“My conversations with him are very pleasant, & then the missiles go off at night,” #Trump said of #Putin. Clearly sensitive about his turnaround, Trump added of Putin: “He fooled Clinton, Bush, Obama, Biden — he didn’t fool me.”
[invert that last statement for the truth]

#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Ukraine #Europe #Security

#Putin is convinced he has the battlefield momentum & has been prepared for #Trump to lose his patience, NYT reported last week. For all of Trump’s Russia-friendly rhetoric earlier this year, he refused to make the major concessions that Putin wanted, such as pushing Ukraine to give up more territory & limit the future size of its military.

#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Ukraine #Europe #Security

https://www.nytimes.com/2025/07/09/world/europe/russia-ukraine-putin-trump.html?smid=nytcore-ios-share&referringSource=articleShare

Just published another part of our long running series on #Kubernetes #Security fundamentals. This time looking at how Kubernetes cluster's use PKI. I know when I started the idea that every cluster had three different certificate authorities came as a bit of a surprise!

https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-7/

I'm still on some commercial platforms, but I've given up on X, Facebook, and WhatsApp. Sometimes I wish I could have made different choices when I started my online journey in the 90s, and not have my full name and details out there to some extent. I'm in too deep. There's some safety in knowing certain things - security-wise, to protect myself. But it's horrifying to think about people who don't take those precautions. Many are just prey for the black and gray hats.

I often choose not to post about these things on commercial social media because it's seen as fearmongering and insensitive. I wish I could warn everyone, but most do not care until something bad happens.

#Privacy #Security

This unusual T-shaped keyhole (left) is part of an Odell's nightlatch. It's at the entrance to an 1850s tenement on Kelvingrove Street and is only the second I've found in the wild in Glasgow.

Cont./

#glasgow #odellnightlatch #glasgowhistory #lock #dullmensclub #security #tenement #scotland #glasgowtenemenets

Alt...

The unusual t-shaped keyhole for an Odell's nightlatch, with an example of the internal workings of such a latch and one of its keys.

Perusing a paper paper for once I saw this advert for WhatsApp.

No I can believe the content of your message can not be read, but by using it, your address book is theirs, your messages sent/received are logged and you will be tracked wherever you are - and whatever you are buying.

That’s what they really want.

Go #Signal - it makes sense

#whatsApp #privacy #security #hiddenThreats #meta

Alt...

Advert for WharsApp, woman’s face, hidden message, text reads No one, not even WhatsApp, can see or hear your personal messages. WhatsApp from CO Meta

Well, great. Now @bitwarden is going to ad AI bullshit to their services. I left Bitwarden a few months back for different reasons but I'm kind of glad that I did. I switched to @1password@1password.social. If they add AI to their services (are they already?), I'm just going to call it quits on all of them and just move completely to @keepassxc@fosstodon.org. I can simply just host my own with Keepassxc and not have to worry about any AI crap. I'm using Keepassxc now but not for everything. That might change in the very near future.

https://nerds.xyz/2025/07/bitwarden-mcp-server-secure-ai/

#passwordmanager #privacy #security

Yes, The Book of PF, 4th Edition Is Coming Soon https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html

Long rumored and eagerly anticipated by some, the fourth edition of The Book of PF is now available for preorder https://nostarch.com/book-of-pf-4th-edition #openbsd #pf #packetfilter #freebsd #networking #security #tcpip #ipv6 #ipv4 #bookofpf

Belgium is unsafe for CVD (coordinated vulnerability disclosure)
https://floort.net/posts/belgium-unsafe-for-cvd/

#CVD #security #coordinated #vulnerability #disclosure #Belgium

If you have a #Brother #printer, take a quick #security break, so your printer doesn’t get commandeered into a botnet! 🖨️💪

1. Check if your printer model is on this list and has updated firmware available:

https://support.brother.com/g/s/id/security/CVE-2017-9765.pdf

2. If new firmware is available, download the appropriate updater here:

https://support.brother.com/g/b/midlink_os.aspx?c=us&lang=en&prod=group2&site=pc&type2=4&orgc=us&orglang=en&orgprod=group2&targetpage=18

3. Story for context:

https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/

Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security

AMD CPU Transient Scheduler Attacks security flaw revealed https://www.gamingonlinux.com/2025/07/amd-cpu-transient-scheduler-attacks-security-flaw-revealed/

#AMD #PCGaming #Security #Gaming #CPUs

The Node.js Project just pre-announced security updates, to be released next week, on Tuesday, July 15th;

"The 24.x release line of Node.js is vulnerable to 2 high severity issues. The 22.x release line of Node.js is vulnerable to 1 high severity issues. The 20.x release line of Node.js is vulnerable to 1 high severity issues."

https://nodejs.org/en/blog/vulnerability/july-2025-security-releases

#Security

Great news! #HPE networking equipment is now secure!

