<p>Let's Encrypt is 10 years old today! <br>Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Huge thanks to everyone involved in making HTTPS available to everyone for free </p><p><a href="https://letsencrypt.org/" rel="nofollow"><span class="invisible">https://</span>letsencrypt.org/</a> </p><p><a href="/tags/tech/" rel="tag">#tech</a> <a href="/tags/technology/" rel="tag">#technology</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/privacy/" rel="tag">#privacy</a> <a href="/tags/encryption/" rel="tag">#encryption</a> <a href="/tags/https/" rel="tag">#https</a> <a href="/tags/letsencrypt/" rel="tag">#letsencrypt</a> <a href="/tags/isrg/" rel="tag">#ISRG</a></p>
security
<p>A list of digital service providers outside the jurisdiction of the United States of America. 😉</p><p><a href="https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction" rel="nofollow" class="ellipsis" title="codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/Linux-Is-Best/Out</span><span class="invisible">side_Us_Jurisdiction</span></a></p><p>My list was getting bigger than a Fedi post could hold, so it is now hosted on Codeberg, an alternative to GitHub or GitLab, but based out of Germany. 👍</p><p><a href="/tags/codeberg/" rel="tag">#CodeBerg</a> <a href="/tags/github/" rel="tag">#GitHub</a> <a href="/tags/gitlab/" rel="tag">#GitLab</a> <a href="/tags/webhosting/" rel="tag">#WebHosting</a> <a href="/tags/vpn/" rel="tag">#Vpn</a> <a href="/tags/dns/" rel="tag">#Dns</a> <a href="/tags/cdn/" rel="tag">#Cdn</a> <a href="/tags/passwordmanager/" rel="tag">#PasswordManager</a> <a href="/tags/email/" rel="tag">#Email</a> <a href="/tags/privacy/" rel="tag">#Privacy</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/project2025/" rel="tag">#Project2025</a> <a href="/tags/fascism/" rel="tag">#Fascism</a> <a href="/tags/unitedstates/" rel="tag">#UnitedStates</a> <a href="/tags/ruleoflaw/" rel="tag">#RuleOfLaw</a> <a href="/tags/justice/" rel="tag">#Justice</a></p>
<p>White House Proposal Could Gut Climate Modeling the World Depends On<br>—</p><p>Potential funding cuts for NOAA and its research partners threaten irreparable harm not only to climate research but to American safety, competitiveness, and national security.<br><a href="https://www.propublica.org/article/trump-noaa-budget-cuts-climate-change-modeling-princeton-gfdl?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post" rel="nofollow" class="ellipsis" title="www.propublica.org/article/trump-noaa-budget-cuts-climate-change-modeling-princeton-gfdl?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post"><span class="invisible">https://</span><span class="ellipsis">www.propublica.org/article/tru</span><span class="invisible">mp-noaa-budget-cuts-climate-change-modeling-princeton-gfdl?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post</span></a></p><p><a href="/tags/news/" rel="tag">#News</a> <a href="/tags/noaa/" rel="tag">#NOAA</a> <a href="/tags/climate/" rel="tag">#Climate</a> <a href="/tags/climatechange/" rel="tag">#ClimateChange</a> <a href="/tags/weather/" rel="tag">#Weather</a> <a href="/tags/data/" rel="tag">#Data</a> <a href="/tags/science/" rel="tag">#Science</a> <a href="/tags/security/" rel="tag">#Security</a></p>
<p>2025-04-26 RDP <a href="/tags/honeypot/" rel="tag">#Honeypot</a> IOCs - 3381 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="/tags/dfir/" rel="tag">#DFIR</a> <a href="/tags/infosec/" rel="tag">#InfoSec</a></p><p>Top IPs:<br>161.97.77.37 - 3087<br>138.68.11.85 - 207<br>80.94.95.198 - 24</p><p>Top ASNs:<br>AS51167 - 3087<br>AS14061 - 208<br>AS204428 - 25</p><p>Top Accounts:<br>hello - 3301<br>142.93.8.59 - 38<br>Test - 13</p><p>Top ISPs:<br>Contabo GmbH - 3087<br>DigitalOcean, LLC - 208<br>SS-Net - 25</p><p>Top Clients:<br>Unknown - 3381</p><p>Top Software:<br>Unknown - 3381</p><p>Top Keyboards:<br>Unknown - 3381</p><p>Top IP Classification:<br>hosting - 3102<br>hosting & proxy - 208<br>Unknown - 66</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/jLzEdz8k" rel="nofollow"><span class="invisible">https://</span>pastebin.com/jLzEdz8k</a></p><p><a href="/tags/cybersec/" rel="tag">#CyberSec</a> <a href="/tags/soc/" rel="tag">#SOC</a> <a href="/tags/blueteam/" rel="tag">#Blueteam</a> <a href="/tags/secops/" rel="tag">#SecOps</a> <a href="/tags/security/" rel="tag">#Security</a></p>
