Notices tagged with security

The world isn’t becoming multipolar — it’s becoming "multisphere." Overlapping power, blurred norms and rising coercion are redefining global risk in 2026. https://www.japantimes.co.jp/commentary/2025/12/22/world/strategic-outlook-geopolitics-2026/?utm_medium=Social&utm_source=mastodon #commentary #worldnews #geopolitics #china #us #defense #sanaetakaichi #security #ukraine #europe

TIL;
You can use `systemd-creds` to store wireguard private keys in `systemd.netdev` files.

#systemd #wireguard #security #til

Node.js devs, so picture this: you run npm install and you get a bunch of packages with audit errors.

The one thing I want to know at that point: what’s the root package that these dependencies belong to. (Running npm audit fix is a last resort as I don’t like it fiddling around with the dependencies of nested packages.)

It’s also not a straightforward thing to do, but it’s nothing jq and a bit of piping can’t fix:

npm audit --json | jq -r '.vulnerabilities[].name' | xargs -n1 npm ls

If you’re using fish shell, add an abbr(aviation) or an alias to that with a name like npm-audit-tree and you’re golden ;)

Enjoy 💕

#NodeJS #npm #audit #security #JavaScript #JSON #jq #xargs #dev #tip

Random Roar: Your Personal Recaps Should Alarm You
Merry Christmas! Here's what we have on you!
https://www.dcgameblog.com/2025/12/random-roar-your-personal-recaps-should-alarm-you/
#DataCollection #RandomRoar #security

Just updated Node Pebble to support latest release version of Let’s Encrypt’s Pebble testing server.

https://codeberg.org/small-tech/node-pebble

Enjoy!

💕

#LetsEncrypt #Pebble #testing #tls #ssl #security #NodeJS #JavaScript

#Zelensky said on Sunday that the #US, #Europe & other partners' #security guarantees instead of #NATO membership were a compromise on #Ukraine's side.

"From the very beginning, Ukraine's desire was to join NATO, these are real security guarantees. Some partners from the US & Europe did not support this direction," he said in answer to questions from reporters in a WhatsApp chat.

#geopolitics #Russia #war #StandWithUkraine

"Thus, today, bilateral #security guarantees between #Ukraine & the #US, Article 5-like guarantees for us from the US, & security guarantees from European colleagues, as well as other countries — #Canada, #Japan — are an opportunity to prevent another Russian invasion," #Zelensky said.

"And it is already a compromise from our part," he said, adding that the security guarantees should be legally binding.

#geopolitics #Europe #Russia #war #StandWithUkraine

BSI checkt E-Mail-Programme

Das Bundesamt für Sicherheit in der Informationstechnik hat getestet, wie sicher E-Mail-Programme sind. Die sind offenbar ok.

https://www.heise.de/news/BSI-checkt-E-Mail-Programme-11115384.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#BSI #EMail #IT #Journal #Security #Test #news

Much as I admire American friends, colleagues and allies, this and then this again.

#InternationalPolitics #Security #UsPol #EUPol

https://www.readtheline.ca/p/matt-gurney-we-will-never-fucking

RE: https://social.vivaldi.net/@NetscapeNavigator/115671312844470695

⚠️ Please double-check to make sure your site is using the latest Fediverse software:

Misskey: 2025.12.0
Mastodon: 4.5.3
PeerTube: 8.0.0
PixelFed: 0.12.6
Loops: 1.0.0 Beta 5
Mbin: 1.8.4
Lenny: 0.19.14
Akkoma: 2025.12
Sharkey: 2025.4.4
Pleroma: 2.9.1

#Fediverse #ActivityPub #Mastodon #Misskey #PixelFed #PeerTube #Sharkey #Loops #Akkoma #Pleroma #Mbin #Lemmy #InfoSec #Security #Hack #Foss #OpenSource #Linux #SystemAdmin #Administrator #WebMaster #ITTech #FediAdmin

Nice, BSI tested password manager security and their analysis actually makes sense: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/passwortmanager.pdf (German).

Two questions are particularly interesting: can the vendor access passwords (5/10 no) and is the entire storage encrypted (3/10 yes). Which leaves 1Password, Keepass2 Android and KeePassXC usable without reservations, while Avira Password Manager and Firefox Password Manager are usable with some concerns (the former uses crypto that cannot be verified, the latter requires a main password to be set explicitly). The other five tested products (Chrome Password Manager, mSecure, PassSecurium, SecureSafe, S-Trust) should not be used.

Not exactly news to me but good to see this confirmed – and good to see a proper analysis rather than grabbing low-hanging fruit for some bullshit statements.

#PasswordManager #security

I know there are some pet owners out there.

