Skip to main content

Search

Items tagged with: security


 

#Matrix: We have discovered and addressed a #security breach.


source: https://matrix.org/blog/2019/04/11/security-incident/

TL;DR: An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your #password now.


#hack #software #problem #warning #messenger


 

#Matrix: We have discovered and addressed a #security breach.


source: https://matrix.org/blog/2019/04/11/security-incident/

TL;DR: An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your #password now.


#hack #software #problem #warning #messenger


 
Immagine/foto
Inspired by a bunch of recent YouTube videos and their sponsor's messages, I decided to write a slightly larger blog post about VPNs, and how their marketing claims do not hold up in a reality check.

https://schub.io/blog/2019/04/08/very-precarious-narrative.html

I know it is a long post, but if you are using a commercial VPN, have thought about buying a subscription, or know someone who did, please take the time to read this article. It may teach you something new.
#VPN #privacy #security


 
Immagine/foto
Inspired by a bunch of recent YouTube videos and their sponsor's messages, I decided to write a slightly larger blog post about VPNs, and how their marketing claims do not hold up in a reality check.

https://schub.io/blog/2019/04/08/very-precarious-narrative.html

I know it is a long post, but if you are using a commercial VPN, have thought about buying a subscription, or know someone who did, please take the time to read this article. It may teach you something new.
#VPN #privacy #security


 
Welcome to my new home! I'm going to stay here, as long as Tom keeps this instance open.

Time for a #reintroduction then!

I'm a guy from northern #Italy, who love #FLOSS, #selfhost things, #privacy & #security, trying to help as #translator for some projects.

I do #cycling #mtb, #commute to work, and i love walk in the #nature, on #hills or #mountains.

I play #trumpet in my spare time.

That's pretty much all of me for this #introduction! 😉


 

In January, the EU starts running Bug Bounties on Free and Open Source Software

In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.
https://juliareda.eu/2018/12/eu-fossa-bug-bounties/

This is definitely cool! Even better if other countries, institutions and companies will follow up and do the same.

#software #security #bug #bugbounty #eu


 

ASUS Confirms It Was Used to Install Backdoors on Its Customers' Computers


A press release released by ASUS this morning confirms Motherboard’s reporting.

https://motherboard.vice.com/en_us/article/bjqez4/asus-confirms-it-was-used-to-install-backdoors-on-its-customers-computers

#asus #computer #backdoor #security


 

ASUS Confirms It Was Used to Install Backdoors on Its Customers' Computers


A press release released by ASUS this morning confirms Motherboard’s reporting.

https://motherboard.vice.com/en_us/article/bjqez4/asus-confirms-it-was-used-to-install-backdoors-on-its-customers-computers

#asus #computer #backdoor #security


 
♲ Nextcloud 📱☁️💻 (nextcloud@mastodon.xyz):
Putting your phone number in online services is very risky, especially as it is often used to verify accounts AND can be spoofed quite well with sim jacking on the rise!

Be careful.

#security #privacy #selfhosting
https://www.wired.co.uk/article/change-your-phone-number-online-privacy

[l]


 
♲ Nextcloud 📱☁️💻 (nextcloud@mastodon.xyz):
Putting your phone number in online services is very risky, especially as it is often used to verify accounts AND can be spoofed quite well with sim jacking on the rise!

Be careful.

#security #privacy #selfhosting
https://www.wired.co.uk/article/change-your-phone-number-online-privacy

[l]


 
Automatic Certificate Management Environment (ACME) is officially RFC 8555 now:

https://tools.ietf.org/html/rfc8555

"This document describes a protocol that a CA and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation."

#acme #certificate #ca #letsencrypt #infosec #cybersecurity #security #https #rfc8555


 

Awesome Selfhosted


"This is a list of Free Software network services and web applications which can be hosted locally. Selfhosting is the process of locally hosting and managing applications instead of renting from SaaS providers."

https://github.com/Kickball/awesome-selfhosted

There are all kinds of categories, e.g. Search Engines:
  • Ambar - Document Search Engine (OCR, Store & Search) (Demo, Source Code) MIT Nodejs/Python
  • Gigablast - open source search engine. (Demo, Source Code) Apache-2.0 C++
  • Seeks - Web search proxy and collaborative distributed tool for websearch. (Source Code) AGPL-3.0 C++
  • Searx - Privacy-respecting, hackable metasearch engine. (Demo, Source Code) AGPL-3.0 Python
  • Yacy - Peer based, decentralized search engine server. (Demo, Source Code) GPL-2.0 Java
File transfer/synchronization:
  • Git Annex - File synchronization between computers, servers, external drives. (Source Code) GPL-3.0 Haskell
  • Kinto - Kinto is a minimalist JSON storage service with synchronisation and sharing abilities. (Source Code) Apache-2.0 Python
  • Nextcloud - Access and share your files, calendars, contacts, mail and more from any device, on your terms. (Demo, Source Code) AGPL-3.0 PHP
    OpenSSH/SFTP - Secure File Transfer Program. (Source Code) BSD C
  • ownCloud - All-in-one solution for saving, synchronizing, viewing, editing and sharing files, calendars, address books and more. (Source Code, Clients) AGPL-3.0 PHP
  • Pydio - Turn any web server into a powerful file management system and an alternative to mainstream cloud storage providers. (Source Code) AGPL-3.0 PHP
  • Samba - Samba is the standard Windows interoperability suite of programs for Linux and Unix. It provides secure, stable and fast file and print services for all clients using the SMB/CIFS protocol. GPL-3.0 C
  • Seafile - File hosting and sharing solution primary for teams and organizations. (Demo, Source Code) GPL-2.0 C
  • SparkleShare - Self hosted, instant, secure file sync. (Source Code) GPL-3.0 C#
  • Syncany - Secure file sync software for arbitrary storage backends, an open-source cloud storage and filesharing application. Securely synchronize your files to any kind of storage. GPL-3.0 Java
  • Syncthing - Syncthing is an open source peer-to-peer file synchronisation tool. (Source Code) MPL-2.0 Go
  • Unison - Unison is a file-synchronization tool for OSX, Unix, and Windows. GPL-3.0 OCaml
  • Z-Push - Implementation of Microsoft’s ActiveSync protocol. (Source Code) AGPL-3.0 PHP
XMPP Web Clients:
  • Candy - Multi user XMPP client written in Javascript. (Source Code) MIT Javascript
  • Converse.js - Free and open-source XMPP chat client in your browser. (Source Code) MPL-2.0 Javascript
  • JSXC - Real-time XMPP web chat application with video calls, file transfer and encrypted communication. There are also versions for Nextcloud/Owncloud and SOGo. (Source Code) MIT Javascript
  • Kaiwa - Web based chat client in the style of common paid alternatives. (Source Code) MIT Nodejs
  • Movim - Modern, federated social network based on XMPP, with a fully featured group-chat, subscriptions and microblogging. (Source Code) AGPL-3.0 PHP
  • Salut à Toi - Multipurpose, multi frontend, libre and decentralised communication tool. AGPL-3.0 Python
  • Libervia - Web frontend from Salut à Toi. (Source Code) AGPL-3.0 Python
#linux #gnu #gnulinux #selfhosted #services #hackernews #foss #security #privacy #searchengines #searx #yacy #seeks #gigablast #ambar #xmpp #candy #jsxc #kaiwa #movim #salutàtoi #libervia #gitannex #kinto #nextcloud #owncloud #pydio #samba #seafile #sparkleshare #syncany #syncthing #unison #zpush