#Tails 6.8.1

2024-10-10

This release is an emergency release to fix a critical security vulnerability in *Tor Browser.*

Changes and updates

Update Tor Browser to 13.5.7, which fixes [MFSA 2024-51](,https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/) a major use-after-free vulnerability. Using this vulnerability, an attacker could take control of Tor Browser, but probably not deanonymize you in #Tails.

Mozilla is aware of this attack being used in the wild against Tor Browser users.

Fixed problems

For more details, read our changelog.

Get Tails 6.8.1

To upgrade your Tails USB stick and keep your Persistent Storage

• Automatic upgrades are available from Tails 6.0 or later to 6.8.1.

• If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 6.8.1 on a new USB stick

Follow our installation instructions:

• Install from Windows

• Install from macOS

  • Install from Linux

• Install from Debian or Ubuntu using the command line and GnuPG

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 6.8.1 directly:

• For USB sticks (USB image)

• For DVDs and virtual machines (ISO image)

#URL: https://tails.net/news/version_6.8.1/index.en.html

Attention, risk of confusion! 😱

#twitter #elonMusk #musk #web #www #internet #URL #URI #X #floss #foss #freedom #linux #gnu #nerd #humor #software #just4fun #meme #desktop

Le client youtube Invidious fonctionne. Mais petit souci, peut-être passager, avec la #redirection d' #URL avec #Invidious.
-- https://invidious.us ne passe plus chez moi, c'est même bloqué par uBlock car une page de contrôle veut s'afficher au lieu de celle d'invidious.
-- la page https://redirect.invidious.io s'affiche, mais plus la liste des différentes #instances possibles.
(ça, je pense que ce sera passager :) )

Les instances fonctionnent cela dit, exemple avec celle de la fdn : https://invidious.fdn.fr
Et sinon, les liens Piped fonctionnent aussi.

Ça donne quoi de vot'côté ?
Vous connaissez un autre lien de redirection, que les 2 cités ici ?

21.02.2024 eID des ePerso nicht mehr sicher?

Identität lässt sich auch hier stehlen

Die Antwort ist JEIN, denn ein anonymer Sicherheitsforscher mit dem Namen CtrlAlt hat zwar ein Beispiel aufgezeigt, wie ein Endgerät eines Anwenders durch eine über eine Pishing Mail erhaltene verseuchte App kompromittiert werden kann. Aber in so einem Fall gilt, wie bei allen Fällen, wo Menschen aus eigener "Dummheit" auf Angriffe hereinfallen - selbst schuld.

Mit dieser schnellen Antwort wollte sich Jürgen Schmidt, Leiter heise Security, nicht zufrieden geben und hat das Problem näher untersucht. Er geht vom Anspruch des eID-Verfahrens aus, den sich die Bundesregierung mal gestellt hatte und sagt: Doch der Anspruch des eID-Systems war und ist es, eine digitale Ausweisfunktion bereitzustellen, die auch dann noch sicher ist, wenn das Endgerät des Anwenders kompromittiert wurde – etwa wie hier mit einem Trojaner. Da hält die eID ihr Versprechen als unabhängiger Vertrauensanker nicht ein.

Im weiteren nennt er zwei Verbesserungsmöglichkeiten, eine davon lässt sich schnell anwenden. Es wäre bereits eine Hilfe, wenn die Nutzer eine Liste des BSI einsehen könnten, welche Apps und welche Updates vertrauenswürdig seien und eventuell auch Hinweise zu aktuellen Fake Apps als Warnung. Das BSI prüft diesen Vorschlag zur Zeit.

Der zweite Vorschlag geht ans Eingemachte. Dazu muss man wissen, dass eine ID-Feststellung in der eID App mit einer URL der Form eid://... beginnt. Solche URL-Schemes gelten bereits seit einigen Jahren nicht mehr als sicher, vor allem, wenn sich jede App, also auch ein Trojaner, dort registrieren kann. Sowohl für iOS als auch für Android gibt es sogenannte Universal URLs, bei denen definierte Deep-Links zum Anbieter den Aufruf einer App triggern, wie Heise Security vorschlägt. Die Antwort des BSI auf diesen Vorschlag ist wesentlich zurückhaltender, denn der Ansatz der Universal Links würde "das Ziel der Interoperabilität und Offenheit/Transparenz des eID Systems deutlich einschränken".

