Privatnost i sigurnost podataka i korisnika

[Libertus]

Citiraj:

Autor mkey

Naučio sam da nije dovoljno ukazati na problem nego treba i prstom uprti u rješenje, staviti pokoji uskličnik, podcrtati, uokviriti, poslati pokoji nadrkani mail i tako ukrug. Također užas.

LoL

Ja odmah šaljem nadrkane mejlove pa se proces ponešto skrati.

Druga opcija je staviti alarm dvaput dnevno, nazvati i pitati što ima, gdje smo stigli s tim. Nakon nekog vremena dopizdi im pa riješe.

[tomek@vz]

Citiraj:

Autor Libertus

LoL

Ja odmah šaljem nadrkane mejlove pa se proces ponešto skrati.

Druga opcija je staviti alarm dvaput dnevno, nazvati i pitati što ima, gdje smo stigli s tim. Nakon nekog vremena dopizdi im pa riješe.

Osim ak si "eksterni" a problem je "interno".

[mkey]

Razmišljao sam o tome da im napravim alarme, ali debelo je izlazilo izvan okvira mojeg i tako opširnog radnog mjesta. Npr. slanje nadrkanih mailova definitivno nije bilo u mom platnom razredu, nego bi me svako toliko nasrdili pa bih poslao te mailove pro bono.

Evo eksterno vs interno je kod njih bilo novo vs staro. A "staro" je bilo sve ono što je makar jednu sekundu u produkciji

[Pupo]

Citiraj:

Autor medo

Pazi koju verziju softwarea imaju. Prošle godine je otkriven vulnerability koji te ne bi trebao pretjerano zabrinjavati ali kad već uzimaš novo… iz sigurnosnih razloga Yubikey ima zapečen firmware - nema updatea.

Meni je osobno Yubikey a must have.

Taj vulenrability je nemoguće reproducirati u RL situaciji. Što je dobro iz dvije stvari, znači da ima ekipe koja se rješava starih yubikijeva za smješne pare zbog "vulenrabilitija" pa se isti ti mogu naći za pola cijene.
A bolje uzeti 2 s vulnerabilitijem nego jedan bez, jer samo jedan koristiti za sve bez sekundarnog. Bolje da ga ne izgubite il da krepa.

[medo]

Citiraj:

Autor Libertus

LoL

Ja odmah šaljem nadrkane mejlove pa se proces ponešto skrati.

Druga opcija je staviti alarm dvaput dnevno, nazvati i pitati što ima, gdje smo stigli s tim. Nakon nekog vremena dopizdi im pa riješe.

Takvi poput tebe su mi u block listi na mobitelu i u filterima na Outlooku

[Ivo_Strojnica]

ja sam iša korak dalje, imam skriptu koja čita key words iz maila određenih ljudi i šalje poruku: "sjaši."

[tomek@vz]

Ono kad dodes na visoku poziciju preko veze

Citiraj:

Facepalm: Studies show that most people still reuse weak passwords across multiple accounts despite years of warnings from cybersecurity experts against the practice. Recent leaks reveal that poor password discipline even occurs at the upper levels of the United States government.

Leaked passwords from past security breaches reveal that Tulsi Gabbard, who recently became the US Director of National Intelligence, reused a weak password on multiple accounts for email and other services. All of the breaches occurred several years ago, and a spokesperson claimed Gabbard changed the passwords multiple times since then, but the revelations might add to recent scrutiny of government cybersecurity discipline.

> Techspot

[tomek@vz]

Citiraj:

Cybersecurity researchers have flagged three malicious npm packages that target the macOS version of AI-powered code-editing tool Cursor, reports The Hacker News:
"Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, and disable auto-updates to maintain persistence," Socket researcher Kirill Boychenko said. All three packages continue to be available for download from the npm registry. "Aiide-cur" was first published on February 14, 2025...

In total, the three packages have been downloaded over 3,200 times to date.... The findings point to an emerging trend where threat actors are using rogue npm packages as a way to introduce malicious modifications to other legitimate libraries or software already installed on developer systems... "By operating inside a legitimate parent process — an IDE or shared library — the malicious logic inherits the application's trust, maintains persistence even after the offending package is removed, and automatically gains whatever privileges that software holds, from API tokens and signing keys to outbound network access," Socket told The Hacker News.

