Skip to main content

Search

Items tagged with: security


Western inaction on Ukraine’s security guarantees opens door to global nuclear proliferation


Western indecision in Ukraine’s pursuit of #security #guarantees risks triggering a global chain reaction, with nations turning to #nuclear #weapons as a deterrent in the absence of reliable security commitments.

#Ukraine's security commitment - the #Budapest #Memorandum of 1994 - is currently and has been repeatably violated

https://kyivindependent.com/opinion-western-inaction-on-ukraines-security-guarantees-opens-door-to-global-nuclear-proliferation/

#RussianAggression #RussiaInvadedUkraine




The Bi-Symmetric Encryption Fraud





Who owns your shiny new #Pixel 9 #phone? You can’t say no to #Google’s #surveillance


Source: https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/

Every 15 minutes, #GooglePixel 9 Pro XL sends a data packet to Google. The device shares #location, email address, phone number, #network status, and other #telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up #security risks...


Don't be a data cow 🐮 on Google's server farm 👎


#tracking #fail #bigbrother #orwell #economy #online #Problem #news #Smartphone #android #bigdata #datacow


🔴 Agenda na #JesienLinuksowa już dostępna! 🔴

W programie: #DevOps, #security, #gaming, #prywatność i więcej!

Goście specjalni: Kuba Mrugalski (@uwteam), Tomasz Zieliński (@infzakladowy)
Dodatkowo: 💬 Unconference ⚡ Lightning Talks 🎉 Fedora release party!
Do zobaczenia! 🥳


Do you want to help make software safer? Find the bugs in our ntpd-rs!

The ntpd-rs Bug Bounty Program offers a reward to anyone who finds a qualifying vulnerability.

Read the details here: https://yeswehack.com/programs/pendulum-bug-bounty-program

This Bug Bounty Program is organized and funded by @sovtechfund . Read more about this initiative here: https://www.sovereigntechfund.de/programs/bug-resilience/

#foss #opensource #security


#Amsterdam municipality bans #Telegram on work phones over criminal use, #espionage #threat


source: https://nltimes.nl/2024/08/19/amsterdam-municipality-bans-telegram-work-phones-criminal-use-espionage-threat

Telegram is a “safe haven for hackers, cybercriminals, and drug dealers,” a spokesperson for Amsterdam’s IT alderman Alexander Scholtes told the broadcaster. The city is also concerned about possible espionage through the app, even though it no longer has official ties to #Russia. Telegram was set up in Russia, but the head office has since moved to #Dubai, and the #company is officially located in the Virgin Islands.


#news #software #messenger #crime #cybercrime #cybersecurity #security #problem #Netherlands #hack #hacker


Software, Update, Microsoft


Here is the #solution for this #problem: news.itsfoss.com/windows-break… #windows #update #microsoft #help #os #software #windows #fail


anonymiss - 2024-08-22 10:37:05 GMT

After #Windows #Update on dual boot systems: Verifying shim #SBAT data failed: #Security Policy Violation.


Source: askubuntu.com/questions/152343…

1) Disable Secure Boot in BIOS
2) Log into your Ubuntu user and open a terminal
3) Delete the SBAT policy with: sudo mokutil --set-sbat-policy delete
4) Reboot your PC and log back into Ubuntu to update the SBAT policy
5) Reboot and then re-enable secure boot in your BIOS.

#help #Linux #Microsoft #fail #Software #boot #os


After #Windows #Update on dual boot systems: Verifying shim #SBAT data failed: #Security Policy Violation.


Source: https://askubuntu.com/questions/1523438/verifying-shim-sbat-data-failed-security-policy-violation

1) Disable Secure Boot in BIOS
2) Log into your Ubuntu user and open a terminal
3) Delete the SBAT policy with: sudo mokutil --set-sbat-policy delete
4) Reboot your PC and log back into Ubuntu to update the SBAT policy
5) Reboot and then re-enable secure boot in your BIOS.

#help #Linux #Microsoft #fail #Software #boot #os


Question for Unix/Linux/Android, is there a login that the password determines the user?

Example: a special password used under duress with the authorities over my shoulder demanding access, they get into the prepared account. If my usual password is entered, the system logs me into my normal account with all my gay. And a third "self destruct" password does a rm -rf in the background while a forever static login screen is displayed.

I'm surprised I've never seen this hack done yet...
#security #RubberHoseSecurity


Second Factor #SMS: Worse Than Its Reputation


Source: https://www.ccc.de/en/updates/2024/2fa-sms

IdentifyMobile, a provider of 2FA-SMS, shared the sent one-time passwords in real-time on the internet. The #CCC happened to be in the right place at the right time and accessed the data. It was sufficient to guess the subdomain "idmdatastore". Besides SMS content, recipients' phone numbers, sender names, and sometimes other account information were visible.


#news #security #internet #2fa #mobile #cybersecurity #problem #password


With regard to xz backdoor, did anyone actually have any idea this was going on? With all these vendors doing source code scanning, was there any indication of maliciousness?

#OSS #Security #SBOM #xz


So now that we all understand that thanklessly relying on free work of overworked maintainers is a problem, how about we put our money where our mouth is?

