersecurity" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.mikala.one/tags/vulnerability" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> <a href="https://social.mikala.one/tags/AWS" rel="nofollow noopener noreferrer" target="_blank">#AWS</a> <a href="https://social.mikala.one/tags/thirdpartysoftware" rel="nofollow noopener noreferrer" target="_blank">#thirdpartysoftware</a> <a href="https://social.mikala.one/tags/SSID" rel="nofollow noopener noreferrer" target="_blank">#SSID</a> <a href="https://social.mikala.one/tags/password" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://social.mikala.one/tags/cleartext" rel="nofollow noopener noreferrer" target="_blank">#cleartext</a> <a href="https://social.mikala.one/tags/plaintext" rel="nofollow noopener noreferrer" target="_blank">#plaintext</a> <a href="https://social.mikala.one/tags/man-in-the-middle" rel="nofollow noopener noreferrer" target="_blank">#man-in-the-middle</a> <a href="https://social.mikala.one/tags/attack" rel="nofollow noopener noreferrer" target="_blank">#attack</a> <a href="https://social.mikala.one/tags/firmware" rel="nofollow noopener noreferrer" target="_blank">#firmware</a> <a href="https://social.mikala.one/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.mikala.one/tags/wiring" rel="nofollow noopener noreferrer" target="_blank">#wiring</a> <a href="https://social.mikala.one/tags/hacking" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://social.mikala.one/tags/officeenvironments" rel="nofollow noopener noreferrer" target="_blank">#officeenvironments</a> <a href="https://social.mikala.one/tags/Patagonia" rel="nofollow noopener noreferrer" target="_blank">#Patagonia</a> <a href="https://social.mikala.one/tags/AI" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://social.mikala.one/tags/privacyviolation" rel="nofollow noopener noreferrer" target="_blank">#privacyviolation</a> <a href="https://social.mikala.one/tags/classactionlawsuit" rel="nofollow noopener noreferrer" target="_blank">#classactionlawsuit</a> <a href="https://social.mikala.one/tags/Snowflake" rel="nofollow noopener noreferrer" target="_blank">#Snowflake</a> <a href="https://social.mikala.one/tags/MFA" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://social.mikala.one/tags/databreaches" rel="nofollow noopener noreferrer" target="_blank">#databreaches</a><span><br><br></span>🔖<span> Keywords:<br><br></span><a href="https://social.mikala.one/tags/Linksys" rel="nofollow noopener noreferrer" target="_blank">#Linksys</a> <a href="https://social.mikala.one/tags/router" rel="nofollow noopener noreferrer" target="_blank">#router</a> <a href="https://social.mikala.one/tags/meshnetworking" rel="nofollow noopener noreferrer" target="_blank">#meshnetworking</a> <a href="https://social.mikala.one/tags/dataprotection" rel="nofollow noopener noreferrer" target="_blank">#dataprotection</a> <a href="https://social.mikala.one/tags/cybersecurity" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.mikala.one/tags/vulnerability" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> <a href="https://social.mikala.one/tags/AWS" rel="nofollow noopener noreferrer" target="_blank">#AWS</a> <a href="https://social.mikala.one/tags/thirdpartysoftware" rel="nofollow noopener noreferrer" target="_blank">#thirdpartysoftware</a> <a href="https://social.mikala.one/tags/SSID" rel="nofollow noopener noreferrer" target="_blank">#SSID</a> <a href="https://social.mikala.one/tags/password" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://social.mikala.one/tags/cleartext" rel="nofollow noopener noreferrer" target="_blank">#cleartext</a> <a href="https://social.mikala.one/tags/plaintext" rel="nofollow noopener noreferrer" target="_blank">#plaintext</a> <a href="https://social.mikala.one/tags/man-in-the-middle" rel="nofollow noopener noreferrer" target="_blank">#man-in-the-middle</a> <a href="https://social.mikala.one/tags/attack" rel="nofollow noopener noreferrer" target="_blank">#attack</a> <a href="https://social.mikala.one/tags/firmware" rel="nofollow noopener noreferrer" target="_blank">#firmware</a> <a href="https://social.mikala.one/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.mikala.one/tags/wiring" rel="nofollow noopener noreferrer" target="_blank">#wiring</a> <a href="https://social.mikala.one/tags/hacking" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://social.mikala.one/tags/officeenvironments" rel="nofollow noopener noreferrer" target="_blank">#officeenvironments</a> <a href="https://social.mikala.one/tags/Patagonia" rel="nofollow noopener noreferrer" target="_blank">#Patagonia</a> <a href="https://social.mikala.one/tags/AI" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://social.mikala.one/tags/privacyviolation" rel="nofollow noopener noreferrer" target="_blank">#privacyviolation</a> <a href="https://social.mikala.one/tags/classactionlawsuit" rel="nofollow noopener noreferrer" target="_blank">#classactionlawsuit</a> <a href="https://social.mikala.one/tags/Snowflake" rel="nofollow noopener noreferrer" target="_blank">#Snowflake</a> <a href="https://social.mikala.one/tags/MFA" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://social.mikala.one/tags/databreaches" rel="nofollow noopener noreferrer" target="_blank">#databreaches</a><p></p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.
