Unfolding now: news.ycombinator.com/item?id=3…

- openwall.com/lists/oss-securit…
- github.com/tukaani-project/xz/…

An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:

- github.com/tukaani-project/xz/…
- bugs.debian.org/cgi-bin/bugrep…
- github.com/jamespfennell/xz/pu…

The timeline on this is going to take so long to unravel

#security #linux

feat: update vendored xz to 5.6.1 by jaredallard · Pull Request #2 · jamespfennell/xz

Updates the vendored version of xz to be 5.6.1. Also updates the vendor script to support the addition of SPDX-License-Identifier headers into some files.

^GitHub

🚨 ⚠️ Emergency PSA: A critical security exploit was discovered in the xz package recently, used for compression and decompression on nearly all Linux distributions.

Rawhide users ARE impacted and should immediately STOP using Rawhide until the package update is fully rolled back. (1/3)

Security Advisory: redhat.com/en/blog/urgent-secu…

#Fedora #Linux #OpenSource #Security #Privacy

Urgent security alert for Fedora Linux 40 and Fedora Rawhide users

Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.

^{, (Red Hat)}

Upgrade your systems now!

The xz package has been backdoored

archlinux.org/news/the-xz-pack…

#ArchLinux #Linux #xz #security

New bookmark: Firefox bug 1886557: Make JIT Spraying implausible.

This could be the biggest leap forward in years when it comes to SpiderMonkey catching up to V8 and JSC’s JIT hardening. So far, I’ve been telling security-conscious Firefox users to disable the JIT compiler, and to use Chromium when JIT is necessary; maybe I won’t have to in a few years’ time.

Originally posted on seirdy.one: See Original (POSSE). #browsers #firefox #security

My bookmarks

Links from around the web, curated and annotated by Rohan Kumar.

^{Seirdy’s Home}

🇩🇪 Ich habe ja schon erwähnt, dass im Januar für das #IzzySoftRepo zusätzliche APK-Checks implementiert wurden. Jetzt habe ich es endlich geschafft, auch den zugehörigen Blog-Artikel fertig zu stellen.

Vielleicht interessiert es Euch ja, einen Blick auf Details und Hintergründe zu werfen? Ihr finden den Artikel "Zusätzliche APK-Checks im IzzyOnDroid Repo" hier:

android.izzysoft.de/articles/n…

#security #Android #apps

Zusätzliche APK-Checks im IzzyOnDroid Repo

Nachdem der Library-Scanner nun seit mehreren Jahren im IzzyOnDroid Repo im Einsatz ist war es an der Zeit, einige zusätzliche APK-Prüfungen zu etablieren.

^IzzyOnDroid

🇺🇸 I've told you about additional APK checks having been implemented at the #IzzySoftRepo in January. Now finally I found the time to complete the article explaining the details, so you might wish to take a look at "Ramping up security: additional APK checks are in place with the IzzyOnDroid repo":

android.izzysoft.de/articles/n…

Edit: Tags:

#security #Android #apps

Ramping up security: additional APK checks are in place with the IzzyOnDroid repo

With the library scanner in place for multiple years, it was about time to establish some additional APK checks with the IzzyOnDroid F-Droid repository.

^IzzyOnDroid

Все страницы сайта Habr.ru (локальная копия)
по следующим темам:

[VPN]
[Proxy][proxy-server]

[Mesh]
[i2p]
[i2pd]
[cloak]
[P2P]
[TOR]
[OpenVPN]
[XraY]
[V2rayNG]
[I2raY]
[V2rayXS]
[V2rayN]
[Yggdrasil]

[ValdikSS]Возможно, вам это будет интересно.
Я нашел эти ссылки в интернете.

В связи с намерениями правительства удалить всю информацию по обходу блокировок из российского сегмента интернета, кто-то, решил принять меры. 🙂

ОН, судя по всему считает, что статьи это важная часть культуры и нашего прошлого.
Особенно, комментарии больших групп образованных людей на habrahabr.ru.