<p>"Implementing Passkeys in Practice - Computerphile" - <a href="https://www.youtube.com/watch?v=lypcC79k-gg" rel="nofollow" class="ellipsis" title="www.youtube.com/watch?v=lypcC79k-gg"><span class="invisible">https://</span><span class="ellipsis">www.youtube.com/watch?v=lypcC7</span><span class="invisible">9k-gg</span></a></p><p><a href="/tags/passkeys/" rel="tag">#passkeys</a> <a href="/tags/programming/" rel="tag">#programming</a> <a href="/tags/2fa/" rel="tag">#2fa</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/infosec/" rel="tag">#infosec</a> <a href="/tags/computerphile/" rel="tag">#computerphile</a></p>
<p>We're pleased to announce that <a href="/tags/hollo/" rel="tag">#Hollo</a> has been included in the Nivenly Fediverse Security Fund program!</p><p>The <span class="h-card"><a href="https://hachyderm.io/@nivenly" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nivenly</span></a></span> Foundation has launched a security bounty fund to support contributors who identify and help fix <a href="/tags/security/" rel="tag">#security</a> vulnerabilities in popular <a href="/tags/fediverse/" rel="tag">#fediverse</a> software. Both Hollo and <span class="h-card"><a href="https://hollo.social/@fedify" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fedify</span></a></span> are among the selected projects that meet their responsible security disclosure requirements.</p><p>This program will run from April–September 2025, with bounties of $250–$500 USD for high and critical security vulnerabilities.</p><p>We're honored to be recognized alongside other established fediverse projects like Mastodon, Misskey, and Lemmy. This further encourages our commitment to maintaining strong security practices.</p><p>If you're interested in contributing to Hollo's security, please follow our responsible disclosure process outlined in our <a href="https://github.com/fedify-dev/hollo/security/policy" rel="nofollow">SECURITY.md</a> file.</p><p>Learn more about the program:</p><p><a href="https://nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/" rel="nofollow" class="ellipsis" title="nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/"><span class="invisible">https://</span><span class="ellipsis">nivenly.org/blog/2025/04/01/ni</span><span class="invisible">venly-fediverse-security-fund/</span></a></p>
<p>We're pleased to announce that <a href="/tags/fedify/" rel="tag">#Fedify</a> has been included in the Nivenly Fediverse Security Fund program!</p><p>The <span class="h-card"><a href="https://hachyderm.io/@nivenly" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nivenly</span></a></span> Foundation has launched a security bounty fund to support contributors who identify and help fix <a href="/tags/security/" rel="tag">#security</a> vulnerabilities in popular <a href="/tags/fediverse/" rel="tag">#fediverse</a> software. Both Fedify and <span class="h-card"><a href="https://hollo.social/@hollo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hollo</span></a></span> are among the selected projects that meet their responsible security disclosure requirements.</p><p>This program will run from April–September 2025, with bounties of $250–$500 USD for high and critical security vulnerabilities.</p><p>We're honored to be recognized alongside other established fediverse projects like Mastodon, Misskey, and Lemmy. This further encourages our commitment to maintaining strong security practices.</p><p>If you're interested in contributing to Fedify's security, please follow our responsible disclosure process outlined in our <a href="https://github.com/fedify-dev/fedify/security/policy" rel="nofollow">SECURITY.md</a> file.</p><p>Learn more about the program:</p><p><a href="https://nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/" rel="nofollow" class="ellipsis" title="nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/"><span class="invisible">https://</span><span class="ellipsis">nivenly.org/blog/2025/04/01/ni</span><span class="invisible">venly-fediverse-security-fund/</span></a></p>
