Xubuntu's website was compromised in October, with torrent links replaced by a ZIP containing Windows malware.

Now, the team share a report on how the breach was able to happen - and what they're doing to prevent a repeat.

https://www.omgubuntu.co.uk/2025/11/xubuntu-website-breach-report?v1

#security #xubuntu #linux

"We tend to assume that the younger generations online are digital natives — having grown up immersed in the online world, they possess an innate understanding of cybersecurity and its risks.

However, our research has debunked this misconception: In fact, the password habits of an 18-year-old are strikingly similar to those of an 80-year-old."

https://nordpass.com/most-common-passwords-list/

#news #TechNews #technology #security #passwords

Stop #Britain sleepwalking into a database state #No2DigitalID

Support the campaign to say no to a mandatory digital ID

A mandatory #DigitalID would change the nature of our relationship with the state and turn the #UK into a “papers, please” society.

It would also be a honeypot for #hackers and foreign dictators, creating huge #digital #security risks for our personal information.

https://bigbrotherwatch.org.uk/campaigns/no2digitalid/

#No2DigitalID #ToxicLabour #KeirStalin #Orwellian #privacy #BigData #SurvailenceState

Are you Team GNOME or Team KDE?

Tell us WHY in the comments! 👇

#linux #opensource #foss #kde #gnome #xfce #privacy #security #technology #ubuntu #fedora #gaming #debian #desktop

Another brilliant video from @bennjordan https://youtu.be/uB0gr7Fh6lY

#Security #Surveillance #InfoSec #Cameras #BigBrother

https://blog.netbsd.org/tnf/entry/gsoc2025_bubblewrap_sandboxing
#Bubblewrap #BSD #Security

Under the hood quiet progress to keep your machine secure:

"Fedora Linux 43 will be the first release with RPM 6.0. Like I said, this should go unnoticed to end-users, but it is a significant change. RPM 6.0 provides some interesting security enhancements, like multiple key signing of packages. This should help future-proof package signing as we transition to post-quantum-crypto OpenPGP keys in future releases."

➡️ https://fedoramagazine.org/announcing-fedora-linux-43/

#Fedora #Security #InfoSec #Cybersecurity #Linux

Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing

It's unfortunately no longer enough to force websites to check your government-issued #ID before you can access certain content, because #politicians have now discovered that people are using Virtual Private Networks ( #VPNs ) to protect their #privacy and bypass these invasive laws. Their solution? Entirely ban the use of VPNs.
#ageverification #VPN #security

https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing

Is Ofcom coming for VPNs?

Monitoring their use through the narrow lens of whether the UK Online Safety Act is working is shortsighted.

"It’s important to note VPNs can help protect children's security online too, they aren’t just used to avoid content blocks."

🗣️ ORG's @JamesBaker

https://www.techradar.com/vpn/vpn-privacy-security/exclusive-ofcom-is-monitoring-vpns-following-online-safety-act-heres-how

#vpn #onlinesafetyact #onlinesafety #osa #ofcom #privacy #security #cybersecurity #ukpolitics #ukpol

Source and state limiters introduced in pf

https://www.undeadly.org/cgi?action=article;sid=20251112132639 #openbsd #pf #networking #statelimiters #sourcelimiters #statetracking #packetfilter #security #freesoftware #libressoftware

"This change has our resident packet manglers quite excited, and they think it will likely be a signature feature that will make the not-too-distant OpenBSD 7.9 release even more of an Internet favorite."

Data protection and security in Europe, a failure of intent and actions

https://www.theguardian.com/commentisfree/2025/nov/12/eu-gdpr-data-law-us-tech-giants-digital

#GDPR #Europe #Failure #Vassalage #Deregulation #VonLeyden #It #Security #Privacy

🚨 They are bringing back #ChatControl 🚨

Hummelgaard doesn't understand that no means no.

Discussion is scheduled for tomorrow, so act now: https://fightchatcontrol.eu/

#No2Backdoors #Privacy #Security

Source: https://noyb.eu/en/eu-commission-about-wreck-core-principles-gdpr

https://netzpolitik.org/2025/interne-dokumente-eu-staaten-wollen-chatkontrolle-gesetz-ohne-weitere-aenderungen/

Alt...