Этот человек, скорее всего считает важным сохранять и распространять полезную информацию.
А так же, делиться мнениями других людей, т.к. это развивает и помогает обществу рости в лучшую сторону.

Не смотря на мои предположения, для меня остается загадкой мотивация этой неизвестной личности.

Но я разделяю некоторые идеи, в плане того, что знаниями нужно делиться.

Мне всегда становится грустно, когда я обнаруживаю умерший сайт,
или удаленную страницу и потерянную информацию.

Поэтому, делюсь этими ссылками с вами.
А вы, можете поделиться с другими.
(будет что почитать, если интернет совсем кончится)

К тому же, 14 марта на хабре вышла статья
"Надежный обход блокировок в 2024 протоколы,
клиенты и настройка сервера от простого к сложному"
под которой один человек предложил сохранить статьи по обходу блокировок.
(эта статья сохранена в этом сборнике)

UPD1: "Статья уже была удалена. Но доступна если искать из другой страны."

UPD2: Сейчас, автор статей по "актуальному обходу блокировок MiraclePtr" - удален((

Учитывая времена, думаю стоит сохранить все локально, потому что не известно,
какие именно категории данных будут удаляться в будущем.
И нет надежды, что веб архив не будет заблокирован.
Да и не понятно, как сильно все изменится со временем.

Страниц в папках всего: 2223 или 11.5Gb

1) Видео о содержимом 13Mb можно по этой ссылке:
mega.nz/file/cLMUHSAT#PHjc7WfT…

2) Скачать архивом .7z - 3.3Gb (сжат):
mega.nz/file/hf8xSbiI#3DrGc3P2…

3) Скачать отдельные папки 11.5Gb:
mega.nz/folder/9TVGgZjL#pGAidX…

4) Копия архива .7z - 3.3Gb:
fileconvoy.com/dfl.php?id=gee7…

5) Ссылка на репозиторий, если кому-то удобней скачивать так:
codeberg.org/hrabr/Habr.git

О содержимом.

Судя по ссылкам в страницах, они были сохранены с середины марта 2024.
Информация собрана по темам (список вверху) и все рассортировано по папкам.

Сохранены практически все страницы (за исключением откровенно рекламных статей).

Возможно вы встретите небольшое количество дублей, т.к. темы пересекаются.
(так же, встречаются одинаковые статьи опубликованные в разное время, но имеющие разные комментарии)

Возможна какая-то информация вам будет не интересна.

Есть страницы с устаревшей информацией (с 2008 года).
Они и комментарии из этих статей сохранены для истории.

В архиве есть index.html, через который можно искать статьи по ключевым словам через Ctrl+F.
Так же, под этим сообщением есть скриншеты и видео о структуре.

Если у вас в закладках, есть страницы с инструкциями для построения защищенных сетей,
или что-то, что вы считает полезными и это может быть потеряно,
добавляйте ссылки под этим постом, с описанием.
Может быть, ваша информация будет кому-то полезна.

Страницы были сохранены через невероятное дополнение: SingleFile

Если кто-то захочет оформить раздачу на rutracker,
то этот человек очень поможет нашему большому обществу,
когда страницы будут удалены с хабра (я считаю, это вопрос времени).
Как это уже произошло со страницами сайта 4pda.to.

Хочу сказать спасибо MiraclePtr за чудесные статьи и отдельное спасибо UranusExplorer за простые инструкции.
А так же, всему Хабр-сообществу, которое десятилетиями писало статьи и делилось своим мнением в комментариях.

