Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to woo the unwary spammer rolled past the number of inhabitants in my home country of Norway. It's time for a retrospective.

Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html (tracked https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html)

Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to woo the unwary spammer rolled past the number of inhabitants in my home country of Norway.

It's time for a retrospective.

#greytrapping #spam #antispam #greylisting #blocklist #openbsd #freebsd #smtp #email #ssh #passwords #passwordguessing #pop3 #security #networking #cybercrime

Any #infosec folks wanna help me with some decent data to backup the following point? I am trying to make the point to some executives that a #password policy requiring minimum 8 characters with 1 symbol, mixed case, and 1 number is just not reasonable in 2025. (I'm commenting on another company's policy, not my own!)

What is a good example of a policy (e.g., NIST 800-63 or whatever) that said 49 bits was no good?

I currently say: 49 bits of entropy was unacceptably low in 2005. It is unthinkably low in 2025. What can I point to that might resonate better than "bits of entropy?"

Using the classic method with Shannon's estimate, I figure it's on the order of 49 bits of entropy but that's only if it's purely random from the full character set, and we konw that's not true.

I'm not looking for rhetorical suggestions. I'm good at rhetoric. I'm looking for references I can point to (like "XYZ published in 2011 that the minimum acceptable password was 56 bits of entropy")

feel free to boost for fun
#security #cybersecurity

The UK Online Safety Act - doomed to failure

https://www.theregister.com/2025/08/08/opinion_column_osa/

#Uk #OSA #Privacy #Security #IT

"backdoor" is the new "virus" in overused and wrongly applied terminology.

Over at the facesite I came across a piece (Not linking to that sh*t) about "Linux malware PLAGUE" which describes a piece of software that is useful *post-compromise* to whoever wants to hide their tracks.

Not a backdoor because it requires already established access. #cybercrime #backdoor #security #linux #fluff

It’s time to update your #FreeBSD box: system security patches are out.
It takes only a few minutes.
Don’t forget to update your #jails too, and to restart them after.
#security

Is there a current known exploit for #Android / #Samsung devices to unlock the device without a known PIN / Passcode?

A relative asked for a modern (probably rather well updated) device nobody knows the unlock code anymore. I can confirm they own the device and are able to give me full permission.

I don't know an active exploit out of my head. I assume modern Androids don't allow for brute-force anymore either (virtual HID via USB).

Any ideas?
#Security #hacking #Smartphone #CCC #repair

If these security cons happened on the same weekend, which would you attend?

#security #infosec #defcon #defcon33 #hope #hope16 #poll

Credentials shouldn't be around in plain text files. But I also don't want to set up a fully fledged credentials management solution for my homelab.

Wouldn't it be nice to dynamically load the credentials I need when I step into my work directory, and remove then when I leave it?

Let's use @bitwarden and direnv to keep credentials safe in all simplicity!

https://ergaster.org/posts/2025/07/28-direnv-bitwarden-integration/

#homelab #security #sysadmin

Microsoft - as always, a threat to your security and privacy

I know some people don’t have the choice, but if you do, consider a different option. ‘Recall’ is a direct threat to your personal information.

https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/

#Microsoft #Security #Windows #Recall #Privacy #JustSayNo

***infosec specialists are needed in the resistance ***

The world needs tech security specialists to run workshops at public libraries for all ages & abilities to remove spyware, AI, reduce surveillance, understand the issues, & for more advanced, move to Linux, degooglefy, etc.

Libraries will pay good wages for these workshops.
If you have these skills, please consider offering them.

#libraries #library #tech #infosec #privacy #security #activism #antifa #resistance

In 2013 I wrote up "Maintaining A Publicly Available Blacklist - Mechanisms And Principles" (also https://bsdly.blogspot.com/2013/04/maintaining-publicly-available.html) . TL;DR: blocklisting is a kind of public shaming, be sure your process is verifiable and transparent.

