security - kbin.social

16 years of CVE-2008-0166 - Debian OpenSSL Bug (16years.secvuln.info)

Today, 16 years ago, Debian published a security advisory announcing CVE-2008-0166, a severe bug in their OpenSSL package that effectively broke the random number generator and limited the key space to a few ten thousand keys. The vulnerability affected Debian+Ubuntu between 2006 and 2008. In 2007, an email signature system...

Novel attack against virtually all VPN apps neuters their entire purpose (arstechnica.com)

How well can an employer be certain of a remote employee's geographical location?

cross-posted from: lemmy.ml/post/15178977...

Stealing your Telegram account in 10 seconds flat (lyra.horse)

A doubt in encryption (lemmy.ml)

There’s a server, a client, and a hacker in a network. For encryption, the client and the server need to share their private keys. Wouldn’t the hacker be able to grab those during their transmission and decrypt further messages as they please?

Computer scientists unveil novel attacks on cybersecurity (www.sciencedaily.com)

cross-posted from: infosec.pub/post/11554206...

Passkeys: A Shattered Dream (fy.blackhats.net.au)

After XZ Utils, More Open-Source Maintainers Under Attack (www.bankinfosecurity.com)

cross-posted from: infosec.pub/post/11143989...

PuTTY priority high vulnerability CVE-2024-31497 (hachyderm.io)

New Technique Detected in an Open Source Supply Chain Attack (checkmarx.com)

New Spectre v2 attack impacts Linux systems on Intel CPUs (www.bleepingcomputer.com)

cross-posted from: infosec.pub/post/10912691...

Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them (www.flux.utah.edu)

discuss.systems/

GParted Live Is Now Patched Against the XZ Backdoor, Powered by Linux Kernel 6.7 (9to5linux.com)

Running the “Reflections on Trusting Trust” Compiler (research.swtch.com)

Critical Rust flaw enables Windows command injection attacks (www.bleepingcomputer.com)

Thoughts on the xz backdoor: an lzma-rs perspective | Blog (gendignoux.com)

The Bootstrapping Exam: Escaping from “Trusting Trust” (www.devever.net)

Security advisory for the standard library (CVE-2024-24576) (blog.rust-lang.org)

XZ Utils backdoor - Wikipedia (en.wikipedia.org)

Amazon storing classified US government documents improperly (lemmy.ml)

wetdry.world/@ari/112230288896956003

Today marks the 10th anniversary of the Heartbleed vulnerability in OpenSSL, which had the same ultimate root cause as recent XZUtils backdoor incident (medium.com)

The XZ Utils backdoor, discovered last week, and the Heartbleed security vulnerability ten years ago, share the same ultimate root cause. Both of them, and in fact all critical infrastructure open source projects, should be fixed with the same solution: ensure baseline funding for proper open source maintenance.

backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)

High Court orders temporary suspension of Telegram's services in Spain (www.reuters.com)

Spain’s High Court has ordered the suspension of messaging app Telegram’s services in the country after media companies complained it was allowing users to upload their content without permission, according to a court source....

SIM swappers hijacking phone numbers in eSIM attacks (www.bleepingcomputer.com)

Debunking the Myth of “Anonymous” Data (www.eff.org)

Today, almost everything about our lives is digitally recorded and stored somewhere. Each credit card purchase, personal medical diagnosis, and preference about music and books is recorded and then used to predict what we like and dislike, and—ultimately—who we are....