Discussions related to Infosec.pub
- Inside the "3 Billion People" National Public Data Breach
“there were no email addresses in the social security number files*. If you find yourself in this data breach via HIBP, there's no evidence your SSN was leaked, and if you're in the same boat as me, the data next to your record may not even be correct”
https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/
#infosec #privacy
- Linux kernel impacted by new SLUBStick cross-cache attack
A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers.
The discovery comes from a team of researchers from the Graz University of Technology who demonstrated the attack on Linux kernel versions 5.9 and 6.2 (latest) using nine existing CVEs in both 32-bit and 64-bit systems, indicating high versatility.
https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/
- Image proxying on infosec.pub
I noticed our instance got updated to lemmy 0.19.5 which means image proxying is now available. Since it‘s a privacy preserving measure and also (in case of catbox) really helps with loading times I would really like this feature. I am not quite sure but as far as I can tell it is not enabled at the moment. Does anyone know if it is planned to be used in the future?
Also I don’t know where instance related announcements and news are posted so I‘d appreciate it if someone could point me in the right direction.
- Don’t upgrade Lemmy past 0.19.3. Serious/significant regressions intoduced.
cross-posted from: https://sopuli.xyz/post/14184367
> Lemmy version 0.19.4 introduces 3 relatively intolerable bugs, and 0.19.5 only fixes one of them. > > * cannot post, risk of data loss > * cannot cross-post, but no data loss. > * can only visit the default timeline view >
- Infosec.pub scheduled downtime
Infosec.pub will be down for maintenance on Monday, July 1 2024, from approximately 10am until 1pm Eastern Time. I will be upgrading to the latest version of Lemmy, which requires an upgrade to postgres.
- Chrome Browser Zero Day Exploitwww.zdnet.com Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild
A new Chrome JavaScript security hole is nasty, so don't waste any time patching your systems.
We have a #ZeroDay in #Chrome's browser, just in case you're still using it.
- (Lemmy bug) cannot cross-post to !android@hilariouschaos.com b/c the pull-down list is clusterfucked with Cloudflare sites
This is likely a Lemmy bug but infosec.pub is related because there are so many Android communities that are federated from bad places so I thought I would mention it here as well.
cross-posted from: https://infosec.pub/post/11060800
> The cross-post mechanism has a limitation whereby you cannot simply enter a precise community to post to. Users are forced to search and select. When searching for “android” on infosec.pub within the cross-post page, the list of possible communities is totally clusterfucked with shitty centralized Cloudflare instances (lemmy world, sh itjust works, lemm ee, programming dev, etc). The list of these junk instances is so long !android@hilariouschaos.com does not make it to the list. > > The workaround is of course to just create a new post with the same contents. And that is what I will do. > > There are multiple bugs here: > ① First of all, when a list of communities is given in this context, the centralized instances should be listed last (at best) because they are antithetical to fedi philosophy. > ② Subscribed communities should be listed first, at the top > ③ Users should always be able to name a community in its full form, e.g.: > *
!android@hilariouschaos.com
> *hilariouschaos.com/android
> > ④ Users should be able to name just the instance (e.g. hilariouschaos.com) and the search should populate with subscribed communities therein. - meta federation stance
Is infosec.pub going to federate with or block meta? Sorry if this is a duplicate post, I couldn't find an answer.
- Images from walled gardens unreachable to infosec.pub users in excluded communities
Images do not get mirrored from one Lemmy instance to another. Understandably so. But there is a harmful side effect: if SourceNode is behind an access-restricted walled-garden and an image from that node is cross-posted to a DestinationNode that is not inside the same access-restricted walled-garden, then some readers on DestinationNode see posts where the image is inaccessible.
All variants of walled gardens are can trigger this problem but the most common is Cloudflare. So posts that contain images coming from instances like
sh.itjust.works
andlemmy.world
are exclusive and do not include all people who infosec.pub includes.How can this be fixed?
- infosec.pub could defederate from all Cloudflare nodes. This would prevent CF pawns from pushing exclusive content onto infosec.pub, but infosec.pub users could probably still post links to the exclusive venues.
- infosec.pub could block just cross-posts from CF nodes that contain images.