<p>FreeBSD: Leakage of information into vt consoles, from a desktop environment at ttyv8</p><p><a href="https://www.reddit.com/r/freebsd/comments/1k92yo8/leakage_of_information_into_vt_consoles_from_a/" rel="nofollow" class="ellipsis" title="www.reddit.com/r/freebsd/comments/1k92yo8/leakage_of_information_into_vt_consoles_from_a/"><span class="invisible">https://</span><span class="ellipsis">www.reddit.com/r/freebsd/comme</span><span class="invisible">nts/1k92yo8/leakage_of_information_into_vt_consoles_from_a/</span></a></p><p>– in other words, input in a desktop environment may be mistreated as input at a terminal e.g. ttyv0 or ttyv1. </p><p>Please help to identify relevant source code. Thank you. </p><p><a href="/tags/freebsd/" rel="tag">#FreeBSD</a> <a href="/tags/security/" rel="tag">#security</a></p>
<p>Meine IT Sicherheits-Privatsphäre Übersicht für alle :-)</p><p>als PDF: </p><p><a href="https://cryptpad.digitalcourage.de/file/#/2/file/++iR72w4cvNFngjd0ndhS2Yn/" rel="nofollow" class="ellipsis" title="cryptpad.digitalcourage.de/file/#/2/file/++iR72w4cvNFngjd0ndhS2Yn/"><span class="invisible">https://</span><span class="ellipsis">cryptpad.digitalcourage.de/fil</span><span class="invisible">e/#/2/file/++iR72w4cvNFngjd0ndhS2Yn/</span></a></p><p><a href="/tags/privatsphäre/" rel="tag">#Privatsphäre</a> <a href="/tags/datenschutz/" rel="tag">#Datenschutz</a> <a href="/tags/sicherheit/" rel="tag">#sicherheit</a><br><a href="/tags/security/" rel="tag">#security</a> <a href="/tags/appstore/" rel="tag">#AppStore</a> <a href="/tags/kryptografie/" rel="tag">#Kryptografie</a> <br><a href="/tags/passwort/" rel="tag">#Passwort</a> <a href="/tags/passwortmanager/" rel="tag">#PasswortManager</a> <a href="/tags/informationssicherheit/" rel="tag">#Informationssicherheit</a> <a href="/tags/informationsfreiheit/" rel="tag">#Informationsfreiheit</a> <a href="/tags/ifg/" rel="tag">#IFG</a> <a href="/tags/politik/" rel="tag">#Politik</a> <a href="/tags/gaming/" rel="tag">#Gaming</a> <a href="/tags/gog/" rel="tag">#gog</a> <a href="/tags/lutris/" rel="tag">#Lutris</a> <a href="/tags/android/" rel="tag">#Android</a><br><a href="/tags/mail/" rel="tag">#Mail</a> <a href="/tags/cloud/" rel="tag">#Cloud</a> <a href="/tags/browser/" rel="tag">#Browser</a> <a href="/tags/webbrowser/" rel="tag">#WebBrowser</a> <a href="/tags/verschlüsselung/" rel="tag">#Verschlüsselung</a> <a href="/tags/dns/" rel="tag">#DNS</a> <a href="/tags/veracrypt/" rel="tag">#VeraCrypt</a> <a href="/tags/fdroid/" rel="tag">#Fdroid</a> <a href="/tags/messenger/" rel="tag">#Messenger</a> <a href="/tags/threema/" rel="tag">#Threema</a> <a href="/tags/signal/" rel="tag">#Signal</a> <a href="/tags/linux/" rel="tag">#Linux</a> <a href="/tags/taler/" rel="tag">#Taler</a> <a href="/tags/trixie/" rel="tag">#Trixie</a> <a href="/tags/foss/" rel="tag">#Foss</a> <a href="/tags/gaming/" rel="tag">#Gaming</a> <a href="/tags/opensource/" rel="tag">#OpenSource</a> <a href="/tags/unplugtrump/" rel="tag">#UnplugTrump</a> <a href="/tags/fediverse/" rel="tag">#Fediverse</a> <a href="/tags/menschenrechte/" rel="tag">#Menschenrechte</a> <a href="/tags/community/" rel="tag">#Community</a> <a href="/tags/linuxhelden/" rel="tag">#LinuxHelden</a> <a href="/tags/gamingonlinux/" rel="tag">#GamingonLinux</a> <a href="/tags/vpn/" rel="tag">#VPN</a> <a href="/tags/gegenrechtshilfe/" rel="tag">#GegenRechtsHilfe</a> <a href="/tags/fedilz/" rel="tag">#FediLZ</a> <a href="/tags/mastodon/" rel="tag">#Mastodon</a> <a href="/tags/shopping/" rel="tag">#Shopping</a> <a href="/tags/preppingforfuture/" rel="tag">#PreppingforFuture</a> <a href="/tags/katastrophenvorsorge/" rel="tag">#Katastrophenvorsorge</a> <a href="/tags/schutzmaßnahmen/" rel="tag">#Schutzmaßnahmen</a> <a href="/tags/supportyourhinterland/" rel="tag">#supportyourhinterland</a> <a href="/tags/mobilfunk/" rel="tag">#Mobilfunk</a> <a href="/tags/newpipe/" rel="tag">#NewPipe</a> <a href="/tags/ublockorigin/" rel="tag">#uBlockOrigin</a> <a href="/tags/medienkompetenz/" rel="tag">#Medienkompetenz</a> <a href="/tags/facebook/" rel="tag">#Facebook</a> <a href="/tags/instagram/" rel="tag">#Instagram</a> <a href="/tags/meta/" rel="tag">#Meta</a> <a href="/tags/youtube/" rel="tag">#YouTube</a> <a href="/tags/chatkontrolle/" rel="tag">#Chatkontrolle</a> <a href="/tags/überwachung/" rel="tag">#überwachung</a> <a href="/tags/matrix/" rel="tag">#Matrix</a> <a href="/tags/suchmaschine/" rel="tag">#Suchmaschine</a> <a href="/tags/tastatur/" rel="tag">#Tastatur</a> <a href="/tags/2fa/" rel="tag">#2FA</a> <a href="/tags/nichtszuverbergen/" rel="tag">#Nichtszuverbergen</a></p>
