Harry Sintonen

#Firefly is returning as an animated series with the original cast - https://www.youtube.com/shorts/gfK-s3FNMpo

I'm not celebrating Pi day since I'm pretty sure Pi's value isn't even close to 14.3

I was in a meeting with some devs. The senior guy had about ten years’ dev experience. I suddenly felt very, very old.

Apparently some of the source code of the Sweden's E-Government platform has been stolen from CGI Sverige AB in a "sustained compromise".

The impact of this breach is unclear. In best scenarios the leak of the source code would largely not matter: You should build your systems in a way that access to source code doesn't lead to a compromise.

However, some reporting does mention that some credentials would have leaked as well. This sounds quite bad. However, credentials and keys are typically fairly easy to revoke and update (or this should be the case in most well designed systems).

Don't get me wrong, this is quite terrible. But it might not be as bad as it might initially seem like.

#infosec #cybersecurity #cgi

#CrackArmor: Multiple vulnerabilities in #AppArmor

Blogpost: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root

Advisory: https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt

These vulnerabilities allow a local attacker to bypass the security normally provided by AppArmor. Also, in some situations, it allows privilege escalation to root by selectively blocking specific syscalls.

#infosec #cybersecurity #qualys

#Freetype 2.14.2 is broken. For example https://freetype.org/freetype2/docs/tutorial/example1.c fails to work correctly.

Issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1390
Fix: https://gitlab.freedesktop.org/freetype/freetype/-/commit/6995a3462893e94043a89b1ddcef1520bcebb5d1

#RocketChat has a critical authentication bypass vulnerability due to forgetting await keyword ("Users can login with any password via the EE ddp-streamer-servic" CVE-2026-28514):

https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-w6vw-mrgv-69vf

The vulnerability has been patched in RocketChat 8.0.0, 7.13.3, 7.12.4, 7.11.4, 7.10.7, 7.9.8 and 7.8.6.

These issues were discovered by an AI agent developed by the GitHub Security Lab and reviewed by GHSL team members Peter Stöckli and Man Yue Mo.

I often voice my dislike of misguided AI use. This right here is actually good use of AI.

#CVE_2026_28514 #infosec #cybersecurity

#RFC9849: TLS Encrypted Client Hello was published 2026-03-03. Now lets make servers and clients use it to improve #privacy for everyone.

https://datatracker.ietf.org/doc/rfc9849/

Apparently there is no way to run dhcpd that binds to individual interface and #libvirt network on the same host. The solutions are:

1. Find a dhcpd that binds to *:67 (and then only responds to configured interfaces/networks), or
2. Manage the libvirt bridge network interface manually, or
3. Hack libvirt with a custom patch, or
4. Create a separate interface with different dhcpd port, and bind the dhcpd to that interface and prot. Forward dhcp packets from the desired interface to this custom interface and port.

I found this out the hard way when I planned to replace isc-dhcp-server with kea-dhcp4-server.

Apparently the kernel errors out if different applications want to bind to UDP *:port and UDP interface:port. Multiple apps binding to UDP *:port is fine and that is why isc-dhcp-server works with libvirt.

Two apps binding to different UDP interface0:port and interface1:port are of course ok, but unfortunately libvirt generates the bridge dnsmasq config in a way that doesn't allow specifying the specific interface for binding or excluded interfaces: https://github.com/libvirt/libvirt/blob/3f3cb3ab51740c30f1016c4fe657c48a14cc8462/src/network/bridge_driver.c#L1144

I have a libvirt headless Debian 13 VM that refuses to boot and spins single-core at 100% forever. If I enable VNC graphics for it - even if listening to a port on localhost - it boots just fine.

This is outright bizarre, but considering I only ever access the host over SSH, it can run a VNC server on localhost - I wouldn't mind understanding what the issue is without it, however.

This should be obvious for everyone by now, but if you're not from US you must assume that all your use of US AI services (#ChatGPT, #Claude, #Gemini etc) is fed directly to US intelligence services.

"We may share your Personal Data, including information about your interaction with our Services, with government authorities ... in compliance with the law (i)" (OpenAI)

"We may disclose personal data to governmental regulatory authorities as required by law" (Claude)

"We will share personal information outside of Google ... to: Respond to any applicable law, regulation, legal process, or enforceable governmental request" (Gemini)

The amount of valuable information fed to the systems voluntarily is staggering. It's not a matter of "if" it is happening, but "of course it is". It would be outright negligent if they weren’t capturing and disseminating it all.

https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act#Without_a_court_order
https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act#Amendments

#privacy

You should always consider network transport just that: a transport. It's not a security control. You should always use encryption on top of the transport, no matter the type. HTTPS is good, VPN is even better.

