GNU socialtag:social.arkwoodpond.info,2024-03-29:TagTimeline:securityNotices tagged with securityUpdates tagged with security on Arkwood Pond Social!https://social.arkwoodpond.info/theme/neo-blue/logo.png2024-03-29T10:56:56+00:00http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2022-12-14:noticeId=3417904:objectType=noteNew note by lnxw48a1#<span class="tag"><a href="https://nu.federati.net/tag/ubuntu" rel="tag">Ubuntu</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> notice: #<span class="tag"><a href="https://nu.federati.net/tag/emacs" rel="tag">Emacs</a></span> flaw allows code execution. <a href="https://ubuntu.com/security/notices/USN-5781-1" title="https://ubuntu.com/security/notices/USN-5781-1" rel="nofollow" class="attachment">https://ubuntu.com/security/notices/USN-5781-1</a> [ubuntu com]http://activitystrea.ms/schema/1.0/post2022-12-14T22:35:42+00:002022-12-14T22:35:42+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2555437http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2022-12-05:noticeId=3416703:objectType=noteNew note by lnxw48a1#<span class="tag"><a href="https://nu.federati.net/tag/mastodon" rel="tag">Mastodon</a></span> issue for #<span class="tag"><a href="https://nu.federati.net/tag/activitypubtroll" rel="tag">activitypub-troll</a></span> denial-of-service vulnerability. <a href="https://github.com/mastodon/mastodon/issues/21977" title="https://github.com/mastodon/mastodon/issues/21977" rel="nofollow" class="attachment">https://github.com/mastodon/mastodon/issues/21977</a> with 2 pull requests. <a href="https://github.com/mastodon/mastodon/pull/22025" title="https://github.com/mastodon/mastodon/pull/22025" rel="nofollow" class="attachment">https://github.com/mastodon/mastodon/pull/22025</a> and <a href="https://github.com/mastodon/mastodon/pull/22026" title="https://github.com/mastodon/mastodon/pull/22026" rel="nofollow" class="attachment">https://github.com/mastodon/mastodon/pull/22026</a> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span>http://activitystrea.ms/schema/1.0/post2022-12-05T03:15:33+00:002022-12-05T03:15:33+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2554825http://activitystrea.ms/schema/1.0/commenttag:nu.federati.net,2022-12-04:noticeId=3416674:objectType=commentNew comment by lnxw48a1@<a href="https://gnusocial.net/index.php/user/1" class="h-card u-url p-nickname mention" title="admin de gnusocial.net">administrator</a> @<a href="https://khp.ignorelist.com/index.php/user/1" class="h-card u-url p-nickname mention" title="aab">aab</a> I'm just guessing, but it could be related to an exploit someone launched against #<span class="tag"><a href="https://nu.federati.net/tag/mastodon" rel="tag">Mastodon</a></span> and #<span class="tag"><a href="https://nu.federati.net/tag/misskey" rel="tag">Misskey</a></span> yesterday. From what I read, it brought several instances to their knees. Misskey released a #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> patch yesterday.http://activitystrea.ms/schema/1.0/post2022-12-04T22:26:16+00:002022-12-04T22:26:16+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2554810http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2022-12-04:noticeId=3416599:objectType=noteNew note by lnxw48a1Tagging this thread with #<span class="tag"><a href="https://nu.federati.net/tag/fediverse" rel="tag">Fediverse</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">Security</a></span> ... whomever made the script obviously read some protocol docs and some source code. With just a little #<span class="tag"><a href="https://nu.federati.net/tag/javascript" rel="tag">JavaScript</a></span>, they were able to knock some #<span class="tag"><a href="https://nu.federati.net/tag/misskey" rel="tag">Misskey</a></span> and #<span class="tag"><a href="https://nu.federati.net/tag/mastodon" rel="tag">Mastodon</a></span> instances to their knees. <br /><br /> This isn't the first, and it won't be the last. Remember when someone posted a humongous image and locked up any #<span class="tag"><a href="https://nu.federati.net/tag/gnusocial" rel="tag">GNUSocial</a></span> instance that tried to download the image? Remember when someone's instance was replaced by some sort of cryptocurrency site and PuSH es from your site to theirs would crash your site because of their site's response? (I'll bet I still have that domain blocked at the firewall.) <br /><br /> We have to stop being naive about the intentions of those in the current migration. The overwhelming majority will have benign, if not good, intentions. But a select few will have bad intentions. Among those intentions is to colonize the Fediverse with #<span class="tag"><a href="https://nu.federati.net/tag/twitter" rel="tag">Twitter</a></span>'s culture, to come here and impose that culture of anger and disrespect upon the inhabitants here ... which already happened once with the first wave of people joining #<span class="tag"><a href="https://nu.federati.net/tag/mastodon" rel="tag">Mastodon</a></span> instance, except it was Twitter and #<span class="tag"><a href="https://nu.federati.net/tag/tumblr" rel="tag">Tumblr</a></span> at that time.http://activitystrea.ms/schema/1.0/post2022-12-04T16:22:39+00:002022-12-04T16:22:39+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2554725http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2022-10-23:noticeId=3411396:objectType=noteNew note by lnxw48a1Oh, good grief, #<span class="tag"><a href="https://nu.federati.net/tag/microsoft" rel="tag">Microsoft.