Die eID für den ePerso war ja vor vielen vielen Jahren aus der Taufe gehoben worden, um auch Firmen die Möglichkeit zu geben eine sichere Identifikation ihrer Nutzer sicherzustellen. Über Jahre gab es praktisch keine sinnvollen Anwendungen und auch heute kommen die immer noch wenig genutzten aus dem Öffentlichen Dienst. Selbst der vor 2 Jahren eingeführte und von uns verurteilte Zwang zur Freischaltung der eID in jedem neu ausgegebenen Personalausweis hat die Nutzerzahlen kaum beflügelt.

Wir zitieren hier gern eine Meldung aus dem Jahr 2010: Notbremse beim E-Personalausweis ziehen „Die übereilte Einführung des neuen Personalausweises fällt der Bundesregierung schneller auf die Füße als befürchtet" (Die Linke fordert Verzicht auf ePerso ) und verweisen auf über 50 Artikel (s.u.) in denen wir uns mit dem Thema "ePerso" beschäftigen mussten. Wir geben allerdings gerne zu, dass eine verlässliche und sichere Identifikation immerhin eine sinnvollere Anwendung als die ebenfalls staatlich eingeführte (und inzwischen beerdigte) DE-Mail mit stückweise verschlüsselten Nachrichten wäre.

Mehr dazu bei https://www.heise.de/hintergrund/eID-und-AusweisApp-kritische-Sicherheitsluecke-aber-auch-gefaehrlich-9632374.html
und alle unsere Artikel zum ePerso https://www.aktion-freiheitstattangst.org/cgi-bin/searchart.pl?suche=ePerso&sel=meta
Kategorie[21]: Unsere Themen in der Presse Short-Link dieser Seite: a-fsa.de/d/3z6
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8689-20240221-eid-des-eperso-nicht-mehr-sicher.html
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8689-20240221-eid-des-eperso-nicht-mehr-sicher.html
Tags: #eID #ePerso #Fingerabdruck #ElektronischerPersonalausweis #ElektronischerPass #Identitätsdiebstahl #Verbraucherdatenschutz #Datenschutz #Datensicherheit #DE-Mail #Ergonomie #Datenpannen #Vertrauen #Pishing #Unschuldsvermutung #Verhaltensänderung #BSI #URL #App-Liste

#Astuce : Comment voir une page internet directement en mode #lecture.

Pour les pages qui peuvent être affichées en mode lecture :
-- Pour #Firefox : ajouter devant l' #URL : about:reader?url=

Exemple (à copier-coller) : about:reader?url=https://blogs.alternatives-economiques.fr/zemmour/2024/01/30/breve-analyse-de-la-suppression-annoncee-de-l-ass

-- Sur un autre #navigateur, c'est peut-être ça : reader://
à tester.

Qui veut essayer sur #Chrome and co ?

https://support.mozilla.org/fr/kb/retirer-tout-le-superflu-des-pages-web-grace-au-mode-lecture
ou https://support.mozilla.org/fr/kb/consultez-des-pages-web-en-mode-lecture
Mais surtout, ça supprime tous les #Cookies #Traqueurs !!!.

#doh #dns #https #firefox #privacy #url #browser #internet #android #iphone #smartphone #windows #linux
https://wiki.mozilla.org/Trusted_Recursive_Resolver
"All preferences for the DNS-over-HTTPS functionality in Firefox are located under the network.trr prefix (TRR == Trusted Recursive Resolver). The support for these were added in Firefox 62.
network.trr.mode
The resolver mode. You should not change the mode manually, instead use the UI in the Network Settings section of about:preferences"
#aboutconfig #setting

#chromium #bromite #cloudflare

#URL #Expander
"Expandeur" d'URL
https://urlex.org/
(je n'y vois aucun traqueur, par ublock Origin ou Privacy Badger)

Précieux, pour déceler vers quoi mène un lien du type https://bit ly ou autres https://tiny url.....

Trouvé ici : http://assiste.forum.free.fr/viewtopic.php?f=163&t=34541
qui indique aussi cet #add-on : https://addons.mozilla.org/fr/firefox/addon/short-url-expander/
#URLExpander

#Lidl #PawPatrol snack recall due to link to explicit #website

source: https://www.timesandstar.co.uk/news/national/uk-today/23758017.lidl-paw-patrol-snack-recall-due-link-explicit-website/

The website #URL listed on the Paw Patrol mini biscuits and yummy bakes was compromised and now contains the explicit content.

