Find similar content

http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/ #security This should have been obvious to me for a longer time, but until earlier today I did not really realize the severity of the issues caused by str.format on untrusted user input. It came up as a way to bypass the Jinja2 Sandbox in a way that would permit retrieving information that you should not have access to which is why I just pushed out a security release for it. However I think the general issue is quite severe and needs to be a discussed because most people are most likely not aware of how easy it is to exploit.

#security page 1 - 2 - 3 - 4 Click here to return to the ⚒ Resource Index ⚒ Security Culture - Basics for Protests https://t.me/RevToolboxRedux/2165 https://t.me/RevToolboxRedux/2166 - PDF version Security and Counter-Surveillance - Information Against the Police State https://t.me/RevToolboxRedux/2559 What To Do When You're Arrested https://t.me/RevToolboxRedux/2585 Surveillance Self Defense in Public Spaces https://t.me/RevToolboxRedux/2755 Movement Defense Means All of Us - A guide to building resilient movements and countering repression. https://t.me/RevToolboxRedux/2070 No Badjacketing - The State Wants To Kill Us, Let's Not Cooperate (important article) https://t.me/RevToolboxRedux/2915 Why Misogynists Make Great Informants https://t.me/RevToolboxRedux/2916 Digital Communication Protocols Beyond Telegram https://t.me/RevToolboxRedux/3338 Police Infiltrators - the ultimate betrayal https://t.me/RevToolboxRedux/2502 Privacy/Security Resource list https://t.me/RevToolboxRedux/12 Some tips on staying secure online https://t.me/RevToolboxRedux/157 Elicitation - subtly soliciting information https://t.me/RevToolboxRedux/167 Telegram tips for group/channel admins (old) https://t.me/RevToolboxRedux/198 Breaking News Consumer's Handbook https://t.me/RevToolboxRedux/209 Antifascism is Self Defense https://t.me/RevToolboxRedux/264 Digital security resources for activists https://t.me/RevToolboxRedux/267 Know Your Rights - A Crashcourse 4 Protesters (Don't Shoot PDX) https://t.me/RevToolboxRedux/273 Best Practices for Signal Threads https://t.me/RevToolboxRedux/280 The Riot is One Night But Metadata is Forever https://t.me/RevToolboxRedux/293 Never Talk to the Cops https://t.me/RevToolboxRedux/294 Before Posting Ask Yourself - does this pose a risk? https://t.me/RevToolboxRedux/295 Surveillance Self Defense (EFF) https://t.me/RevToolboxRedux/309 How To Make It Harder for Cops to Do Their Jobs https://t.me/RevToolboxRedux/310 Beating FBI Surveillance https://t.me/RevToolboxRedux/319 How To Find Hidden Cameras https://t.me/RevToolboxRedux/334 DIY Faraday Bag (untested) https://t.me/RevToolboxRedux/327 Guide to IMSI Catchers (Fake Cell Towers) https://t.me/RevToolboxRedux/337 Covering Cameras w/ Umbrellas https://t.me/RevToolboxRedux/369 Getting Started - Telegram Anonymity https://t.me/RevToolboxRedux/370 Tails OS Leaflet https://t.me/RevToolboxRedux/378 Car Brigade Techniques https://t.me/RevToolboxRedux/407 Beware Swoopers https://t.me/RevToolboxRedux/431 Spread Good Info! S.A.L.U.T.E. https://t.me/RevToolboxRedux/436 Anarchist Direct Actions - A Challenge for Law Enforcement https://t.me/RevToolboxRedux/462 What To Do If You Are Stopped by the Police https://t.me/RevToolboxRedux/465 Criptica. Resistencia Digital (espanol) https://t.me/RevToolboxRedux/467 Which Apps Are Secure and End-to-End Encrypted? https://t.me/RevToolboxRedux/495 When the Police Knock on Your Door https://t.me/RevToolboxRedux/517 Dress for Success - Disguise without Bloc https://t.me/RevToolboxRedux/518 Look Out for Fascist Entryism https://t.me/RevToolboxRedux/520 What to Do If You Receive an Unsolicited Message https://t.me/RevToolboxRedux/528 PDX Decentralized Comms Ruleset https://t.me/RevToolboxRedux/536 Only Networks Can Defeat Networks - decentralized digital struggle https://t.me/RevToolboxRedux/607 The Basics of Firearm Safety https://t.me/RevToolboxRedux/643 Assertive Intervention and Deescalation Tools and Tips https://t.me/RevToolboxRedux/646 Faraday Bag from CLDC https://t.me/RevToolboxRedux/652 How to Lock Your SIM Card https://t.me/RevToolboxRedux/683 How to Spot NYPD Unmarked Cars https://t.me/RevToolboxRedux/685 Digital Safety at Protests https://t.me/RevToolboxRedux/687 Crossing the U.S. Border - crimethinc https://t.me/RevToolboxRedux/742 Gentleman's Guide to Forum Spies and Spooks https://t.me/RevToolboxRedux/750 Atlas of Surveillance - Documenting Police Tech https://t.me/RevToolboxRedux/784 2 Twitter Alternatives https://t.me/RevToolboxRedux/786

