The PAM Duress is a module designed to allow users to generate 'duress' passwords that when used in place of their normal password will execute arbitrary scripts.

This functionality could be used to allow someone pressed to give a password under coercion to provide a password that grants access but in the background runs scripts to clean up sensitive data, close connections to other networks to limit lateral movement, and/or to send off a notification or alert (potentially one with detailed information like location, visible wifi hot-spots, a picture from the camera, a link to a stream from the microphone, etc). You could even spawn a process to remove the pam_duress module so the threat actor won't be able to see if the duress module was available.

github.com/nuvious/pam-duress

#security #Linux #Arch #Debian

GitHub - nuvious/pam-duress: A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc

A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensit...

^GitHub

In 2025, the German #BSI launched the Year of #Email #Security recommending Tuta Mail.🇩🇪 ❤️

In 2026, we call for a year on end-to-end encryption in email - so they stop recommending Gmail & Co as well. 🔒

#privacy #security

After my assembly #39c3 talk on the topic, here’s a more in-depth analysis on the #security of data and metadata in #XMPP : blog.mathieui.net/xmpp-and-met…

I’m sure I missed a lot of things, but since the only reference on the topic is the - now defunct - infosec handbook website with the "admin in the middle" article, I guess that could be useful to somebody.

Announcing Jabboratory, a partner collective of @joinjabber
Jabboratory aims to be for the people who already have an XMPP account and want to help improve XMPP and the Jabber network.

We use the same CoC as JoinJabber and all the same governance documents. All of them being by Vojkruco codeberg.org/Vojkruco/Cooperat… and we are hosted under the Vojkruco umbrella.

Some of the things we do are:
- specifications (called XCSPs in Jabboratory),
- developer help/documentation and implementation collaboration
- improve XMPP/Jabber network socially (safer spaces, blocklists, outreach, organizing events, pushing for a better non-tech culture, etc.)
or anything else that includes improving XMPP and Jabber network as a whole.

We aim for diversity of ideas, include people directly in all aspects of decision making (protocol, implementations, social, etc.) and build a space where people feel safe to talk, ask for help, bring up any kind of ideas and work with others to implement said ideas. By the community for the community with inclusive decision making to serve the people affected.

you are welcome to join our lounge room here -> invite.joinjabber.org/#lounge@…
It is strictly non-tech because we aim for inclusivity, but we do of course have other channels some of them being tech related🙂

We already have some implementations, servers, and XMPP collectives involved (including JoinJabber) and we are all building a better XMPP and Jabber network together 🙂

#xmpp #jabber #xml #SecureMessaging #decentralization #privacy #security #federated #jabboratory

Cooperative_Development_Guidelines

^Codeberg.org

The #Venezuela mission to the #UN has requested an emergency #Security Council [#UNSC] meeting & has asked the Council to condemn the #US military strikes against the country.

Venezuela’s ambassador, Samuel Reinaldo Moncada Acosta, said in a letter to the UNSC president: “The United States of America always uses lies to fabricate wars. It is an international #tyranny imposed with the #propaganda of death: the recent past confirms this.”

#law #Trump #abduction #oil #LandGrab #InternationalLaw

#China called on the #US to comply with #InternationalLaw & the principles of the #UN Charter, urging it to stop violating the #sovereignty & #security of other nations.

#law #Congress #WarPowers #criminal #Trump #abduction #Venezuela #oil #LandGrab #WarCrimes #ExtrajudicialKillings #theft #piracy #InternationalLaw

#China strongly condemned the #US strike in #Venezuela & the action against its president, the Foreign Ministry said, adding the Beijing govt was “deeply shocked” & firmly opposed to the operation.

“Such hegemonic acts of the US seriously violate #InternationalLaw & Venezuela’s #sovereignty & threaten #peace & #security in #LatinAmerica & the #Caribbean region,” it said.

