Adam Chovanec
@staticnoisexyz.infosec.exchange.ap.brid.gy
A geek from Czechia 🇨🇿🇪🇺. My field is #cybersecurity. CSIRT-MU member. I love cakes and hiking.
🌉 bridged from https://infosec.exchange/@staticnoisexyz on the fediverse by https://fed.brid.gy/
🌉 bridged from https://infosec.exchange/@staticnoisexyz on the fediverse by https://fed.brid.gy/
ICT Odbory
@ict_odbory_ict_union už v pondělí v 18:00 pořádají online seminář “Home office a práce na dálku z právního pohledu”. V článku je odkaz, kde se můžete zaregistrovat.
https://www.root.cz/zpravicky/ict-odbory-zvou-na-pravni-webinar-o-praci-na-dalku/
@ict_odbory_ict_union už v pondělí v 18:00 pořádají online seminář “Home office a práce na dálku z právního pohledu”. V článku je odkaz, kde se můžete zaregistrovat.
https://www.root.cz/zpravicky/ict-odbory-zvou-na-pravni-webinar-o-praci-na-dalku/
ICT Odbory zvou na právní webinář o práci na dálku - Root.cz
V pondělí 30. června od 18:00 bude probíhat webinář pořádaný ICT Odbory na téma práce na dálku. Zjistěte všechno, na co jste se báli zeptat o práci z…
www.root.cz
June 27, 2025 at 7:17 PM
ICT Odbory
@ict_odbory_ict_union už v pondělí v 18:00 pořádají online seminář “Home office a práce na dálku z právního pohledu”. V článku je odkaz, kde se můžete zaregistrovat.
https://www.root.cz/zpravicky/ict-odbory-zvou-na-pravni-webinar-o-praci-na-dalku/
@ict_odbory_ict_union už v pondělí v 18:00 pořádají online seminář “Home office a práce na dálku z právního pohledu”. V článku je odkaz, kde se můžete zaregistrovat.
https://www.root.cz/zpravicky/ict-odbory-zvou-na-pravni-webinar-o-praci-na-dalku/
Reposted by Adam Chovanec
The biggest scandal in AI energy usage right now deserves to be the xAI data center running on 35 methane gas turbines that don't need air permits because they are "temporary" and don't have catalytic reduction pollution controls installed because... they just didn't bother? […]
Original post on fedi.simonwillison.net
fedi.simonwillison.net
June 12, 2025 at 5:30 PM
The biggest scandal in AI energy usage right now deserves to be the xAI data center running on 35 methane gas turbines that don't need air permits because they are "temporary" and don't have catalytic reduction pollution controls installed because... they just didn't bother? […]
> In 2021, Nextcloud and other companies filed a complaint in the EU regarding alleged anti-competitive behavior from Microsoft. "We are now four years in, and nothing has happened," the company said. "What do you think happens to a company that releases no updates to their app in four years?" […]
Original post on infosec.exchange
infosec.exchange
May 13, 2025 at 6:36 PM
> In 2021, Nextcloud and other companies filed a complaint in the EU regarding alleged anti-competitive behavior from Microsoft. "We are now four years in, and nothing has happened," the company said. "What do you think happens to a company that releases no updates to their app in four years?" […]
I have deep appreciation for the openSUSE security team. I would have given up a long before they did. Not sure whether it was malice or mere incompetence on the side of Deepin devs. Read the original article of openSUSE, it is worth it.
I also wonder how other distros handle polkit rules and […]
I also wonder how other distros handle polkit rules and […]
Original post on infosec.exchange
infosec.exchange
May 9, 2025 at 10:13 PM
I have deep appreciation for the openSUSE security team. I would have given up a long before they did. Not sure whether it was malice or mere incompetence on the side of Deepin devs. Read the original article of openSUSE, it is worth it.
