Uhhh heads up everyone:
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/

> After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer:

> The upstream xz repository and the xz tarballs have been backdoored.

As far as Debian is concerned, seems like only Sid was affected (fixed):
https://lists.debian.org/debian-security-announce/2024/msg00057.html

Generally, XZ Utils versions 5.6.0 and 5.6.1.

#InfoSec #Linux #Debian

The whole story:

Users ditch Glassdoor, stunned by site adding real names without consent.

https://arstechnica.com/tech-policy/2024/03/glassdoor-adding-users-real-names-job-info-to-profiles-without-consent/

#infosec #security #IT #enshitification #jobs

Users ditch Glassdoor, stunned by site adding real names without consent

Anonymous review site Glassdoor now consults public sources to identify users.

^{Ars Technica}

Libera Chat is an Internet Relay Chat (IRC) network that supports connecting via Tor using their Onion Service, this provides a layer of anonymity and security.

IRC: https://en.wikipedia.org/wiki/Internet_Relay_Chat
Tor: https://www.torproject.org/about/history
Tor Onion Service: https://community.torproject.org/onion-services

Website: https://libera.chat
Mastodon: @liberachat

#Libera #LiberaChat #IRC #Tor #Encryption #Anonymity #Security #OpenSource #InfoSec

Creativity for creating PSK

Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

#infosec #vulnerability #crypto

🔗 https://vulnerability.circl.lu/vuln/GHSA-jj7g-c984-hr2m

TR-567d30 - CIRCL Unveils Festive Nostalgic Initiatives - Gopher Protocol and Bulletin Board System Revival

🔗 https://www.circl.lu/pub/tr-567d30/

Enjoy your holidays! 🎄 🥳

#opensource #retrocomputing #bbs #infosec

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.

Analysis of more than 117 million censorship records confirms what students and civil rights advocates have long warned: Web filters are preventing kids from finding critical information about their health, identity, and the subjects they’re studying in class.

https://www.wired.com/story/inside-americas-school-internet-censorship-machine/

#news #tech #privacy #infosec

LibreOffice supports symmetric and asymmetric encryption for OpenDocument Format (ODF) files.

Symmetric encryption: https://en.wikipedia.org/wiki/Symmetric-key_algorithm
Asymmetric encryption: https://en.wikipedia.org/wiki/Public-key_cryptography

Select File > Save/Save As

The "Save with password" option encrypts the file with AES-256.
The "Encrypt with GPG key" option encrypts the file with a public key.

Website: https://www.libreoffice.org
Mastodon: @libreoffice

#LibreOffice #Encryption #OpenSource #OpenPGP #PGP #GnuPG #GPG #InfoSec #Privacy #Security