"This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said.

The npm packages "restart the application so that the patched code takes effect," letting the threat actor "execute arbitrary code within the context of the platform."

[tomek@vz]

Citiraj:

"A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver," reports The Hacker News:
Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

The vulnerability was first flagged by ReliaQuest late last month when it found the shortcoming being abused in real-world attacks by unknown threat actors to drop web shells and the Brute Ratel C4 post-exploitation framework. According to [SAP cybersecurity firm] Onapsis, hundreds of SAP systems globally have fallen victim to attacks spanning industries and geographies, including energy and utilities, manufacturing, media and entertainment, oil and gas, pharmaceuticals, retail, and government organizations. Onapsis said it observed reconnaissance activity that involved "testing with specific payloads against this vulnerability" against its honeypots as far back as January 20, 2025. Successful compromises in deploying web shells were observed between March 14 and March 31.

"In recent days, multiple threat actors are said to have jumped aboard the exploitation bandwagon to opportunistically target vulnerable systems to deploy web shells and even mine cryptocurrency..."

[tomek@vz]

Citiraj:

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware," reports Ars Technica, "a strong indication that devices belonging to him have been hacked in recent years."
As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.

The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."

Ovi preko bare više nisu ni smješni...

[tomek@vz]

Citiraj:

A critical Proof-of-Concept (PoC) exploit has been released for a significant vulnerability in the Linux kernel’s nftables subsystem, tracked as CVE-2024-26809.

This flaw, rooted in the kernel’s netfilter infrastructure, exposes affected systems to local privilege escalation through a sophisticated double-free attack.

Security researchers, including the user “conlonialC,” have demonstrated how this bug can be weaponized to achieve root-level access, underscoring the urgency for system administrators to apply available patches.

Citiraj:

CVE-2024-26809 affects Linux kernel versions 5.15.54 and later, including the 6.1 and 6.6 LTS branches.

The vulnerability has been addressed in recent kernel updates, with distributions such as Debian, Ubuntu, and SUSE releasing patches for all supported versions.

> CSNews

[tomek@vz]

Citiraj:

Chipmakers typically use microcode updates to fix bugs and improve CPU reliability. However, this low-level layer between hardware and machine code can also serve as a stealthy attack vector – capable of hiding malicious payloads from all software-based defenses. As threats evolve, even the deepest layers of a system can no longer be assumed safe.

A security researcher designed a way to "weaponize" microcode updates to install ransomware directly onto the CPU. Rapid7 analyst Christiaan Beek drew inspiration from a critical flaw in AMD's Zen processors, discovered by Google researchers earlier this year. The flaw could allow attackers to modify the RDRAND instruction and inject a custom microcode that always selects "4" when generating a random number.

> Techspot

[tomek@vz]

Citiraj:

European Union public vulnerability database enters beta phaseEurope has a backup plan in case the CVE system tanks

> Techspot

[tomek@vz]

Citiraj:

Windows 11 and Red Hat Linux hacked on first day of Pwn2Own

> BleepingComputer

[tomek@vz]

Citiraj:

Lawmakers say TP-Link's rock-bottom prices fuel Chinese cyberattacks, back US sales ba

Citiraj:

Discount routers, premium threat?

[Night]

Taj TP Link je odavno problem u USA i šire, pogotovo jer im je firmware sigurnosna katastrofa.

[kopija]

Ako tplinkovi imaju backdoor šta onda tek ovi huaveiji šta naši dijele imaju?
Možda su napravljeni od plastičnog eksploziva pa će rvacka da se trese ako AP verbalni delikt počini protivu Partije.

[tomek@vz]

Problem je kak se meni čini da trenutno samo možemo birat špijuna. Ili preći na nešto što vrti OpenWRT.

