"Yes, The Book of PF, 4th Edition Is Coming Soon" https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html (also https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html), title still true, actual publication date TBD, #bookofpf #pf #packetfilter #openbsd #freebsd #networking #security #trickery #hacking

I'm not sure what's worse: If German American Bank is actually promoting three different look-alike domains and thinks that's good for security or if one or two or more of these are fake and German American Bank hasn't noticed and gotten them taken down yet.

It's like they are training their customers: "If it has German American anywhere in the name and the graphics look the same, assume it's safe!" 🤦‍♂️

#infosec #security #CyberSecurity #phishing

Alt...

Screenshot of search results where germanamerican.com germanamericanonline.com and germanamericabchome.com all appear to be German American Bank.

In one month (2025-09-25), there will be a "Network management with the OpenBSD Packet Filter Toolset" tutorial https://events.eurobsdcon.org/2025/talk/FW39CX/ at #eurobsdcon in #zagreb To register: https://2025.eurobsdcon.org/registration.html #openbsd #freebsd #networking #security #unixlike

Every network is standards and regulatory compliant until it gets punched in the face.
#cybersecurity #security

https://www.philvenables.com/post/everyone-has-a-plan-until-they-get-punched-in-the-face

If you've ever typoed ghcr to ghrc, particularly with a "docker login" or any automation that performs a login to the container registry, I'm seeing a strong indication that your GitHub credentials have been leaked to a malicious actor.

https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/

#docker #container #registry #OCI #security

This is why you should not hard-code credentials in your source code, but use env. vars or credential managers.

Looks like someone sent me a mail via a python script. The script had an issue which let the mail content to be the script itself, which contains a token.

(Or this is phishing wanting me to try the token)

#development #secretmanagement #security

Merci @siosm !

**OpenSSH client side key management for better privacy and security**

https://tim.siosm.fr/blog/2023/01/13/openssh-key-management/

#SSH #SysAdmin #Security

NYPL is hiring an associate director of cybersecurity

https://nypl.pinpointhq.com/postings/a63d29dc-80a1-4619-9d3a-11dbcc77f955

#NYPL #Libraries #PublicLibraries #Infosec #Security #Jobs #GetFediHired

If you're using Chrome, don't use VPN extensions like FreeVPN.One unless you don't mind it taking screenshots of every website you visit. (Use VPNs like Mullvad or Proton)

https://cyberinsider.com/chrome-vpn-extension-with-100k-installs-screenshots-all-sites-users-visit

#InfoSec #VPN #VPNs #security #privacy

Yubikey OTP support disabled in -current https://www.undeadly.org/cgi?action=article;sid=20250822064253 #openbsd #yubikey #otp #auth #security #buggysoftware #freesoftware #libresoftware

Apparently there was a security leak at Paypal, so suggestion to change your password FAST and slap MFA on it if you don't have it yet.
Do note: passwords can't be longer than 20 characters and a hyphen is not allowed.
Hello security...

#paypal #security #passwords

Boosts appreciated.

References:

https://cybernews.com/security/paypal-credential-dump-hacker-claims/

https://www.tomsguide.com/computing/online-security/over-16-million-paypal-accounts-exposed-on-a-hacking-forum-including-passwords

I just spent waaayyy too long trying to figure out how to change the password for a user in linux and couldn't understand why the <beep> it didn't work, I kept getting an error.

To then finally see that I had typed the username wrong ....

#Linux #Security #Password

New Privacy Guides article 🔐✨
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉@keepassxc

Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

#PrivacyGuides #KeePassXC #Privacy #Security #PasswordManager #Passwords #FOSS

I don't imagine many Linux users would trust a billy-no-name 'free' VPN extension, but friends and family might be less savvy to the dangers - dangers the researchers at Koi Security show are real for 100k users of this Chrome add-on.

https://www.omgubuntu.co.uk/2025/08/free-vpn-chrome-extension-spying-on-users

#privacy #vpn #security

📊 Poll of the Day
Past polls got great engagement — let’s go even bigger this time! 🚀

This is Mastodon, so we know the audience is a bit more techie... let’s see how that reflects in the results! 👀

Which OS are you using right now? 💻
(Feel free to reply with why you use it too 👇)

Vote + Boost 🔁 = ❤️

#Linux #Arch #LinuxMint #Fedora #Debian #Ubuntu #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #Tech #Technology #Apple #OS #iOS #MacOS #OperatingSystem

Apple: spaceship 🛸
Microsoft: glass tower 🏢
Linux: basement... still runs the internet 🐧😎

Root access > real estate.

Pic source: https://www.reddit.com/r/linuxmemes/comments/1mrtah8/stay_real/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

📸👇

#Linux #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #UserFreedom #Freedom #Tech #Technology #AI #OS #MacOS #Meme #TechMeme

Alt...

Three images showing the headquarters of major operating systems. The top left shows Apple's massive circular "spaceship" HQ labeled "iOS". Top right shows Microsoft's sleek modern building labeled "Windows". Bottom image shows a man standing in a modest home office setup, labeled "Linux", humorously suggesting Linux has no official headquarters.

