Security

Back

#AI #security

- Храните свои секреты.
Как только вы что-то написали боту, вы этим больше не владеете.
Не упоминайте в переписке с ИИ-ботами следующие темы:
- персональные и медицинские данные,
- финансовая информация,
- корпоративные секреты,
- учётные данные к сервисам и т.п.

- Скрывайте следы общения.
Удаляйте переписку, включайте временный чат, задавайте вопросы анонимно.

https://habr.com/ru/articles/896856/

ChatGPT-4o used to create a replica of his passport in just 5 mins bypassing KYC

https://securityaffairs.com/176224/security/chatgpt-4o-to-create-a-replica-of-his-passport-in-just-five-minutes.html

#chatgpt #security

This week's Linux and FOSS news:

LINUX NEWS

APT 3.0 released with revamped interface, columnar display for package names and colored text for better readability, will be the default for Debian 13 and Ubuntu 25.04:
https://9to5linux.com/apt-3-0-debian-package-manager-released-with-revamped-command-line-interface

Tails 6.14.1 released with safe access for any directory in the Home directory or Persistent Storage via the Tor Browser (through the integration of XDG Desktop Portals of Flatpak), updated software, usability and accessibility fixes, bug fix for Welcome Screen:
https://alternativeto.net/news/2025/4/tails-6-14-1-released-with-enhanced-tor-browser-integration-software-updates-and-bug-fixes/
(Flatpak haters gonna drop Tails now lol)

Nitrux 3.9.1 released with MauiKit and Maui Apps update, Linux kernel 6.13, Mesa 25, new Fiery browser, default configuration files added for Bauh, udev rule for NTsync, module configuration for v4l2loopback, a PipeWire configuration file for wine64-preloade, automatic change of power profile, screen brightness and refresh rate on laptops depending on the power source, and more:
https://9to5linux.com/immutable-distro-nitrux-3-9-1-brings-new-convergent-web-browser-linux-6-13

CachyOS March 2025 snapshot available with new Limine bootloader, Linux kernel 6.14, KDE Plasma 6.3.3, new cachyos-samba-settings package, re-enabled GSP Firmware for the closed-source NVIDIA kernel module, support for the “ASUS Armoury” driver used by the ROG Ally and other devices for fan and power management, etc.:
https://9to5linux.com/cachyos-iso-snapshot-for-march-2025-brings-new-bootloader-linux-kernel-6-14

Archinstall 3.0.3 released with improved Limine bootloader support, Sway replaced with Hyprland in the profile seat selection, improved FAT12 and FAT16 ESP support, package selector that displays a multi-selection menu to let users add any available package, will no longer force install the GRUB bootloader on BIOS systems when the user has not chosen it as a bootloader etc.:
https://9to5linux.com/arch-linux-installer-archinstall-3-0-3-improves-limine-bootloader-support

Serious security bypasses are found in Ubuntu 24.04 and later:
https://alternativeto.net/news/2025/3/new-security-bypasses-in-ubuntu-s-user-namespace-restrictions-require-manual-mitigation/

(FOSS news in comment)

#WeeklyNews #News #Linux #LinuxNews #APT #Tails #TailsOS #Nitrux #CachyOS #Arch #Archinstall #ArchLinux #Ubuntu #LinuxDesktop #DesktopLinux #LinuxDistro #DistroRelease #LinuxDistribution #Security #FosseryTech

You Have Installed OpenBSD. Now For The Daily Tasks. https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html refreshed in anticipation of the #openbsd 7.7 release #newrelease #development #freesoftware #libresoftware #security #securecode

The order of files in /etc/ssh/sshd_config.d/ matters (and may surprise you) https://lobste.rs/s/litpqn #devops #security
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHConfigOrderMatters

Malware Found on npm Infecting Local Package With Reverse Shell, by @reversinglabs.com:

https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell

#npm #dependencies #security

BSI-Bericht: Erhebliche Schwachstellen bei #Fitnesstrackern & Co.
https://www.heise.de/news/BSI-Bericht-Erhebliche-Schwachstellen-bei-Fitness-Trackern-Co-10285313.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag

"Die Experten wählten demnach zehn Produkte für "eine detaillierte Sicherheitsuntersuchung" aus. Darunter waren sechs vernetzte Uhren wie #Smartwatches, drei #FitnessTracker und ein #SmartRing. Die Forscher deckten dabei insgesamt 110 Schwachstellen auf, die sie als "mittel" oder "hoch" einstuften. Keines der Geräte war komplett frei von #Sicherheitslücken."

Ist doch vollkommen egal, wohin man seine persönlichsten (Gesundheits-)Daten schickt. Oder?

#Sicherheit #Gesundheit #iot #smarttracker #security

Using a #VM is great if you want to try out a new system, but its security can only be as good as the computer it's running on.

So when you see me use a VM, I expect that my #privacy and #security are only as good as the weakest link.

#Tails was the strongest link in this video:
https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/

[4:56 but no commentary, pure testimony] US House Rep Jason Crow (D), Denver CO, is a vet who brilliantly showed the hypocrisy of the people testifying, how #SignalGate was absolutely classified information... Well done, sir. Thank you for your service.
#Hegseth #resignation #JasonCrow #compromised #security #Director of #National #Intelligence #Gabbard #Russian #operative #gmail #but #her #emails | #launch #times #indicate #military #operation #yes #risk to #pilots https://www.youtube.com/watch?v=VovO9N2W4vA

Here's to another #introduction
I am Terra from Some Simple Security on YouTube and the video editor.

I hope to help the average person improve their online #privacy and #security with simple tools that don't require more than basic #computer knowledge

About last week I had set up "automatic timer" (after installing #dnf-automatic package & updating /etc/dnf/automatic*) to update the packages with #security fixes on #RockyLinux 8. That failed to update freetype v2.9 package due to CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 ; so did fail dnf upgrade --security (update was included in unqualified dnf upgrade).

Utterly useless option & package. Removed the timer & dnf-automatic package.

This -- failure of dnf upgrade --security to update vulnerable packages -- had happened a second time (yes, I had forgotten the uselessness of it; a timely reminder it was). I will need to stick to update-all-the-packages.

#CentOS #sysAdmin #systemAdministration

Why OAuth MUST share access token with 3rd party?!?

https://lemmy.ml/post/28187381

So many promises & Fails #coup #frauds #law #IRS #DOGe #Treasury #finance #tax #security #infosec #data #natsec

RE: https://bsky.app/profile/did:plc:rc5yae3p2hkymdlj7eptq7yd/post/3lm3krgn4b22z

Sign the petition: Tell the #Senate to protect #Medicaid coverage for 80 million people! #Security https://act.demandprogress.org/sign/gop-medicaid-cuts-senate/?t=4&akid=33324%2E3072249%2EAkb-v2

Lockdown declared at East Block on Parliament Hill
A lockdown remains in effect on Parliament Hill as Ottawa police say they have been speaking with a barricaded man in the East Block. 
#politics #safety #security #EastBlock #ParliamentHill #News
https://www.cbc.ca/news/politics/lockdown-declared-at-east-block-on-parliament-hill-1.7503089?cmp=rss

Email over NNCP (via exim) via @robey https://lobste.rs/s/gzuzyp #release #security
https://salsa.debian.org/jgoerzen/docker-nncpnet-mailnode/-/wikis/home