<p>FBI Director Kash Patel Waived Polygraph Security Screening for Dan Bongino, Two Other Senior Staff<br>---</p><p>As the FBI’s deputy director, Bongino receives some of the country’s most sensitive secrets, including the President’s Daily Brief. His ascent to that position without passing a standard bureau background check is unprecedented, insiders say.<br><a href="https://www.propublica.org/article/fbi-kash-patel-dan-bongino-waived-polygraph?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post" rel="nofollow" class="ellipsis" title="www.propublica.org/article/fbi-kash-patel-dan-bongino-waived-polygraph?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post"><span class="invisible">https://</span><span class="ellipsis">www.propublica.org/article/fbi</span><span class="invisible">-kash-patel-dan-bongino-waived-polygraph?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post</span></a></p><p><a href="/tags/news/" rel="tag">#News</a> <a href="/tags/fbi/" rel="tag">#FBI</a> <a href="/tags/kashpatel/" rel="tag">#KashPatel</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/government/" rel="tag">#Government</a> <a href="/tags/uspolitics/" rel="tag">#USPolitics</a></p>
<p>DHS used to only have information on immigrants who’d had contact with the agency.</p><p>Under a new data-sharing agreement, the system added information — including full Social Security numbers — on millions of Americans not in DHS databases.<br><a href="https://www.propublica.org/article/dhs-social-security-data-voter-citizenship-trump?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post" rel="nofollow" class="ellipsis" title="www.propublica.org/article/dhs-social-security-data-voter-citizenship-trump?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post"><span class="invisible">https://</span><span class="ellipsis">www.propublica.org/article/dhs</span><span class="invisible">-social-security-data-voter-citizenship-trump?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post</span></a></p><p><a href="/tags/news/" rel="tag">#News</a> <a href="/tags/dhs/" rel="tag">#DHS</a> <a href="/tags/socialsecurity/" rel="tag">#SocialSecurity</a> <a href="/tags/vote/" rel="tag">#Vote</a> <a href="/tags/data/" rel="tag">#Data</a> <a href="/tags/election/" rel="tag">#Election</a> <a href="/tags/privacy/" rel="tag">#Privacy</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/uspolitics/" rel="tag">#USPolitics</a></p>
<p>New Privacy Guides article 🔐<br>by me:</p><p>If you are an Apple user looking for a free, open-source, and privacy-focused password manager, KeePassium is a fantastic option.</p><p>KeePassium offers synchronization options, but allows you to keep your password database offline by default.</p><p>It's also KeePass-compatible, which makes migrating from or to any other KeePass-compatible apps easy.</p><p>Check the full review here: <a href="https://www.privacyguides.org/articles/2025/05/13/keepassium-review/" rel="nofollow" class="ellipsis" title="www.privacyguides.org/articles/2025/05/13/keepassium-review/"><span class="invisible">https://</span><span class="ellipsis">www.privacyguides.org/articles</span><span class="invisible">/2025/05/13/keepassium-review/</span></a></p><p><a href="/tags/privacyguides/" rel="tag">#PrivacyGuides</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/privacy/" rel="tag">#Privacy</a> <a href="/tags/password/" rel="tag">#Password</a> <a href="/tags/passwordmanager/" rel="tag">#PasswordManager</a> <a href="/tags/keepass/" rel="tag">#KeePass</a> <a href="/tags/keepassium/" rel="tag">#KeePassium</a></p>
Colleagues have implemented TOTP as a second authentication factor on the virtual machines in the data center! 👏<br><br>But they were almost recommending that people use the Google Authenticator app... 😶🌫️<br><br>🇧🇷🇵🇹 Os colegas implantaram TOTP como segundo fator de autenticação nas máquinas virtuais do centro de dados! 👏<br><br>Mas estavam quase recomendando que a galera usasse o aplicativo Google Authenticator... ⛈️<br><br><a href="/tags/infosec/" rel="tag">#InfoSec</a> <a href="/tags/totp/" rel="tag">#TOTP</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/segurança/" rel="tag">#segurança</a> <a href="/tags/bigtech/" rel="tag">#BigTech</a> <a href="/tags/cloud/" rel="tag">#cloud</a> <a href="/tags/nuvem/" rel="tag">#nuvem</a><br>
