Search results for tag #security
![[?]](https://cdn.masto.host/fedilwnnet/accounts/avatars/114/417/564/139/641/888/original/59be6f255070fb3a.png)
![[?]](https://files.mastodon.social/accounts/avatars/000/027/233/original/4a1f1367cafeaaa0.jpg)
yes, this happened:
Apr 8 23:46:59 skapet sshd-session[69515]: Failed none for invalid user Can't locate List/Util.pm in @INC (you may need to install the List from 175.199.67.164 port 51226 ssh2
(and several times more, of course)
#ssh #bot #botnet #passwordgroping #passwordguessing #sshgropers #cybercrime #security
Background: "Badness, Enumerated by Robots" https://nxdomain.no/~peter/badness_enumerated_by_robots.html and links therein
![[?]](https://cdn.fosstodon.org/accounts/avatars/106/304/718/945/522/344/original/7382ae4ca53372f8.jpg)
The #VeraCrypt and #WireGuard maintainer accounts have been locked out by Microsoft. They are now unable to deliver Windows updates.
https://cybernews.com/security/microsoft-suspends-veracrypt-wireguard-accounts-maintainers/
OpenSSH 10.3/10.3p1 released! https://undeadly.org/cgi?action=article;sid=20260407084719 #openbsd #openssh #ssh #security #cryptography #networking
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/896/104/742/825/185/original/3ea0586dd0f0f5b9.png)
@nielsa no, that's not what I'm telling you.
I prefer to believe that most people will be thoughtful.
"… a huge number of bugs. I have so many bugs in the Linux kernel that I can't report because I haven't validated them yet. I'm not going to make some open source developer validate bugs that I haven't checked yet. I'm not going to send them potential slop … I now have … several hundred crashes that they haven't seen because I haven't had time to check them. We need to find a way to fix this …"
– Nicholas Carlini
#Linux #FreeBSD #security #cybersecurity #infosec #AI #LLMs
Alt...
Screenshot: a frame from https://www.youtube.com/watch?v=1sd26pWhfmg
![[?]](https://mastodon.sdf.org/system/accounts/avatars/109/246/720/589/855/266/original/822ef3017fd18275.png)
➡️ #Security in 2025: Make sure your OS is up to date, use trusted apps from trusted sources, use strong passwords, beware of apps with excessive permission requests, be careful with phishing attempts...
➡️ Security in 2026: The most popular app in GitHub requires complete access to your system and personal accounts holding sensitive information, and you must assume your system is compromised 🤦♂️
#GenerativeAI makes people dumb 🤷♂️
https://arstechnica.com/security/2026/04/heres-why-its-prudent-for-openclaw-users-to-assume-compromise/
![[?]](https://gyptazy.com/fedi/gyptazy/s/avatar-1aa83a84ee47c864bc90216a89d0efcf.png){kind=avatar}
For real, many people asked me for their smaller and mid-sized environments, how to handle remote syslog of their nodes. I had some ideas (some of you may have already found my Rust interpretation of this) but I think having this included in #PegaProx as a centralized management interface makes more sense.
So, PegaProx comes with an own syslog server (ipv4/ipv6, udp/tcp, encrypted/unencrypted support) and is wired to the interface within the resources tab. Providing a quick overview of all your logs and filter options. The next thing is wiring it to the notification system of PegaProx, allowing automated alerting. Might be nice to quickly identify when the quorum got lost - all built-in into PegaProx!
#easter #development #coding #python #opensource #foss #pve #proxmox #proxmoxve #virtualization #vmware #alternatives #free #logging #security #gyptazy #proxmoxdatacenter #homelab #enterprise
Alt...
A syslog integration (server & frontend audit) for PegaProx for Proxmox based clusters
![[?]](https://cdn.masto.host/graphicssocial/accounts/avatars/110/854/990/838/032/375/original/4bffab6d1bbe028d.png)
LinkedIn Is Illegally Searching Your Computer
#tech #technology #BigTech #IT #enshittification #microslop #microsoft #LinkedIn #social #media #SocialMedia #data #security #safety #InfoSec #internet #web
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/108/197/686/419/339/153/original/22e0283d934d3795.png)
Last summer I looked at the Internet exposure of a few #ICS devices that have historically been the subject of attacks by Iranian threat actors. Given continued activity in the region, I refreshed that data and took another look at exposures.
Good news: all four device/software types showed at least a slight decrease in exposures since last June, even if we aren't entirely sure why.