- infosec.pub could mirror images when the image is in a known exclusive walled garden.
- infosec.pub could accept posts that contain images in walled gardens and then immediately hide those posts. Perhaps a bot could populate a community designated for exclusive walled gardens with links to hidden posts so users not excluded by the walled garden can still reach the content.
Some of those options might require changes to lemmy code.
- Post edits appear accepted but get discarded
This may be an instance-specific problem because I’ve had no problem editing posts on other instances. When I try to exit the title and body of this post, I click save (or whatever) and without error it behaves as if my change was accepted.
Most instances take a minute or two to re-render the screen to show my updates. If the wait is long, I sometimes do a hard refresh to make sure the change got accepted (and if I don’t do that and I do another update, the old content populates the form and causes the recent edit to be lost).
Anyway, with infosec.pub my edits on the above-mentioned post just take no effect, confirmed by a hard-refresh showing no change.
- Just curious, why does this instance defederate feddit.nl?
I'm not a user of this instance so I'm absolutely not going to try to tell you how it should be run, but I am curious. The other instances defederated are ones which have a pretty well-known reputation.
But feddit.nl is the local instance for Dutch users. It seems fairly innocuous. I mainly only know about it because of the notjustbikes community, which is tiny, but excellent, and about a Canadian YouTuber who lives in the Netherlands with a channel of the same name. I'm just curious what happened there to get it defederated from here, and whether perhaps I should look to create a notjustbikes community elsewhere, if it's a problematic instance for some reason.
- Information Security Community Interest
ALL,
I have noticed a bunch of slightly overlapping communities, or some that just don't seem super active.
There are a couple of security related news communities already.
Is there actually interest in INFOSEC projects, blogs, frameworks, TTPs, etc?
Perhaps people who are interested would weigh in, and we could pick a community to work in? I know people don't always like the idea of consolidation, but I'm more interested in gauging people's continued interest.
- Do people here actively work on info sec projects that would post walk throughs, configs?
- Do people work within security frameworks and have sharable configurations?
@xavier@infosec.pub @administrator@infosec.pub @postmodern@infosec.pub @wntrmut@infosec.pub @wop@infosec.pub @m8urn@infosec.pub @digicat@infosec.pub @himazawa@infosec.pub
- Lemmy deletes your URL and replaces it with an image URL if you post a link then add a piclemmy.ohaa.xyz (Canada) An M&M vending machine error revealed facial recognition was used to illegally snoop on students (boycott Mars if you aren’t already!) - Pobierz
“Only because of that official investigation did Canadians learn that ‘over 5 million nonconsenting Canadians’ were scanned into Cadillac Fairview’s database”. Wow. This Wired article is contradictory. The spokesperson says: “an individual person cannot be identified using the technology in the mach...
cross-posted from: https://infosec.pub/post/8863199
> This post was composed with a link to a Wired article: > > https://lemmy.ohaa.xyz/post/1939209 > > Then in a separate step, the article was edited and an image was uploaded. The URL of the local image unexpectedly replaced the URL of the article. Luckily I noticed the problem before losing track of the article URL.
- Is this a legit community? DOI - Infosec.Pubinfosec.pub DOI - Infosec.Pub
https://matrix.to/#/#donoperinfo:matrix.org [https://matrix.to/#/#donoperinfo:matrix.org]
I don't have a problem blocking it, just seems like a pro Russian influence operation to me, since I don't know anything about this group or the culture.
- Periodic 500 errors
I'm receiving periodic 500 server errors when viewing posts for about the last week. It's pretty infrequent but definitely still happening.
I've also noticed that viewing some images has been problematic, sometimes requiring a few tries to get them to appear. Likely the same issue there.
Anyone else noticed this?
- Is there a status page for here?
After a conversation in !isitdown@infosec.pub I was looking for status pages. Does infosec.pub have one?
- Infosec.pub downtime for maintenance
Hello everyone. I will be taking infosec.pub offline for a while today to move the instance to a new, larger server.