</a></span> <a href="https://thehackernews.com/2022/10/microsoft-confirms-server.html" title="https://thehackernews.com/2022/10/microsoft-confirms-server.html" rel="nofollow" class="attachment">https://thehackernews.com/2022/10/microsoft-confirms-server.html</a> [thehackernews com] <br /><br /> Source: <a href="https://infosec.exchange/@jerry/109213542275494102" title="https://infosec.exchange/@jerry/109213542275494102" rel="nofollow" class="attachment">https://infosec.exchange/@jerry/109213542275494102</a> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/breach" rel="tag">breach</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/azure" rel="tag">Azure</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/cloud" rel="tag">cloud</a></span>http://activitystrea.ms/schema/1.0/post2022-10-23T07:00:54+00:002022-10-23T07:00:54+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2551950http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2022-09-28:noticeId=3410219:objectType=noteNew note by lnxw48a1If you are using #<span class="tag"><a href="https://nu.federati.net/tag/elementios" rel="tag">Element-iOS</a></span> , #<span class="tag"><a href="https://nu.federati.net/tag/elementandroid" rel="tag">Element-Android</a></span> , #<span class="tag"><a href="https://nu.federati.net/tag/schildichat" rel="tag">Schildichat</a></span>, or any other #<span class="tag"><a href="https://nu.federati.net/tag/matrix" rel="tag">Matrix</a></span> client powered by matrix-sdk, upgrade now. #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">Security</a></span> release is out.<br /><br /><a href="https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients/" title="https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients/" rel="nofollow" class="attachment">https://nu.federati.net/url/287969</a> [matrix org]http://activitystrea.ms/schema/1.0/post2022-09-28T19:40:42+00:002022-09-28T19:40:42+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2551269http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2022-06-11:noticeId=3403190:objectType=noteNew note by lnxw48a1<a href="https://arstechnica.com/information-technology/2022/06/novel-techniques-in-never-before-seen-linux-backdoor-make-it-ultra-stealthy/" title="https://arstechnica.com/information-technology/2022/06/novel-techniques-in-never-before-seen-linux-backdoor-make-it-ultra-stealthy/" rel="nofollow" class="attachment thumbnail">https://nu.federati.net/url/286651</a> [arstechnica com]<br /><br /> > Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.<br /><br /> > On Thursday, researchers from Intezer and The BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November. <br /><br /> /via @<a href="https://nu.federati.net/user/16" class="h-card u-url p-nickname mention">geniusmusing</a> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/linux" rel="tag">linux</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/backdoor" rel="tag">backdoor</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/malware" rel="tag">malware</a></span>http://activitystrea.ms/schema/1.0/post2022-06-11T20:57:15+00:002022-06-11T20:57:15+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2547396http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2022-04-20:noticeId=3398373:objectType=noteNew note by lnxw48a1<a href="https://it.slashdot.org/story/22/04/19/2118232/hackers-can-infect-over-100-lenovo-models-with-unremovable-malware" title="https://it.slashdot.org/story/22/04/19/2118232/hackers-can-infect-over-100-lenovo-models-with-unremovable-malware" rel="nofollow" class="attachment">https://nu.federati.net/url/285943</a> [it slashdot org] #<span class="tag"><a href="https://nu.federati.net/tag/lenovo" rel="tag">Lenovo</a></span> issues #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> patches for over 100 Lenovo products. <br /><br /> Source: <a href="https://shitposter.club/objects/6f578473-d458-464d-92a8-086d8ce96abb" title="https://shitposter.club/objects/6f578473-d458-464d-92a8-086d8ce96abb" rel="nofollow">https://shitposter.club/objects/6f578473-d458-464d-92a8-086d8ce96abb</a>http://activitystrea.ms/schema/1.0/post2022-04-20T23:49:38+00:002022-04-20T23:49:38+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2544435http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2022-02-07:noticeId=3392991:objectType=noteNew