Amirmohammad @OSE@fosstodon.org

𝙎𝙞𝙜𝙣𝙖𝙡 𝘾𝙀𝙊 𝙃𝙖𝙘𝙠𝙨 𝘾𝙚𝙡𝙡𝙚𝙗𝙧𝙞𝙩𝙚 𝙞𝙋𝙝𝙤𝙣𝙚 𝙃𝙖𝙘𝙠𝙞𝙣𝙜 𝘿𝙚𝙫𝙞𝙘𝙚 𝙐𝙨𝙚𝙙 𝘽𝙮 𝘾𝙤𝙥𝙨

Moxie Marlinspike, the founder of the popular encrypted chat app Signal, claims to have hacked devices made by the phone unlocking company Cellebrite.

To make his distate for these kinds of practices known, Signal CEO Moxie Marlinspike has published a blog post on critical flaws in Cellebrite tools:

https://signal.org/blog/cellebrite-vulnerabilities/

Source: Techradar, Vice

#signal #cellebrite #news #security

𝙐𝙈𝙉 𝙗𝙖𝙣𝙣𝙚𝙙 𝙛𝙧𝙤𝙢 𝙘𝙤𝙣𝙩𝙧𝙞𝙗𝙪𝙩𝙞𝙣𝙜 𝙩𝙤 𝙇𝙞𝙣𝙪𝙭 𝙠𝙚𝙧𝙣𝙚𝙡

Earlier this year, two researchers from the university of Minnesota released a paper detailing how they had submitted known security vulnerabilities to the Linux kernel in order to show how potentially malicious code could get through the approval process. Now, after another student submitted code that reportedly does nothing, kernel maintainer Greg Kroah-Hartman has banned the University from contributing to the Linux kernel project.

#news

𝘽𝙧𝙖𝙫𝙚 𝙞𝙨 𝙩𝙝𝙚 𝙛𝙞𝙧𝙨𝙩 𝙗𝙧𝙤𝙬𝙨𝙚𝙧 𝙛𝙚𝙖𝙩𝙪𝙧𝙚𝙙 𝙤𝙣 𝙩𝙝𝙚 𝙀𝙥𝙞𝙘 𝙂𝙖𝙢𝙚𝙨 𝙎𝙩𝙤𝙧𝙚

Seriously, who asked for this?

#wtf #brave #epicgamesstore #news

𝙃𝙖𝙘𝙠𝙚𝙧𝙨 𝙗𝙖𝙘𝙠𝙙𝙤𝙤𝙧 𝙋𝙃𝙋 𝙨𝙤𝙪𝙧𝙘𝙚 𝙘𝙤𝙙𝙚 𝙖𝙛𝙩𝙚𝙧 𝙗𝙧𝙚𝙖𝙘𝙝𝙞𝙣𝙜 𝙞𝙣𝙩𝙚𝙧𝙣𝙖𝙡 𝙜𝙞𝙩 𝙨𝙚𝙧𝙫𝙚𝙧

A hacker compromised the server used to distribute the PHP and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said.

Two updates pushed to the PHP Git server added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice.

https://arstechnica.com/gadgets/2021/03/hackers-backdoor-php-source-code-after-breaching-internal-git-server/

#php #backdoor #security

𝙍𝙪𝙨𝙩 𝙨𝙪𝙥𝙥𝙤𝙧𝙩 𝙞𝙣 𝙇𝙞𝙣𝙪𝙭 𝙢𝙖𝙮 𝙗𝙚 𝙥𝙤𝙨𝙨𝙞𝙗𝙡𝙚 𝙗𝙮 𝟓.𝟏𝟒 𝙧𝙚𝙡𝙚𝙖𝙨𝙚: 𝙏𝙤𝙧𝙫𝙖𝙡𝙙𝙨

Linus Torvalds told iTWire in response to queries that Rust support was "not there yet", adding that things were "getting to the point where maybe it might be mergeable for 5.14 or something like that".

𝘓𝘪𝘯𝘶𝘴'𝘴 𝘳𝘦𝘴𝘱𝘰𝘯𝘴𝘦 𝘰𝘯 𝘳𝘦𝘸𝘳𝘪𝘵𝘪𝘯𝘨 𝘵𝘩𝘦 𝘓𝘪𝘯𝘶𝘹 𝘬𝘦𝘳𝘯𝘦𝘭 𝘪𝘯 𝘊++:
"C++ solves _none_ of the C issues, and only makes things worse. It really is a crap language ..."

https://itwire.com/open-source/rust-support-in-linux-may-be-possible-by-5-14-release-torvalds.html

#linux #news #rust #torvalds #kernel

𝙀𝙁𝙁 𝙋𝙖𝙧𝙩𝙣𝙚𝙧𝙨 𝙬𝙞𝙩𝙝 𝘿𝙪𝙘𝙠𝘿𝙪𝙘𝙠𝙂𝙤 𝙩𝙤 𝙀𝙣𝙝𝙖𝙣𝙘𝙚 𝙎𝙚𝙘𝙪𝙧𝙚 𝘽𝙧𝙤𝙬𝙨𝙞𝙣𝙜 𝙖𝙣𝙙 𝙋𝙧𝙤𝙩𝙚𝙘𝙩 𝙐𝙨𝙚𝙧 𝙄𝙣𝙛𝙤𝙧𝙢𝙖𝙩𝙞𝙤𝙣 𝙤𝙣 𝙩𝙝𝙚 𝙒𝙚𝙗

𝘋𝘶𝘤𝘬𝘋𝘶𝘤𝘬𝘎𝘰 𝘚𝘮𝘢𝘳𝘵𝘦𝘳 𝘌𝘯𝘤𝘳𝘺𝘱𝘵𝘪𝘰𝘯 𝘞𝘪𝘭𝘭 𝘉𝘦 𝘐𝘯𝘤𝘰𝘳𝘱𝘰𝘳𝘢𝘵𝘦𝘥 𝘐𝘯𝘵𝘰 𝘏𝘛𝘛𝘗𝘚 𝘌𝘷𝘦𝘳𝘺𝘸𝘩𝘦𝘳𝘦

“DuckDuckGo Smarter Encryption has a list of millions of HTTPS-encrypted websites, generated by continually crawling the web instead of through crowdsourcing, which will give HTTPS Everywhere users more coverage for secure browsing,” said Alexis Hancock, EFF Director of Engineering...

https://www.eff.org/press/releases/eff-partners-duckduckgo-enhance-secure-browsing-and-protect-user-information-web

#eff #privacy

𝙁𝙖𝙘𝙚𝙗𝙤𝙤𝙠 𝙛𝙖𝙘𝙚𝙨 ‘𝙢𝙖𝙨𝙨 𝙖𝙘𝙩𝙞𝙤𝙣’ 𝙡𝙖𝙬𝙨𝙪𝙞𝙩 𝙞𝙣 𝙀𝙪𝙧𝙤𝙥𝙚 𝙤𝙫𝙚𝙧 𝟐𝟎𝟏𝟗 𝙗𝙧𝙚𝙖𝙘𝙝

Today Digital Rights Ireland (DRI) announced it’s commencing a “mass action” to sue Facebook, citing the right to monetary compensation for breaches of personal data that’s set out in the European Union’s General Data Protection Regulation (GDPR).

https://techcrunch.com/2021/04/16/facebook-faces-mass-action-lawsuit-in-europe-over-2019-breach/

#facebook #lawsuit #gdpr #news #security

𝙁𝘽𝙄 𝙡𝙖𝙪𝙣𝙘𝙝𝙚𝙨 𝙤𝙥𝙚𝙧𝙖𝙩𝙞𝙤𝙣 𝙩𝙤 𝙧𝙚𝙢𝙤𝙫𝙚 𝙗𝙖𝙘𝙠𝙙𝙤𝙤𝙧𝙨 𝙛𝙧𝙤𝙢 𝙝𝙖𝙘𝙠𝙚𝙙 𝙈𝙞𝙘𝙧𝙤𝙨𝙤𝙛𝙩 𝙀𝙭𝙘𝙝𝙖𝙣𝙜𝙚 𝙨𝙚𝙧𝙫𝙚𝙧𝙨

