Why is it that the best minds in our industry seem unable to improve security without creating products that coincidentally give their employer more control over people and their data? Vendor lock-in is preventing real innovation in infosec.
Ask yourself why all these companies are fighting each other to be your default DNS provider. Why do their "privacy" solutions always give them your data instead? It's valuable data and it's easy to control it yourself. #privacy https://www.linuxjournal.com/content/own-your-dns-data
Disappointed that Firefox is giving Cloudflare user DNS resolution data by default via DoH. I trust my ISP but if I didn't, I'd use a trusted VPN to protect *all* my traffic. DoH is just a DNS-only VPN. What's worse, if you do use a VPN for #privacy FF will still leak your DNS data to Cloudflare by default. https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
"The researchers have named their attack NetCAT, short for Network Cache ATtack"
Seriously, netcat? I guess what they say about the two hardest problems in computer science is true... #infosec https://arstechnica.com/information-technology/2019/09/weakness-in-intel-chips-lets-researchers-steal-encrypted-ssh-keystrokes/
The insult "ten miles of bad road" is much more devastating now that I've just driven ten miles of bad road. #vanlife
Check out my new pocket computer! Ok not exactly new, it's a Tasco Pocket Arithometer from the '40s. #vintagecomputers
Librem 5 shipping starting 24 September 2019 https://puri.sm/posts/librem-5-shipping-announcement/ #purism #linux #linuxphone #linuxmobile #gnome
ElasticCo made Elasticsearch an #opencore product w/ basic security features in a proprietary plugin.
Search Guard made basic ES security features an open core product w/ enterprise auth as a proprietary plugin.
ElasticCo freed code for security plugin recently and now accuses Search Guard of copying both proprietary and #FOSS code. #fossdrama
https://www.elastic.co/blog/dear-search-guard-users
Wow, Huawei just accused the US govt of launching cyberattacks to infiltrate its intranet and internal information systems: https://www.huawei.com/en/facts/voices-of-huawei/media-statement-regarding-reported-us-doj-probes-into-huawei (h/t @Viss and campuscodi)
Musical Instruments To Be Exempt From Restrictions On Heavily Trafficked Rosewood https://n.pr/2ZkHlX4
This article does a good job on presenting the many different ways that data about your credit card purchases are shared without your knowledge or permission: #privacy https://www.washingtonpost.com/technology/2019/08/26/spy-your-wallet-credit-cards-have-privacy-problem/
The spy in your wallet: Credit cards have a privacy problem
https://www.washingtonpost.com/technology/2019/08/26/spy-your-wallet-credit-cards-have-privacy-problem/ #privacy #security
This is why attending a Battlebots event is risky--future generations might view it like we view the Roman Colosseum. I'm already going to have a hard enough time explaining my Roomba to future generations. #singularity #ai https://www.independent.co.uk/life-style/gadgets-and-tech/news/youtube-robot-combat-videos-animal-cruelty-a9071576.html
"Users who decline to share footage through the app may have police showing up at their door asking them to share in person if online requests don't work out. Law enforcement can also go to Amazon directly with a valid legal demand and bypass the user's consent to access the footage entirely." #privacy https://arstechnica.com/tech-policy/2019/08/dont-call-our-surveillance-products-surveillance-ring-tells-police/
The main difference between the Webmin RCE and similar build infrastructure attacks in proprietary tools is that since Webmin is FOSS, it has the opportunity to use Reproducible Builds so we all can detect this kind of attack in the future.
Technical author, FOSS advocate, public speaker, Linux security & infrastructure geek, author of The Best of Hack and /: Linux Admin Crash Course, Linux Hardening in Hostile Networks and many other books, ex-Linux Journal columnist.