note by lnxw48a1Some severe flaws in #<span class="tag"><a href="https://nu.federati.net/tag/cisco" rel="tag">Cisco</a></span> small business routers. <a href="https://www.theregister.com/2022/02/04/cisco_smb_routers_critical_vulnerabilities/" title="https://www.theregister.com/2022/02/04/cisco_smb_routers_critical_vulnerabilities/" rel="nofollow" class="attachment">https://www.theregister.com/2022/02/04/cisco_smb_routers_critical_vulnerabilities/</a>. [www theregister com]<br /> At publication time, some flaws and some models had not yet been patched. <br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span>http://activitystrea.ms/schema/1.0/post2022-02-07T23:26:06+00:002022-02-07T23:26:06+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2541231http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2021-08-18:noticeId=3376191:objectType=noteNew note by lnxw48a1#<span class="tag"><a href="https://nu.federati.net/tag/tmobile" rel="tag">T-mobile</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> <br /><br /> From 2018: <a href="https://web.archive.org/web/20180429220059if_/https://twitter.com/tmobileat/status/982187919061303296" title="https://web.archive.org/web/20180429220059if_/https://twitter.com/tmobileat/status/982187919061303296" rel="nofollow" class="attachment">https://nu.federati.net/url/282487</a> <br /><br /> /via @<a href="https://mastodon.social/users/rysiek" class="h-card u-url p-nickname mention">rysiek</a> @rysiek@mastodon.technologyhttp://activitystrea.ms/schema/1.0/post2021-08-18T15:39:54+00:002021-08-18T15:39:54+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2531407http://activitystrea.ms/schema/1.0/commenttag:nu.federati.net,2021-04-18:noticeId=3363795:objectType=commentNew comment by lnxw48a1Further info: <a href="https://news-web.php.net/php.internals/113838" title="https://news-web.php.net/php.internals/113838" rel="nofollow" class="attachment">https://news-web.php.net/php.internals/113838</a> <br /><br /> And with the presumed compromise of git.php.net, all future development activities will take place on #<span class="tag"><a href="https://nu.federati.net/tag/github" rel="tag">GitHub.</a></span> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/codehosting" rel="tag">code-hosting</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/vcs" rel="tag">vcs</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/scm" rel="tag">scm</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/git" rel="tag">git</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/php" rel="tag">php</a></span>http://activitystrea.ms/schema/1.0/post2021-04-18T15:41:27+00:002021-04-18T15:41:27+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2524341http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2021-03-25:noticeId=3361342:objectType=noteNew note by lnxw48a1Detecting #<span class="tag"><a href="https://nu.federati.net/tag/curlpipebash" rel="tag">curl-pipe-bash</a></span> from the server-side: <a href="https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/" title="https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/" rel="nofollow" class="attachment">https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/</a> [www idontplaydarts com]<br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/curl" rel="tag">curl</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/wget" rel="tag">wget</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/pipe" rel="tag">pipe</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/bash" rel="tag">bash</a></span>http://activitystrea.ms/schema/1.0/post2021-03-25T00:10:19+00:002021-03-25T00:10:19+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2522882http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-12-17:noticeId=3352115:objectType=noteNew note by lnxw48a1<a href="https://thejournal.com/articles/2020/12/11/k12-has-become-the-most-targeted-segment-for-ransomware.aspx" title="https://thejournal.com/articles/2020/12/11/k12-has-become-the-most-targeted-segment-for-ransomware.aspx" rel="nofollow" class="attachment">https://nu.federati.net/url/278948</a> [thejournal com] <br /><br /> Schools are now the most targeted segment for ransomware ... make up the majority of all ransomware attacks.<br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/ransomware" rel="tag">ransomware</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/k12" rel="tag">k-12</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/schools" rel="tag">schools</a></span>http://activitystrea.ms/schema/1.0/post2020-12-17T03:32:37+00:002020-12-17T03:32:37+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2517795http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-12-14:noticeId=3351887:objectType=noteNew note by lnxw48a1#<span class="tag"><a href="https://nu.federati.net/tag/mattermost" rel="tag">Mattermost</a></span> devs discover unfixable (?) flaws in #<span class="tag"><a href="https://nu.federati.net/tag/golang" rel="tag">Go-Lang</a></span> library <a href="https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/" title="https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/" rel="nofollow" class="attachment">https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/</a> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span>http://activitystrea.ms/schema/1.0/post2020-12-14T22:42:47+00:002020-12-14T22:42:47+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2517690http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-12-13:noticeId=3351780:objectType=noteNew note by lnxw48a1The Guardian's text is pretty similar to the Jerusalem Post's: <a href="https://www.jpost.com/breaking-news/us-treasury-breached-by-hackers-backed-by-foreign-government-sources-652007" title="https://www.jpost.com/breaking-news/us-treasury-breached-by-hackers-backed-by-foreign-government-sources-652007" rel="nofollow" class="attachment">https://nu.federati.net/url/278891</a> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/ustreasury" rel="tag">US_Treasury</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/breach" rel="tag">breach</a></span>http://activitystrea.ms/schema/1.0/post2020-12-13T23:54:44+00:002020-12-13T23:54:44+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2517631http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-12-09:noticeId=3351286:objectType=noteNew note by lnxw48a1US #<span class="tag"><a href="https://nu.federati.net/tag/cybersecurity" rel="tag">cybersecurity</a></span> firm #<span class="tag"><a href="https://nu.federati.net/tag/fireeye" rel="tag">FireEye</a></span> discloses breach, theft of tools <a href="https://finance.yahoo.com/news/u-cybersecurity-firm-fireeye-discloses-210424354.html" title="https://finance.yahoo.com/news/u-cybersecurity-firm-fireeye-discloses-210424354.html" rel="nofollow" class="attachment">https://finance.yahoo.com/news/u-cybersecurity-firm-fireeye-discloses-210424354.html</a> [finance yahoo com] <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/sec" rel="tag">SEC</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/breach" rel="tag">breach</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/filing" rel="tag">filing</a></span>http://activitystrea.ms/schema/1.0/post2020-12-09T02:15:44+00:002020-12-09T02:15:44+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2517359http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-12-09:noticeId=3351281:objectType=noteNew note by geniusmusingOpenSSL Releases Security Update CISA<br /><a href="https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/openssl-releases-security-update" title="https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/openssl-releases-security-update" rel="nofollow" class="attachment">https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/openssl-releases-security-update</a><br /><br /> >OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.<br /><br /> openssl.org/news/secadv/20201208.txt<br /><a href="https://www.openssl.org/news/secadv/20201208.txt" title="https://www.openssl.org/news/secadv/20201208.txt" rel="nofollow" class="attachment">https://www.openssl.org/news/secadv/20201208.txt</a><br /><br /> >EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)<br /> >======================================================<br /> ><br /> >Severity: High<br /> ><br /> >The X.509 GeneralName type is a generic type for representing different types<br /> >of names. One of those name types is known as EDIPartyName. OpenSSL provides a<br /> >function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME<br /> >to see if they are equal or not. This function behaves incorrectly when both<br /> >GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash<br /> >may occur leading to a possible denial of service attack.<br /> ><br /> >OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:<br /> >1) Comparing CRL distribution point names between an available CRL and a CRL<br /> > distribution point embedded in an X509 certificate<br /> >2) When verifying that a timestamp response token signer matches the timestamp<br /> > authority name (exposed via the API functions TS_RESP_verify_response and<br /> > TS_RESP_verify_token)<br /> ><br /> >If an attacker can control both items being compared then that attacker could<br /> >trigger a crash.<br /> >...