#law #Congress #WarPowers #criminal #Trump #abduction #oil #LandGrab #WarCrimes #ExtrajudicialKillings #theft #piracy

When you think that things like turning off #Bluetooth as a precaution are overkill, security researchers drop a bomb like this. (long, but interesting read)

insinuator.net/2025/12/bluetoo…

#CVE #security #cyberSecurity

We've enabled SASL2 and XEP-0474: SASL SCRAM Downgrade Protection on XMPP.is via github.com/unredacted/xmpp.is/…

This solves one of the most important issues mentioned in our blog post unredacted.org/blog/2023/11/wh…

#XMPP #Security #TLS

What we're doing in response to the jabber.ru MITM attack - Unredacted

As you may have heard, jabber.ru, a popular XMPP service discovered a sophisticated MITM attack against their service that may have lasted for up to 6 months.

^{admin (Unredacted)}

Reminder: You better hurry!

@monocles and #Conversations_im are available for free on your Android device since Dec 24th and until the 31st on Google Play!

Get your friends and family and don’t miss out on the opportunity to install and onboard them in one (or both) of the most featureful #XMPP clients on Android!

Set them free from invasive, data harvesting, centralized IM communications networks!

#RunJBR #Privacy #Security #Decentralization #PrivacyIsAHumanRight #DigitalSovereignty #Jabber

When Big Tech clouds fail, are censored, or collude with the (US) government, which would you choose for private messaging?

#privacy #security #decentralization #securemessaging #matrix #xmpp #simplex #deltachat #signal #poll #polls #askfedi

• Matrix (10%, 8 votes)
• XMPP/Jabber (24%, 18 votes)
• SimpleX (2%, 2 votes)
• DeltaChat (62%, 47 votes)

Are you seeing distros or the gnuprojecct applying this patch?

#Security #GPG #GNUProject

@daniel

Ja, @mailbox_org nutzt meines Wissens einen sieben Jahre alten #ejabberd. Möchte nicht wissen, wie viele längst gelöste Bugs da drin sind, schlimmstenfalls auch #security bugs.

#aTalk kenne ich vom Namen her, aber ich kenne niemanden, der diesen #Jabber client nutzt. D.h. es wird vielleicht etwas schwieriger dafür Hilfe zu kriegen.

Bei Matrix ist es auch so: Manche clients funktionieren nicht mit manchen servers 🤷

Lately I’ve been realizing that I probably made a (small but important) mistake when choosing Proton Mail over @Tutanota Mail.

I truly respect and like both European companies, but what I’ve been noticing, and deeply appreciating, is how strong, healthy, and direct the relationship between Tuta and its users is. They communicate, they discuss, they listen.

It actually reminds me a lot of the @Vivaldi browser team, including @jon himself. And that kind of attitude is priceless, especially when it’s combined with such a clear stance on privacy & security, AI, and user-first values. That combination is simply top-tier.

I recently noticed Vivaldi starting some cooperation with Proton. Personally, I’d much rather see a collaboration with Tuta.

Rooting for you. Rooting for both teams (actually all three). Absolutely fantastic work.

#privacy #security #email #europeanTech #Vivaldi #Tuta #Proton

I've mentioned this before but SimpleX is more private secure and anonymous that signal threema and session.

SimpleX is decentralised meaning taking down a single group of servers or org wouldnt destroy the simplex network, people can run completely anonymous simplex servers over tor, this puts simplex ahead of Signal and Threema

SimpleX has quantum resistant encryption which puts it ahead of Threema and Session, the UK military[1] and NATO[2] both consider quantum computers to be a threat now because of store now decrypt later attacks

SimpleX has no user identifiers not even random strings, its essentially like having a "burner phone for every contact". Two or more compromised contacts could corroborate your messages by linking them to your signal username or your session id, but with simplex your contacts can't prove your identity even between eachother. This fact puts SimpleX above Signal Threema and Session

These technical details about the simplex protocol can all be found on the project website including the whitepaper

[3]
[1]ncsc.gov.uk/whitepaper/prepari…

[2]nato.int/docu/review/articles/…

[3]isdb4l77sjqoy2qq7ipum6x3at6hyn…

#SimpleX #Threema #Signal #Session #PSA #Privacy #Security #Anonymity #NATO #UnitedKingdom #Tor #QuantumResistantEncryption

