cross-posted from: https://sopuli.xyz/post/17042938

Still waiting for end to end encryption...

Someone in Poland chose an interesting name for his company.

I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.

Nothing tells me more that you care about my privacy than sharing my data with hundreds or thousands of companies.

Sadly, the support for passkeys is still lacking.

Anybody else working on the 2025 budget?

As AI image recognition advances, CAPTCHAs need to get more creative.

What are your best experiences with CAPTCHAs?

What is your favourite password rule?

Interestingly, the firewall got overload by the number of UDP packets and not by the bandwidth of traffic. See UDP Flooding on Wikipedia.

Please don't act like the german conservative party:

The CDU [german conservative party] lodged a criminal complaint against Wittmann after she told the party about a security vulnerability in the CDU-Connect election campaign app. (source)

To be clear, not all companies are like this.

Who could have guessed that having tested, well protected and current backups help when dealing with cyber security incidents?

This practice is not recommended anymore, yet still found in many enterprises.

We found out that 10% of our users entered their password.

cross-posted from: https://slrpnk.net/post/12477525

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

Fun fact: The outdated software runs on outdated hardware, too.

Quote taken from a 24 year old article by Bruce Schneier that is still relevant in today's world.

If a single click on a phishing email can ruin the entire company, the blame doesn't lie with that individual.