Administered by:
Server stats:
3.8Kactive users
social.tchncs.de: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#cleartext
0 posts · 0 participants · 0 posts today
Bob K Mertz :distressedUS:<p><span class="h-card"><a href="https://libranet.de/profile/sammi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sammi</span></a></span></p><p>You are incorrect. A signal app looks up the phone number and if that number has a Signal account it's *not* sent via SMS. Two signal clients ALWAYS use the Signal protocol unless you specifically hold down the send button and intentionally select insecure message *each time*.</p><p><span class="h-card"><a href="https://fosstodon.org/@atoponce" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>atoponce</span></a></span> <span class="h-card"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> </p><p><a href="https://techhub.social/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>data</span></a> <a href="https://techhub.social/tags/signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>signal</span></a> <a href="https://techhub.social/tags/sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sms</span></a> <a href="https://techhub.social/tags/phone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phone</span></a> <a href="https://techhub.social/tags/encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypted</span></a> <a href="https://techhub.social/tags/cell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cell</span></a> <a href="https://techhub.social/tags/cleartext" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cleartext</span></a></p>
As The World Turns<span class="h-card"><a href="https://techhub.social/users/bobkmertz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bobkmertz</span></a></span> <span class="h-card"><a href="https://mastodon.world/users/signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> <span class="h-card"><a href="https://fosstodon.org/users/atoponce" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>atoponce</span></a></span><br><br><a href="https://libranet.de/search?tag=signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>signal</span></a><br><br>Sending sms from signal client via cell tower service to another signal client user is not encrypted. Signal <a href="https://libranet.de/search?tag=encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypted</span></a> msg uses a <a href="https://libranet.de/search?tag=data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>data</span></a> plan based sending, not via cell tower service. So, you may misunderstand how signal tech actually works.<br><br>So, if you don't have data plan and sending msgs using the signal client via <a href="https://libranet.de/search?tag=cell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cell</span></a> tower <a href="https://libranet.de/search?tag=phone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phone</span></a> service, those msgs are not sent encrypted, they are sent <a href="https://libranet.de/search?tag=cleartext" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cleartext</span></a> like any <a href="https://libranet.de/search?tag=sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sms</span></a> client. hence, you don't need the signal client at all.
Christian Pietsch (old acct.)<p>If you are a command line and text terminal fan like myself, chances are you are using this trio daily:</p><p>– <a href="https://digitalcourage.social/tags/pass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pass</span></a> for managing <a href="https://digitalcourage.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a>, <br>– <a href="https://digitalcourage.social/tags/mutt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mutt</span></a> for reading and writing <a href="https://digitalcourage.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a>,<br>– <a href="https://digitalcourage.social/tags/msmtp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>msmtp</span></a> for sending out e-mails via weird mail servers such as <a href="https://digitalcourage.social/tags/MS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MS</span></a> <a href="https://digitalcourage.social/tags/Exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exchange</span></a> that mutt cannot talk to directly.</p><p>Today I figured out how to make them work together without entering or storing <a href="https://digitalcourage.social/tags/cleartext" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cleartext</span></a> passwords.</p><p>I am using GNU/Linux and have <a href="https://digitalcourage.social/tags/gpg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gpg</span></a> agent working.</p><p>I used pass to store my e-mail (and <a href="https://digitalcourage.social/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActiveDirectory</span></a>) password under the name uni/mail. This generated the encrypted file ~/.password-store/uni/mail.gpg. So …</p><p>In ~/.muttrc, I put:<br>set imap_pass=`gpg2 --no-tty -q -d ~/.password-store/uni/mail.gpg`</p><p>In ~/.msmtprc, I put:<br>passwordeval gpg2 --no-tty -q -d ~/.password-store/uni/mail.gpg</p><p>Whenever I change this password, all I have to do is to store it using pass. The other programs will fetch it from there and decrypt it when they need it.</p><p><a href="https://digitalcourage.social/tags/CLI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CLI</span></a> <a href="https://digitalcourage.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://digitalcourage.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a> <a href="https://digitalcourage.social/tags/MUA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MUA</span></a> <a href="https://digitalcourage.social/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMTP</span></a> <a href="https://digitalcourage.social/tags/IMAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IMAP</span></a> <a href="https://digitalcourage.social/tags/GNU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GNU</span></a> <a href="https://digitalcourage.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a></p>
puresick<p>23 gigabytes elasticsearch database leaked, including 1 million fingerprints, other biometric data and unhashed passwords </p><p><a href="https://threatpost.com/fingerprints-of-1m-exposed-in-public-biometrics-database/147345/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">threatpost.com/fingerprints-of</span><span class="invisible">-1m-exposed-in-public-biometrics-database/147345/</span></a></p><p><a href="https://toot.cafe/tags/leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>leak</span></a> <a href="https://toot.cafe/tags/elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>elasticsearch</span></a> <a href="https://toot.cafe/tags/database" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>database</span></a> <a href="https://toot.cafe/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://toot.cafe/tags/biometric" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>biometric</span></a> <a href="https://toot.cafe/tags/fingerprint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fingerprint</span></a> <a href="https://toot.cafe/tags/facial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>facial</span></a> <a href="https://toot.cafe/tags/recognition" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>recognition</span></a> <a href="https://toot.cafe/tags/unhashed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unhashed</span></a> <a href="https://toot.cafe/tags/cleartext" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cleartext</span></a> <a href="https://toot.cafe/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload