The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora Rawhide and Debian testing, unstable and experimental distributions. A stable release of Arch Linux is also affected. That distribution, however, isn't used in production systems.
Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. “BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”
Operation Triangulation: The last (hardware) mystery | …if this turns out to be an NSA-enabling backdoor, Apple’s security reputation will be toast
Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake. Because this feature is not used by the firmware, we have no idea how attackers would know how to use it.
The last I’ll say on Beeper/Apple/iMessage debacle:
I think it’s within Beeper’s right to attempt at reverse engineering iMessage, but not Apple’s responsibility to be forced or even expected to host Beeper customers. It’s clear Apple doesn’t want to and I don’t blame them. If this ever went to court, Apple would obliterate Beeper—even if they switched lawyers. It’s not Beeper’s right to push the burden and expense of hosting on Apple.
@snazzyq considering how basically every standardization group - regardless if #ETSI or #GSMA - introduce #Govware#Backdoors in their #Encryption, I'd not count on any GSMA standard to come out of this.
Their attempt to replace #MMS witha #Messenger (remember #Joyn) failed so hard that I don't have any devices that support it!
@dataelemental@13reak@cjerrington Personally I wasted 15 years of my life with #Windows and I do regret not having made the switch to #Linux 5-10+ years earlier, because Windows to this day doesn't have a good #CLI / #shell nor absolute basics like a #PackageManager to keep stuff updated, so every application has to DIY it's own updates like some Caveman-made Ghettohack of a program...
Die Meldungen über ein vermutetes Datensammeln von MS über Outlook sind alarmierend. Wir werden am Dienstag beim Treffen der europäischen Datenschutzaufsichtsbehörden die rechtlich dafür federführenden irischen Datenschutzbeauftragten um einen Bericht bitten
"We write as journalists, artists, authors, activists, technologists, and academics to warn of increasing international #censorship that threatens to erode centuries-old democratic norms. [...]"
Ich suche eine App, welche meine Ergüsse Parallel auf Twitter, Mastodon, Post, Bluesky und Threads postet und die Antworten sortiert. Und dann bitte einen Messanger für WA, Signal, Telegram, iMessage, Threema, ...
@floe@enno Ich bezweigle dass Firmen dazu complien werden, weil dann müssten.diese ja die entsprechende Krypto FLOSS-lizensieren, und dann dürfte klar sein, wieviele #Govware-#Backdoors haben, weil sonst illegal...
After basically the whole #Microsoft#Azure cloud was hacked (see list of related sources on https://karl-voit.at/cloud/ ), the first follow-up incidents went public caused by missing containment actions:
If you didn't understand until now: basically EVERYTHING at Microsoft got hacked and Microsoft can't (or won't) get rid of the intruders. Everything authenticated by Microsoft is tainted. Even #Windows auth.
In simple words: #Microsoft lost one of their master keys to unlock very important parts of their cloud. This connects to all MS services that do authenticate by MS which includes most #Windows setups as well.
This happened long time ago, some people think it was the Chinese.
They were able to implant #backdoors, self-made keys, ... all over the place.
In order to fix that, MS would need to kill all their connected hosts and start from scratch. It's obvious why they don't.
We're also pleased to have @cdteurope's Iverna McGowan moderate the discussion 🌟 & to hear from Noémie Levain, Legal Expert at @LaQuadrature, Beatriz Ramalho da Silva, Investigative Journalist at @lhreports & Bart Staszewski LGBTI+ activist, founder and chairman of Basta Fundacja 🤩
1/2
Das 40,00€ teurer gewordene Nachfolgeticket zum 9-Euro-Ticket soll Daten melken. Zwar solle das Ticket übergangsweise nicht nur für Smartphones erhältlich sein sondern auch auf Chip-Karten und kurzzeitig auf Papier mit QR-Code, aber wichtig scheint es den Regierenden vor allem anderen, dass mit dem 49€-Ticket Echtzeit-Verkehrsdaten erhoben werden können.
Positiv klingt zunächst: "Es werde nicht gespeichert, wer von A nach B fährt, sondern nur, wie stark die Verkehrsmittel ausgelastet sind. Für die Fahrgäste könnte das ein Nutzen sein, weil die Verkehrsunternehmen so für ausreichend Kapazitäten sorgen könnten."
Allerdings: Das Ticket wird wohl nur als Abo personalisiert erworben werden können, so dass darüber anfallende Personendaten zukünftig schnell integriert werden könnten. Mit Hinblick auf den aktuellen massiven Ausbau des Überwachungsstaats und der Kontrollgesellschaft in Deutschland und der EU (digitale Personenkennziffer/RegMod, Chatkontrolle, Identifizierungspflicht, Biometrie, eIDAS uvm) ist es doch auch gar nicht die Frage ob, sondern nur wann und mit welchem Vorwand (Anschläge, Pandemie, Jugendschutz, Wahlkampf) personalisierte Datenerfassung und Polizeizugriffe kommen werden, sobald die digitale Kontrollinfrastruktur erst einmal errichtet wurde.