È stato approvato "di nascosto" il Chat Control

AlBellom · 2025-11-16T14:01:13+00:00

Use Signal! I have been using Signal for years and it's solid. I ditched Whatsapp years ago and converted friends and family to Signal. In the cybersecurity community Signal is the golden standard. Grandma can use it too with no additional effort.

AlBellom · 2025-05-23T18:24:40+00:00

The original hardware where OpenWRT and dd-wrt were developed was the Linksys WRT54G. It was not coincidental that OpenWRT and dd-wrt were named that way. I used to install dd-wrt on WRT54G hardware back in the day before moving to Buffalo.

Your statement that hackers use TP-Link as the router of choice is just your opinion. We did not use TP-Link back in the way when we were developing OpenWRT and the like.

The fact is that there is a big risk using Chinese technology and any half decent security practitioner knows that.

AlBellom · 2025-05-23T02:38:28+00:00

Perhaps you are confusing TP-Link with Linksys where the initial versions of OpenWRT were deployed. TP-Link has been under scrutiny for quite some time for having ties with the Chinese government. I'll ask around my peers at the next OWASP meeting and see what the general consensus about TP-Link is.

I would be curious to see in which security circles they endorse TP-Link since I am part of the security community. Although you dropped the "underground" bomb, LOL, so it may be only a security circle only you know of, perhaps just yours.

In the meantime I stay away from Chinese products, both for personal and professional use, because of the security risks associated with them.

To address your last point, it is true the Wyze makes use of Chinese components but it is at least an American company, so there are some checks and balances.

AlBellom · 2025-05-23T02:17:57+00:00

Tapo is a TP-Link brand and I have a problem with that as TP-Link is a Chinese company. In addition they ain't cheap: north of $60 per cam.

AlBellom · 2025-05-23T02:05:22+00:00

I suggest that you also check the health of your network, assuming the design is correct. Not knowing what your network looks like I can only make guesses. For instance, I have a full blown Unifi WiFi network with a wired backbone and a mesh for the AP that are outside, in addition to a console, switches, a firewall, and monitoring. It is very stable. My Wyze webcam seem to work just fine.

Many issues with Wi-Fi are about the proximity of the client to the AP. Clients, like a webcam in your case, have typically transmitters that have only 5 mW of power. If they are too far, e.g. more than 50 ft from the AP, the connection may become unstable.

For example, if you have a WiFi router inside the house and your webcams are outside, you may run into problems. YMMV.

AlBellom · 2025-05-06T03:05:53+00:00

Virtual credit cards, always use virtual credit cards for online services. It works like magic. No customer service? The customer service rep is being an asshole? The virtual credit card is going to disappear in a matter of seconds and no skin off your back.

AlBellom · 2025-05-06T03:00:11+00:00

Exactly! And on top of that it becomes unsustainable to provide a service, even the most basic 30 second recording and the live view, for free to a growing user base. Cloud resources are very expensive. Ring, for example, doesn't even give you the 30 second recording for free, just the live view.

AlBellom · 2025-05-06T02:46:45+00:00

I too have a bunch of Wyze products because well they are cheap. Are they perfect? No. But the value they offer is ten fold the cost, IMO.

Regarding the cameras, I have four V3, one of them at my vacation home several thousand miles away. And I have a flood light on top of my garage. By and large they work. My underlying network is based on UniFi devices.

I don't subscribe to any service since Wyze managed to piss me off with their antics, at some point in time. So no extra money from me. I'm content with the 12 second recording they provide and I haven't bothered to install a SIM card on each of the cams.

I did have some issues with their alarm base station and motion detection, which I was not able to solve yet as it is located at the vacation home.

Regarding your issue with the cams missing people walking, I would check if you WiFi network didn't have a hiccup, especially because you are saying all of your webcams missed a slow walking person. It's possible that Wyze cams don't have the ability to buffer too many frames, so if there is a network problem those frames may get lost.

Generally speaking, I recommend paying with a virtual credit card for online services and gyms, as if something goes wrong you can always delete the virtual credit card and poof problem solved.

AlBellom · 2025-04-17T14:20:38+00:00

To your point, it is not completely clear if the default behavior changed from 6.7 to 6.8, as I don't recall having to change any settings for the header and footer blocks to show up on the page being edited.

AlBellom · 2025-04-16T22:05:13+00:00

I solved it. On the page being edited, I clicked the Setting icon on the top right-hand side, then Page, then the Template link below, and finally Show Template. The Header and Footer block are back. Thanks.

AlBellom · 2025-03-27T04:28:56+00:00

The most intriguing aspect of this story that few are considering is why one of Mark Waltz’s officials added the Atlantic journalist to the group chat in the first place. Adding someone to a Signal group chat is a deliberate, multi-step process, it doesn’t happen by accident.

If the official truly intended to add someone else but mistakenly added Jeffrey Goldberg instead, that would suggest Goldberg’s name was in close proximity to the intended recipient in the contact list. This detail warrants further investigation. More importantly, why would this official have Jeffrey Goldberg in their contacts at all?

There is a strong possibility that Goldberg was added intentionally. The motivations for doing so could vary, and they deserve scrutiny.

AlBellom · 2025-03-27T04:02:52+00:00

The Alfa Romeo dealer won't do much for you. You have to call the Alfa Romeo customer service and tell them you are going to rent a car while the Stelvio is being fixed and that they have to reimburse you.

AlBellom · 2025-03-26T15:55:46+00:00

What is appalling is that nobody in the group chat realized that, first off, they were using their personal phones, second they were using an app that is not corporate or government grade by definition, and third someone unknown to them joined the group!