Take the following quiz about the #Linux command line (20 questions) and see how much you would score in these very basic questions! https://quiz.fosspost.org/quiz/introduction-to-linux-command-line-quiz/

Take the following quiz about software management in #Linux! Learn the basics of apt/dnf/zypper/rpm/dpkg in few minutes: https://quiz.fosspost.org/quiz/software-management-from-the-command-line/

Linux Kernel 5.9 was released, get to know the new features from Kernel Newbies website: https://kernelnewbies.org/Linux_5.9 #Linux

#Linux devices have a unique identifier called machine-id. Here is how to change it. Posted on February 24, 2021 What is a machine-id, and why should you randomize it? From the machine-id man pages, it is defined as: This ID uniquely identifies the host. It should be considered “confidential”, and must not be exposed in untrusted environments, in particular on the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly. https://www.man7.org/linux/man-pages/man5/machine-id.5.html In an effort to promote privacy, having a unique and unchanging identifier tied to your device seems like the wrong approach. It’s quite possible that poorly coded or even maliciously coded software could fetch this ID from your system. Let’s make sure that even if that does happen, that the value is constantly changing so that your device can not be uniquely identified as your device. This is an incredibly simple and quick adjustment to your default Linux system. What we’re doing is showing you how to either adjust this value manually by hand, or by running a cronjob to change this value every minute with a new, randomized value. Before we begin, a disclaimer: We’ve tested this on our own work desktops and development environments and I’ve tested it on my daily driver desktop. We have not found that anything has ‘broken’ because of this, but this is untested in many environments and may not be suitable for your use. It’s always reversible if you later wish to continue with a single, uniquely identifying ID attached to your device(s). Debian / Ubuntu systems To check your machine-id, open up your terminal and enter the following: cat /etc/machine-id The output should look a little something like this: a9976154f0084a3782892638656ad9fd You’ll note that this value is also stored in /var/lib/dbus/machine-id and that a symlink between the two exist. Any change to one file, will be reflected in the other. me@virtbox-testing:~$ cat /etc/machine-id a9976154f0084a3782892638656ad9fd me@virtbox-testing:~$ cat /var/lib/dbus/machine-id a9976154f0084a3782892638656ad9fd If you reboot your device, you’ll notice that this value remains unchanged. So, let’s change it ourselves! Method 1: Manually. Method 2 is automatically, every minute, as ran by a cron-job. If you don’t want to fully commit to that, you can change your machine-id by hand manually whenever you feel like it. Step 1, remove the old machine-id file. sudo rm /etc/machine-id Step 2, recreate the machine-id file. sudo systemd-machine-id-setup Step 3, confirm that /etc/machine-id (and /var/lib/dbus/machine-id) now show a new value, different from the original. cat /etc/machine-id && cat /var/lib/dbus/machine-id That’s it! You should see two lines in your output with matching IDs that differ from the original machine-id you had in the beginning. me@virtbox-testing:~$ cat /etc/machine-id && cat /var/lib/dbus/machine-id a78badce3e73beced163bbef7e55232a a78badce3e73beced163bbef7e55232a You’ve changed your device’s uniquely identifying machine-id. This change will survive device reboots and will remain the same until you create a new one. Method 2: Changing every 1 minute, automatically. If the above didn’t satisfy your needs, than feel free to automate the creation of a new machine-id by creating a cronjob entry that will generate a new ID every minute. Step 1, open up your crontab file. sudo crontab -e Step 2, enter at the bottom of the file the following: */1 * * * * sudo rm /etc/machine-id && sudo systemd-machine-id-setup Save and Exit. Step 3, wait a minute and confirm that your machine-id value has changed: cat /etc/machine-id && cat /var/lib/dbus/machine-id You should see two new matching values, that differs from the original value you had at the start. Wait a minute and run the step 3 command again, and you’ll see that these values have changed.

https://archive.is/0OLMG how to change #linux machine-id

#security 我计算器怎么弹出来了.webp

#security Libbitcoin Explorer 使用了 PRNG 而非 CSPRNG 作为随机数初始源，导致私钥强度不够可能被攻击者猜出。 Libbitcoin Explorer 开发者否认这是一个bug。 编者评：开发者行为很奇怪，据披露文件说在 v2.3.0 (2017年) 的时候还是使用的 std::random_device + std::uniform_int_distribution 来作为随机数源的（也不安全）， v3.0.0 之后就改成 get_clock_speed() + std::mt19937 作为随机数源了。这个刻意的修改我认为应该是故意削弱随机数发生器的安全性。 https://milksad.info/disclosure.html

🚨 QLNX, a previously undocumented #Linux RAT, is targeting developers and DevOps systems to steal npm, PyPI, AWS, Kubernetes, Docker, and CI/CD credentials. The malware uses fileless execution, PAM backdoors, eBPF rootkits, and 58 remote commands to maintain covert access and hijack software supply chains. Learn more about QLNX here: https://thehackernews.com/2026/05/quasar-linux-rat-steals-developer.html

⚠️ A new #Linux flaw is now under active exploitation. CISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released. Fix deadline: May 15, 2026. Read: https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html