<p><a href="/tags/privacy/" rel="tag">#Privacy</a> folks are allies, <a href="/tags/security/" rel="tag">#security</a> folks are mercenaries.</p><p>Know the difference.</p>
<p>GrapheneOS: Where Licenses Matter More Than People</p><p>GrapheneOS could have shipped real accessibility support. They had a screen reader. They had a libre speech engine — one they requested a feature from. They got that feature.</p><p>And then they said no.<br>Because the license was GPLv3.</p><p>They’ll ship sandboxed Google Play Services.<br>They’ll let you install GPLv3 software from their app store.<br>But a working screen reader for blind users?<br>Blocked. On principle.</p><p>This isn’t a technical limitation.<br>This is not a matter of priorities.<br>This is cruelty by ideology — and they’re proud of it.</p><p>So here it is. My full public dissection of the excuses, the hypocrisy, and the sheer contempt they’ve shown to the people who need privacy and security most: the disabled.</p><p>They chose licensing purity over basic humanity.<br>I chose to write this.</p><p><a href="https://fireborn.mataroa.blog/blog/grapheneos-where-licenses-matter-more-than-people/" rel="nofollow" class="ellipsis" title="fireborn.mataroa.blog/blog/grapheneos-where-licenses-matter-more-than-people/"><span class="invisible">https://</span><span class="ellipsis">fireborn.mataroa.blog/blog/gra</span><span class="invisible">pheneos-where-licenses-matter-more-than-people/</span></a></p><p><a href="/tags/grapheneos/" rel="tag">#GrapheneOS</a> <a href="/tags/accessibility/" rel="tag">#Accessibility</a> <a href="/tags/foss/" rel="tag">#FOSS</a> <a href="/tags/blind/" rel="tag">#Blind</a> <a href="/tags/disabilitytech/" rel="tag">#DisabilityTech</a> <a href="/tags/inclusion/" rel="tag">#Inclusion</a> <a href="/tags/gplv3/" rel="tag">#GPLv3</a> <a href="/tags/espeak/" rel="tag">#espeak</a> <a href="/tags/a11y/" rel="tag">#a11y</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/freesoftware/" rel="tag">#FreeSoftware</a> <a href="/tags/disabilityrights/" rel="tag">#DisabilityRights</a> <a href="/tags/android/" rel="tag">#Android</a> <a href="/tags/rant/" rel="tag">#Rant</a> <a href="/tags/techshame/" rel="tag">#TechShame</a></p>
<p>CHERI Alliance officially launches, adds major partners including Google, to tackle cybersecurity threats at the hardware level</p><p>From the November 2024 press release, <<a href="https://semiiphub.com/news/cheri-alliance" rel="nofollow" class="ellipsis" title="semiiphub.com/news/cheri-alliance"><span class="invisible">https://</span><span class="ellipsis">semiiphub.com/news/cheri-allia</span><span class="invisible">nce</span></a>>:</p><p>"… Previously announced founding members of the CHERI Alliance include Capabilities Limited, Codasip, CyNam, the FreeBSD Foundation, lowRISC, OpenHW Group, SCI Semiconductor, Swansea University, and the University of Cambridge. Following its initial formation in June 2024, the CHERI Alliance’s new additions reinforce the collaborative effort to protect against memory-related vulnerabilities, a critical security challenge that constitutes approximately 70% of the vulnerabilities exploited in cyberattacks. …"</p><p>– via <<a href="https://semiiphub.com/industryexpertblogs/cheri-alliance-1" rel="nofollow" class="ellipsis" title="semiiphub.com/industryexpertblogs/cheri-alliance-1"><span class="invisible">https://</span><span class="ellipsis">semiiphub.com/industryexpertbl</span><span class="invisible">ogs/cheri-alliance-1</span></a>> and <<a href="https://old.reddit.com/r/freebsd/comments/1ho911c/cheri_alliance_officially_launches_adds_major/" rel="nofollow" class="ellipsis" title="old.reddit.com/r/freebsd/comments/1ho911c/cheri_alliance_officially_launches_adds_major/"><span class="invisible">https://</span><span class="ellipsis">old.reddit.com/r/freebsd/comme</span><span class="invisible">nts/1ho911c/cheri_alliance_officially_launches_adds_major/</span></a>></p><p><span class="h-card"><a href="https://mastodon.social/@FreeBSDFoundation" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>FreeBSDFoundation</span></a></span> <span class="h-card"><a href="https://infosec.exchange/@david_chisnall" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>david_chisnall</span></a></span> <span class="h-card"><a href="https://fosstodon.org/@asb" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>asb</span></a></span> </p><p><a href="/tags/security/" rel="tag">#security</a> <a href="/tags/cheri/" rel="tag">#CHERI</a> <a href="/tags/freebsd/" rel="tag">#FreeBSD</a> <a href="/tags/google/" rel="tag">#Google</a></p>