#хабр #обходблокировок
#habr #pages #backup #cloak #i2p
#xray #nekobox #v2ray #v2rayn
#v2rayxs #v2rayng #i2ray #git
#amnezia #outline #shadowsocks
#vpn #proxy #server #mesh #p2p
#roskomnadzor #valdikss #network
#internet #dns #ssl #wireguard
#ikev2 #ipsec #l2tp #mikrotik
#linux #unix #mozilla #softether
#softethervpn #openvpn #peervpn
#pptp #security #ssh #openbsd
#ubuntu #debian #router #firewall
#private #http #https #openxray
#tor #info #articles #p2panda
#yggdrasil #habr #habrahabr #i2pd
#telegram #mega #rutracker #4pda
#блокировки

#ru #ua @rf @ru

@Revertron - тут куча твоих комментов и статьи есть, поэтому решил упомянуть тебя.

Пожалуйста, поделитесь этой информацией с друзьями. 💗
Если у вас есть идея куда еще можно залить эти статьи, предлагайте.

At long last, a blog update... on updates? Check out this article on Accrescent's progress toward delta updates with conceptual explanations, benchmarks, and lots of pretty graphs!

lberrymage.dev/posts/ina-part-…

#android #accrescent #security

Accrescent 0.18.0 released! This is a minor one with removed privileged installer support and maintenance updates. Changelog below.

github.com/accrescent/accresce…

#accrescent #privacy #security #android #appstore

Release 0.18.0 · accrescent/accrescent

This release removes privileged installer support, as it is not currently necessary for any functionality. Removals Remove privileged installer support Updates Bump AGP to 8.3.1 Bump Coli to 2.6...

^GitHub

It's 2024 and #Google is now requiring bulk #email senders to use DMARC, SPF, & DKIM when emailing #Gmail users. 👍

👉 tuta.com/blog/google-introduci…

This is a great step, BUT why did they allow bulk senders to send #spam emails without proper #security standards until now? 🤔

Privacy can be powerful. The Librem 14 is the first ultra-portable laptop for the security-conscious- designed chip-by-chip, line-by-line, to respect your rights to privacy, security, and freedom.

Order yours now! https://puri.sm/products/librem-14/… #security #privacy #laptops

Today we are proud to announce the launch of the world's first #postquantum secure email platform! 🥳🎉

With TutaCrypt your data is safe against quantum computer attacks at rest & in transit. ⚛️ 🔒

Learn more about this quantum leap in #security here: tuta.com/blog/post-quantum-cry…

the #Apple #curl #security incident 12604 - or why CA cert verification is unreliable with curl on apple OS

daniel.haxx.se/blog/2024/03/08…

LLVM CFI and Cross-Language LLVM CFI Support for Rust, bughunters.google.com/blog/480….

> add LLVM CFI and cross-language LLVM CFI (and LLVM KCFI and cross-language LLVM KCFI) to the Rust compiler as part of our work in the Rust Exploit Mitigations Project Group. This is the first cross-language, fine-grained, forward-edge control flow protection implementation for mixed-language binaries that we know of.

Really interesting project.

#RustLang #llvm #security #safety #ffi

Blog: LLVM CFI and Cross-Language LLVM CFI Support for Rust

We’re pleased to share that we’ve worked with the Rust community to add LLVM CFI and cross-language LLVM CFI (and LLVM KCFI and cross-language LLVM KCFI) to the Rust compiler as part of our work in the Rust Exploit Mitigations Project Group.

^{bughunters.google.com}

Sometimes finding perfect #search results can be a pain and Google buying dominance doesn't help. 🔎
👉 tuta.com/blog/google-search-mo…

Not all search engines offer the same performance, #security, and #privacy! 🤔

Which search engine is your favorite? Let us know in the comments!

Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US

Break the Google Search monopoly! Your data is worth billions, take back control!

^Tutanota

• DuckDuckGo (64%, 265 votes)
• Ecosia (7%, 30 votes)
• StartPage (21%, 90 votes)
• Qwant (6%, 27 votes)

Just a bit of a ramble on #android and #apple and #privacy and #security inspired by a recent post by @beardedtechguy.

It's a bit of a ranty post, but not trying to be mean

This is day 19 of #100DaysToOffload

joelchrono.xyz/blog/apple-andr…

Apple vs Android on Security and Features

This post by Kyle triggered me a little bit, so I wrote a response with my opinion on the matter

^{joelchrono.xyz}

Protecting your #privacy starts with threat modeling.