- Problems adding images for a post
https://infosec.pub/post/3846278
I add an image, but the image file gets added as the URL
previous post https://infosec.pub/post/3808257 worked fine
- Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Centermsrc.microsoft.com Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center
Results of Major Technical Investigations for Storm-0558 Key Acquisition
Results of Major Technical Investigations for Storm-0558 Key Acquisition
- Changes to Infosec.pub
I am going to be disabling image uploads and image serving, moving to moderated signups, and instituting some extensive block lists on infosec.pub due to the pervasive problems with CSAM attacks on lemmy instances.
No, it’s not happened to any of our instances yet, but I don’t need that headache. And if anyone does, I promise you that I will make it my life’s mission to see that those responsible are convicted and rotting in prison where they belong. ❤️
Edit: h/t to @infosec_jcp for pointing out the problem to me.
- Blocked instances question
Hey, I just did a quick browse through the blocked instances list for infosec.pub and have a few questions about it. Seems like we are blocking sh.itjust.works which at first glance just looks like one of the bigger general purpose instances. Meanwhile more overtly problematic instances like lemmygrad (tankie instance) or exploding heads ("free speech extremists") are federated with. Generally the block list seems fairly small compared to a lot of other instances.
So are these intentional choices or is it more a matter of the admins not (having the time to be) bothering with it? If it's not intentional, maybe checking some other instances blocklists to weed out the biggest trolls/offenders could be useful.
- Hey @jerry, do you have any backup? Is there any way we can help you?
As the title says, @jerry@infosec.pub do you have any backup and how can we support you as the admin of our instance?
Burnout on spare-time projects can be very real, especially when they suddenly grow or become more difficult to manage. We all appreciate what you are doing here. So even if there's nothing we can do directly, I'd just like to say thank you.
- Passwords sent as plaintext?
I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?
- Please don’t enable 2FA
2FA in lemmy doesn’t work reliably yet. Please don’t enable it or you will almost certainly get locked out.
Note: it makes me sad to post this.
- Blocking sh.itjust.works
Hi all. I am going to implement a block for sh.itjust.works. I am going to need years of therapy from all the nasty crap coming from that instance.
- 2FA Auth not showing?
Just setting up my account and 2FA auth is not showing after refreshing and clicking the Button. Broken or a Me issue ?
- HACK red CON
Do you want to help and be part of the most amazing space crew (wink )? Call for volunteers are open! #cybersecurity https://twitter.com/HackRedCon/status/1679476064173584388?s=19
- Con News !!HackRedCon!!t.co Hack Red Con | Cyber Security Conference | OffSec | InfoSec | Education | Training | Networking
Hack Red Con 2023 is a unique Cyber Security Conference that spans two action-packed days. This event includes comprehensive training, workforce development, and valuable networking opportunities. The con will feature a diverse range of talks and training sessions covering Red, Blue, and Purple topi...
Guys, gals, and non-binary pals be sure to grab your ticket for #HackRedCon
This year we have the wonderful Louisville Slugger hosting, so baseball fans be sure to book now!
https://t.co/MYPBBCnUNu
- BusKill (USB Dead Man Switch) v0.7.0 released 💾www.buskill.in BusKill v0.7.0 released - BusKill
We're happy to announce the release of BusKill App v0.7.0. This release includes bug fixes and introduces a new GUI "soft-shutdown" trigger.
We're happy to announce the release of BusKill v0.7.0!
[!BusKill Release Announcement v0.7.0](https://www.buskill.in/buskill-v0-7-0-released/)
Most importantly, this release allows you to arm the BusKill GUI app such that it shuts-down your computer when the BusKill cable's connection to the computer is severed.
What is BusKill?
BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.
| [!What is BusKill? (Explainer Video)](https://www.buskill.in/#demo) | |:--:| | Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4 |
If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.