"Combination accelerates HPE’s strategic vision with a full, secure networking IP stack"

https://www.hpe.com/us/en/newsroom/press-release/2025/07/hewlett-packard-enterprise-closes-acquisition-of-juniper-networks-to-offer-industry-leading-comprehensive-cloud-native-ai-driven-portfolio.html

#security #Juniper #MarketingBullshit #Consolidation

The most recent report, issued in 2023, included an interactive atlas that zoomed down to the county level. It found that #ClimateChange is affecting people’s #security, #health & livelihoods in every corner of the country in different ways, with minority & Native American communities often disproportionately at risk.

#law #EnvironmentalLaw #Climate #ClimateCrisis #PublicHealth #WeatherPreparedness #Trump #USpol

What is your favorite app for
Multifactor Authentication, and why do you like it most? 2️⃣✌️👀

#Security #MFA #2FA #Authenticator

Indiana University silent on major security breach while dozens of services are down for weeks.

https://www.ipm.org/news/2025-07-04/administrator-says-iu-will-never-explain-it-security-breach-publicly?fbclid=IwY2xjawLVRjFleHRuA2FlbQIxMQABHkfpe_KACeX4r2kR7sWjWSMdr6ASrFltBVcS4xXAaIAtUBLiUuG7g8KXBR83_aem_tMrMLsvOTvB3sMFPwNz8qg

#iu #indiana #cybersecurity #security #infosec

Internet traffic, visualized with a opensource app which comfortably monitor your Internet traffic. It is a cross-platform and reliable app for your needs https://github.com/GyulyVGC/sniffnet

#opensource #security

Alt...

A screenshot of sniffnet Application to comfortably monitor your Internet traffic.

"Censys has made a list of some of the ICS products commonly targeted by Iranian hackers and scanned the internet to determine how widespread they are and whether their owners and operators have taken steps to secure them in recent months."

https://www.securityweek.com/iranian-hackers-preferred-ics-targets-left-open-amid-fresh-us-attack-warning/

https://censys.com/blog/ics-iran-exposure-of-previously-targeted-devices

#security #ics

Alt...

Table depicting exposure of four different device types known to be of interest or targeted by Iranian actors, including Unitronics, Orpak SiteOmat, Red Lion, and Tridium Niagara. During the 6 month period from January through June 2025, Orpak SiteOmat is the only software that saw a decrease in exposures, dropping from 158 in January to 123 in June.

#NixOS 24.11 is now officially unmaintained and will not receive bugfixes and #security updates any more.

Time to #upgrade to nixos-25.05 if you haven't yet.

https://github.com/NixOS/infra/pull/761

It’s not often my worlds collide like this, but this is pretty wild.

Coros Pace 3 doesn’t enforce Bluetooth pairing to a device, which leads to a cascading series of things that one could do when rogue connecting to the watch.

All of these are pretty terrible, but I can’t shake the image of someone spectating near the end of a race and disrupting someone’s hard-earned GPS file for their race. Obviously access to health and training data is way more severe, and there are devices and systems way more critical than someone’s GPS watch, but the fact that any of this is even possible is jarring.

On top of this, Coros’s initial response of “we’ll get to it by the end of 2025” is wildly unacceptable. They’ve since clarified their timeline (which is more aggressive) but they didn’t handle this well at all from what I’m reading.

https://blog.syss.com/posts/bluetooth-analysis-coros-pace-3/

https://www.dcrainmaker.com/2025/06/coros-confirms-substantial-watch-security-vulnerablity-says-fixes-are-coming.html

#running #security #vulnerability

Alt...

Summary of COROS PACE 3 Bluetooth security vulnerabilities. An unauthenticated attacker within Bluetooth range could hijack a user’s account, access all data, eavesdrop on sensitive data, manipulate device configuration, factory reset or crash the device, and interrupt running activities causing data loss. The analysis also noted security-relevant differences between the COROS iOS and Android apps.

