regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.

The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

I don’t want to neg open source since it is the best, but blindly assuming something is safe and not jewware because it is open source is a cope.

“But you can audit the code.”

Sure. Will you? If you even had the time to read 1.2 million lines, do you know what they all say? And will you get it done before the next update?

Signal stores data locally; most of it is unencrypted and accessible by any app

https://fxtwitter.com/mysk_co/status/1809287118235070662

Cyberopticon? More like the biggest treasure chest ever for hackers.

https://www.tomshardware.com/tech-industry/artificial-intelligence/openai-was-hacked-revealing-internal-secrets-and-raising-national-security-concerns-year-old-breach-wasnt-reported-to-the-public

Europol Seeks to Break Mobile Roaming Encryption

EU’s law enforcement agency Europol is another major entity that is setting its sights on breaking encryption.
This time, it’s about home routing and mobile encryption, and the justification is a well-known one: encryption supposedly stands in the way of the ability of law enforcement to investigate.

Europol’s recent paper treats home routing not as a useful security feature, but, as “a serious challenge for lawful interception.” Home routing works by encrypting data from a phone through the home network while roaming.

Google Chrome gives all *.google.com sites full access to system / tab CPU usage, GPU usage, and memory usage. It also gives access to detailed processor information, and provides a logging backchannel.

This API is not exposed to other sites - only to *.google.com.

https://x.com/lcasdev/status/1810696257137959018

#google #chrome #extension #privacy
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

JUST IN - "Nearly all" of AT&T's over 110 million customers' call and text interactions exposed in "hack."

https://www.disclose.tv/id/5qz9pot666/

@disclosetv

Trump's assassination attempt from earlier tonight.

Last post I'll share on this, as we are living through yet another major historic event.

New York Post reports it's some 20 year old named Thomas Matthew Crooks.

https://nypost.com/2024/07/13/us-news/thomas-matthew-crooks-idd-as-gunman-who-shot-trump-during-pa-rally/

It bears repeating: Trump is not on our side. He's a zionist elitist who married off all of his children to jews.

Regardless, after the heroic optics immediately following this shooting, Trump has secured his place as the next Chief Shabbos Goy.

I present to you J.D. Vance

Look at this nonsense: "encrypted overseas accounts." Are they talking about crypto wallets?

Boomers and other tech illiterates are going to use the Trump shooter to go after encryption and push for a national firewall, as usual.

https://fxtwitter.com/Breaking911/status/1814097332238946776

Major internet outage involving CrowdStrike.

Probably easily the biggest ever: airports and airlines, trains, banks, tv networks, Disneyland, etc down.

Black swan? Or the inevitable result of chicken bones and human feces entering the Windows kernel update?

https://www.wired.com/story/microsoft-windows-outage-crowdstrike-global-it-probems/

In honor of Shut the Fuck Up Friday, I'd like to remind those who treat public Telegram chats like their own personal diary that people are constantly backing it up.

Archivist group "the-eye" downloaded some 3.8TB of content from 184 "anti-social" Telegram chat rooms and channels, including news reporters like @intelslava, @CIG_telegram, and @BellumActaNews, as well as @censormedaddy, @EsotericHitlerism, and @NordicFrontierChat.

looking at the collection a little closer it became very evident just how much data people are spewing into Telegram all day every day. Conversations, announcements, video/image and document sharing- Telegram is used for all of this and more

We have collected and presented the data exactly as it appeared in the publicly open and accessible channels. Usernames of anyone taking part in any of the chat-based channels have been left intact. We believe in the preservation of historical context as it happened. There is no expectation of privacy in a public forum.

https://the-eye.eu/tasra/

It was not preached to the crowd
It was not taught by the state
No man spoke it aloud
When the weeb began to hate

A follower posed a theoretical situation to us:

Let's suppose that my devices are confiscated by FBI.
My computer has bitlocker on and my old Samsung phone has a  password of 8 characters .
It has been 4 months and still they couldn't open it, if they give up and give back my devices, should it be safe to type my password?

Firstly, Feds will have installed rootkits and keyloggers on these seized devices. If there are files that haven't been backed up, you could create an image of the disk. After you have copied files from both devices, wipe and discard them.

As far as Bitlocker's encryption is concerned, the key backup is stored on the cloud, so law enforcement should always be able to unlock it. Inexperienced small town sheriff departments may not know any better, but any professional agency need only ask Microsoft for what they need – no warrant required.