Make love and do not get fat from too much sweets.

#hack #porn #hacker #economy #security #fail #children #UK #supermarket #content #problem

#Google #Search Asked to Remove One Billion ‘Pirate’ Links in 9 Months

source: https://torrentfreak.com/google-search-asked-to-remove-one-billion-pirate-links-in-9-months-230807/

Looking more closely at the timeline, we see that a billion #URLs were reported to Google search in less than nine months. For comparison, it took twice as long to go from five to six billion, suggesting that the #takedown volume picked up again after a previously reported decline.

#internet #piracy #copyright #economy #news #url

Raccourcisseur URL modifiable

#question

Bonjour à tous,

Je recherche un #raccourcisseur d' #URL modifiable!

J'ai regardé un peu du coté des #chatons évidement, mais rien trouvé

Le seul que j'ai trouvé jusqu'ici est sur OVH, et ça ne dit pas de quoi il se sers !

Si je ne trouve vraiment pas, je reprendrais un petit hébergement pour y mettre YOURLS, mais si je peux éviter pou l’instant ... 😃️

Merci

---

#framasoft #logiciel-libre #raccourcisseur_url

Punycodes Explained

#currentevents #featured #interest #internethacks #softwaredevelopment #computersecurity #dns #punycode #unicode #url #hackaday
posted by pod_feeder_v2

Deterring #Scraping By #Protecting #Facebook Identifiers

source: https://about.fb.com/news/2022/09/deterring-scraping-by-protecting-facebook-identifiers/

Most companies use unique identifiers within the URLs of their website. #Identifiers are a way to uniquely reference people or #content such as posts, pictures and videos. Within Facebook, these identifiers are known as #FBIDs and we use them to load content for people.

Every Facebook #link you distribute from your #account can be traced back to you!

#url #uri #warning #tracking #surveillance #meta #internet #economy #politics #id #identification #problem #anonymous #click #news

#Facebook Is Now #Encrypting #Links to Prevent #URL Stripping

source: https://www.schneier.com/blog/archives/2022/07/facebook-is-now-encrypting-links-to-prevent-url-stripping.html

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties.

#meta #fail #software #tracking #surveillance #news #warning #URI #Firefox

#ClearURLs sur #Framalibre (pour nettoyer un lien #URL de ses #trackers)
https://framalibre.org/content/clearurls

• ClearURLs est une extension vous permettant de lutter contre les outils de surveillance des annonceurs, en supprimant automatiquement les éléments de suivi (directement depuis l'URL), afin de protéger votre #ViePrivée lorsque vous naviguez sur #Internet.

• Par exemple, lorsque vous faites des recherches sur Amazon (ou bien sur d'autres sites web du genre), le site web en question va vous fournir une URL plus ou moins longue (contenant des codes de surveillance) :

amazon.com/dp/exampleProduct/ref=sxin_0_pb?__mk_de_DE=ÅMÅŽÕÑ&keywords=tea&pf_rd_i=exampleProduct&pg_rd_p=50bbfd25-5ef7-41a2-68d6-74d854b30e30&ph_rd_r=0GMWD0YYKA7XFGX55ADP&qid=1517757263&rnid=2914120011

• Étant donné que ces codes de #surveillance ne sont pas nécessaires au bon fonctionnement du site #web, alors ils peuvent être supprimés sans problème, et c'est exactement ce que fait ClearURLs :

amazon.com/exampleProduct/dp/1903574031237

• ClearURLs fait partie des #extensions recommandées par #Mozilla #Firefox.

#Logiciel #Libre #LogicielLibre

#Tip: you can have your own or a friend's #Diaspora* posts appear in your #RSS feed simply by adding the following #URL to your list of websites that you follow:
https://podname.org/public/username.atom

Rant: Open Source and the concept of: Release early, release often or publish early & publish often -> continuous development/continuous integration (CD/CI) -> tight loops ok but still - linking to nirvana without redirection & badly written software that everyone uses - another case of - nothing works "ok" - klarer fall von "nichts funktioniert ok"

https://administrator.de/forum/wol-geht-nicht-mit-broadcast-adresse-101944.html

-> it’s catastrophic, when webpages change their url setup…

https://www.heise.de/netze/Wake-on-WAN–/artikel/89304/0

because it will result in

“nothing works” “ok”

this does not have nothing to do with luck, but with:

1. bad url management:
   • wordpress does an pretty good job there, as whenever the user changes the url (more keywords?) it will also redirect from the older past urls to the new url
     • that is how it is SUPPOSED to be for EVERY website of the (not so) “ethernal” part of the internet called www
2. elastic search seems to be a very very badly written software that does not do any sort of software quality checks?
   • or maybe it’s wrongful integration? (but maybe it just sucks)
   • why is every developer-user using it?

