The Czech National Cyber & Information Security Agency has issued a new version of their crypto(graphy) recommendations. The new version specifically lists password hashing algos but lacks bcrypt (probably because it's based on an obsolete Blowfish cipher). Disagree but who am I. Some minimal required Argon2 params are overkill: The m param (memory) is in kilobytes, 2^21 × 1024 is 2GB memory for computing just one password hash is too much. But maybe it's a typo only and should be 2^11 × 1024 = 2MB. After all there are multiple typos (Scrypt, PbKDF2) 😅

You may have noticed that when you click/copy a link on Facebook, a page on l.​facebook​.​com opens first and only then you're redirected to the original site. Even though the A HREF in the HTML points to the site. Even the tiny status line at the bottom shows the correct link. When you click the FB link, but before the browser loads the page, they change the HREF to l.​facebook.​com so for the browser, it seems like you clicked the l.​fb link. Works with right-click as well, maybe because "copy link". And when you move the mouse back again… Sneaky.

@Oskar456 @PalacAkropolis @Oskar456 @PalacAkropolis

Two guys from CZ have stolen $30k from Vodafone CZ customers by logging in using random phone numbers and password 1234 (Vodafone's password is just 4-6 digits). They got in quite a few customer accounts. It's possible the password 1234 was even set by VF customer representatives ... because some customers didn't even know they can log in. Customers now technically owe the stolen money to Vodafone and guess what, Vodafone wants them to pay because they had a weak password(!) which could even be set temporarily by VF(!) They even sent a debt collector(!).