More details + graphs here: https://censys.com/blog/ics-iran-part-2-revisiting-exposure-of-previously-targeted-ics-devices/
![[?]](https://files.mastodon.social/accounts/avatars/108/193/331/678/238/726/original/e3859515a524704f.jpg)
if you like this, I'm aiming to provide at least one #foss project with an app icon every week.
honoured to have gained around 40 supporters in my first jobless month! ❤️
your sponsorship will help me keep this up. :)
![[?]](https://media.mastodon.scot/accounts/avatars/109/318/532/504/799/614/original/403026568ed524d5.jpeg)
Meanwhile in the UK, government stitch ups continue unabashed
https://www.theregister.com/2026/04/01/peoples_panel_digital_id/
#DigitalID #IDCard #UKPol #Labour #LabourPOl #WetDreams #IT #Privacy #Security #Control
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/000/070/798/original/d20ead2f85c91066.jpg)
This article about #anthropic ‘s #claude CLI is also hysterical (in a making me want to give up #security and join a commune kind of hysterical) because of the anthropomorphising of the AI.
What is the most frustrating aspect of LLMs? Many would use the anthropomorphic term “hallucination.” Apparently #hallucinations are bad but “dreams” are good?
When a user goes idle or manually tells Anthropic to sleep at the end of a session, the AutoDream system would tell Claude Code that “you are performing a dream—a reflective pass over your memory files.”
“Why does my code say that Wonder Woman is running a taco truck downtown and I’m the only person who can save her dog?” Oh. Right. It was dreaming.
We can quit #cybersecurity and just go farm potatoes or something. After 25 years of #appsec one of the most talked-about tech companies invents a daemon process that
makes use of a file-based “memory system” designed to allow for persistent operation across user sessions.
Sure. Just store your system instructions in a random text file.
Why are we installing endpoint protection on this system?
Why do we verify cryptographic signatures on software updates to this system?
Why are we building a zero trust security environment?
Why do we do scan email to avoid social engineering emails?
Our AI-assisted users are gonna YOLO right past all that. And if they can’t get past our #security controls, this agentic Frankenstein will write itself some markdown and work quietly in the background figuring out how to bypass something the user couldn’t bypass on their own.
This is #infosec in 2026
![[?]](https://cdn.fosstodon.org/accounts/avatars/109/509/696/036/420/221/original/31c9279d50e4d51c.jpg)
TLS and SSH rely on Certificate Authorities (CAs) for authentication, but they also present a vector for Man in the Middle attacks. What if you could set up your own CA to reduce your exposure?
➡️ https://fedoramagazine.org/make-a-private-ca-with-step-ca/
![[?]](https://files.mastodon.social/accounts/avatars/111/149/452/155/729/814/original/7c10499f39332530.png)
Great distraction from the Epstein files and the thickening quagmire in Iran — but it's not going to lower gas prices nor help with the midterms:
U.S. plans a witch hunt — err... antifa summit.
Deflect and distract. 🙁
https://www.reuters.com/world/us/us-counterterror-officials-plan-antifa-summit-sources-say-2026-03-31/
h/t @Nonilex
https://masto.ai/@Nonilex/116323980616642754
#AntiFascism #antifa #resist #law #security #fascism #FarRight #authoritarianism #tyranny
boosted![[?]](https://media.burningboard.net/accounts/avatars/109/892/422/024/311/931/original/f22e604f554272c0.png)
Running your own identity provider is all fun and games until you're debugging OIDC token flows at 2 AM.
If you want to deploy Keycloak 26 the right way - with proper network isolation, no plaintext passwords, and systemd-native declarative configs. I just published a new deep-dive.
We're ditching compose files and building a production-ready, daemonless stack using Podman Quadlets and systemd.
Read the full guide here: https://blog.hofstede.it/keycloak-26-on-podman-with-quadlets-identity-management-the-systemd-way/
#Linux #Podman #Keycloak #systemd #DevOps #Containers #SelfHosted #RHEL #Security
![[?]](https://media.hachyderm.io/accounts/avatars/109/367/111/287/591/179/original/aaa0825de353be21.jpg)
![[?]](https://cablespaghetti.dev/fedi/sam/s/avatar-70d122430e7f5ba4f8d1519b1f800a17.jpeg){kind=avatar}
I've had admin powers at 5+ companies' Google Workspace/G Suite over the past decade or so. Every single one had groups which were misconfigured, often so anyone in the whole company could join without approval or see the message history at https://groups.google.com without being a member at all.
This is because for any sensible configuration of Google Groups when using it for email groups you have to use the "Custom" permissions mode. The default Public mode doesn't allow external people to email the group, but does allow the whole company to see all the messages. The default Team mode, has the same problem of everyone being able to see all the messages.
Also let's not forget that dangerous little "Anyone in the organisation can join" toggle at the bottom which is on by default. So any random new starter can join your confidential company directors group and get all the emails sent to it.
Giving Google the benefit of the doubt here, I think the reasoning might be that Google Groups is intended as a kind of company forum, not for private email groups. However that isn't how anyone uses it in my experience...
#security #infosec #google #googleworkspace
Alt...
Screenshot of the default Google Group settings for team mode
Alt...
Screenshot of the default Google Group settings for public mode