Confirmed: There will be a full day PF tutorial "Network Management with the OpenBSD Packet Filter Toolset" at #eurobsdcon 2025 in #zagreb.

Details to emerge via https://2025.eurobsdcon.org/, and expect more goodies to be announced!

#openbsd #freebsd #pf #packetfilter #networking #security #freesoftware #libresoftware #bsd

I've had admin powers at 5+ companies' Google Workspace/G Suite over the past decade or so. Every single one had groups which were misconfigured, often so anyone in the whole company could join without approval or see the message history at https://groups.google.com without being a member at all.

This is because for any sensible configuration of Google Groups when using it for email groups you have to use the "Custom" permissions mode. The default Public mode doesn't allow external people to email the group, but does allow the whole company to see all the messages. The default Team mode, has the same problem of everyone being able to see all the messages.

Also let's not forget that dangerous little "Anyone in the organisation can join" toggle at the bottom which is on by default. So any random new starter can join your confidential company directors group and get all the emails sent to it.

Giving Google the benefit of the doubt here, I think the reasoning might be that Google Groups is intended as a kind of company forum, not for private email groups. However that isn't how anyone uses it in my experience...

#security #infosec #google #googleworkspace

Alt...

Screenshot of the default Google Group settings for team mode

Alt...

Screenshot of the default Google Group settings for public mode

Building Your Own PKI with Step-CA – From Root CA to Proxmox Integration with ACME!

In this #HowTo we create an own, decentralized PKE with #stepca, enable #ACME and integrate a #Proxmox node to obtain a certificate.

#proxmox #stepca #opensource #howto #homelab #enterprise #pki #security #decentralized #x509 #certificates

https://gyptazy.com/building-your-own-pki-with-step-ca-from-root-ca-to-proxmox-integration-with-acme/

@theferret Could I respectfully suggest you post full links - not shortened ones. Malicious actors can use them to redirect the viewer to harmful sites and not everyones browser/computer is adequately locked down.

It does not cost more in your 500 letter posting than a shortened/onscured link.

#Mastodon #Links #Security #Privacy

I had the foolihardiness to ask a tech question on Mastodon last night (what was I thinking???) that devolved into a side quest. I am going to even more foolhardily try again:

With Android rolling out updates that wedge Gemini into everything, what do I need to do to remove/disable/nuke from outer space all aspects of Gemini as much as possible?

🚨 Without changing phones / getting a second phone / installing a new OS. 1/n

#Gemini #Android #Privacy #Security

Exhibit eleventy bajillion that medical software is awful. I find this funny for a few reasons.

One, it references Little Bobby Tables' lesser known cousin @GNAME@.

Second, it doesn't tell me who, what, where, when, why. All I have is literally the patient name. My son. I don't know the date of the procedure, the cost, what they sent my insurance, what my insurance said. Nothing. It's just "you owe us money. Please give us all your insurance details."

Third, I suspect #security is to blame here. If you want to protect your patient data, don't let the invoicing people have all that data. I sorta get it. But then letters like this are pretty useless. There is absolutely no way I'm writing down all my info and just shipping it to them to see what happens. This is #medical billing, after all. It's the only thing with a higher error rate than an LLM.

Alt...

Photo of a letter. It has the UVA logo at the top and UVA Health. You can see redacted name and address places. It opens with Dear @GNAME@ and basically goes on to say they did something and want my info.

If you made some kind of intercepting HTTP/HTTPS proxy (thinking of a #pentester use case here), you could make it search for these URLs in the streams of HTTP and HTML that are passing through the proxy. Copy down the full URLs and asynchronously issue your own requests for the same URLs and store your own copy of the resulting files. The end user still gets their copy and nobody can tell it's happening. You'd almost certainly be able to do this because the links would surely be valid at the time the proxy sees them, and would work if the proxy immediately issued its request for its own copy.

The only way to really detect this happening is for the bucket owner to look at the S3 object logs in CloudTrail and see more than 1 fetch of that URL. Of course, someone with network connectivity issues could issue the request more than once. But a systematic pattern of duplicate fetches would indicate hijinks. The end user can't detect this happening to them. But, of course, you're MitM'ing their internet connection, so that could be detected.

