We've enabled SASL2 and XEP-0474: SASL SCRAM Downgrade Protection on http://XMPP.is via https://github.com/unredacted/xmpp.is/commit/ed656a71d112b3a8eb3b54427c164f483cce4b54
This solves one of the most important issues mentioned in our blog post https://unredacted.org/blog/2023/11/what-were-doing-in-response-to-the-jabber-ru-mitm-attack/
We've enabled SASL2 and XEP-0474: SASL SCRAM Downgrade Protection on http://XMPP.is via https://github.com/unredacted/xmpp.is/commit/ed656a71d112b3a8eb3b54427c164f483cce4b54
This solves one of the most important issues mentioned in our blog post https://unredacted.org/blog/2023/11/what-were-doing-in-response-to-the-jabber-ru-mitm-attack/
NYC Mayoral Inauguration bans Raspberry Pi and Flipper Zero alongside explosives
#HackerNews #NYC #Mayoral #Inauguration #Raspberry #Pi #Flipper #Zero #Security #News
Escaping containment: A security analysis of FreeBSD jails [video]
https://media.ccc.de/v/39c3-escaping-containment-a-security-analysis-of-freebsd-jails
Escaping containment: A security analysis of FreeBSD jails [video]
https://media.ccc.de/v/39c3-escaping-containment-a-security-analysis-of-freebsd-jails
A Vulnerability in Libsodium
https://00f.net/2025/12/30/libsodium-vulnerability/
#HackerNews #Libsodium #Vulnerability #Security #Cybersecurity #OpenSource #TechNews
If you want to comply with dependency reporting requirements (⇒ SBOM: Software Bill of Materials) for a program of any kind, this is now very easy with #Guix:
https://www.draketo.de/software/bsi-grundschutz#CON.8.A8-sbom-guix
TLDR: guix graph --backend=cyclonedx-json <package-name> gives you an SBOM.
To do that for your own packages, even if they are not in the distro, write a guix.scm (instructions and links in the article).
It works across languages and to arbitrary depth.
Great shout out to Kagi on the Security Weekly podcast, and why it's the gift of choice this holiday season:
https://youtu.be/Jm5t53rsfTs?si=MrXsg-9PnV1_t896&t=2262
(Note: not a paid or sponsored endorsement)
no strpy either
https://daniel.haxx.se/blog/2025/12/29/no-strcpy-either/
#HackerNews #no-strcpy #programming #blog #post #security #coding #best-practices
MongoDB Server Security Update, December 2025
https://www.mongodb.com/company/blog/news/mongodb-server-security-update-december-2025
#HackerNews #MongoDB #Security #Update #December2025 #ServerUpdate #DatabaseSecurity
Aroma: Every TCP Proxy Is Detectable with RTT Fingerprinting
https://github.com/Sakura-sx/Aroma
#HackerNews #Aroma #TCP #Proxy #RTT #Fingerprinting #Network #Security #Cybersecurity
If you want to comply with dependency reporting requirements (⇒ SBOM: Software Bill of Materials) for a program of any kind, this is now very easy with #Guix:
https://www.draketo.de/software/bsi-grundschutz#CON.8.A8-sbom-guix
TLDR: guix graph --backend=cyclonedx-json <package-name> gives you an SBOM.
To do that for your own packages, even if they are not in the distro, write a guix.scm (instructions and links in the article).
It works across languages and to arbitrary depth.
Some flexibility with Go’s sumdb
https://blog.yossarian.net/2025/12/29/Some-flexibility-with-Go-s-sumdb
Some flexibility with Go’s sumdb
https://blog.yossarian.net/2025/12/29/Some-flexibility-with-Go-s-sumdb
French President Emmanuel #Macron said Kyiv’s allies will meet in #Paris in early January to “finalize each country’s concrete contributions” to the #security guarantees.
#Trump said he would consider extending #US security guarantees for #Ukraine beyond 15 years, according to #Zelensky. The guarantees would be approved by the US #Congress as well as by parliaments in other countries involved in overseeing any settlement, he said.
Feeling major FOMO as many Fedi friends and inspiring people are currently at #39c3. But luckily talk recordings are already available!
🔗 : https://media.ccc.de/popular/2025
I'm about to start watching @pluralistic's "A post-American, enshittification-resistant internet" 🍿
🔗 : https://media.ccc.de/v/39c3-a-post-american-enshittification-resistant-internet
Wishing everyone a great day! ✨
Feeling major FOMO as many Fedi friends and inspiring people are currently at #39c3. But luckily talk recordings are already available!
🔗 : https://media.ccc.de/popular/2025
I'm about to start watching @pluralistic's "A post-American, enshittification-resistant internet" 🍿
🔗 : https://media.ccc.de/v/39c3-a-post-american-enshittification-resistant-internet
Wishing everyone a great day! ✨
RE: https://mastodon.social/@_elena/115802007577550828
➡️ https://media.ccc.de/v/39c3-a-post-american-enshittification-resistant-internet#t=720 by @pluralistic ( @eff)
Seen via @_elena
#FOSS #Internet #AI #Europe #Sovereignty #Security #Copyright #Anticircumvention #Capitalism #Tech #Enshittification #Resistance #Future #Activism #EFF
French President Emmanuel #Macron said Kyiv’s allies will meet in #Paris in early January to “finalize each country’s concrete contributions” to the #security guarantees.
#Trump said he would consider extending #US security guarantees for #Ukraine beyond 15 years, according to #Zelensky. The guarantees would be approved by the US #Congress as well as by parliaments in other countries involved in overseeing any settlement, he said.
Details of the #security guarantees have not become public but #Zelensky said Monday that they include how a peace deal would be monitored as well as the “presence” of partners. He didn’t elaborate, but #Russia has said it won’t accept the deployment in #Ukraine of troops from #NATO countries.
Kremlin spox Dmitry #Peskov said Monday that Russian President Vladimir #Putin & #Trump were expected to speak in the near future but there was no indication the Russian leader would speak to Zelensky.