<p><a href="/tags/security/" rel="tag">#security</a> <br>rsync 爆出多个CVE漏洞。这些漏洞结合起来可以使攻击者仅凭匿名只读权限在服务器上执行任意代码,同时已感染的服务器可以用来读写客户端任意文件。<br>请使用rsync的读者更新到 3.4.0,如果运行rsyncd服务更新完毕之后请重启服务。<br>CVE-2024-12084 内存读写越界<br>CVE-2024-12085 猜测未初始化内存内容<br>CVE-2024-12086 服务器可以读取客户端任意文件<br>CVE-2024-12087 路径逃逸,服务器可以在客户端写入任意文件<br>CVE-2024-12088 符号链接漏洞<br>CVE-2024-12747 符号链接竞态条件漏洞<br><a href="https://kb.cert.org/vuls/id/952657" rel="nofollow"><span class="invisible">https://</span>kb.cert.org/vuls/id/952657</a><br><a href="https://t.me/aosc_os/761" rel="nofollow"><span class="invisible">https://</span>t.me/aosc_os/761</a></p><p>Forwarded from bupt.moe<br><a href="https://t.me/bupt_moe/2344" rel="nofollow"><span class="invisible">https://</span>t.me/bupt_moe/2344</a></p>
<p><a href="/tags/hollo/" rel="tag">#Hollo</a> 0.6.0 is coming soon!</p><p>We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:</p><p>Enhanced <a href="/tags/oauth/" rel="tag">#OAuth</a> <a href="/tags/security/" rel="tag">#security</a></p><p>RFC 8414 (OAuth metadata discovery)<br>RFC 7636 (<a href="/tags/pkce/" rel="tag">#PKCE</a> support)<br>Improved authorization flows following RFC 9700 best practices</p><p>New features</p><p>Extended character limit (4K → 10K)<br>Code syntax highlighting<br>Customizable profile themes<br>EXIF metadata stripping for privacy</p><p>Important notes for update</p><p>Node.js 24+ required<br>Updated environment variables for asset storage<br>Stronger SECRET_KEY requirements (44+ chars)</p><p>Special thanks to <span class="h-card"><a href="https://hachyderm.io/@thisismissem" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thisismissem</span></a></span> for the extensive OAuth improvements that help keep the <a href="/tags/fediverse/" rel="tag">#fediverse</a> secure and compatible! 🙏</p><p>Full changelog and upgrade guide coming with the release.</p><p><a href="/tags/activitypub/" rel="tag">#ActivityPub</a></p>
<p>In related news, <a href="/tags/hollo/" rel="tag">#Hollo</a> has also released <a href="/tags/security/" rel="tag">#security</a> updates: <a href="https://github.com/dahlia/hollo/releases/tag/0.3.6" rel="nofollow">0.3.6</a> & <a href="https://github.com/dahlia/hollo/releases/tag/0.4.4" rel="nofollow">0.4.4</a>. Update now!</p><p><a href="https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed" rel="nofollow" class="ellipsis" title="hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed"><span class="invisible">https://</span><span class="ellipsis">hollo.social/@fedify/01948487-</span><span class="invisible">87b2-709d-953f-8799b78433ed</span></a></p>
<p>We have released <a href="/tags/security/" rel="tag">#security</a> updates (<a href="https://github.com/dahlia/fedify/releases/tag/1.0.14" rel="nofollow">1.0.14</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.1.11" rel="nofollow">1.1.11</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.2.11" rel="nofollow">1.2.11</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.3.4" rel="nofollow">1.3.4</a>) to address <a href="https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx" rel="nofollow">CVE-2025-23221</a>, a <a href="/tags/vulnerability/" rel="tag">#vulnerability</a> in <a href="/tags/fedify/" rel="tag">#Fedify</a>'s <a href="/tags/webfinger/" rel="tag">#WebFinger</a> implementation. We recommend all users update to the latest version of their respective release series immediately.</p><p>The Vulnerability</p><p>A security researcher identified multiple security issues in Fedify's lookupWebFinger() function that could be exploited to:</p><p>Perform denial of service attacks through infinite redirect loops<br>Execute server-side request forgery (<a href="/tags/ssrf/" rel="tag">#SSRF</a>) attacks via redirects to private network addresses<br>Access unintended URL schemes through redirect manipulation</p><p>Fixed Versions</p><p>1.3.x series: Update to <a href="https://github.com/dahlia/fedify/releases/tag/1.3.4" rel="nofollow">1.3.4</a><br>1.2.x series: Update to <a href="https://github.com/dahlia/fedify/releases/tag/1.2.11" rel="nofollow">1.2.11</a><br>1.1.x series: Update to <a