I think @AndresFreundTec needs a fat bonus check for saving our asses.

And Lasse Collin needs a lot of support, and probably a nice vacation.

I pledge $100, for starters.

Now how can we make sure to send the funds to the correct people?

Or is there already any fundraiser that I missed?

#liblzma #xz #ssh #security #oss #floss


„GitHub Disables The XZ Repository Following Today's Malicious Disclosure“

#xz #GitHub #security

https://www.phoronix.com/news/GitHub-Disables-XZ-Repo


Millions Of #google #whatsapp #Facebook #2FA #Security Codes #Leak Online

Security experts advise against using SMS messages for two-factor authentication codes due to their vulnerability to interception or compromise. Recently, a security researcher discovered an unsecured database on the internet containing millions of such codes, which could be easily accessed by anyone.

#news #tech #technews #technology #privacy

https://www.forbes.com/sites/daveywinder/2024/03/06/millions-of-google-whatsapp-facebook-2fa-security-codes-leak-online/


Over 100,000 Infected Repos Found on GitHub


#security #code

https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/


Why I use #Firefox


  1. The about:config page
  2. Mozilla cannot decrypt my data on their servers
  3. Translating web pages is also completely private
  4. Mozilla develops their own browser engine
  5. The best support for extensions on #Android
  6. A great picture-in-picture player


I #trust #Mozilla more than I trust #Google, #Apple, #Microsoft, or any other company that makes #web browsers. This trust is based on the fact that Mozilla chooses the highest level of user privacy when developing services such as Firefox Sync, Firefox Translate, and others. A web browser is an integral part of a person’s #online life, so it makes sense to choose a #browser from a company that one trusts the most.


source: https://šime.eu/3


#software #freedom #opensource #foss #floss #internet #privacy #security #www #surfing


Y'all know not to use #Temu right? Right???

Temu app contains ‘most dangerous’ #spyware in circulation: class action lawsuit | Fashion Dive
https://www.fashiondive.com/news/temu-class-action-lawsuit-data-collection/699328/

#security


In ads: Our apps mind their business. Not yours.

In court: Given Apple’s extensive privacy disclosures, no reasonable user would expect that their actions in Apple’s apps would be private from Apple.

#Privacy #Security #Cybersecurity #Apple #iPhone #InfoSec #dataprivacy



Excerpt from the court document:


"Given Apple’s extensive privacy disclosures, no reasonable user would expect that their actions in Apple’s apps would be private from Apple."

Civil Case No.: 5:22-CV-07069-EJD
Case 5:22-cv-07069-EJD Document 122 Filed 12/08/23 Page 30 of 41


But to be fair ...

Is it the implementation language being the main issue? Or is it the flexibility of extending it with plugins and that it is effectively a setuid tool, granting root access immediately when an unprivileged user starts the program (the privileges are reduced first when it has parsed the sudo config).

Sudo is a nice tool from the user's side. But security wise it's a disastrous approach. Privileges should first be elevated *after* the config has been parsed and the expected privilege level has been established. Then the tool should ideally jump to that privilege level directly.

This post introduces some new ideas ... https://tim.siosm.fr/blog/2023/12/19/ssh-over-unix-socket/

It's not a perfect approach in all cases. But it gets rid of the setuid issue.

#linux #sudo #security



puzzle


Seriously, WTF @protonmail ?

#YouHadOneJob as #eMail #Provider and that is to get shit reliably sent and recieved.

If that's too hard then how should anyone trust them re: #security and #privacy?
Spoiler: Noine should!
https://www.youtube.com/watch?v=QCx_G_R0UmQ



#BraveBrowser is installing VPNs without users' consent, even if you didn't willingly enable their #VPN service. Just stop using #Brave, it's garbage.

Edit: the services are disabled by default, but they were still installed with very little to no transparency about them towards the user, alongside all the other stuff that's often unwanted from Brave users (Pocket on Firefox is to blame too, lol.)

https://www.ghacks.net/2023/10/18/brave-is-installing-vpn-services-without-user-consent/

#Browser #Security #Privacy #OpenSource #FreeSoftware #LibreSoftware

Screenshot of the Windows Services console taken from the ghacks.net article where two services are highlighted: "Brave Vpn Service" and "Brave Vpn Wireguard Service."


Fellow Masto Admins,
Kindly upgrade to the latest release of Mastodon as soon as possible.

#mastodon #mastodev #mastoadmin #security #fediverse #cve


#Microsoft comes under blistering criticism for “grossly irresponsible” #security


source: https://arstechnica.com/security/2023/08/microsoft-cloud-security-blasted-for-its-culture-of-toxic-obfuscation/
Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial #fix—and only for new applications loaded in the service.

#Azure #problem #software #bug #cybersecurity #econemy #cloud #news


Concerned about the safety of your Google Docs when it comes to AI training? Check out this informative article on #ZDNet that explores the potential risks and safeguards. Stay informed and protect your data! https://www.zdnet.com/article/are-your-google-docs-safe-from-ai-training/#AI #DataPrivacy #Security