<br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/openssl" rel="tag">OpenSSL</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">Security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/update" rel="tag">Update</a></span>http://activitystrea.ms/schema/1.0/post2020-12-09T01:06:10+00:002020-12-09T01:06:10+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/16geniusmusingAKA Wile E. Coyote, Inventor, Maker, Programmer, Writer and Super Genius.geniusmusingGeniusMusingAKA Wile E. Coyote, Inventor, Maker, Programmer, Writer and Super Genius.Pacific Northwesthttps://nu.federati.net/conversation/2517357http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-12-05:noticeId=3350636:objectType=noteNew note by lnxw48a1<a href="https://pluralistic.net/2020/12/05/trusting-trust/" title="https://pluralistic.net/2020/12/05/trusting-trust/" rel="nofollow" class="attachment">https://pluralistic.net/2020/12/05/trusting-trust/</a> <br /><br /> > WARNING WARNING WARNING WARNING <br /><br /> > Security researchers are alarmed: the already-notorious Trickbot malware has been spottied probing infected computers to find out which version of UEFI they're running. This is read as evidence that Trickbot has figured out how to pull off a really scary feat.<br /><br /> Source: <a href="https://mamot.fr/@pluralistic/105329139472008620" title="https://mamot.fr/@pluralistic/105329139472008620" rel="nofollow" class="attachment">https://mamot.fr/@pluralistic/105329139472008620</a> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">Security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/uefi" rel="tag">UEFI</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/bios" rel="tag">BIOS</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/tpm" rel="tag">TPM</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/trustedcomputing" rel="tag">Trusted-Computing</a></span><br /><br /> CC: @<a href="https://loadaverage.org/index.php/user/343975" class="h-card u-url p-nickname mention">mangeurdenuage</a> @<a href="https://nu.federati.net/user/16" class="h-card u-url p-nickname mention">geniusmusing</a> @<a href="https://nu.federati.net/user/12" class="h-card u-url p-nickname mention">musicman</a> <br /><br /> It's a long article, but well worth your time.http://activitystrea.ms/schema/1.0/post2020-12-05T19:42:34+00:002020-12-05T19:42:34+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2517048http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-11-20:noticeId=3348012:objectType=noteNew note by lnxw48a1"So you want to get into Infosec?"<br /><br /><a href="https://hackers.town/@thegibson/105243991039588873" title="https://hackers.town/@thegibson/105243991039588873" rel="nofollow" class="attachment">https://hackers.town/@thegibson/105243991039588873</a> Some links to discounted or free training in that thread.<br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/infosec" rel="tag">infosec</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/training" rel="tag">training</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/education" rel="tag">education</a></span>http://activitystrea.ms/schema/1.0/post2020-11-20T23:49:34+00:002020-11-20T23:49:34+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2515523http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-11-05:noticeId=3344987:objectType=noteNew note by lnxw48a1@<a href="https://khp.ignorelist.com/index.php/user/1" class="h-card u-url p-nickname mention">aab</a> has found something to block some traffic from unwanted portscans: <a href="https://dodweil.us/security/ufw-fail2ban-portscan.html" title="https://dodweil.us/security/ufw-fail2ban-portscan.html" rel="nofollow">https://dodweil.us/security/ufw-fail2ban-portscan.html</a> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/notetoself" rel="tag">NoteToSelf</a></span>http://activitystrea.ms/schema/1.0/post2020-11-05T17:03:48+00:002020-11-05T17:03:48+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2513700http://activitystrea.ms/schema/1.0/notetag:nu.federati.net,2020-11-01:noticeId=3343932:objectType=noteNew note by lnxw48a1@<a href="https://nu.federati.net/user/16" class="h-card u-url p-nickname mention" title="GeniusMusing">geniusmusing</a> See <a href="https://hackers.town/@devrandom/105136083240782878" title="https://hackers.town/@devrandom/105136083240782878" rel="nofollow" class="attachment">https://hackers.town/@devrandom/105136083240782878</a> <br /><br /> #<span class="tag"><a href="https://nu.federati.net/tag/security" rel="tag">security</a></span>http://activitystrea.ms/schema/1.0/post2020-11-01T17:06:34+00:002020-11-01T17:06:34+00:00http://activitystrea.ms/schema/1.0/personhttps://nu.federati.net/user/2lnxw48a1Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}Main account. A GNU+Linux bearing nomad migrating across a Windows-centric desert. I save the world from incompetent headquarters IT folks. I invite comment and discussion, but I dislike arguing .{58024A03-1021-499E-B14D-DF4537889BF8}https://nu.federati.net/conversation/2513107