The Register: Microsoft is a national security threat, says ex-White House cyber policy director
Wikipedia: XZ Utils backdoor
Netzpolitik.org: Österreichs gefährliches Spiel mit der Pressefreiheit
LinuxNews: Debian 12.6 wegen xz Backdoor verschoben
Grund ist CVE-2024-3094. Die kritische Sicherheitslücke, bei der ein böswilliger Akteur Tarballs des xz Kompressionstools mit einer Hintertür versehen hat, die den SSH-Fernzugriff ohne Authentifizierung ermöglicht, betraf unter anderem auch Debian Testing und Unstable. Bisher gibt es keinen Anhaltspunkt dafür, dass Debian Stable von der Lücke betroffen ist.
Ars Technica: Facebook let Netflix see user DMs, quit streaming to keep Netflix happy: Lawsuit
Fefe fasst Microsofts Herangehensweise bei Sicherheitsproblemen hübsch zusammen.
Welcome to the "Learn and Test DMARC" console! Here, you'll get a visual breakdown of how email servers communicate, giving you a better understanding of SPF, DKIM, and DMARC and how they work together.
Schneier on Security: Facebook’s Extensive Surveillance Network
It constantly amazes me that we willingly allow these monopoly companies that kind of surveillance power.
Mozilla: Ask Microsoft: Are you using our personal data to train AI?
If nine experts in privacy can't understand what Microsoft does with your data, what chance does the average person have? That's why we're asking Microsoft to say if they're going to use our personal data to train its AI.
Daniel Stenberg (Curl's author): The I in LLM stands for intelligence
I have held back on writing anything about AI or how we (not) use AI for development in the curl factory. Now I can’t hold back anymore. Let me show you the most significant effect of AI on curl as of today – with examples.
TWiT.tv: The Mystery of CVE-2023-38606
AP: Eine Hintertür in iOS. Auch Apple kann man keinen Zentimeter über den Weg trauen.
Ars Technica: SSH protects the world’s most sensitive networks. It just got a lot weaker
Phoronix: Debian 12.3 Delayed Due To An EXT4 Data Corruption Bug Being Addressed
The Debian bug report on the matter describes it as "non-serious data loss" so it should be recoverable. But the timing was bad as Debian 12.3 was due to be released with an affected kernel build, so now instead Debian 12.3 has been delayed.)
Ars Technica: ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
Tuta: Why Bother With uBlock Origin Being Blocked In Chrome? Now Is The Best Time To Switch To Firefox