@arstechnica@mastodon.social
"New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises"

https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/

paper: https://www.ndss-symposium.org/wp-content/uploads/2026-f1282-paper.pdf

#infosec #cybersecurity #airsnitch

Retroactively changing the role of a token or key is a very bad idea.

https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

#google #googleapikeys #infosec #cybersecurity

The Finnish Post #omaposti login is down. There are reports of people seeing messages and other information belonging to other people. According to reports Posti is investigating.

It is likely that the login has been deliberately taken down to prevent further leaks due to the fault.

Source: https://www.is.fi/digitoday/art-2000011842248.html (in Finnish)

#privacy

The x86css demonstrates complex computation in CSS alone. I can think of couple of interesting applications for this: Since computation is possible this could potentially be used to as a covert side-channel, even when JavaScript execution is disabled.

https://lyra.horse/x86css/

#hacking #infosec #cybersecurity

I guess I need to address this: Any dm requesting donations will get you blocked and reported - legitimate or not.

But of course we can't have nice things: "Warner Bros Discovery Removes Babylon 5 from YouTube After Brief Free Run" https://cordcuttersnews.com/warner-bros-discovery-removes-babylon-5-from-youtube-after-brief-free-run/

#babylon5 #scifi

WSJ - "What It Takes to Build a Modern Nuclear Shelter for 7K People" - https://www.youtube.com/watch?v=4tRfqm916BU

#readiness #shelter #nuclearshelter

Reading up on the aes-js and pyaes IV issues discovered by @trailofbits@infosec.exchange I remembered something I ran into many moons ago (maybe about 15 years ago):

I discovered some prod C# encryption code that used a fixed salt in key&iv derivation code. It used a salt of 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76.

This code was obviously copypasted from a 2003 codeprojects.com post and the example code used verbatim, without understanding the implications.

Anyway, this kind of is somewhat similar, but just unmeasurably worse: https://blog.trailofbits.com/2026/02/18/carelessness-versus-craftsmanship-in-cryptography/

#enshittification #cryptography #encryption

Finnish digital and population data services agency (DVV) doesn't recommend issuing 10 year passports due to current passport technology not employing post-quantum #cryptography (#PQC).

Statement from DVV (in finnish):
https://dvv.fi/documents/16079645/256293604/SM02000-2025-DVV%20lausunto%202026-02-16.pdf

This is exactly the problem with trusting US companies right now. They will comply with these "lawful access requests", regardless of how outrageous they are.

The Intercept: "Google Fulfilled ICE Subpoena Demanding Student Journalist’s Bank and Credit Card Numbers" - https://theintercept.com/2026/02/10/google-ice-subpoena-student-journalist/

The only recourse you have as a consumer is to switch away from these US services. It can be tricky as many have built their digital identity on top of the US services, self-hosting requires expertise and knowing which alternatives to trust is difficult. @privacyguides@mastodon.neat.computer has some helpful guides for this: https://www.privacyguides.org/

#privacy #google #privacyguides

The Finland's Emergency Response Centre Agency’s 112 Suomi application will get a new feature to alert about airborne threats.

Source: https://intermin.fi/en/-/further-development-of-112-suomi-app-to-draw-on-lessons-from-ukraine (in english)

Information about the 112 Suomi app:
https://112.fi/en/112-suomi-application

#preparedness #emergencyresponse

Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope. Madness. source: https://mrbruh.com/amd/ #vulnerability #infosec #cybersecurity

There's a Finnish citizens’ initiative for digital sovereignty. The initiative proposes a law to outlaw the use of non-EU service providers and software for critical government functions. More details at https://www.kansalaisaloite.fi/fi/aloite/16691 (in finnish) https://www.kansalaisaloite.fi/sv/initiativ/16691 (in swedish)

Meanwhile, Meta blocked the Threads account of the initiative: @digitaalinenitsenaisyys@mementomori.social

#citizensinitiative #digitalsovereignty

Apparently a state-sponsored group was using Notepad++ update functionality to infect targeted people. "According to the former hosting provider, the shared hosting server was compromised until September 2, 2025. Even after losing server access, attackers maintained credentials to internal services until December 2, 2025, which allowed them to continue redirecting Notepad++ update traffic to malicious servers." source: https://notepad-plus-plus.org/news/hijacked-incident-info-update/ #infosec #cybersecurity