Deutsche Bahn zwingt mich, mein Login-Passwort zu ändern: Es hat 24 Zeichen, ist zufällig, beinhaltet Groß-/Kleinbuchstaben und Zahlen und hat eine Entropie über 110 Bit. Aber weil kein Sonderzeichen drin ist, gilt es als unsicher. Sicherheitsrichtlinien von 2005 lassen grüßen. 🙄

/kuk

#bahn #db #security #sicherheit #passwort #fail

Schleswig-Holstein reports €15M yearly savings by replacing Microsoft 365 with LibreOffice across most government workplaces 💶

About 80% of offices have migrated, with a €9M one-time investment planned for 2026 to finish the shift and strengthen open-source tools 🧩

@libreoffice

🔗 itsfoss.com/news/german-state-…

#TechNews #OpenSource #Privacy #Security #Government #EU #Data #Sovereignty #IT #PublicSector #Digital #Microsoft #Office #Software #Tech #Cloud #FOSS #Germany #German #LibreOffice

Hurray! This German State Decides to Save €15 Million Each Year By Kicking Out Microsoft for Open Source

Schleswig-Holstein's migration to LibreOffice reaches 80% completion, with a one-time €9 million investment on cards for 2026.

^{Sourav Rudra (It's FOSS)}

Be careful, if the product is too secure, the user may be a criminal. This is how some parts of the EU think about security and data protection.

#grapheneos #freedom #security

The German #BSI has made 2025 the Year of #Email #Security

Great initiative - and great rating for Tuta ❤️ - your secure email provider from Germany. 🇩🇪

bsi.bund.de/DE/Themen/Kampagne…

Benjamin Franklin said "Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety."

The same could be said of privacy and convenience. Seriously people, don't fall for this nonsense.

#Privacy #Security

Ich habe IT-Sicherheit nie als großen Sprung erlebt, sondern als viele kleine Entscheidungen – ausgelöst durch alte Fehler, verlorene Daten und langsam wachsende Einsicht. Mein Weg raus aus Bequemlichkeit, Datensilos und Sicherheitsillusionen zeigt: Kontrolle gewinnt man Schritt für Schritt zurück. Vielleicht hilft meine Geschichte euch beim eigenen Anfang. 👇

kuketz-blog.de/it-sicherheit-i…

#security #sicherheit

IT-Sicherheit ist nie fertig – Ein persönlicher Weg über viele Jahre

Von »wird schon nichts passieren« zu echter Kontrolle: Mein persönlicher Weg zu mehr IT-Sicherheit, Datenschutz und digitaler Selbstbestimmung.

^{www.kuketz-blog.de}

Von »wird schon nichts passieren« zu echter Kontrolle: Mein persönlicher Weg zu mehr IT-Sicherheit, Datenschutz und digitaler Selbstbestimmung. 👇

kuketz-blog.de/it-sicherheit-i…

Bitte teilen! ❤️ ✌️

#sicherheit #security #awareness #datenschutz #dsgvo #prozess #passwortmanager #email #router #android #backup

IT-Sicherheit ist nie fertig – Ein persönlicher Weg über viele Jahre

^{www.kuketz-blog.de}

Taking a Curated Look at Black Friday Sales For 2025

A small curated list of Black Friday sales by independent creators or small businesses covering areas of technology, gaming and miscellaneous deals.

adamsdesk.com/posts/black-frid…

#blog #BlackFriday #tech #InfoSec #security #100DaysToOffload @Tutanota @b0rk

FreeBSD Now Builds Reproducibly and Without Root Privilege

We’re pleased to share that the FreeBSD Project now supports builds without requiring root privileges, removing elevated access from the release pipeline and improving overall security. This work was completed as part of a program commissioned by the Sovereign Tech Agency.

Read more: freebsdfoundation.org/blog/fre…

#FreeBSD #ReproducibleBuilds #OpenSource #Security

If you've wondered how Android developer verification affects Accrescent, today we have a new blog post explaining briefly what it is, how it impacts us, and how we're responding.

blog.accrescent.app/posts/andr…

#accrescent #android #appstore #security #privacy

Accrescent and Android Developer Verification

Google recently announced that starting next year, Android will require all apps to be registered by verified developers for users to install them on their devices, i.e.