Y'all might wanna start checking on some things.

Petco Data Breach Exposes Customer Data, Including SSNs, Credit Card Info

https://www.pcmag.com/news/petco-data-breach-exposes-customer-data-including-ssns-credit-card-info

#Petco #Data #Breach #Security #Privacy #Tech

Schleswig-Holstein reports €15M yearly savings by replacing Microsoft 365 with LibreOffice across most government workplaces 💶

About 80% of offices have migrated, with a €9M one-time investment planned for 2026 to finish the shift and strengthen open-source tools 🧩

@libreoffice

🔗 https://itsfoss.com/news/german-state-ditch-microsoft/

#TechNews #OpenSource #Privacy #Security #Government #EU #Data #Sovereignty #IT #PublicSector #Digital #Microsoft #Office #Software #Tech #Cloud #FOSS #Germany #German #LibreOffice

It couldn’t be more clear than this.

#usnationalsecuritystrategy #russia #europe #nato #security

Avevamo ragione, come sempre, nel comunicare che fino ad Aprile 2026 il chat control sarebbe tornato a massacrarci l'esistenza! A molti di voi potrebbe non interessare ma consegnare i nostri dati a Big Tech, far indebolire la cifratura dei certificati ssl e stravolgere le regole per un controllo di massa anche no!
Agite al link sottostante:

https://fightchatcontrol.eu

#stopchatcontrol #fightchatcontrol #privacy #security #freedom

How much is this "worth" (in money)?

(my) webservers (!) running without reboot for almost 10 years 🖖 🥳
/WITHOUT/ changing anything.
(only security patches)

Thanks to #Debian's #FOSS-developer best-practice of:

"**fixing a security problem is to make as few changes as possible**"
[quote src=https://www.debian.org/security/faq#oldversion]

And other distros building on top of each other, in collaboration.

I ♥️ *stable, professional #OpenSource tech*

#StableIT #Ubuntu #GNU #linux #security #dltp #longterm #bash

Vanadium version 143.0.7499.52.0 released:

https://github.com/GrapheneOS/Vanadium/releases/tag/143.0.7499.52.0

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/28639-vanadium-version-14307499520-released

#GrapheneOS #privacy #security #browser

@mathewi 4/
I’m going to delay elaborating my other concerns about the maturity of #SelfDriving #autonomous vehicles. For now, please consider the following:

1. #AI in general, self-driving cars in particular, are not people. These technology systems do not have our human-lived experiences, they do not think like us, even if you believe that thinking is computational. With a few exceptions, such systems have no common sense ability to reason about the world. They don’t understand human behavior the way we do.

2. They will not make the same mistakes that humans make while driving. That is not only a requirement, it follows from 1. Instead, they will make their own mistakes. We are already seeing plenty of these. Sure, engineers will grind out most of these, but not all.

3. The first two points mean that the behavior of self-driving cars will be difficult to predict in all but the most common vanilla driving situations. People complain about how rigid the current vehicles are at following the law. What? Now you want them to break the law when it is expedient?

4. There are a near infinite number of “edge cases” and those are when safe driving is the most difficult — exactly when we want self-driving vehicles to excel. There are too many to test. The complexity of the real-world, specifically edge cases, cannot be simulated in a laboratory. A decade or more experience on the road is required.

5. Cars are increasingly connected and computerized, and that makes them a new #security threat. Any modern car today can be hacked and remotely controlled. AI systems add multiple new attack vectors. Yes, companies are working on security, but so are the bad guys. #Infosec people will tell you their world is hand-to-hand combat. The more such cars are on the road, the greater the opportunity and attraction for mischief (or worse).

The big question is when will we, as a society, feel safe and convinced by the benefits of self-driving cars? That question is a trap, because most people don’t know the details. It is already happening.

Speaking as an expert and a grandfather, I will not be putting my grandchildren in the back seat of a self-driving car any time soon.

A maximum-severity vulnerability in React could enable remote code execution (RCE), and may affect more than a third of cloud service providers.

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

#javascript #react #security #programmig

Oh, this is so f***ing gold. This post is a juice concentrate of the many reasons why Matrix sucks:

https://yaky.dev/2025-11-30-self-hosting-matrix/

Among others:

Users cannot be deleted
This is simply not an option in the API. Server admin can perform a "deactivate" (disable login) and "erase" (remove related data, which claims to be GDPR-compliant) on user accounts, but the accounts themselves stay on the server forever.

LOL.

Here is my take on why you should trash Matrix and use XMPP, or ta least Signal instead:

https://gagliardoni.net/#im_battle_2025

#im #matrix #jabber #xmpp #signal #privacy #security #enshittification #cypherpunk