• PS: as mankind still ponders and evolves (by making mistakes) how to best deal with computers
  • yes someone said “publish early” & “publish often” (doing this with the blog… also… often too often and too early X-D)
    • or: “Release early, release often” (wiki)
      • “tight feedback loop between developers and testers or users” (wiki) - yeah sure as a developer that might be a good thing, as a user… really doubt it… - there are highly intelligent respected developers that pioneered this concept… it might work for small teams… (of one)
      • “This philosophy was popularized by Eric S. Raymond in his 1997 essay The Cathedral and the Bazaar, where Raymond stated “Release early. Release often. And listen to your customers”.[4]”“This philosophy was originally applied to the development of the Linux kernel and other open-source software, but has also been applied to closed source, commercial software development.””The alternative to the release early, release often philosophy is aiming to provide only polished, bug-free releases.[5] Advocates of RERO question that this would in fact result in higher-quality releases.[4]“
    • has this lead to every developer going in the: continuous development/continuous integration direction? (definately sounds like it)
      • it really should be called CD/CI not CI/CD because first comes the development, then the integration (but well hewego: CI/CD@RedHat)
      • still pondering if it’s really a good idea - well if software quality sticks to UNIX principles of K.I.S.S (most do not and have NO IDEA what non-K.I.S.S means for their software-project or company: - it is the difference between: - lost in chaos of complexity = dysfunctionality - vs a lean stream of running smooth software-company - src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html - plus test-driven development: 100.000 use case checks tested afterwards automatic & semi-automatic & manual - than that probably works (but then that is what needs to be done anyway to ensure good software quality) - plus: maybe a feedback channel that does not de-motivate - always say something positive first - then the critique
      • signal.org is a very cool mobile & desktop messenger (that usually works pretty well) but: - what is already annoying: if updates per program are 100MBytes and more… (always downloads the full thing (signal.org desktop client) no differential updates?)
• word of advice: never blindly follow “the trends”
  • always think for yourself, “does it make sense”?
    • test it if it works for you, if not, drop it, what’s the point?

imho gotta to do both…

#linux #gnu #gnulinux #opensource #administration #sysops #rant #software #quality #mess #archive #heise #url #urls #redirects #ci-cd #cd-ci #CICD #CDCI #dev #systems #system #company #developers #developer #buckminster #buckminister

Originally posted at: https://dwaves.de/2022/02/03/rant-open-source-and-the-concept-of-release-early-release-often-or-publish-early-publish-often-continuous-development-continuous-integration-cd-ci-tight-loops-ok-but-still-linking-to-n/

Rant: Open Source and the concept of: Release early, release often or publish early & publish often -> continuous development/continuous integration (CD/CI) -> tight loops ok but still - linking to nirvana without redirection & badly written software that everyone uses - another case of - nothing works "ok" - klarer fall von "nichts funktioniert ok"

https://administrator.de/forum/wol-geht-nicht-mit-broadcast-adresse-101944.html

-> it’s catastrophic, when webpages change their url setup…

https://www.heise.de/netze/Wake-on-WAN–/artikel/89304/0

because it will result in

“nothing works” “ok”

this does not have nothing to do with luck, but with:

1. bad url management:
   • wordpress does an pretty good job there, as whenever the user changes the url (more keywords?) it will also redirect from the older past urls to the new url
     • that is how it is SUPPOSED to be for EVERY website of the (not so) “ethernal” part of the internet called www
2. elastic search seems to be a very very badly written software that does not do any sort of software quality checks?
   • or maybe it’s wrongful integration? (but maybe it just sucks)
   • why is every developer-user using it?