Minor edits today, links to resources and #eurobsdcon inside. #blocklists #spamtraps #antispam #smtp #spamd #openbsd #freebsd #security #cybercrime

#CalyxOS releases and security updates will be paused for 4-6 months due to retooling, personnel departures and the recent changes to #AOSP. They've released a "letter to the community" here.

I'm debating on whether to move to GrapheneOS or, since their social media team attacked and "banned" me, and accused me of being some kind of spy because I mentioned CalyxOS in a comment, I may just use regular #Android and lock it down the best I can.

Link: https://calyxos.org/news/2025/08/01/a-letter-to-our-community/

#Security #Privacy

Recent new features in OpenSSH https://www.undeadly.org/cgi?action=article;sid=20250802084523 #openbsd #openssh #ssh #newfeatures #development #security #freesoftware #libresoftware #crypto #cryptography

Sensible signage spotted at @mullvadnet headquarters 💜🚫

@noscript #noscript #security #privacy

Alt...

An office wall with three "forbidden" 🚫 signs: NO PETS, NO SHOES, NoScript

The Online Safety Act is technologically naive and ignorant to privacy risks, so people are finding ways around age verification. But...

❌ Teens could be pushed towards riskier things like the dark web, dodgy free VPNs or scams.

✅ Invest in a public information campaign to help people navigate online safety and learn about the privacy risks of age verification.

#OnlineSafetyAct #onlinesafety #OSA #privacy #ageverification #ageassurance #ukpolitics #ukpol #security #cybersecurity

Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.
https://linuxiac.com/arch-aur-under-fire-once-more-as-malware-resurfaces/

#arch #linux #aur #security

Alt...

Just ten days after a previous incident, malware with a Remote Access Trojan has once again been discovered in Arch Linux AUR packages.

Ubuntu 25.10 brings improvements to hardware-backed disk encryption installs, including integrations with the desktop Security Center app.

https://www.omgubuntu.co.uk/2025/07/ubuntu-25-10-tpm-disk-encryption

#ubuntu #tpm #security

Yes, The Book of PF, 4th Edition Is Coming Soon https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html (also tracked https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html) #openbsd #freebsd #bookofpf #pf #packetfilter #book #networking #security #freesoftware #libresoftware #shamelessplug

#UK Users Need to Post #Selfie or #PhotoID to View Reddit's r/IsraelCrimes, r/UkraineWarFootage
#Reddit #IsraelCrimes #UkraineWarFootage #privacy #security

https://www.404media.co/uk-users-need-to-post-selfie-or-photo-id-to-view-reddits-r-israelcrimes-r-ukrainewarfootage/

So…who hates those Google log-in pop-ups that are seemingly everywhere now? Wanna make them go away?

1. Get uBlock Origin (which you should have already been using):
https://ublockorigin.com/

2. Open the plugin and click the settings button.

3. Click on the “my filters” tab and paste this into the input:
||accounts.google.com/gsi/*$xhr,script,3p

That’s it! Worked flawlessly for me.

#Google #Privacy #Security #PopUps #InfoSec #BadGoogle

Alt...

Screenshot of a pop-up window with the title “sign in with google” followed by other information and a button with the label “continue.”

Alt...

Two screenshots of the ublock origin interface. The first one shows where the settings button is. The second shows where the filters input is on the view behind the tab with the label “my filters.”

They didn’t not tell us to break encryption 🤐

First Apple, now the UK government has seemingly ordered a backdoor into Google’s encrypted services.

To access anyone’s data, files and photos, they’re happy to break everyone’s security 😵‍💫

Read more ⬇️

https://www.openrightsgroup.org/press-releases/google-refuses-to-deny-uk-encryption-demands/

#e2ee #encryption #privacy #security #google #apple #ukpolitics #ukpol #surveillance #cybersecurity #android

🎉 Defguard 1.5 alpha - finally Mobile Wireguard with Multi-Factor Authentication

📱Help us test Multi-Factor Authentication on mobile devices: https://docs.defguard.net/help/mobile-client

🔑 Multi-Factor Authentication with External OIDC/SSO - now you can configure on each location separately which OIDC secures the MFA process: internal (with MFA configured in the user profile) or external like Google/Okta/Microsoft: https://docs.defguard.net/admin-and-features/wireguard/create-your-vpn-network#multi-factor-authentication-with-external-oidc-sso-google-microsoft-okta

#vpn #selfhosted #wireguard #OpenSource #security #homeLab #floss #InfoSec

We are still working on The Book of PF, 4th ed.