href="https://github.com/dahlia/fedify/releases/tag/1.1.11" rel="nofollow">1.1.11</a><br>1.0.x series: Update to <a href="https://github.com/dahlia/fedify/releases/tag/1.0.14" rel="nofollow">1.0.14</a></p><p>Changes</p><p>The security updates implement the following fixes:</p><p>Added a maximum redirect limit (5) to prevent infinite redirect loops<br>Restricted redirects to only follow the same scheme as the original request (HTTP/HTTPS)<br>Blocked redirects to private network addresses to prevent SSRF attacks</p><p>How to Update</p><p>To update to the latest secure version:</p><p># For npm usersnpm update @fedify/fedify# For Deno usersdeno add jsr:@fedify/fedify</p><p>We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.</p><p>For more details about this vulnerability, please refer to our <a href="https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx" rel="nofollow">security advisory</a>.</p><p>If you have any questions or concerns, please don't hesitate to reach out through our <a href="https://github.com/dahlia/fedify/discussions" rel="nofollow">GitHub Discussions</a>, join our <a href="https://matrix.to/#/#fedify:matrix.org" rel="nofollow">Matrix chat space</a>, or our <a href="https://discord.gg/bhtwpzURwd" rel="nofollow">Discord server</a>.</p>
<p><a href="/tags/drunkrapist/" rel="tag">#DrunkRapist</a> <a href="/tags/petehegseth/" rel="tag">#PeteHegseth</a> readies *actions* against <a href="/tags/trump/" rel="tag">#Trump</a> “foe” Retired General & former chairman of the <a href="/tags/jointchiefsofstaff/" rel="tag">#JointChiefsOfStaff</a> <a href="/tags/markmilley/" rel="tag">#MarkMilley</a><br>
The retired general, a frequent target of <a href="/tags/trump/" rel="tag">#Trump</a>, will lose his <a href="/tags/security/" rel="tag">#security</a> detail & face an <a href="/tags/inspectorgeneral/" rel="tag">#InspectorGeneral</a> [apparently there’s one left] investigation, said a senior <a href="/tags/defense/" rel="tag">#defense</a> official.</p><p><a href="/tags/military/" rel="tag">#military</a> <a href="/tags/jcs/" rel="tag">#jcs</a> <a href="/tags/honor/" rel="tag">#honor</a> <a href="/tags/integrity/" rel="tag">#integrity</a> <a href="/tags/ig/" rel="tag">#IG</a> <a href="/tags/revengepolitics/" rel="tag">#RevengePolitics</a> <a href="/tags/law/" rel="tag">#law</a> <a href="/tags/uspol/" rel="tag">#USpol</a> <br><a href="https://www.washingtonpost.com/national-security/2025/01/28/mark-milley-hegseth-trump/" rel="nofollow" class="ellipsis" title="www.washingtonpost.com/national-security/2025/01/28/mark-milley-hegseth-trump/"><span class="invisible">https://</span><span class="ellipsis">www.washingtonpost.com/nationa</span><span class="invisible">l-security/2025/01/28/mark-milley-hegseth-trump/</span></a></p>
<p>Facebook flags Linux topics as 'cybersecurity threats' — posts and users being blocked </p><p><a href="https://www.tomshardware.com/software/linux/facebook-flags-linux-topics-as-cybersecurity-threats-posts-and-users-being-blocked" rel="nofollow" class="ellipsis" title="www.tomshardware.com/software/linux/facebook-flags-linux-topics-as-cybersecurity-threats-posts-and-users-being-blocked"><span class="invisible">https://</span><span class="ellipsis">www.tomshardware.com/software/</span><span class="invisible">linux/facebook-flags-linux-topics-as-cybersecurity-threats-posts-and-users-being-blocked</span></a> </p><p><a href="/tags/news/" rel="tag">#news</a> <a href="/tags/tech/" rel="tag">#tech</a> <a href="/tags/technology/" rel="tag">#technology</a> <a href="/tags/socialmedia/" rel="tag">#socialmedia</a> <a href="/tags/facebook/" rel="tag">#facebook</a> <a href="/tags/linux/" rel="tag">#linux</a> <a href="/tags/security/" rel="tag">#security</a></p>
<p>Unbelievable</p><p><a href="/tags/elonmusk/" rel="tag">#ElonMusk</a>’s US <a href="/tags/doge/" rel="tag">#DOGE</a> Service are feeding sensitive data into <a href="/tags/ai/" rel="tag">#AI</a> software via <a href="/tags/microsoft/" rel="tag">#Microsoft</a>’s <a href="/tags/cloud/" rel="tag">#cloud</a></p><p><a href="/tags/musk/" rel="tag">#Musk</a>’s US <a href="/tags/doge/" rel="tag">#DOGE</a> Service have fed sensitive data from across the <a href="/tags/education/" rel="tag">#Education</a> Dept into <a href="/tags/artificialintelligence/" rel="tag">#ArtificialIntelligence</a> software to probe the agency’s programs & spending….
