Create accountLogin

Recent searches

No recent searches

Search options

Not available on radikal.social.
radikal.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
radikal.social was created by a group of activists to offer federated social media for the radical left in and around Denmark.

Administered by:

Server stats:

162
active users

radikal.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#vulnerability

0 posts0 participants0 posts today
Public
thereisnoanderson

NEW - ⛸️🧱🖥️

DCG Domain Blocklist available - last updated 2025/03/24

1690632 - Domains blocked with that build !

🦜
🐻
Supercharging your content blocker to increase privacy and security.

All available lists:
- uBlockOrigin
- Hosts format & Hosts format with wildcards
- dnsmasq with wildcards

🌳
Ready to use lists combined from many permissively licensed sources.

divested.dev/pages/dnsbl

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss

divested.devDnsbl - Divested Computing
Public *
thereisnoanderson

NEW - 🛡️ 🖥️ 🛡️

Brace Build 2025/03/06 - 1

🦜
🐻
Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.

🌳
Compatibility:
Arch Linux
CentOS 9/Stream
Debian 12
Fedora 39/40/41 (preferred)
openSUSE Tumbleweed
🌳
codeberg.org/divested/brace

#divested
#DivestedComputingGroup
🌳
#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #skynet #foss

Summary card of repository divested/brace
Codeberg.orgbraceToolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.
Public
Erik van Straten

Passkey/password bug: iOS 18.3.1

Ook in iOS versie 18.3.1 is de eerder door mij gemelde iCloud KeyChain (*) kwetsbaarheid nog niet gerepareerd (eerder schreef ik hierover, Engelstalig: infosec.exchange/@ErikvanStrat).

(*) Tegenwoordig is dat de app genaamd "Wachtwoorden" (of "Passwords").

De kwetsbaarheid bestaat indien:

• De eigenaar een "passcode" (pincode of wachtwoord) gebruikt om de iPhone of iPad te ontgrendelen - en er GÉÉN biometrie is geconfigureerd;

ofwel:

• De gebruiker wel biometrie kan gebruiken om het scherm te ontgrendelen, doch in 'Instellingen' > 'Touch ID en toegangscode' de instelling "Autom. invullen wachtw." is UITgezet.

Zie onderstaande screenshots (Engelstalig in infosec.exchange/@ErikvanStrat). Meer info ziet u door op "Alt" in de plaatjes te drukken.

Probleem: iedereen met toegang tot de ontgrendelde iPhone of iPad kan dan, *zonder* opnieuw lokaal te hoeven authenticeren:

1) Op elke website inloggen waarvan het user-ID en wachtwoord in iCloud Keychain zijn opgeslagen;

2) Met passkeys op enkele specifieke websites inloggen (waaronder account.apple.com en icloud.com), namelijk als volgt:

a) Open de website;
b) Druk op "Inloggen";
c) Druk op de "x" rechts bovenaan de pop-up die verschijnt (in de onderste schermhelft);
d) Druk kort in het veld waar om het e-mailadres gevraagd wordt;
e) Druk op de knop "gebruik passkey".

Risico: uitlenen van een unlocked iDevice (o.a. aan kinderen) maar ook diefstal nadat de passcode is afgekeken. Of als de dief geen passcode heeft, als deze wacht tot de eerstvolgende iOS/iPadOS kwetsbaarheid bekend wordt waarbij de schermontgrendeling omzeild kan worden.

Als u ze nog niet gezien heeft, bekijk in elk geval de eerste van de volgende twee video's van Joanna Stern (van de Wall Street Journal):
youtube.com/watch?v=QUYODQB_2wQ
youtube.com/watch?v=tCfb9Wizq9Q

Screenshot van mijn iPhone in 'Instellingen' > 'Algemeen' > 'Vul automatisch in en wachtwoorden'. Bovenaan staat AAN: - "Vul wachtwoorden en passkeys automatisch in" Onder het kopje "VUL AUTOMATISCH IN VANUIT" staan bij mij AAN: - "Wachtwoorden" - "KeePassium" Uit staan bij mij: - Chrome - Edge - Firefox
Screenshot van mijn iPhone in 'Instellingen' > 'Touch ID en toegangscode'. Relevante instellingen: - "iPhone ontgrendeling" staat AAN - "Autom. invullen wachtw." staat UIT Te zien is dat er een vingerafdruk is geconfigureerd. De kwetsbaarheid bestaat UITSLUITEND indien "Autom. invullen wachtw." UIT staat. Indien er géén vingerafdruk is geconfigureerd, staat "Autom. invullen wachtw." altijd uit (en kan niet worden aangezet).
#TouchID#FaceID#Passkeys
Public *
Bálint Magyar

I've just published my first article on my security research; starting things off light with a fun little content injection. :)

(This also happens to be the debut of a basic site generator I whipped up in Lua — long live the #IndieWeb, long live static HTML!)

bm.gy/qrinj

Bálint MagyarText injection but make it spicy: Rendering QR codes with Unicode block characters
More from Bálint Magyar
#InfoSec#Cybersecurity#Security
Public
Avoid the Hack! :donor:

#Apple fixes zero-day flaw affecting all devices

iOS 18.3 comes with #security fixes, including one for a zero-day exploited in the wild (tracked as CVE-2025-24085). The zero-day is a memory use-after-free in CoreMedia, which when exploited could allow malicious apps to elevate their privileges.

