Create accountLogin

Recent searches

No recent searches

Search options

Not available on dice.camp.
dice.camp is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon server for RPG folks to hang out and talk. Not owned by a billionaire.

Administered by:

Server stats:

1.8K
active users

dice.camp: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#security

250 posts167 participants4 posts today
Public
🇺🇦 Je me souviens 🇨🇦

"To accelerate my output, AI Chatbots and their use seemed to provide a great opportunity to grow and expand what I am able to accomplish. That’s how I arrived where I am in my AI journey."

#Technology #Information #Sharing #Webiste #FreeSpeech #OpenSource #FOSS #News #Freedom #Archive #Security #AI #ChatBot #Genealogy #Writing #Research

eirenicon.org/choosing-primary

blue bright lights
eirenicon llc · Choosing Primary Chatbot Environments (AI)Why I Chose HuggingChat and Perplexity as My Primary AI Environments Executive Summary After experimenting with various AI tools, I’ve found that a hybrid approach using HuggingChat for experimental flexibility and Perplexity for real-time research offers the ideal balance for my work as a genealogist, historian, and author. This combination provides customizability, cost control, and […]
Continued thread
Public
Nonilex

Data #security experts have expressed alarm that US #NationalSecurity professionals are not…[just]…using the govt’s suite of secure encrypted systems for work communications such as JWICS, the Joint Worldwide Intelligence Communications System.

Most concerning, however, is the use of personal email, which is widely acknowledged to be susceptible to hacking, spearfishing & other types of digital compromise.

#Gmail#Signalgate#Signal
Public
Baa

The way Gitlab, Forgejo, Gitea etc. use the server-side SSH server to accept pushed data over SSH relies on a system user called git having SSH access. (or forgejo in their case).

Access is granted by the standard authorized_keys inside ~/.ssh, which for forgejo means /var/lib/forgejo/.ssh/authorized_keys. When a user adds an SSH key to their account, it's added to this authorized_keys file.

I really hate this, this means that any user of Forgejo is only inches away from having full shell access. The default shell of the forgejo user is /bin/bash, it exists inside of /etc/passwd:

forgejo:x:122:130:Forgejo (Beyond coding. We forge.):/var/lib/forgejo:/bin/bash
I really really hate this. The only thing preventing random users of Forgejo having shell access is the default command of the SSH session as stipulated by the authorized_keys entry, this is what it looks like:
command="/usr/bin/forgejo --config=/etc/forgejo/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgnZeNC4fMCXYuWxir7NlKts9Zj4sYZZJzzHh4IyTm2 Baa-New

This is technically secure, there is no publicly known way of bypassing this and gaining shell access by adding your own SSH key to forge and SSHing into the server as the forgejo user. It will immediately disconnect you, and if you try submitting any specific command you'll receive Disallowed command.

But still, I really really really hate this. We're just one tiny misconfiguration, one minuscule exploit away from granting all forgejo users shell access into the server :akko_sob:

Imagine for example, you were hosting a Minecraft server on Windows. And to grant a user access to it, you had to create them a Windows User inside control userpasswords2 and then explicitly disallow them RDP access. That RDP config is the only thing preventing them for remoting straight into your server. This si what it feels like, I can't help but wish SSH was entirely separate from everything else going on here.

Which is exactly what Forgejo's own built-in SSH server does, I'll enable that and move it to a different port, because I'm too scared otherwise, and my server's not even public, and I haven't even started with Runners yet, those scare me even more :02notlikethis:

Feel free to correct me if I'm wrong, or add your own insights I'd like to know more about this mentality #ssh #git #forgejo #linux #security #gitlab
Public
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕

»Gmail Gets End-To-End Encryption From Google As 21'st Birthday Present:
[…] Google Claims To Have Invented An Entirely New Type Of Encryption For Gmail Users […]«

This is not an April joke and yes Google offers OpenPGP for Gmail Accounts. This is not difficult to set up but too many people are too lazy in my opinion.

📧 forbes.com/sites/daveywinder/2

ForbesGmail Gets End-To-End Encryption From Google As 21st Birthday PresentAs Gmail turns 21, Google has announced it is bringing end-to-end encryption to the email party. Here's what you need to know.
#e2ee#openpgp#email
Public
Hans-Christoph Steiner

#Google funds this #EU think tank to put out policy papers saying #DigitalMarketsAct will break their lovely #PlayProtect scare screens, making us all less safe and "it require[s] Google to allow developers to insert links inside their Play Store apps".

ecipe.org/publications/eu-dma-

As I've always said in relation to the #DMA, let @fdroidorg compete on trustworthiness. I'd love to see this think thank include analysis malware rates of #CalyxOS with #FDroid and compare that to #GooglePlay #security

ecipe.orgCybersecurity at Risk: How the EU’s Digital Markets Act Could Undermine Security across Mobile Operating Systems |
ExploreLive feeds
About