By accurately accessing your online #security threats & potential weaknesses, you can better protect your #digital life.

You are one of kind & so is your threat model. You can learn more here: tuta.com/blog/threat-modeling-…

#Nevada aims to stop minors from using end-to-end #encryption to protect their data. 🚫

Stand up for encryption & #privacy! ✊

This isn't protecting the youth, it's #victimblaming at its finest.

We must stop NV Attorney General Aaron Ford from undermining basic #security practices!
👉 tuta.com/blog/nevada-blocks-en…

🚀 Exciting News! 🚀

We're consolidating our cryptographic libraries with Rust! 🦀

With a unified crypto library, we simplify development, speed up deployment, and ensure consistent security measures across all clients.

This milestone marks a significant step in our journey.

Join us in celebrating this achievement, and looking forward to even more exciting developments ahead! 🎉

element.io/blog/meet-element-r…

#Element #Rust #Security #ElementX

Meet Element R: our new unified crypto implementation

We’ve created a common cryptographic library implementation in Rust - codenamed Element R - for all our Element clients.

^{Archie W (Element Blog)}

Threat Modeling In 2024: Your Guide For Better #Security

@Tutanota shares some tips on developing a threat model for your personal use case.

#privacy #privacymatters

tuta.com/blog/threat-modeling-…

Threat Modeling In 2024: Your Guide For Better Security

Threat model best practices to evaluate your personal cybersecurity and privacy threat landscape.

^Tutanota

#curl HTTP/3 #security #audit

Performed by Trail of Bits. They found things to fix but nothing critical and no security flaws.

daniel.haxx.se/blog/2024/02/23…

#monocles chat 1.7.9 is released on the playstore with a lot of updates and improvements! (See comments below)

play.google.com/store/apps/det…

#xmpp #chat #privacy #security #messenger

monocles chat - Apps on Google Play

monocles chat - The secure and ethical chat client

^{play.google.com}

RFC time! We're working on specifying how Accrescent's repository should look technically.

If you're an app developer who cares about app store features, an Accrescent user, or just interested in our development, leave your comments in the issue below 👇

github.com/accrescent/meta/iss…

#android #appstore #security #privacy #accrescent

RFC: Repository metadata reorganization · Issue #31 · accrescent/meta

Problem Accrescent's repository metadata format and organization was not designed for cacheability, internationalization, or atomicity. As a result, Accrescent has limited scalability, target audie...

^GitHub

- "The EU Court ruled that “Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users’ electronic communications.”"
- “mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials.”
💖 Wow

➡️ European Court of Human Rights's ruling: }]https://hudoc.echr.coe.int/eng/#{%22itemid%22:[%22001-230854%22]}

#Privacy #Encryption #Security

Accrescent 0.17.1 released! This one fixes a bug where the download progress indicator was hidden and makes preparations for some upcoming server scaling improvements (follow for more info on that 😉).

Check out the release notes below!

github.com/accrescent/accresce…

#privacy #security #accrescent #appstore #android

Release 0.17.1 · accrescent/accrescent

This release fixes a UI bug where the download progress indicator was hidden and prepares for future server scaling improments by adding a backup pinned TLS certificate key. Bug fixes Fix download...

^GitHub

I gave a talk at #fosdem #fosdem2024.

Video and slides are now available:
fosdem.org/2024/schedule/event…

#thunderbird #security #openpgp #librepgp #smime

I'm interested in your feedback on these thoughts. Either here, or, if your feedback is longer, for a discussion it might be best to post to
thunderbird.topicbox.com/group…

Thanks a lot to the organizers of @fosdem and the modern email developer room.
github.com/modern-email/FOSDEM…

GitHub - modern-email/FOSDEM-24

Contribute to modern-email/FOSDEM-24 development by creating an account on GitHub.