^{Logan Magee (Accrescent Blog)}

with #ArcaneChat no one can scam you or impersonate your friends/family, since to get in contact you have to share your contact invite link or show them your QR, a scammer simply can't write to your grandmother or #kids

#privacy #security #family #encryption

WhatsApp anyone?

heise.de/news/3-5-Milliarden-K…

#datensicherheit #datenschutz #security #kommunikation

3,5 Milliarden User: Gesamtes WhatsApp-Verzeichnis abgeschnorchelt

Wiener Forscher haben alle WhatsApp-Nummern abgerufen. Die 3,5 Milliarden Profile sind der größte Datenabfluss der Geschichte – und übler, als man meinen würde.

^{Daniel AJ Sokolov (heise online)}

@delta : With #ChatControl as a very possible future here in the #EU, do you have any updates on implementation of:

- on-device #encryption against #ClientSideScanning
- #PerfectForwardSecrecy
- #PostQuantumEncryption

If not, what can the community do to help you with these three points?

Each of these are so critically important for secure messaging apps.

Thank you for all your work!

#privacy #security #InfoSec #cybersecurity #EuropeanUnion

It's time for an update! Check out our blog for a new update on:

- What we've accomplished in the last 3 months
- What's next for Accrescent

Thank you to our supporters for making this possible!

blog.accrescent.app/posts/road…

#accrescent #appstore #android #security #privacy

A Road Behind, A Road Ahead

Three months ago, we published an update on our development progress as well as our roadmap for the next three months and beyond.

^{Logan Magee (Accrescent Blog)}

🚨 They are bringing back #ChatControl 🚨

Hummelgaard doesn't understand that no means no.

Discussion is scheduled for tomorrow, so act now: fightchatcontrol.eu/

#No2Backdoors #Privacy #Security

Source: noyb.eu/en/eu-commission-about…

netzpolitik.org/2025/interne-d…

Louvre surveillance system #password was LOUVRE

redhotcyber.com/en/post/theft-…

#Louvre #security

Theft at the Louvre: The surveillance system's password "LOUVRE" has put the museum in crisis.

The theft at the Louvre reveals security flaws in the world's most visited museum. The passwords for the video surveillance systems were extremely simple.

^{Redazione RHC (Red Hot Cyber)}

Accrescent 0.28.0 is out, including:

- Download cancellation support
- Better update scheduling (especially on Android 14+)
- UI improvements and bug fixes

Full release notes below!
github.com/accrescent/accresce…

#accrescent #appstore #android #security #privacy

Release 0.28.0 · accrescent/accrescent

This release adds a "cancel" button for downloads, provides better update scheduling (especially on Android 14+), and includes a handful of UI improvements and bug fixes. Changed Perform gentle up...

^GitHub

Ever wondered how to write an email to your lawyer or doctor? Let's hope they use encryption! 🔒 😎 But why does a business need end-to-end encryption?

✅ Protect sensitive data
✅ Stay GDPR compliant
✅ Build trust

Find out more: ➡️ tuta.com/blog/why-companies-ne…

#Security #Encryption #Privacy #CyberSecurityMonth #GDPR

Google is going to make HTTPS required by default in Chrome in a year.

In the post there is quite a bit of talk about the problem of obtaining a cert for local network names. Hopefully their push to make everything-HTTPS will include local network addresses too. We really badly need it.

They kind of seem to say they will, but it's all talk until shown otherwise: "In the future, we hope to work to further reduce barriers to adoption of HTTPS, especially for local network sites."

security.googleblog.com/2025/1…

#chrome #security #selfhosting

HTTPS by default

One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...

^{Google Online Security Blog}

#ChatControl is OFF the table for now. 💪

But the Danish Minister of Justice and chief architect of the current Chat Control proposal, Peter Hummelgaard, wants to bring it back in December.

😡 He now even claims your activism was paid for by Big Tech! 😡

We must keep fighting for #encryption and our right to #privacy 🔒️

Source: netzpolitik.org/2025/absurd-un…

#No2Backdoors #CyberSecurityMonth #CyberSecurity #Security