Preorders are open at https://nostarch.com/book-of-pf-4th-edition, read about the work at https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html (also tracked at https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html) #bookofpf #newedition #freebsdd #openbsd #pf #packetfilter #networking #security #freesoftware #libresoftware

Security? Oh, you mean those mythical beasts we tell tales about around the digital campfire. Meanwhile, in the real world, someone's "secure" password vault is a Excel Sheet named "Passwords_FINAL_REALLY_FINAL.xlsx" being emailed around like a halloween candy. Forget your fancy backend architecture and battle-hardened sysadmins and firewalls. The true corporate security strategy is apparently hope and a prayer emoji.

#security #IT #infosec

At EuroBSDCon 2025 in Zagreb: "Liberating the social web using *BSD" by Jeroen - @h3artbl33d - and Stefano Marinelli, see https://events.eurobsdcon.org/2025/talk/PJJLFV/

Schedule at https://events.eurobsdcon.org/2025/schedule/

To register https://2025.eurobsdcon.org/registration.html

#EuroBSDCon #EBC25 #BSDCafe #FreeBSD #NetBSD #OpenBSD #Networking #BSDCafe #RunBSD #Mastodon #Fediverse #OwnYourData #Security #Networking #Community

At EuroBSDCon 2025 in Zagreb: "Network Management with the OpenBSD Packet Filter Toolset" by Peter N. M. Hansteen, Tom Smyth, Max Stucchi, see https://events.eurobsdcon.org/2025/talk/FW39CX/

Schedule at https://events.eurobsdcon.org/2025/schedule/

To register https://2025.eurobsdcon.org/registration.html

#eurobsdcon #freebsd #openbsd #networking #packetfilter #pf #security #devops #sysadmin

Don't trust cloud services with your creative work.

#enshittification #privacy #infosec #security #cybersecurity #writing #art

Alt...

Tumblr post by maerossi. screenshot - "Google Sheets We're sorry. You can’t access this item because it is in violation of our Terms of Service." Everyone: Please please please don't write your books in Google Docs. Frankly don't use Google Drive for personal stuff. Their terms of service say they take down stuff like content related to terrorism and trafficking, but this Google Sheet was literally a list of movies I'd watched this year and books I'd read. 23 Jul Holy smokes, guys. It's way worse than | thought. Google actually took away access to every single file of fiction writing I'd made on that account. BUT | backed it all up on Scrivener yesterday by coincidence. So | haven't lost my work, but I could have just lost the 12,000 words I've written this month after a year of really intense writer's block. I honestly don't know what that would have done to my psyche. Please be careful out there, folks! <3

I am sure that most of you know about this free and open-source security tool that bans hosts causing multiple authentication errors on Linux or Unix. It could be a lifesaver for developers or IT professionals, protecting many services including SSH and web services.

https://github.com/fail2ban/fail2ban

#opensource #unix #linux #security

Windows market share in Germany drops to 69.78%, down nearly 10 points in a year 📉

Meanwhile, macOS rises to 19.59%, driven by user demand for privacy & seamless integration 🍏

Linux more than doubles to 5.49%, reflecting growing interest in open-source, secure, and flexible systems 🐧

#Linux #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #UserFreedom #Freedom #Tech #Technology #AI #OS #MacOS

NVIDIA reveal more GPU driver security issues for July 2025 https://www.gamingonlinux.com/2025/07/nvidia-reveal-more-gpu-driver-security-issues-for-july-2025/

#NVIDIA #Linux #Gaming #PCGaming #Security

Google Spoofed Via DKIM Replay Attack: A Technical Breakdown

https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/

#security #infosec #email #google

I'm sharing this because lots of folks are sick of Gemini AI in Android or wish to de-google. So here is a quick view about Graphene OS.

