Here a good reminder that the PR of Telegram is highly misleading. It's not very secure, they don't really care about your privacy.

Interesting comparison between old attempts at backdooring OpenSSH and the latest xz attempt. There are lessons to be learned from this. It makes a good case for starting to sandbox everything.

Looks like a nice tool to monitor your network.

Scary thread... developers should know better than do this and ship it on devices around the world. Their data is now anyone for the taking and users' privacy can't be ensured.

Clearly a new OpenSSH feature to keep an eye on. This should improved security of the server by default. That said, it needs to be a bit more in the wild before knowing how to best tune it.

Interesting take, those bugs are more convenient to exploit. Logic bugs are too specific to easily exploit at scale.

Luckily this kind of very low level vulnerabilities are not too common and difficult to exploit. But when they get exploited all things break loose and you can't trust your hardware anymore.

Someone was about to get revenge, this gives an interesting exploration.

A very good piece, it's nice it's been resurrected. This is a good reminder that the blame and shame of the user for general computing security is plain wrong. It's we the developers and the UX designers who should be kept on our toes.

Looks like we really get back to the same type of vulnerabilities... it's only a couple of dozens usual suspects.

Definitely not as fashionable as the kubernetes craze. This gives very interesting properties that multi-tenant applications can't really provide. The article is nice as it lays out properly the pros and cons, helps make the choice depending on the context.

A reminder that Secure Boot is worth nothing if the device makers don't manage cryptographic keys properly...

Interesting story. This is getting harder to hire for remote positions I guess.

Make sure to read also part 2. You'd expect critical infrastructure like this to not be exposed over the Internet, and to be properly protected...

Wow! This is a really bad data breach. Apparently related to the recent data theft on the Snowflake end.

The title is a bit pushing it. Still, I didn't realize some of the fine prints of the Ubuntu support schemes.

Good tour of all the way dependencies might get compromised in your supply chain. Getting this easy to detect is needed.

This is a concerning finding. One can escape from the browser to the system with such chaining.

Looks like a nice tool indeed. Might be handy.

This organization indeed doesn't seem healthy. Especially regarding the amount of user data they are responsible of.