Peter Hummelgaard saying: "We must break with the totally erroneous perception that it is everyone's civil liberty to communicate on encrypted messaging services."

Our founder Robert joined the Hard2Beat podcast with Maciej Zawadziński to talk about something simple, yet often forgotten in enterprise security.

People build systems and people make mistakes. That’s normal.

The real problem starts when systems are designed to hide those mistakes.

We build Defguard to be seen, tested, and trusted — by everyone.

🎧 Watch the episode and tell us what you think: https://www.youtube.com/watch?v=qnkOtnTAheQ

#Defguard #OpenSource #Security

IncusOS comes with all the missing things like ARM64 (aarch64) support, boot safety, full disk encryption, immutable images (read-only and signed) and fully locked down to operate in API only mode.

For me, it’s a mix of #Talos, #Harvester and Proxmox where it merges the best features of all ones!

Tags: #PVE #Virtualization #Containerization #Container #Containers #Linux #Debian #ARM64 #aarch64 #opensource #security #immutable #foss #LXC #LXD #VM #VPS #Immutable #secureboot #TPM

Blog post: https://gyptazy.com/incusos-a-platform-for-modern-virtualization-containerization-infrastructure/

Alt...

IncusOS - Showing the Incus logo

GrapheneOS version 2025110600 released:

https://grapheneos.org/releases#2025110600

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/27887-grapheneos-version-2025110600-released

#GrapheneOS #privacy #security

Passwords 🙀🤪

https://www.theregister.com/2025/11/06/most_common_passwords

#PasswordManager #Passwords #Security #IT

A suite of pretty cool #docker container escapes: https://www.openwall.com/lists/oss-security/2025/11/05/3

#appsec #security

🔑 Ich habe mich nach längerer Zeit anlässlich eines Vortrags wieder etwas intensiver mit #Passkeys befasst, nachdem ich schon selbst eine Hand voll davon im Einsatz hatte. Eigentlich sollen uns Passkeys ja das bequeme und vor allem sichere Authentifizieren gegenüber Diensten ermöglichen.

Boah, ist der aktuelle Zustand nach wie vor ernüchternd. 🫠

Ein Thread. (1/3)

#Passwordless #Passkey #Passwords #Password #Security #FIDO2 #WebAuthn #Security

Ah yes, #LTT tries @GrapheneOS.

https://www.youtube.com/watch?v=gDR6V5OdnYg

#GrapheneOS #Privacy #Security #Android #Google

If you ever wondered whether (parts) of your security audit might just be a checklist theatre: Yes it might! (First 5 minutes of the intro)

https://podcasts.apple.com/ch/podcast/darknet-diaries/id1296350485?l=en-GB&i=1000734866940

#Security #SecurityAudit #ChecklistTheatre

Proper FreeBSD system hardning :)
(all for sysctl)

security.bsd.see_other_uids
security.bsd.see_other_gids
--> Don't show other users processes

security.bsd.unprivileged_read_msgbuf
--> Don't allow unprivileges to read kernel buffer (dmesg)

security.bsd.unprivileged_proc_debug
--> Don't allow unprivileged to use debugging

security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
--> restrict hardlinks to same user/group

kern.elf64.aslr.enable
kern.elf32.aslr.enable
--> Enable kernel address randomization (ASLR)

security.bsd.unprivileged_mlock
--> Restrict unprivileged users from loading kernel modules

sysctl kern.securelevel=1
--> Cannot lower securelevel
--> Cannot write directly to mounted disks
--> Cannot write to /dev/mem or /dev/kmem
--> Cannot load/unload kernel modules
--> Cannot change firewall rules (if compiled with IPFIREWALL_STATIC)
--> System immutable and append-only file flags cannot be removed

This can make a FreeBSD system more secure, especially on multi-user systems. Securelevel ca even go higher, but those restrictions generally need care.