"While the UK may have dropped its demands for Apple to backdoor all of its users across the globe, UK users may still be banned from benefiting from [Advanced Data Protection] encryption."

"And if Apple does restore ADP to UK users, there will be serious questions of trust."

🗣️ ORG's @jim.

https://news.sky.com/story/uk-drops-apple-encryption-demands-says-us-spy-chief-13414482

#apple #encryption #e2ee #privacy #cybersecurity #security #ukpolitics #ukpol

The latest BSD Weekly https://bsdweekly.com/issues/245 features "Eighteen Years of Greytrapping ..." (https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html and https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html - a warmup to #bookofpf 4th ed https://nostarch.com/book-of-pf-4th-edition) #openbsd #freebsd #security #mail #spam #hacking #cybercrime @nostarch

Shocked!™ 😅
https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images

#docker #security

UK has backed down on demand to access US Apple user data, spy chief says

What a surprise! But they have still reduced data security for users in the UK.One correction - this applies to all UK customers and not just new ones.

https://www.theguardian.com/technology/2025/aug/19/uk-has-backed-down-on-demand-to-access-us-apple-user-data-spy-chief-says

#IT #Apple #Security #Encryption #Labour #Maladministration #Unworkable

Alt...

From the article, text reads ‘In February, Apple responded by withdrawing the option for its new British customers to enable advance data protection options, saying it was "deeply disappointed" and would never build a backdoor into any of its products. That meant, uniquely, many UK customers were unable to benefit from end-to-end encryption of services, including the iCloud Drive, photos, notes or reminders, making them more vulnerable to data breaches. Gabbard said: "Over the past few months, I've been working closely with our partners in the UK, alongside President Trump and Vice-President Vance, to ensure Americans' private data remains private and our constitutional rights and civil liberties are protected." It is not clear whether the technical capability notice requiring the data access would be withdrawn altogether or altered. It could in theory be limited to allowing access to the data only of UK citizens, although experts cautioned that could be technologically unrealistic. It also raises the danger that other foreign governments could still find a way to use the backdoor. Neither is it clear whether Apple will be able to offer new UK customers access to its highest levels of data protection again.’

The UK has pulled its order to put a backdoor into Apple's encrypted services.

BUT "powers to attack encryption are still on the law books, and pose a serious risk to user security and protection against criminal abuse of our data."

🗣️ @jim, ORG Exec Director.

https://www.bbc.co.uk/news/articles/cdj2m3rrk74o

#apple #encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol

What if you could combine the ease of QR codes with the power of curl|bash? Now you can!

https://codeberg.org/sjmulder/sh-handler

#security

"The best guarantee of security for Ukraine is a strong Ukrainian army," Zelensky said. #Ukraine #security

While en route Friday, #Trump voiced hope that “something’s going to come of” the summit & reiterated that #Russia could face “very severe” consequences if it does not move to end the #war. For the first time publicly, Trump also said Friday that he is open to the “possibility” of #security guarantees for #Ukraine, along with other European countries. Trump cautioned that such protections could not come through #NATO, however.

#geopolitics #Putin

The state of #Linux packaging seems to be a perpetual mess. There is no standard packaging format among distros (something that I don't think will be resolved any time soon) and I've always viewed third party packaging tools like #snap and #flatpak with skepticism, mainly from a #security perspective.

After reading this, I'd rather deal with the perpetual mess of different package managers than the unraveling security headache that is Flatpak.

https://www.linuxjournal.com/content/when-flatpaks-sandbox-cracks-real-life-security-issues-beyond-ideal

#tech #technews

It's heartwarming to a greying geek that a 5000+ words retrospective on greytrapping is turning out to be popular - https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

there's lots of research that meets this criteria, but this is specifically the piece I had in mind when I wrote yesterday about reading excellent work that makes you feel energized.

go read it! I guarantee you'll learn something.

https://censys.com/blog/2025-state-of-the-internet-digging-into-residential-proxy-infrastructure

#security #infosec

Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to fool spammers rolled past the number of inhabitants in my home country of Norway. It's time for a retrospective.

Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

BastilleBSD = FreeBSD hardened + automation ready.

Ship with sane default.
Build on a secure base.
Run anywhere you trust.

#BastilleBSD #FreeBSD #Security

@stalwartlabs
Take their money, but do noz cooperate with these thieves from MS.

Pretty please don't become evil.

#GitHub #OSSF #security

NL. Horrible data breach.

The data of 485,000 women who participated in the population screening for cervical cancer has been stolen via a hack. Not just personal information, such as name and address, was involved. Official identification numbers and test results were also captured.

https://www.rtl.nl/nieuws/binnenland/artikel/5522737/bevolkingsonderzoek-baarmoederhalskanker-data-gehackt-vrouwen

#privacy #security #cybersecurity #gdpr #tech

Matrix Security Release https://lobste.rs/s/nefxb8 #distributed #security
https://matrix.org/blog/2025/08/security-release/

Post-Quantum Cryptography Advice Added to OpenSSH Website https://www.undeadly.org/cgi?action=article;sid=20250811110058 #openbsd #openssh #ssh #cryptography #postquantum #postq #crypto #security #libresoftware #freesoftware #bsd