Upgrading
You can upgrade your BusKill app to the latest version either by
- Clicking "Update" in the app or
- Downloading it from GitHub
Changes
This update includes many bug fixes and new features, including:
- Adds support for 'soft-shutdown' trigger to GUI
- Adds a new
buskill.ini
config file - Adds a new "Settings" screen in GUI
- Merges kivy & buskill config files into one standardized location
- Fixes in-app updates on MacOS
- Fixes lockscreen trigger on Linux Mint Cinnamon
- Fixes background blue/red disarm/arm color to propagate to all screens
- Fixes
--run-trigger
to be executed inside usb_handler child process and communicate to root_child through the parent process
You can find our changelog here:
Documentation Improvements
We've also made many improvements to our documentation
- Updated the Software User Guide to include how to arm the BusKill app with the
soft-shutdown
trigger in the GUI - Added a manpage
- Better documentation on how to build your own USB-C BusKill Cable
- Better documentation on how to test the buskill app
- Fixes in Release Workflow
- Added some additional related projects to our documentation
Soft-Shutdown Trigger
This release now allows you to choose between either \[a\] locking your screen or \[b\] shutting down your computer when you arm the BusKill app from the GUI. By default, the BusKill app will trigger the lockscreen. To choose the '
soft-shutdown
' trigger, open the navigation drawer, go to theSettings
Screen, clickTrigger
, and change the selected trigger fromlock-screen
tosoft-shutdown
. For more information, see our Software GUI User Guide.BusKill Now in Debian!
We're also happy to announce that, with the release of Debian 12, it's now possible to install BusKill in Debian with Apt!
sudo apt-get install buskill
Testers Needed!
We do our best to test the BusKill app on Linux, Windows, and MacOS. But unfortunately it's possible that our app doesn't fully function on all versions, distributions, and flavours of these three platforms.
We could really use your help testing the BusKill app, especially if you have access to a system that's not (yet) listed in our Supported Platforms.
And in this release, we specifically would like you to help us test the new soft shutdown feature. Please let us know if it does or does not work for you.
Please contact us if you'd like to help test the BusKill app :)
- I federation broken? No comments erc.
Pretty much the title. is federation broken? I hardly see comments anymore since about 1-2 days. the “new” page is pretty much stagnant :(
- Federation and new community creaton is disabled
Hi all. I’ve disabled new community creation and federation until there is a fix for the latest vulnerability
- PSA: Lemmy.world was compromised!
Discussion from here: https://lemmy.ml/post/1895271
Relevance: Infosec.pub may wish to consider defederation temporarily.
Temporary fix in place, but instances remain vulnerable. Post: https://lemmy.world/post/1290412
- UPDATE 2:58 UTC the injected code was removed from the main page, but cleanup efforts are still underway.
- UPDATE 3:11 UTC situation appears to be under control, but browse with caution.
- UPDATE 3:35 UTC main page exploited again! Website is unsafe.
- UPDATE 4:01 UTC reports coming in that other instances are getting owned. One report of comments trying to inject JavaScript into the page.
- UPDATE 4:13 UTC XSS vulnerability in page sidebar is reported relationship to the event is unknown.
- UPDATE 7:17 UTC Root cause was identified a while ago.
- I can't seem to upload images: JSON.parse: unexpected character at line 1 column 1 of the JSON data client.js
In Firefox I am unable to upload images either as the subject of a post, or as a part of the body using the image button. I receive the following error:
SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data client.js:2:1753277 Hp https://infosec.pub/static/7197474/js/client.js:2 (Async: promise callback) Hp https://infosec.pub/static/7197474/js/client.js:2 n https://infosec.pub/static/7197474/js/client.js:2
I found a github issue about it but it's really old, so I'm thinking it's not that relevant, even though it pretty much describes the issue exactly:
https://github.com/LemmyNet/lemmy-ui/issues/403
There are some other issues in the lemmy backend repo:
https://github.com/LemmyNet/lemmy/issues?q=is%3Aissue+unexpected+character+at+line+1+column+1+is%3Aclosed
Anyone else noticing this or is it just me?
EDIT: Probably should have checked first but this happens on other instances running 0.18.1, so I guess it doesn't matter, seems to be an upstream issue.
- Feature Request: Open external links in new tab
Is there a setting to default all external links to a new tab? I'm used to that behavior from infosec.exchange. I keep finding myself having to reopen infosec.pub after going down a rabbit hole.
- Vulnerability fixed
As some have pointed out, there was a serious xss vulnerability in lemmy disclosed yesterday. The Lemmy team released a fix a bit ago and I've since patched infosec.pub.