#cve #vulnerability #cybersecurity

techcrunch.com/2025/01/28/appl

TechCrunch · Apple fixes zero-day flaw affecting all devices | TechCrunchThe zero-day bug was fixed in iPhones, iPads, Macs, Apple TVs, Apple Watches and Vision Pro headsets.
Public
Fedify: an ActivityPub server framework

We have released #security updates (1.0.14, 1.1.11, 1.2.11, 1.3.4) to address CVE-2025-23221, a #vulnerability in #Fedify's #WebFinger implementation. We recommend all users update to the latest version of their respective release series immediately.

The Vulnerability

A security researcher identified multiple security issues in Fedify's lookupWebFinger() function that could be exploited to:

  • Perform denial of service attacks through infinite redirect loops
  • Execute server-side request forgery (#SSRF) attacks via redirects to private network addresses
  • Access unintended URL schemes through redirect manipulation

Fixed Versions

  • 1.3.x series: Update to 1.3.4
  • 1.2.x series: Update to 1.2.11
  • 1.1.x series: Update to 1.1.11
  • 1.0.x series: Update to 1.0.14

Changes

The security updates implement the following fixes:

  1. Added a maximum redirect limit (5) to prevent infinite redirect loops
  2. Restricted redirects to only follow the same scheme as the original request (HTTP/HTTPS)
  3. Blocked redirects to private network addresses to prevent SSRF attacks

How to Update

To update to the latest secure version:

# For npm users
npm update @fedify/fedify

# For Deno users
deno add jsr:@fedify/fedify

We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly.

For more details about this vulnerability, please refer to our security advisory.

If you have any questions or concerns, please don't hesitate to reach out through our GitHub Discussions, join our Matrix chat space, or our Discord server.

GitHubRelease Fedify 1.0.14 · dahlia/fedifyReleased on January 21, 2025. Fixed several security vulnerabilities of the lookupWebFinger() function. [CVE-2025-23221] Fixed a security vulnerability where the lookupWebFinger() function had ...
Replied in thread
Public
Erik van Straten

🧵 2/2: Apple iOS/iPadOS

Many people, elderly in particular, do not use biometrics to unlock their devices, but a "passcode" (screen unlock code, typically a pincode) instead.

On iOS/IpadOS (I've not yet checked the latest versions), the user is NOT asked to enter their passcode any time when:

1) Autofilling password based credentials on ANY website;

2) loging in using passkeys to *some* of the websites that support "Webauthn Conditional UI" (apparently github is aware of this vulnerability, and prevents it themselves).

The latter includes icloud.com and account.apple.com, meaning that if my child borrows my iPhone after I unlock it (or a thief steals it in unlocked state, or watches me enter my passcode [1]) they can access most of my online data.

Note: when trying to log in, the request to unlock iCloud keychain using the passcode will pop up.

a) Tap X to cancel.

b) Tap in the field that reads "Email or phone number =>".

c) It will offer you to log in, using your passkey, by pressing the button "Use Passkey". No passcode or other secrets needed.

Note: this also happened when using specific iOS/iPadOS settings while having BIOMETRICS ENABLED, but I was unable to reproduce that right now - after Apple has -again- moved configuration settings all over the place - in order to "improve" whatever).

(I've reported this to Apple a long time ago: it's a "wont fix" - go figure).

[1] WSJ Joanna Stern's convincing video: youtube.com/watch?v=QUYODQB_2wQ (follow up: youtube.com/watch?v=tCfb9Wizq9Q)

@ryanrowcliffe
@rmondello

icloud.comiCloudLog in to iCloud to access your photos, mail, notes, documents and more. Sign in with your Apple Account or create a new account to start using Apple services.
#Passkeys#Vulnerability#Apple
Public *
💧🌏 Greg Cocks

Glacial Lake Floods - A Growing, Unpredictable Climate Risk
--
phys.org/news/2023-10-glacial- <-- shared technical article
--
doi.org/10.1038/s41467-023-360 <-- shared paper
--
nature.com/articles/s43017-024 <-- shared paper
--
#GIS #spatial #mapping #spatialanalysis #climatechange #spatiotemporal #glaciallakeoutburstflood #GLOF #risk #hazard #water #hydrology #flood #flooding #risk #hazard #mitigation #publicsafety #global #river #melting #dam #ice #naturaldisaster #naturalhazard #breach #highmountain #Asia #Pakistan #China #Nepal #population #vulnerability #glacier #glacial #loss #infrastructure #loss #cost #death #injury #model #modeling #Alaska #Asia #NewZealand #Iceland #model #modeling

schematic - Methodology for quantifying glacial lake changes and impacts
graphics - Future formation and growth of glacial lakes and GLOF hazard
graphics and photos - The triggers and mechanisms of GLOFs
maps and charts - Global and regional changes in glacial lake area
Public *
thereisnoanderson

NEW - ⛸️🧱🖥️ DCG /etc/hosts available - last updated 2024/12/20

1544291 - Domains blocked with that build ! 🦜

🐻
Supercharging your content blocker to increase privacy and security.

Ready to use lists combined from many permissively licensed sources.

divested.dev/pages/dnsbl

@divested @DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #antivirus #foss
#opensource #android #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #hardening #foss #opensource

divested.devDnsbl - Divested Computing
ExploreLive feeds
About