The AI probe includes data w/personally identifiable info for people who manage grants, & sensitive internal financial data…</p><p><a href="/tags/law/" rel="tag">#law</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/infosec/" rel="tag">#InfoSec</a> <a href="/tags/cybersecurity/" rel="tag">#CyberSecurity</a> <a href="/tags/nationalsecurity/" rel="tag">#NationalSecurity</a> <a href="/tags/trump/" rel="tag">#Trump</a> <a href="/tags/trumpcoup/" rel="tag">#TrumpCoup</a><br><a href="https://www.washingtonpost.com/nation/2025/02/06/elon-musk-doge-ai-department-education/" rel="nofollow" class="ellipsis" title="www.washingtonpost.com/nation/2025/02/06/elon-musk-doge-ai-department-education/"><span class="invisible">https://</span><span class="ellipsis">www.washingtonpost.com/nation/</span><span class="invisible">2025/02/06/elon-musk-doge-ai-department-education/</span></a></p>
<p>“The Intern in Charge”: Meet the 22-Year-Old Trump’s Team Picked to Lead Terrorism Prevention<br>—</p><p>One year out of college and with no apparent national security expertise, Thomas Fugate is the Department of Homeland Security official tasked with overseeing the government’s main hub for combating violent extremism.<br><a href="https://www.propublica.org/article/trump-dhs-thomas-fugate-cp3-terrorism-prevention?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post" rel="nofollow" class="ellipsis" title="www.propublica.org/article/trump-dhs-thomas-fugate-cp3-terrorism-prevention?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post"><span class="invisible">https://</span><span class="ellipsis">www.propublica.org/article/tru</span><span class="invisible">mp-dhs-thomas-fugate-cp3-terrorism-prevention?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post</span></a></p><p><a href="/tags/news/" rel="tag">#News</a> <a href="/tags/dhs/" rel="tag">#DHS</a> <a href="/tags/extremism/" rel="tag">#Extremism</a> <a href="/tags/trump/" rel="tag">#Trump</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/terrorism/" rel="tag">#Terrorism</a> <a href="/tags/government/" rel="tag">#Government</a></p>
I submitted a Pull Request to update MacPorts' OpenSSH to 9.9p2 here:<br><br><a href="https://github.com/macports/macports-ports/pull/27712" rel="nofollow" class="ellipsis" title="github.com/macports/macports-ports/pull/27712"><span class="invisible">https://</span><span class="ellipsis">github.com/macports/macports-p</span><span class="invisible">orts/pull/27712</span></a><br><br>GitHub Continuous Integration checks are running. Hopefully they will be OK (Update 2 out of 3 have completed successfully, which is a good sign).<br><br>I tested locally without issues, but I also build against LibreSSL locally, whereas GitHub CI and MacPorts' Build Bots I think default to OpenSSL.<br><br>This release is to address some vulnerabilities identified by Qualys and other less critical bugs.<br><br>More details from upstream here:<br><br><a href="https://www.openssh.com/releasenotes.html#9.9p2" rel="nofollow" class="ellipsis" title="www.openssh.com/releasenotes.html#9.9p2"><span class="invisible">https://</span><span class="ellipsis">www.openssh.com/releasenotes.h</span><span class="invisible">tml#9.9p2</span></a><br><br>Of particular note:<br><br>" Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1<br>(inclusive) contained a logic error that allowed an on-path<br>attacker (a.k.a MITM) to impersonate any server when the<br>VerifyHostKeyDNS option is enabled. This option is off by default.<br><br>* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1<br>(inclusive) is vulnerable to a memory/CPU denial-of-service related<br>to the handling of SSH2MSGPING packets. This condition may be<br>mitigated using the existing PerSourcePenalties feature.<br><br>Both vulnerabilities were discovered and demonstrated to be exploitable<br>by the Qualys Security Advisory team. We thank them for their detailed<br>review of OpenSSH."<br><br>If I read everything correctly, these vulnerabilities primarily only impact the Portable OpenSSH releases (which is what MacPorts uses). However, OpenBSD has also issued the following errata to mitigate one of the issues as it also appears to impact OpenBSD users:<br><br>"008: SECURITY FIX: February 18, 2025 All architectures<br>sshd(8) denial of service relating to SSH2MSGPING handling. ssh(1) server impersonation when VerifyHostKeyDNS enabled.<br>A source code patch exists which remedies this problem."<br><br>Source code patch for OpenBSD here:<br><br><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig" rel="nofollow" class="ellipsis" title="ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig"><span class="invisible">https://</span><span class="ellipsis">ftp.openbsd.org/pub/OpenBSD/pa</span><span class="invisible">tches/7.6/common/008_ssh.patch.sig</span></a><br><br>Having written as much, it appears as if the main OpenSSH version for OpenBSD is still 9.9, so I am not going to make a submission for undeadly.org Other editors reading this are welcome to though, I just kind of have a lot of other stuff on my plate at present.<br><br>As usual, I also have too much going on in my life to want more responsibilities such as commit access within MacPorts, so it's up to someone else to merge it.<br><br>Update <a href="/tags/2/" rel="tag">#2</a>: I also decided to be a good Samaritan and reported the issue to Apple. Not that they have ever acknowledged my efforts for such things nor paid me from their bug bounty program in years of doing similar things. Because, OFC, Apple can't spare a penny to anyone like me. Maybe Qualys already reported it to them anyway (though they would have no obligation to do so, they did find the vulns and reported them upstream as would be expected).<br><br><a href="/tags/openssh/" rel="tag">#OpenSSH</a> <a href="/tags/macports/" rel="tag">#MacPorts</a> <a href="/tags/secureshell/" rel="tag">#SecureShell</a> <a href="/tags/infosec/" rel="tag">#InfoSec</a> <a href="/tags/cryptography/" rel="tag">#Cryptography</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/cve/" rel="tag">#CVE</a> <a href="/tags/patchtuesday/" rel="tag">#PatchTuesday</a> <a href="/tags/opensource/" rel="tag">#OpenSource</a> <a href="/tags/openbsd/" rel="tag">#OpenBSD</a> <a href="/tags/macos/" rel="tag">#macOS</a><br>
Edited 1y ago