A court in Houston has authorized an FBI operation to “copy and remove” backdoors from hundreds of Microsoft Exchange email servers in the United States, months after hackers used four previously undiscovered vulnerabilities to attack thousands of networks.

https://techcrunch.com/2021/04/13/fbi-launches-operation-to-remotely-remove-microsoft-exchange-server-backdoors/

#microsoft #privacy #news #backdoor

𝙍𝙈𝙎 𝙖𝙙𝙙𝙧𝙚𝙨𝙨𝙚𝙨 𝙩𝙝𝙚 𝙛𝙧𝙚𝙚 𝙨𝙤𝙛𝙩𝙬𝙖𝙧𝙚 𝙘𝙤𝙢𝙢𝙪𝙣𝙞𝙩𝙮

𝘙𝘔𝘚: "Please direct your criticism at me, not at the Free Software Foundation ..."

https://www.fsf.org/news/rms-addresses-the-free-software-community

𝙏𝙝𝙞𝙨 𝙙𝙤𝙘𝙪𝙢𝙚𝙣𝙩 𝙚𝙭𝙥𝙡𝙖𝙞𝙣𝙨 𝙬𝙝𝙮 𝙪𝘽𝙊 𝙬𝙤𝙧𝙠𝙨 𝙗𝙚𝙨𝙩 𝙞𝙣 𝙁𝙞𝙧𝙚𝙛𝙤𝙭

Ability to uncloak 3rd-party servers disguised as 1st-party through the use of CNAME record. The effect of this is to make uBO on Firefox the most efficient at blocking 3rd-party trackers relative to other other browser/blocker pairs:

https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox

#ublockorigin #ublock #privacy #firefox #chromium #brave #torbrowser #opera

𝘿𝙪𝙘𝙠𝘿𝙪𝙘𝙠𝙂𝙤 𝙥𝙧𝙤𝙢𝙞𝙨𝙚𝙨 𝙩𝙤 𝙗𝙡𝙤𝙘𝙠 𝙂𝙤𝙤𝙜𝙡𝙚’𝙨 𝙡𝙖𝙩𝙚𝙨𝙩 𝙖𝙙-𝙩𝙧𝙖𝙘𝙠𝙞𝙣𝙜 𝙩𝙚𝙘𝙝

DuckDuckGo announced that the latest version of its Chrome extension would prevent websites from tracking users via their FLoC identification.

https://spreadprivacy.com/block-floc-with-duckduckgo/

#duckduckgo #google #floc #privacy

An amazing, well-researched video by @BrodieOnLinux on 𝘚𝘪𝘨𝘯𝘢𝘭'𝘴 𝘤𝘳𝘺𝘱𝘵𝘰 𝘱𝘢𝘳𝘵𝘯𝘦𝘳𝘴𝘩𝘪𝘱 𝘸𝘪𝘵𝘩 𝘔𝘰𝘣𝘪𝘭𝘦𝘊𝘰𝘪𝘯.

Don't miss out!

https://odysee.com/@BrodieRobertson:5/signal%27s-massive-crypto-payments-mistake:9

#signal #mobilecoin #moxie #crypto #privacy

𝙯𝙚𝙧𝙤-𝙘𝙡𝙞𝙘𝙠 𝙇𝙞𝙣𝙪𝙭 𝘽𝙡𝙪𝙚𝙩𝙤𝙤𝙩𝙝 𝙗𝙪𝙜 𝙘𝙝𝙖𝙞𝙣 𝙡𝙚𝙖𝙙𝙞𝙣𝙜 𝙩𝙤 𝙧𝙚𝙢𝙤𝙩𝙚 𝙘𝙤𝙙𝙚 𝙚𝙭𝙚𝙘𝙪𝙩𝙞𝙤𝙣

A security researcher at Google has disclosed long-awaited details of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers “to execute arbitrary code with kernel privileges on vulnerable devices”.

https://youtu.be/qPYrLRausSw

#linux #bluetooth #bug #rce #venerability #google #bluez