#AWS #S3 #security #pentest
4/end

If you know how these things work, I haven't told you anything new or useful yet. Maybe I won't. But the thing I think is important and frequently overlooked is that expiration time. Too short (5 seconds) and your user might not click the link before it expires. Too long (86400 seconds, i.e., one day) and this file is available far longer than you intended.

So looking at the X-Amz-Expires header in #AWS #S3 is a good #security thing, especially if you're doing a #pentest . Those URLs can be passed from device to device (e.g., you can Slack it to a colleague or SMS it to a friend and it will work). So you want to counsel anyone who uses them to try hard to tune the expiration as short as is reasonably practical. That expiration is all of the security control on that link.

[edit: I left out something important]
I see these URLs with 86400 as the expiration time a lot and often. If you're a developer, look at what you're setting them to. If you're a #pentester, this is a thing to warn your customer about.

3/

https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/

> [...] these vulnerabilities allow attackers to fully take over the headphones via Bluetooth. No authentication or pairing is required. The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition. It is possible to read and write the device’s RAM and flash. [...] hijack established trust relationships with other devices, such as the phone paired to the headphones.

#security #bluetooth

A variety of US federal and state laws give cops the power to get your data from online services. This overview goes over how they work, and how they can be mitigated.
https://www.eff.org/deeplinks/2025/06/how-cops-can-get-your-private-online-data
#privacy #police #security #encryption

Thanking the @letsencrypt folks for the excellent work they do, and especially for their upcoming support for security certificates for IP addresses which is nothing short of revolutionary for the future of the (Small) Web.

https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777/22

#SmallWeb #security #IPAddresses #WebNumbers #LetsEncrypt #SmallTech #decentralisation #peerToPeerWeb #findability

I learned something today: Google's Gemini "AI" on phones accesses your data from "Phones, Messages, WhatsApp" and other stuff whether you have Gemini turned on or not. It just keeps the data longer if you turn it on. Oh, and lets it be reviewed by humans (!) for Google's advantage in training "AI" etc.

But this only came to my attention because of an upcoming change: it's going to start keeping your data long-term even if you turn it "off": "#Gemini will soon be able to help you use Phone, #Messages, #WhatsApp, and Utilities on your phone, whether your Gemini Apps Activity is on or off."

This is, of course, a #privacy and #security #nightmare.

If this is baked into Android, and therefore not removable, I'd have to say I'd recommend against using Android at all starting July 7th.

https://www.extremetech.com/mobile/gemini-ai-will-soon-access-calls-and-messages-on-your-android-even-if-you

#spyware #AI #LLM #Google #spying #phone #Android #private #data

One of our goals was making Network Time Security (NTS) the default in Chrony, not just for Ubuntu 25.04 Plucky Puffin, but beyond.

We’ve now reached that milestone as part of the ongoing development of Ubuntu 25.10 Questing Quokka.

Read more about it in our Ubuntu Server Gazette: https://discourse.ubuntu.com/t/ubuntu-server-gazette-issue-5-things-to-keep-safe-your-circle-of-friends-and-your-time/63295

#Ubuntu #Linux #OpenSource #Security #NTS

Alt...

Network Time Security and chrony as defaults: As part of the ongoing development of Ubuntu 25.10 Questing Quokka

Ubuntu 25.10 is boosting security with Chrony + NTS for secure time sync, replacing systemd-timesync. A safer, more reliable time management system is coming! #Ubuntu #Security #TechNews https://dub.sh/GKhixGZ

#Iran says it used the same number of bombs the #US used on Iran’s #nuclear facilities

Iran's top #security body said in a statement that its armed forces used the same number of bombs that the US had used in attacking Iran’s nuclear facilities.

It also said the US base was far from urban facilities & residential areas in #Qatar.

It added that the action did not pose any threat to "our friendly & brotherly" neighbour Qatar.

#Trump #Iraq #Israel #MiddleEast #war

#Kuwait, #Iraq, #Qatar, the #UAE & #Bahrain have all closed their airspace in light of the attacks.

A US #Defense Dept official confirmed that #Iran fired multiple short- & medium-range missiles at #AlUdeid Air Base in Qatar, & a damage assessment is underway. The official spoke on condition of anonymity to discuss #security matters.

#Trump #Israel #MiddleEast #war