I’m having a hard time wrapping my head around the lines between #surveillance, #securityculture, and the necessity for disengaging and resisting surveillance #capitalism (specifically in the context of activism and social movements ) with also the way that media serves an incredibly valuable purpose to ignite social action , education others and archive movements.

Me!!!
#CyberSecurityGeek
#infosec
#itsec
#securityculture

Said with absolutely no shade to anyone:

Our movements and organizations urgently need to improve our security culture!

An important first step: build community security and safety into EVERY event from the start, whether it's in person or virtual. Don't sleep on it!

#digisec #CommunitySafety #SecurityCulture #WeProtectUs #WeKeepUsSafe #trans #queer

A report by ClubCISO and Telstra Purple found that despite perceived dips in the quality of overall security posture, the majority of CISOs have observed positive security culture gains in their organizations in the last year. The report surveyed 182 members of ClubCISO, with CISOs reporting a drop... https://www.csoonline.com/article/3699119/security-culture-improving-in-businesses-despite-factors-holding-teams-back.html#tk.rss_all #securityculture #CISOs #cybersecurityresources #softcorpremium

Security Culture

A security culture is a set of customs shared by a community, whose members may be targeted, designed to minimize risk.

Having a security culture in place saves everyone the trouble of having to work out safety measures over and over from scratch, and can help offset paranoia and panic in stressful situations.

The difference between protocol and culture is that culture becomes unconscious, instinctive, and thus effortless; once the safest possible behaviour has become habitual for everyone in the circles in which you travel, you can spend less time and energy emphasizing the need for it, or suffering the consequences of not having it, or worrying about how much danger you’re in, as you’ll know you’re already doing everything you can to be careful.

Key Points:

Be aware of the reliability of those around you, esp those with whom you might collaborate with

Learn and abide by the security expectations of each person you interact with, and respect differences in style.

Let others know exactly what your needs are when it comes to security.

Look out for other people.

Security culture is a form of etiquette, a way to avoid needless misunderstandings and potentially disastrous conflicts.

Security culture is a way to avoid unhealthy paranoia by minimizing risks ahead of time.

Don’t let suspicion be used against you.

Always be prepared for the possibility that you are under observation, but don’t mistake attracting surveillance for being effective.

Security culture involves a code of silence, but it is not a code of voicelessness.

From: @sproutdistro

#SecurityCulture #Antifa #Anarchism #Tactics #WeProtectUs #CommunityDefence #CommunityDefenceAction

Counter-Surveillance Resource Center (CSRC) Bulletin #1

https://www.csrc.link/read/csrc-bulletin-1-en.html

#surveillance #privacy #securityculture #opsec

This guide on #securityculture needs an update but it offers solid best practices for militants everywhere. For folks north of the colonial border it gives a useful overview of the Canadian security apparatus. Something missing from a lot of these guides is frameworks for dealing with conflicts that discourage the spreading of rumors and gossip, which have been proven as useful tools to divide movements, sow doubts and destroy the credibility of individuals and spread paranoia. Any suggestions about this topic are appreciated.

https://theanarchistlibrary.org/library/securitysite-tao-ca-security-culture

The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists

An exhaustive anarchist overview and guide to various apps and tech that utilize peer-to-peer and encryption.

Secure encryption chat apps are essential infrastructure for anarchists, so they should be closely scrutinized. Signal is the dominant secure encryption tool used by anarchists today. Conspiracy theories notwithstanding, the fundamental architecture and development goals of Signal have potential security implications for anarchists. Signal is a centralized communication service, and centralization results in potential security implications, especially when contextualized within the current threat landscape. Alternative secure chat apps like Briar and Cwtch are Peer-to-peer communication tools that, in addition to being Encrypted like Signal, route all traffic through Tor (PET). This approach to secure communication offers great advantages for security, anonymity and privacy over more common services like Signal, but with caveats. However, anarchists should seriously consider trying and using Briar and/or Cwtch, in the interest of developing more resilient and more secure communication infrastructure.

Despite all that, the best way to communicate anything securely is still face-to-face.

Read more: https://itsgoingdown.org/the-guide-to-peer-to-peer-encryption-and-tor-new-communication-infrastructure-for-anarchists/

Download and Print PDF Version

For Reading Online: https://itsgoingdown.org/wp-content/uploads/2022/10/petguide_read.pdf

For Printing: https://itsgoingdown.org/wp-content/uploads/2022/10/petguide_imposed.pdf

#SecurityCulture

Snitches & Sleuths.

Boosting this excellent PSA piece from 2021.

via PUGET SOUND ANARCHISTS:

“Social media is one of the easiest and most common ways for a host of bad actors to access your identification. Whether it is the police or fascists, social media is a weak link in almost everyone’s privacy plans. No matter how well you think your accounts are “locked down,” there are a myriad of ways for investigators to ascertain your identity. The best way for someone to keep their information private from those who would wish to harm them is to not use social media at all. For some this may feel like an impossible task. But we ask that you consider the consequences when deciding to engage in online banter about your politics or activities both personal and professional.”