Graphene OS: a security-enhanced Android build

https://lwn.net/SubscriberLink/1030004/898017c7953c0946/

Do as you wish this info :)

#privacy #security #android

🛡️ "Stop Subverting Sandboxes"
with Michael Catanzaro at #GUADEC2025
📅 25 July 🕒 13:40 CEST 📍 Brescia

🔒 Flatpak can protect users—but not if we keep bypassing it. Michael calls for stronger sandboxing, better portals, and shares GNOME’s new security bounty program.

🔗 https://events.gnome.org/event/259/contributions/1217/

#Flatpak #GNOME #Sandboxing #Security #FOSS

Alt...

The image shows graphically what's announced in the post. It contains the GNOME logo, the name of the speaker, the photo of the speaker and the title of the talk. It moreover contains a graphical rappresentation of the city of the conference, Brescia, and the dates of the conference.

NL

There are strong indications that the hack at the Public Prosecutor's Office is linked to Russia. The hackers may have had access for weeks.

https://www.ad.nl/binnenland/sterke-signalen-dat-russen-achter-hack-om-zitten-zaten-mogelijk-weken-in-systeem~a6bd3c60/

#security #cybersecurity #tech #law #netherlands #russia #politics #privacy

`vet` is a CLI tool that acts as a safety net for the common but risky `curl | bash` command. It lets you inspect remote scripts for changes, run them through a linter, and require your explicit approval before they can execute on your developer or production machine.

Repo https://github.com/vet-run/vet

#security #unix #linux #opensource

Alt...

The Problem: We've all seen this pattern for installing software: This is convenient, but you're blindly trusting the remote script. ``` curl -sSL https://example.com/install.sh | bash ``` This is dangerous. The script could be malicious, the server could be compromised, or a transient network error could result in executing a partial script. The Solution: vet vet wraps this process in a secure, interactive workflow: Fetch: It downloads the remote script to a temporary location. Diff & Review: It shows you what, if anything, has changed since the last time you ran this script. Lint: If you have shellcheck installed, it automatically analyzes the script for potential bugs or malicious patterns. Confirm: It prompts you for explicit approval before executing anything. The new, safer way: ``` vet https://example.com/install.sh ```

Today, early access reader feedback for The Book of PF, 4th edition proved to me that early access is worth doing.

Get yours at https://nostarch.com/book-of-pf-4th-edition, or read about the work at https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html #bookofpf #newedition #freebsdd #openbsd #pf #packetfilter #networking #security #freesoftware #libresoftware

The unsung heroes are often the ones who stopped the train wreck before anyone even knew the tracks were faulty. That is why it's a thankless job, keeping the sky from falling. Mostly because when it doesn't fall, everyone just assumes it was never going to.

#IT #devlife #sysadmin #security

My goodness - law of unexpected consequences - US pressure might have a small benefit

UK totalitarianism, one part of anyway (and frankly technical ineptitude and misunderstanding), might be halted in its tracks. We an only hope we don’t get the rest of US shite landed on us. But then Starmer considers Trump to be a family man, so who knows?

https://www.theguardian.com/technology/2025/jul/21/uk-demand-backdoor-access-apple-users-encrypted-data

#Encryption #Privay #Security #Stupidity #Labour #Starmer #Mathemattis

Thanks to everyone who voted in my "Should I Stop Caring and Let IP Address Reputation Sort Them Out?" https://nxdomain.no/~peter/should_i_stop_caring_and_let_ip_reputation_sort_them_out.html poll.

I have since added the *seriously, folks* note to the exported files and told anybody who wanted out of the big list that I will remove them *on condition that they track down the morons who use that list as anything other than a historical artifact* and *LART* them.

#blocklist #pop3gropers #passwordgropers #cybercrime #ipreputation #security