I was informed that my private info have been exposed.

@heiseonline@social.heise.de ist das vielleicht interessant für euch? Ich kann euch gerne alle Daten weiterleiten.

I was informed that my private info have been exposed. The company in charge of the data is ISO certified (9001 and 27001) and run by a professor of "Business Informatics and Project Management".

The access to their systems went on for 7 days without being detected.

#infosec #compliance #theater #iso27001

@SpaceLifeForm@infosec.exchange Firefox never really forced CT logged, but with this proposal it seems to me that you now have to trust that a CA can properly maintain a log and also trust the cosigners at the same time.

@dangoodin@infosec.exchange

Caddy is pretty ram hungry, but having ACME integrated makes it worth for me. The idea of building nginx with the ACME module locally is not really attractive. I also took a look at lighttpd but the syntax put me off directly...

#caddy #nignx #acme #lighttpd

@stf@chaos.social I just recalled that confer (LLM by moxie and co) is also using passkeys for encryption:

https://confer.to/blog/2025/12/passkey-encryption/

@timcappalli@infosec.exchange

@timcappalli@infosec.exchange To add to the arguments: it also defeats the whole idea of having hardware security keys. If the secret is stolen or exposed somehow, decryption does not require access to the hardware token anymore.

@grunfink@comam.es that's a relief. Thanks for snac!

Running my own ActivityPub is more complicated than I expected. #snac (shoutout to @grunfink@comam.es) is easy to setup and run, but I'm not sure if anyone out there can see/read my toots.

#activitypub #fediverse