Make sure your OpenSSH server is up to date.
This is bad for two reasons: 1) people clearly put too much trust in random CDNs to distribute their dependencies and 2) people don't track depencendies obsolescence properly.
A new type of attack targeting the CPU indirect branch predictor.
JSON, its grammar and the security implications. The approach of looking at a restricted subset is interesting.
The creative ways to exfiltrate data from chat systems built with LLMs...
This is indeed a real concern... with no propre solution in sight.
On the peculiarities of running a network for a university... this is an interesting way to frame it as basically being an ISP with benefits.
A deep dive into the events which led to the SolarWinds breaches. The responsibility from Microsoft as an organization is staggering. Their handling of security matters massively failed once more. I don't get how governmental agencies or other companies can still turn to Microsoft with sensitive data.
Very unsurprising, the harm is probably done though. They'll have to work hard for their reputation to recover (even though it was probably low already).
How trustworthy are the extensions you get in your editor or IDE? I'd expect most marketplaces to not be well harmed against such attacks.
The more releases out there the more vulnerabilities are (and could be) discovered. Some actions are necessary to get things under control properly.
The words we use indeed matter. This is definitely a domain where we should avoid ambiguities...
Or why you should let domain simply expire, there's plenty of work to do before that.
This is completely nuts... they really want to unleash a security and privacy nightmare. The irony is that it does respect DRM content on the other hand, we can see where the priorities are.
Ever wondered about the state of the art in password cracking? This is not an easy read but a good reference.
An alternative to the venerable sudo coming with systemd. Looks like it has interesting properties.
Maybe a bit dry, but gives a good idea of how a fuzz testing harness works. And also how it can be tweaked.
Interesting study on the brute force attacks against SSH. It gives plenty of insights and leads to a potential approach to detect most of them.
The title says it all. This article is a nice introduction to certificates, how they work, how the trust model is setup, etc.
Interesting article, shows quite well the complexities of D-Bus and Polkit. Unsurprisingly such complexity easily leads to mistakes which can compromise security. This then hints to interesting things to keep in mind when you have to deal with D-Bus and Polkit.