I also wonder how other distros handle polkit rules and […]
I also wonder how other distros handle polkit rules and […]
Reposted by Adam Chovanec
We got this "HIGH security problem" in #curl earlier today:
"The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences (e.g., ../../), cURL writes files outside the current working directory, allowing arbitrary file overwrite. In […]
"The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences (e.g., ../../), cURL writes files outside the current working directory, allowing arbitrary file overwrite. In […]
Original post on mastodon.social
mastodon.social
May 2, 2025 at 12:21 AM
We got this "HIGH security problem" in #curl earlier today:
"The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences (e.g., ../../), cURL writes files outside the current working directory, allowing arbitrary file overwrite. In […]
"The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences (e.g., ../../), cURL writes files outside the current working directory, allowing arbitrary file overwrite. In […]
Great talk! I am not sure how I feel about some of the points he raised, but I agree with a lot of it. #flatpak
https://sunny.garden/@bragefuglseth/114434422740271702
https://sunny.garden/@bragefuglseth/114434422740271702
Brage Fuglseth (@bragefuglseth@sunny.garden)
@alatiera@mastodon.social's brutally honest talk on #Flathub, packaging and social dynamics: https://youtu.be/NxOH4wJkfLY
sunny.garden
May 2, 2025 at 7:18 AM
Great talk! I am not sure how I feel about some of the points he raised, but I agree with a lot of it. #flatpak
https://sunny.garden/@bragefuglseth/114434422740271702
https://sunny.garden/@bragefuglseth/114434422740271702
Reposted by Adam Chovanec
People are mad at Trump about #ukraine and rightly so. But we Europeans should blame ourselves first and foremost. For decades we have lived in the comfort of US protection and today we are unable to stand up independently to the thug from the East whose economy is tiny compared to ours and we […]
Original post on social.vivaldi.net
social.vivaldi.net
April 24, 2025 at 7:31 AM
People are mad at Trump about #ukraine and rightly so. But we Europeans should blame ourselves first and foremost. For decades we have lived in the comfort of US protection and today we are unable to stand up independently to the thug from the East whose economy is tiny compared to ours and we […]
It looks like #amdgpu is coocked again in the latest #archlinux kernel. I crashed on me after two minutes of work. Thankfully I have LTS kernel installed too, where the issue does not happen.
April 21, 2025 at 8:35 PM
It looks like #amdgpu is coocked again in the latest #archlinux kernel. I crashed on me after two minutes of work. Thankfully I have LTS kernel installed too, where the issue does not happen.
Reposted by Adam Chovanec
📱 Válí se mi doma Pixel 6a s GrapheneOS
Mám tu plně funkční Google Pixel 6a s nainstalovaným GrapheneOS. Bezpečnostní aktualizace do července 2027. Perfektní pro někoho, kdo to myslí vážně se soukromím a chce bezpečný telefon bez Google sledovaček.
Telefon má známky běžného používání a trochu […]
Mám tu plně funkční Google Pixel 6a s nainstalovaným GrapheneOS. Bezpečnostní aktualizace do července 2027. Perfektní pro někoho, kdo to myslí vážně se soukromím a chce bezpečný telefon bez Google sledovaček.
Telefon má známky běžného používání a trochu […]
Original post on mastodon.arch-linux.cz
mastodon.arch-linux.cz
April 21, 2025 at 9:24 AM
📱 Válí se mi doma Pixel 6a s GrapheneOS
Mám tu plně funkční Google Pixel 6a s nainstalovaným GrapheneOS. Bezpečnostní aktualizace do července 2027. Perfektní pro někoho, kdo to myslí vážně se soukromím a chce bezpečný telefon bez Google sledovaček.
Telefon má známky běžného používání a trochu […]
Mám tu plně funkční Google Pixel 6a s nainstalovaným GrapheneOS. Bezpečnostní aktualizace do července 2027. Perfektní pro někoho, kdo to myslí vážně se soukromím a chce bezpečný telefon bez Google sledovaček.
Telefon má známky běžného používání a trochu […]
Reposted by Adam Chovanec
DOGE handing over government logins to Russia is not a scandal because everybody was expecting it anyway?
"Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in [...]. The attempts were "near real-time," [...]. Those attempts were […]
"Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in [...]. The attempts were "near real-time," [...]. Those attempts were […]
Original post on mastodon.social
mastodon.social
April 16, 2025 at 12:31 PM
DOGE handing over government logins to Russia is not a scandal because everybody was expecting it anyway?
"Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in [...]. The attempts were "near real-time," [...]. Those attempts were […]
"Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in [...]. The attempts were "near real-time," [...]. Those attempts were […]
Reposted by Adam Chovanec
I boosted several posts about this already, but since people keep asking if I've seen it....
MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration […]
[Original post on infosec.exchange]
MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration […]
[Original post on infosec.exchange]
April 15, 2025 at 8:33 PM
I boosted several posts about this already, but since people keep asking if I've seen it....
MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration […]
[Original post on infosec.exchange]
MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration […]
[Original post on infosec.exchange]
Reposted by Adam Chovanec
Buď můžete říkat, že bojujete proti zlu, nebo můžete prodávat forenzní software do Myanmaru. Tvrdit obojí zároveň a ještě novináři? 🤦♂️
Snad si na ně stát došlápne. Za tohle by měli dostat kriminál.
> K převratu v Myanmaru došlo v únoru 2021. Podle e-mailové komunikace, kterou Radiožurnál […]
Snad si na ně stát došlápne. Za tohle by měli dostat kriminál.
> K převratu v Myanmaru došlo v únoru 2021. Podle e-mailové komunikace, kterou Radiožurnál […]
Original post on infosec.exchange
infosec.exchange
April 15, 2025 at 7:04 AM
Buď můžete říkat, že bojujete proti zlu, nebo můžete prodávat forenzní software do Myanmaru. Tvrdit obojí zároveň a ještě novináři? 🤦♂️
Snad si na ně stát došlápne. Za tohle by měli dostat kriminál.
> K převratu v Myanmaru došlo v únoru 2021. Podle e-mailové komunikace, kterou Radiožurnál […]
Snad si na ně stát došlápne. Za tohle by měli dostat kriminál.
> K převratu v Myanmaru došlo v únoru 2021. Podle e-mailové komunikace, kterou Radiožurnál […]
Reposted by Adam Chovanec
Can distros ship #git that ends up using #openssl (via libcurl)? This bug was filed against Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094969
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094969
#1094969 - git: /usr/lib/git-core/git-remote-http is linked against incompatibly licensed OpenSSL - Debian Bug report logs
bugs.debian.org
April 13, 2025 at 8:11 AM
Can distros ship #git that ends up using #openssl (via libcurl)? This bug was filed against Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094969
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094969
I have never used NordVPN. I have never visited their website. So why on earth is @Vivaldi showing me ads in the search bar?! Not cool!
At least have the damn courage to label it as ads instead of gaslighting me with this “direct match” bullshit.
You […]
[Original post on infosec.exchange]
At least have the damn courage to label it as ads instead of gaslighting me with this “direct match” bullshit.
You […]
[Original post on infosec.exchange]
April 8, 2025 at 9:55 PM
I have never used NordVPN. I have never visited their website. So why on earth is @Vivaldi showing me ads in the search bar?! Not cool!
At least have the damn courage to label it as ads instead of gaslighting me with this “direct match” bullshit.
You […]
[Original post on infosec.exchange]
At least have the damn courage to label it as ads instead of gaslighting me with this “direct match” bullshit.
You […]
[Original post on infosec.exchange]
The head of of Rubio's security jailed briefly in Brussels after he assaulted hotel staff and police officers.
> hotel staff refused to reopen the bar beyond its normal hours
https://www.washingtonexaminer.com/news/3368419/brussels-police-arrest-rubio-security-detail-supervisor-after-hotel-fight/
> hotel staff refused to reopen the bar beyond its normal hours
https://www.washingtonexaminer.com/news/3368419/brussels-police-arrest-rubio-security-detail-supervisor-after-hotel-fight/
April 8, 2025 at 10:16 AM
The head of of Rubio's security jailed briefly in Brussels after he assaulted hotel staff and police officers.
> hotel staff refused to reopen the bar beyond its normal hours
https://www.washingtonexaminer.com/news/3368419/brussels-police-arrest-rubio-security-detail-supervisor-after-hotel-fight/
> hotel staff refused to reopen the bar beyond its normal hours
https://www.washingtonexaminer.com/news/3368419/brussels-police-arrest-rubio-security-detail-supervisor-after-hotel-fight/
Reposted by Adam Chovanec
Lidé, kteří musejí žít s neutišitelnými bolestmi, na které nezabírají léky, se od dubna můžou snáz dostat k úlevě. Nově totiž můžou svým pacientům předepsat léčebné konopí i praktičtí lékaři […]
Original post on mastodon.rozhlas.cz
mastodon.rozhlas.cz
April 4, 2025 at 7:25 AM
Lidé, kteří musejí žít s neutišitelnými bolestmi, na které nezabírají léky, se od dubna můžou snáz dostat k úlevě. Nově totiž můžou svým pacientům předepsat léčebné konopí i praktičtí lékaři […]
A few notes from #bsidesprague conference. The attendee badge is classy!
