Let's Encrypt is 10 years old today!
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Huge thanks to everyone involved in making HTTPS available to everyone for free
#tech #technology #security #privacy #encryption #https #letsencrypt #ISRG
A list of digital service providers outside the jurisdiction of the United States of America. 😉
https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction
My list was getting bigger than a Fedi post could hold, so it is now hosted on Codeberg, an alternative to GitHub or GitLab, but based out of Germany. 👍
#CodeBerg #GitHub #GitLab #WebHosting #Vpn #Dns #Cdn #PasswordManager #Email #Privacy #Security #Project2025 #Fascism #UnitedStates #RuleOfLaw #Justice
Me: "You need a new server. The current one is 14 years old, critical, and starting to show signs of fatigue and inadequacy."
Them: "No, make it work. At most, we'll add more RAM."
Me: "We should still upgrade it, and no, you can't keep running virtualized Windows Server 2008 indefinitely, even if it's only on the LAN. You need to plan an upgrade for the entire infrastructure."
Them: "No, we have no budget for this (after spending thousands of euros on purely aesthetic office redecorations for staff offices, which were already in excellent condition)."
Me: "It's about 3,000, maximum 4,000 euros - do you realize that if that server were to go down, the loss for you would be in those figures every hour of downtime? Maybe you don't worry about it, but I do, because I understand what you're risking."
Them: "Find a way to make the current hardware work stably so you can stop worrying."
Me: "Okay, I've found the solution. From now on, you can find yourselves a new consultant, because from now on, I've already stopped worrying about you."
Sometimes it's necessary, unfortunately.
CHERI Alliance officially launches, adds major partners including Google, to tackle cybersecurity threats at the hardware level
From the November 2024 press release, <https://semiiphub.com/news/cheri-alliance>:
"… Previously announced founding members of the CHERI Alliance include Capabilities Limited, Codasip, CyNam, the FreeBSD Foundation, lowRISC, OpenHW Group, SCI Semiconductor, Swansea University, and the University of Cambridge. Following its initial formation in June 2024, the CHERI Alliance’s new additions reinforce the collaborative effort to protect against memory-related vulnerabilities, a critical security challenge that constitutes approximately 70% of the vulnerabilities exploited in cyberattacks. …"
– via <https://semiiphub.com/industryexpertblogs/cheri-alliance-1> and <https://old.reddit.com/r/freebsd/comments/1ho911c/cheri_alliance_officially_launches_adds_major/>
#security
rsync 爆出多个CVE漏洞。这些漏洞结合起来可以使攻击者仅凭匿名只读权限在服务器上执行任意代码,同时已感染的服务器可以用来读写客户端任意文件。
请使用rsync的读者更新到 3.4.0,如果运行rsyncd服务更新完毕之后请重启服务。
CVE-2024-12084 内存读写越界
CVE-2024-12085 猜测未初始化内存内容
CVE-2024-12086 服务器可以读取客户端任意文件
CVE-2024-12087 路径逃逸,服务器可以在客户端写入任意文件
CVE-2024-12088 符号链接漏洞
CVE-2024-12747 符号链接竞态条件漏洞
https://kb.cert.org/vuls/id/952657
https://t.me/aosc_os/761
Forwarded from bupt.moe
https://t.me/bupt_moe/2344
Okay, just read something totally wild: Android TVs being used as botnet slaves! 🤖 Seriously, who even comes up with this stuff? Anyone out there still rocking the default password on their smart TV? C'mon, raise your hand! 🙈
It just goes to show ya, manual security testing is crucial because automated tools wouldn't even catch this kind of thing. Makes you think, doesn't it? So, what do *you* think? Are smart devices a blessing or just a giant security headache waiting to happen? Let me know in the comments! #IoT #Security #Botnet
In related news, #Hollo has also released #security updates: 0.3.6 & 0.4.4. Update now!
https://hollo.social/@fedify/01948487-87b2-709d-953f-8799b78433ed
We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.
The Vulnerability
A security researcher identified multiple security issues in Fedify's lookupWebFinger() function that could be exploited to:
Perform denial of service attacks through infinite redirect loops
Execute server-side request forgery (#SSRF) attacks via redirects to private network addresses
Access unintended URL schemes through redirect manipulation
Fixed Versions
1.3.x series: Update to 1.3.4
1.2.x series: Update to 1.2.11
1.1.x series: Update to 1.1.11
1.0.x series: Update to 1.0.14
Changes
The security updates implement the following fixes:
Added a maximum redirect limit (5) to prevent infinite redirect loops
Restricted redirects to only follow the same scheme as the original request (HTTP/HTTPS)
Blocked redirects to private network addresses to prevent SSRF attacks
How to Update
To update to the latest secure version:
# For npm usersnpm update @fedify/fedify# For Deno usersdeno add jsr:@fedify/fedify
We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.
For more details about this vulnerability, please refer to our security advisory.
If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.
#DrunkRapist #PeteHegseth readies *actions* against #Trump “foe” Retired General & former chairman of the #JointChiefsOfStaff #MarkMilley
The retired general, a frequent target of #Trump, will lose his #security detail & face an #InspectorGeneral [apparently there’s one left] investigation, said a senior #defense official.
#military #jcs #honor #integrity #IG #RevengePolitics #law #USpol
https://www.washingtonpost.com/national-security/2025/01/28/mark-milley-hegseth-trump/
Facebook flags Linux topics as 'cybersecurity threats' — posts and users being blocked
#news #tech #technology #socialmedia #facebook #linux #security
Unbelievable
#ElonMusk’s US #DOGE Service are feeding sensitive data into #AI software via #Microsoft’s #cloud
#Musk’s US #DOGE Service have fed sensitive data from across the #Education Dept into #ArtificialIntelligence software to probe the agency’s programs & spending…. The AI probe includes data w/personally identifiable info for people who manage grants, & sensitive internal financial data…
#law #security #InfoSec #CyberSecurity #NationalSecurity #Trump #TrumpCoup
https://www.washingtonpost.com/nation/2025/02/06/elon-musk-doge-ai-department-education/
We're Privacy Guides, a non-profit project & community focused on personal data security and privacy. 👋
Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. Privacy is a human right, inherent to all of us, that we are entitled to (without discrimination).
You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. Everyone has something to protect. Privacy is something that makes us human.
We're on a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity.
Angenommen es gäbe nur diese beiden Messenger, welchen würdet ihr bevorzugen?
#messenger #signal #threema #sicherheit #security
❌ You can't trade privacy to prevent crime.
⚠️ Message scanning tech punches a hole in everyone's security. Surveillance organisations, hackers, scammers and predators alike will be able to creep into your life.
Read our longread on the need to protect end-to-end encryption ⬇️
#PracticeSafeText #e2ee #encryption #OnlineSafetyAct #privacy #security
https://www.openrightsgroup.org/blog/the-case-for-encryption/