[tomek@vz]

Citiraj:

A Curl contributor replaced an ASCII letter with a Unicode alternative in a pull request, writes Curl lead developer/founder Daniel Stenberg. And not a single human reviewer on the team (or any of their CI jobs) noticed.

The change "looked identical to the ASCII version, so it was not possible to visually spot this..." The impact of changing one or more letters in a URL can of course be devastating depending on conditions... [W]e have implemented checks to help us poor humans spot things like this. To detect malicious Unicode. We have added a CI job that scans all files and validates every UTF-8 sequence in the git repository.

In the curl git repository most files and most content are plain old ASCII so we can "easily" whitelist a small set of UTF-8 sequences and some specific files, the rest of the files are simply not allowed to use UTF-8 at all as they will then fail the CI job and turn up red. In order to drive this change home, we went through all the test files in the curl repository and made sure that all the UTF-8 occurrences were instead replaced by other kind of escape sequences and similar. Some of them were also used more or less by mistake and could easily be replaced by their ASCII counterparts.

The next time someone tries this stunt on us it could be someone with less good intentions, but now ideally our CI will tell us... We want and strive to be proactive and tighten everything before malicious people exploit some weakness somewhere but security remains this never-ending race where we can only do the best we can and while the other side is working in silence and might at some future point attack us in new creative ways we had not anticipated. That future unknown attack is a tricky thing.
In the original blog post Stenberg complained he got "barely no responses" from GitHub (joking "perhaps they are all just too busy implementing the next AI feature we don't want.") But hours later he posted an update.

"GitHub has told me they have raised this as a security issue internally and they are working on a fix."

[medo]

Citiraj:

Autor tomek@vz

Problem je kak se meni čini da trenutno samo možemo birat špijuna. Ili preći na nešto što vrti OpenWRT.

Dašta

[Night]

Pa mislim da bi Mikrotik trebao biti spyware free. Osim ako instaliraš Calea paket

[medo]

Mislim da preko onih Qualcommovih CPUova uđu u njega bez obzira na software koji je gore

[tomek@vz]

Khm...ovo treba imati na oku:

Citiraj:

About this initiative
Summary
Certain metadata processed by service providers are needed to effectively fight crime. Since no EU-wide legal framework exists requiring providers to retain metadata for a reasonable and limited period of time for criminal proceedings, data may no longer exist by the time authorities request them. The divergences between EU Member States’ laws governing the retention of data can hamper criminal proceedings and affect service providers operating across the EU. This initiative is to assess the impact of data retention rules at EU level.
Topic
Institutional affairs
Type of act
Staff working document

> https://ec.europa.eu/info/law/better...roceedings-_en

[Ivo_Strojnica]

Citiraj:

Autor medo

Mislim da preko onih Qualcommovih CPUova uđu u njega bez obzira na software koji je gore

E ovo, mi se puno mislimo oko firmwarea, što je opet validan point, ali mislim da je to već na hardware razini poprilično razvikan problem.

Zašto meni Apple Mini računalo, kad je u standbyju, skenira lokalnu mrežu i šalje pakete na AWS stroj?
Zar ne bi đubre trebalo spavati? A sve postake koje sam moga ubiti, sam ubio.
Zašto mi Pixel 3XL, koji mi je u ladici, UGAŠEN, se spaja na moju mrežu (u logu mi zapisan connection attempt)?

Tako da baš ovo šta se kaže, samo je pitanje koju špijunsku agenciju birati, mislim da se obraniti ne možeš kao krajnji korisnik, osim ako ne uložiš puuuunooo vremena i znanja.

[tomek@vz]

Citiraj:

Autor Ivo_Strojnica

Tako da baš ovo šta se kaže, samo je pitanje koju špijunsku agenciju birati, mislim da se obraniti ne možeš kao krajnji korisnik, osim ako ne uložiš puuuunooo vremena i znanja.

Ma mislim da uskoro ni najboljima to više neće biti moguće. Ak će na taj način eliminirat kriminal - ja sam za iskreno. Ali problem je da takva tehnologija najčešće upadne krivima u ruke. I to je u best case scenariju kad su na vlasti kolko tolko normalni demokrati (a u zadnje vrijeme nisu). Kombiniraj to sa AI i imaš idealan sustav špijuniranja i kažnjavanja ovaca bez ljudske intervencije. Problem tehnologije nikad nije ona sama nego ljudi koju upravljaju njome.