#runbsd #freebsd #security #hardening #goodpractice #devops #sysadmin

LibreSSL 4.1.2 and 4.2.1 released https://www.undeadly.org/cgi?action=article;sid=20251102090208 #openbsd #libressl #tls #ssl #security #networking #cryptography #crypto #realcrypto #libresoftware #freesoftware

Having worked in IT, I sometimes enjoy reading about large software programs gone massively wrong. But when it’s the website for Australia’s Bureau of Meteorology, it’s worrisome. Especially when a former senior forecaster says the new site is “practically unusable.”

And the Queensland state treasurer said the changes “potentially put lives at risk as dangerous storms hit the state.”

Who did the work? Deloitte did the design & Accenture was responsible for actually building the website.

Besides major usability problems, there's this, per the article: A critical rationale for the new BoM website was that the old version did not use the secure, encrypted “https” transfer protocol that became standard on the internet years ago. The unencrypted “http” set-up remains in place for many of the pages within the BoM site that were supposed to have been upgraded on full launch but which, as yet, have not been.

https://www.thesaturdaypaper.com.au/news/2025/11/01/practically-unusable-inside-the-boms-website-shambles or
https://web.archive.org/web/20251031203452/https://www.thesaturdaypaper.com.au/news/2025/11/01/practically-unusable-inside-the-boms-website-shambles

h/t @ai6yr

#Australia #WX #software #security

If batteries are becoming a strategic technology in the C21st, powering everything from laptops to drones, from cars to phones, is the dependence on China across the supply chain now an issue of national security?

Fatih Birol, executive director of the International Energy Agency (writing in the FT) argues it is, and so countries need to speedily diversify their battery supply chains & support local innovation in energy storage.

Not sure any of that can be done quickly!

#batteries #security

Seasonal tech

It rather appeals - hacking people’s face masks remotely. Just think of the fun you could have

https://www.theregister.com/2025/10/30/halloween_hacking_led_masks/

#Haloween #FaceMasks #Security #Hacking

Enable BPF filtering on sockets https://www.undeadly.org/cgi?action=article;sid=20251030110053 #openbsd #bpf #filtering #sockets #networking #security #development #poc #proofofconcept #earlydays #freesoftware #libresoftware

New security advisory released for X.Org X server and Xwayland issues https://www.gamingonlinux.com/2025/10/new-security-advisory-released-for-x-org-x-server-and-xwayland-issues/

#Security #Linux #OpenSource

🤔 I have a "how long is a piece of string" question, how many abusive IPs is normal to encounter hitting your API? if you do banning, how many permanent bans are typical, and how many expiring bans (e.g. fail2ban) are typical? how was that different in the different environments you worked at? What tech did you prefer to use (e.g., fail2ban, redis, eventbridge)

#security #blueteam #fail2ban #firewall #threatintel #infosec

Just discovered: App Lock, which lets you lock any app on your Android device behind either a PIN or biometrics. This should absolutely be standard, but it's nice to have it regardless.

Admittedly, locking is a bit slow and happens about a full second after an app is already open. But it looks like the 2.0 release just dropped, and so I'm hoping that'll improve with future updates.

https://github.com/PranavPurwar/AppLock

#Android #FOSS #Security

So now to use (um) any GUI programs, you scammers force me to depend on gigantic static rust binaries that can't be audited or checked for bugs or security breaches. I have to spend hours compiling rust, in addition to trusting the binaries, because I'm not a rich boy whose daddy bought him a big fast computer with lotsa RAM. I have to trust mountains more code, that could all be hiding malicious activity or just random bugs. An army of auditors couldn't go through it all in their entire lifetime.

This is why I hate rust. It is the worst and you are bad for liking it.

I'll probably edit this to be less vitriolic and randomly insulting when I'm not so frustrated about upgrading.

#rust #gtk #bullying #programming #security #rant #FuckEverything

The Oracle EBS stuff gave me a weird kind of MOVEit nostalgia (?), so I looked at the recent campaign and exposed EBS instances to understand more about possible fallout across industries and geography:

https://censys.com/blog/unpacking-the-oracle-ebs-debacle-industries-geography-and-moveit-comparisons

#security #infosec #oracle

Alt...

Horizontal bar graph of Oracle EBS exposures by industry