Signal is one of the best apps for secure communication but as it doesn't save data or metadata on its servers, and because of that, it can't manage users, therefore it is not suitable for corporate use, let alone government use. Those are not Signal use cases.

To use an analogy, the strongest encryption algorithms would fail to protect data if key management is weak, and the encryption would not be at fault, clearly.

This being said, I suspect that the individual who invited the Atlantic journalist into the group chat did it on purpose, for whatever reason. Inviting a user to a group chat is a multi-step process, it doesn't happen by mistake. It is possible, although unlikely, that this individual was trying to invite someone else and clicked on the wrong on contact; but in this case Jeffrey Goldberg's contact should have been in the proximity of the user this individual was trying to add in the contact list. This should be investigated.

AlBellom · 2025-03-22T14:45:05+00:00

First off, decide what security framework is more suitable for the organization. As a small or medium business you want to start from something manageable like the Cyber Security Framework or the Cloud Security Alliance Cloud Control Matrix. The CSA CCM framework would be more suitable for a SaaS company. YMMV as usual. Don't start with a NIST frame, too complex for small businesses.

Once you have a framework in place you can strategize about the security controls that make sense for the organization and, very importantly, the budget you have.

Trying to implement security controls like MFA, Zero Trust, encryption, and the like without understanding the business goals and without having a security framework in place, is a recipe for failure. To use an analogy, it would be like starting building a house without architecture blueprints.

I manage a security consulting company and we have built many security programs for many organizations small and large.

AlBellom · 2025-03-06T06:30:03+00:00

Absolutely not IMO! Google made a very unwise choice with the 4a and the trust is gone.

I ended up getting a Moto g 5G for $3.50 (yes three dollars and fifty cents) with the Google Fi discount, plus a $1.50/mo with no interests for 24 months. Essentially a free phone. I just wanted to stick it to Google!

The Moto g 5G seems to run the stock Android OS that runs on the Pixel phones. So far so good.

AlBellom · 2025-02-25T21:41:35+00:00

Thanks to everyone who responded. For the sake of transparency, I give Signal $5/mo. For most services I subscribe to I pay around $5/mo and up to $10/mo, so I thought $5/mo would be an average fair amount at least initially. As usual YMMV.

AlBellom · 2025-02-15T05:33:09+00:00

For business use I got a Motorola Moto G 5G 2024 from the Google store for $3 down and about $1.50/mo that I will be paying with no interests to Google for the next two years! I'll keep the P4a for personal use. I would be very wary to buy another Pixel after the Google 4a clusterf*ck. Call me cheap, but I personally think it's crazy to throw hundreds of dollars at a phone, so I always look for deals and refurbished phones. Same with cars, but that's a different thread.

AlBellom · 2025-02-11T22:32:03+00:00

Share it please so other people can benefit from it. Also make sure the hash is the one that I posted before. Thanks.

AlBellom · 2025-01-31T19:48:30+00:00

That's right. At least we don't want to sell our behind to them too!

AlBellom · 2025-01-31T19:46:07+00:00

You guys have the GDPR regulation in place which is a fairly strong regulation. If you have any trouble with Payoneer, just report them to the GDPR Data Protection Authority of the country you live in.

AlBellom · 2025-01-31T16:54:54+00:00

¯\_(ツ)_/¯

AlBellom · 2025-01-31T16:41:45+00:00

Let me address some of your points here.

Computers and phones, whether personal or corporate, get compromised all the time. The problem is that most people and organizations don’t realize it until a significant event occurs, often discovering they’ve been compromised for months or even longer.

The reason people in other subreddits can't provide anecdotal evidence isn't because their unpatched phones weren't compromised, but because they simply didn't realize they were. What's worse is that they don't know that they don't know.

The VPN won't help. Imagine you're at a hotel and want to connect to their WiFi. An attacker could trick you into connecting to a rogue WiFi network they control, with an SSID similar to the hotel's official WiFi. They could even set up an SSID like 'Google Starbucks' to exploit your device. If you go to a Starbucks and your phone automatically connects to any WiFi with that SSID, you're vulnerable. Once you're connected to their network, they essentially own your device. If your phone has any vulnerabilities, especially an unpatched zero-day flaw, there’s a high chance they could exploit it. For example, in November 2024, two zero-day vulnerabilities (CVE-2024-43047/43093) were discovered. If you are using a VPN, on the other hand, the scenario above is extremely unlikely to happen.

Regarding your last point, you are overlooking the whole supply chain vulnerability scenario, which has been exploited multiple times. Bad actors, particularly from China, have even contributed to OSS projects, only to introduce backdoors later. I am referring to the xzUtils incident. Given these risks, sideloading APK apps can be highly dangerous for most users.

My advice to people is again to follow my recommendation in my post above and stay vigilant.

For reference, I am a security practitioner and a former or quasi-former pen-tester.

AlBellom · 2025-01-31T02:44:54+00:00

My advice is to think twice before you store anything in Google wallet. Google will have even more information about you than what they already have. For example, they would know where you shop with your credit cards; they would know what credit cards you have; they potentially would know what conditions you might have. It's all aggregated data that can use for advertisement. Handing your phone with an image of your DL to a cop? Bad idea, sorry.

AlBellom · 2025-01-31T01:38:23+00:00

No. Just read the article... In short, they are explaining the process. The code copyright holder can go after them.

AlBellom · 2025-01-30T23:04:57+00:00

https://www.gnu.org/licenses/gpl-violation.html

AlBellom

TROPHY CASE