[Night]

Citiraj:

Autor Ivo_Strojnica

Tako da baš ovo šta se kaže, samo je pitanje koju špijunsku agenciju birati, mislim da se obraniti ne možeš kao krajnji korisnik, osim ako ne uložiš puuuunooo vremena i znanja.

Možeš jako reducirati attack surface ako se potrudiš, kao što možeš i značajno povećati sigurnost i privatnost uređaja. Na računalu ugasiš Intel Management Engine, koristiš Linux kao OS i svakako si u boljoj situaciji nego sa Windowsima koji vole svaku sitnicu reportati Microsoftu.
Na telefonu instaliraš Graphene OS koji je puno više orjentiran na privatnost i sigurnost nego defaultni android i s kojim imaš bolju kontrolu nad svojim podacima.
Za routere koristiš Mikrotike ili OpenWRT bazirana rješenja, pa si svakako u puno boljoj poziciji nego da koristiš neku sigurnosnu katastrofu kao što je TP Link.
Za neke stvari možeš koristiti i jednokratne OSeve poput Tailsa, koji ne logira ništa i nakon shutdowna gubi svu memoriju osim one koju si baš htio trajnije spremiti.
Možeš koristiti Qubes OS za svakodnevni rad, malo je gnjavaža u početku za podesiti, ali to radi super.
Puno je opcija, pitanje je samo tko će pristati da on osobno bude proizvod, a tko malo više cijeni privatnost koja je osnovno ljudsko pravo.

[Ivo_Strojnica]

eeee, reklamiraju se oni kao takvi proizvodi, ali kao što medo kaže, đabe ti sve kad je problem na hardverskoj razini, a imali smo puno vijesti gdje se to zaista pokazalo istinitim.

[Night]

Citiraj:

Autor Ivo_Strojnica

eeee, reklamiraju se oni kao takvi proizvodi, ali kao što medo kaže, đabe ti sve kad je problem na hardverskoj razini, a imali smo puno vijesti gdje se to zaista pokazalo istinitim.

Vidimo i svaki dan automobilske nesreće, pa je li to znači da se proizvođači auta i vozači trebaju prestati zamarati trošenjem novca na sigurnosne sustave kad se ionako nesreća uvijek može dogoditi.

[mkey]

Citiraj:

Autor tomek@vz

Ak će na taj način eliminirat kriminal - ja sam za iskreno.

Samo je pitanje koji će točno kriminal eliminirati.

[Ivo_Strojnica]

Citiraj:

Autor Night

Vidimo i svaki dan automobilske nesreće, pa je li to znači da se proizvođači auta i vozači trebaju prestati zamarati trošenjem novca na sigurnosne sustave kad se ionako nesreća uvijek može dogoditi.

Malo nategnuta usporedba, ali ajd.
Možemo mi napraviti vozilo koje je apsolutno sigurno i potrošiti ogromne novce na taj sustav (automatska vožnja, kontrolirano ubrzanje, prilagodba cesti, međusobno komuniciranje među autima da se spriječi sudar....), ali ono o čemu pričam je, što uz sav taj sustav netko ima admin mode kojim se upravlja upaljač u rezervaru i na pritisak tipke ti raznese auto, bez obzira na sve ostale security feature koji su ugrađeni da se zaštiti osoba u autu.

što meni znači OpenWRT, što mi znači firewall, što mi išta znači, ako procesor sam u sebi vrti cijelu komunikaciju i zaobilazi sve ruleove koje sam ja složija u firewallu?
Što meni znači da sam ugasio mobitel, spremio ga u ladicu, kad se taj mobitel ide spojiti na internet i raditi što mu je zapisano tamo gdje ja ne mogu pristupiti?
Što ako qualcomm procesor u mobitelu priča sa qualcomm procesorom u mom routeru i time se zaobilazi cijela security infrastruktura?