^GitHub

"Mastodon: Diebstahl beliebiger Identitäten im föderierten Kurznachrichtendienst" 😬

Die Versionen 3.5.17, 4.0.13, 4.1.13 und 4.2.5 beheben die Sicherheitslücke. 👇

heise.de/news/Mastodon-Diebsta…

#mastodon #security #vulnerability #schwachstelle #sicherheit

Mastodon: Diebstahl beliebiger Identitäten im föderierten Kurznachrichtendienst

In einem knappen Sicherheitshinweis lassen die Entwickler eine Bombe platzen: Angreifer können jeden beliebigen Account übernehmen und fälschen.

^{Dr. Christopher Kunz (heise online)}

Getting security online right seems like a daunting task. But one thing is certain: Password managers help! 💪

🔥Here are our top three: tuta.com/blog/best-password-ma… 🔥

What are your favorite #PasswordManagers❓

#privacy #security #opsec #passwords #passwordfatigue #databreach #breachdata #infosec

Why Password Managers Are Important

Password managers are easy tools to increase your privacy and security online. Start using them now!

^Tutanota

• KeePassXC (49%, 218 votes)
• Bitwarden (46%, 201 votes)
• Pass (4%, 18 votes)

S/MIME E-Mail Verschlüsselung mit Thunderbird einrichten? Wie das geht, erkläre ich in diesem Video:

youtube.com/watch?v=exPq87oSJL…

spacefun.ch/linux-videos#extra…

#Linux #Thunderbird #SMIME #Video #YouTube #Tutorial #Security #Privacy

S/MIME E-Mail Verschlüsselung einrichten

Mit S/MIME kannst du auf einfache Weise verschlüsselte und sichere Mails schreiben. Ich zeige dir, wie du ein kostenloses Zertifikat beziehen und in deinem M...

^YouTube

Today, we call on all Interior, Justice & Economy ministers of EU countries, to choose the right side: #privacy or #surveillance.

Together with other privacy-first companies we call on our ministers to defend encryption & protect privacy. 🔒

Read the full text here: tuta.com/blog/open-letter-encr…

#chatcontrol #encryption #security #cybersecurity

Accrescent 0.17.0 is out! Accrescent now caches repository metadata, reducing bandwidth use a smidge, paving the way for a revamped download system, and bringing offline support just a *little* bit closer.

Check out the release notes below! github.com/accrescent/accresce…

#accrescent #security #privacy #android #appstore

Release 0.17.0 · accrescent/accrescent

This release implements repository metadata caching, making Accrescent more usable without Internet and saving bandwidth! Improvements Add caching for repository metadata Updates Bump Compose co...

^GitHub

Switch easily between work and personal Bitwarden accounts on Desktop, Mobile apps, and now the Bitwarden browser extension! Learn more in this blog: bitwarden.com/blog/account-swi…

#cybersecurity #security #passwordsecurity #passwordmanager #passwordmanagement

Switch between Bitwarden accounts quickly and easily | Bitwarden Blog

Quickly switch between multiple Bitwarden accounts in the browser extension, desktop and mobile apps.

^Bitwarden

Falsehoods programmers believe about… Biometrics

(For the new reader, there is a famous essay called Falsehoods Programmers Believe About Names. It has since spawned a long list of Falsehoods Programmers Believe About....)

Everyone has fingerprints!

The BBC has a grim tale of a family with a genetic mutation which means they have no fingerprints. It det

shkspr.mobi/blog/2021/01/false…

#/etc/ #design #falsehoods #policy #security

Today at apt.izzysoft.de/fdroid not just some #AndroidAppRain with 11 updated apps, but also some "evaporation": 12 apps have been removed as they used expired debug keys, more will follow them the next days. Some background on this can be found at gitlab.com/IzzyOnDroid/repo/-/…

For some more background: I'm currently implementing additional checks for better app security, see gitlab.com/IzzyOnDroid/repo/-/… – once done and working, details will follow with a blog article.

#Android #app #security

IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).

^{IzzyOnDroid App Repo}