April 3, 2025 at 7:25 AM
A few notes from #bsidesprague conference. The attendee badge is classy!
Reposted by Adam Chovanec
The bird is out of the bag! We're introducing Thunderbird Pro (you already know Appointment!), a set of productivity AND privacy boosting services. And that includes...*drum roll*...an email service we're calling Thundermail. Find all the info in this excellent article:
#thunderbird #opensource […]
#thunderbird #opensource […]
Original post on mastodon.online
mastodon.online
April 1, 2025 at 5:18 PM
The bird is out of the bag! We're introducing Thunderbird Pro (you already know Appointment!), a set of productivity AND privacy boosting services. And that includes...*drum roll*...an email service we're calling Thundermail. Find all the info in this excellent article:
#thunderbird #opensource […]
#thunderbird #opensource […]
Crazy GitHub didn’t reverse the decision on Organic Maps.
https://mastodon.social/@organicmaps/114233788700982882
https://mastodon.social/@organicmaps/114233788700982882
Organic Maps (@organicmaps@mastodon.social)
GitHub has gone - long live Forgejo (@forgejo@floss.social). Fully migrated out of Microsoft’s walled garden after they blocked us: - 54k commits - 9.5k issues - 4.3k pull requests - 100k comments Everything moved. Nothing left behind. https://git.omaps.dev/organicmaps/organicmaps
mastodon.social
March 28, 2025 at 1:11 AM
Crazy GitHub didn’t reverse the decision on Organic Maps.
https://mastodon.social/@organicmaps/114233788700982882
https://mastodon.social/@organicmaps/114233788700982882
> the MIR recommends a complete reversal of Apple’s ban on third-party browser engines. For the first time, a regulator proposes a remedy requiring Apple to allow third-party browsers to install and manage Web Apps using their own engines. This is a critical win for developers, startups, and […]
Original post on infosec.exchange
infosec.exchange
March 21, 2025 at 8:45 AM
> the MIR recommends a complete reversal of Apple’s ban on third-party browser engines. For the first time, a regulator proposes a remedy requiring Apple to allow third-party browsers to install and manage Web Apps using their own engines. This is a critical win for developers, startups, and […]
Reposted by Adam Chovanec
"Pokud stát nedokáže řešit ani věci, které předvídat lze, jak se asi vypořádá s riziky, jejichž kvantifikace je nelehká, či dokonce nemožná? " Martin Lobotka, Výběr střední školy se stal strategickou hrou na život a na smrt celého českého školství, Hospodářské noviny […]
Original post on mastodonczech.cz
mastodonczech.cz
March 19, 2025 at 8:58 AM
"Pokud stát nedokáže řešit ani věci, které předvídat lze, jak se asi vypořádá s riziky, jejichž kvantifikace je nelehká, či dokonce nemožná? " Martin Lobotka, Výběr střední školy se stal strategickou hrou na život a na smrt celého českého školství, Hospodářské noviny […]
Mark Roveŕs videos are always a treat but this video is especially good. Check it out for good time. https://youtu.be/IQJL3htsDyQ?si=7m8kFqVVZT6gDopG
March 15, 2025 at 11:21 PM
Mark Roveŕs videos are always a treat but this video is especially good. Check it out for good time. https://youtu.be/IQJL3htsDyQ?si=7m8kFqVVZT6gDopG
So HR people on LinkedIn now use the term “bodyshopping”. As in “bodyshopping” for IT analyst. I am appalled.
March 14, 2025 at 9:24 PM
So HR people on LinkedIn now use the term “bodyshopping”. As in “bodyshopping” for IT analyst. I am appalled.
Reposted by Adam Chovanec
New, by me:
Feds Link $150M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking […]
[Original post on infosec.exchange]
Feds Link $150M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking […]
[Original post on infosec.exchange]
March 8, 2025 at 2:00 AM
New, by me:
Feds Link $150M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking […]
[Original post on infosec.exchange]
Feds Link $150M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking […]
[Original post on infosec.exchange]