Read the full article over at:

https://pugetsoundanarchists.org/snitches-sleuths-an-update-from-puget-sound-prisoner-support/

#OpSec #Repression #SecurityCulture #StopCopCity #Snitches

I’ve talked about the positive feedback cycles of a healthy security culture, but I have to stop and brag about this because my heart is bursting with rainbows and I’m tearing up a bit. :amaze:

This morning a user reached out to let me know that they look forward to reading our security emails and notices. That they are super interesting and that they are taking the stuff they learn back into the personal life.

1,000,000 simulated kb4 phishes would never have bought me this engagement. We can do better y’all.

#SecurityManagement #SecurityCulture #Infosec

“Mass community self-defense is part and parcel to the DNA of grassroots movements for liberation in the so-called US.”

https://share.snipd.com/episode/4afc187d-95c2-4f95-9fe7-bab8bd3e7344

#2a #armedminorities #armedlgbtq #communitydefense #activism #securityculture #antiauthoritarianism #anarchism #socialism

“Mass community self-defense is part and parcel to the DNA of grassroots movements for liberation in the so-called US.”

https://share.snipd.com/episode/4afc187d-95c2-4f95-9fe7-bab8bd3e7344

#2a #armedminorities #armedlgbtq #communitydefense #activism #securityculture #antiauthoritarianism #anarchism #socialism

“Mass community self-defense is part and parcel to the DNA of grassroots movements for liberation in the so-called US.”

https://share.snipd.com/episode/4afc187d-95c2-4f95-9fe7-bab8bd3e7344

#2a #armedminorities #armedlgbtq #communitydefense #activism #securityculture

It's a great day to talk about "cyber security industry statistics" in the Live Cyber Security Awareness Forum.

Join the panel discussion with live audience Q&A today at 1pm ET.
#csaf #cybersecurity #statistics #riskmanagement #securityculture
https://us02web.zoom.us/webinar/register/6116755984161/WN_J5jQ7FcETn2wNhilo4tyUQ

@Homebrewandhacking @mandyroy

Once your worst enemies possess a piece of information, there is a tendency to loosen the secrecy level, since the bad guys have it already. Hence, the non - classified nature of a lot of scary information.

However, it may be wiser to continue restriction of a lot which the main opposition already possesses. No need to bring small-potatoes nuisance antagonists into "the know" and even your enemies may prefer a clear playing field.

This applies to a lot of local and domestic intrigues as well. No point letting shady Paul in on the secret that your security camera is a fake even if crooked Peter already knows it.

#security principles #securityculture

Believe What You Are Doing is Powerful & Important

"First in a series of tips on staying safe while taking action.

Remember to take yourself seriously... because those in power certainly will."

https://kolektiva.media/w/w7VAc1KkkhgsgjK1W4b51J

#AnarchistMedia #SubMedia #SecurityCulture

As someone who is a little bit overzealous about some bits of #SecurityCulture, I'm still really not much of a fan of #TOTP authentication and I consider it to be a false sense of security that opens up additional avenues to socially engineer those who have the power to reset or remove it.

I've seen various ways around this issue and none are ideal. One is to provide an override key to the user when the TOTP is set up. The glaringly obvious issue with this is that people can lose it. People have the option of storing it in the same place as their password but that ends up eliminating half of the point of the TOTP in the first place. The other one is to use phone verification as a backup, however this is useless if the reason you get locked out is because your phone was lost or stolen. Phone numbers have also been stolen by socially engineering phone companies through fraud.

Periodic #SecurityCulture reminder, this time thanks to #FTXScam crypto shenanigans:

Don't name your #signal thread after the crime you are committing on it!

https://www.afr.com/companies/financial-services/ftx-s-inner-circle-had-a-secret-chat-group-called-wirefraud-20221213-p5c5sx

Der österreichische Ex-Finanzminister Gernot Blümel hat vor der durchgesickerten Hausdurchsuchung seine Frau mit seinem Laptop spazieren geschickt, damit die Polizei nichts findet..

Für alle die nicht von den Behörden vorab informiert werden: Wir empfehlen #verschlusselung und #Passwortsicherheit

Tips, Tools und Anleitungen bei uns im Wiki:
https://www.fit-fuer-aktion.wiki/digitale-sicherheit/aufbewahrung-verschluesselung-daten/index

#antirepression #1312 #digitalesicherheit #securityculture #Uberwachung #datenschutz

One thing I'm liking in Andor so far (watched up to E10) is the great demonstration of security culture. DON'T. BOAST. But man, that speech by Luthan at the end of the episode took my breath away. #SecurityCulture