• PS: as mankind still ponders and evolves (by making mistakes) how to best deal with computers
  • yes someone said “publish early” & “publish often” (doing this with the blog… also… often too often and too early X-D)
    • or: “Release early, release often” (wiki)
      • “tight feedback loop between developers and testers or users” (wiki) - yeah sure as a developer that might be a good thing, as a user… really doubt it… - there are highly intelligent respected developers that pioneered this concept… it might work for small teams… (of one)
      • “This philosophy was popularized by Eric S. Raymond in his 1997 essay The Cathedral and the Bazaar, where Raymond stated “Release early. Release often. And listen to your customers”.[4]”“This philosophy was originally applied to the development of the Linux kernel and other open-source software, but has also been applied to closed source, commercial software development.” “The alternative to the release early, release often philosophy is aiming to provide only polished, bug-free releases.[5] Advocates of RERO question that this would in fact result in higher-quality releases.[4]“
    • has this lead to every developer going in the: continuous development/continuous integration direction? (definately sounds like it)
      • it really should be called CD/CI not CI/CD because first comes the development, then the integration (but well hewego: CI/CD@RedHat)
      • still pondering if it’s really a good idea - well if software quality sticks to UNIX principles of K.I.S.S (most do not and have NO IDEA what non-K.I.S.S means for their software-project or company: - it is the difference between: - lost in chaos of complexity = dysfunctionality - vs a lean stream of running smooth software-company - src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html - plus test-driven development: 100.000 use case checks tested afterwards automatic & semi-automatic & manual - than that probably works (but then that is what needs to be done anyway to ensure good software quality) - plus: maybe a feedback channel that does not de-motivate - always say something positive first - then the critique
      • signal.org is a very cool mobile & desktop messenger (that usually works pretty well) but: - what is already annoying: if updates per program are 100MBytes and more… (always downloads the full thing (signal.org desktop client) no differential updates?)
• word of advice: never blindly follow “the trends”
  • always think for yourself, “does it make sense”?
    • test it if it works for you, if not, drop it, what’s the point?

#linux #gnu #gnulinux #opensource #administration #sysops #rant #software #quality #mess #archive #heise #url #urls #redirects #ci-cd #cd-ci #CICD #CDCI #dev #systems #system #company #developers #developer

Originally posted at: https://dwaves.de/2022/02/03/rant-open-source-and-the-concept-of-release-early-release-often-or-publish-early-publish-often-continuous-development-continuous-integration-cd-ci-tight-loops-ok-but-still-linking-to-n/

Rant: Open Source and the concept of: Release early, release often or publish early & publish often -> continuous development/continuous integration (CD/CI) -> tight loops ok but still - linking to nirvana without redirection & badly written software that everyone uses - another case of - nothing works "ok" - klarer fall von "nichts funktioniert ok"

https://administrator.de/forum/wol-geht-nicht-mit-broadcast-adresse-101944.html

-> it’s catastrophic, when webpages change their url setup…

https://www.heise.de/netze/Wake-on-WAN–/artikel/89304/0

because it will result in

“nothing works” “ok”

this does not have nothing to do with luck, but with:

1. bad url management:
   • wordpress does an pretty good job there, as whenever the user changes the url (more keywords?) it will also redirect from the older past urls to the new url
     • that is how it is SUPPOSED to be for EVERY website of the (not so) “ethernal” part of the internet called www
2. elastic search seems to be a very very badly written software that does not do any sort of software quality checks?
   • why is every developer-user using it?

• PS: as mankind still ponders and evolves (by making mistakes) how to best deal with computers
  • yes someone said “publish early” & “publish often” (doing this with the blog… also… often too often and too early X-D)
    • or: “Release early, release often” (wiki)
      • “tight feedback loop between developers and testers or users” (wiki) - yeah sure as a developer that might be a good thing, as a user… really doubt it…
    • has this lead to every developer going in the: continuous development/continuous integration direction? (definately sounds like it)
      • it really should be called CD/CI not CI/CD because first comes the development, then the integration (but well hewego: CI/CD@RedHat)
      • still pondering if it’s really a good idea - well if software quality sticks to UNIX principles of K.I.S.S (most do not) - plus test-driven development: 100.000 use case checks tested afterwards automatic & semi-automatic & manual - than that probably works (but then that is what needs to be done anyway to ensure good software quality) - plus: maybe a feedback channel that does not de-motivate - always say something positive first - then the critique
      • signal.org is a very cool mobile & desktop messenger (that usually works pretty well) but: - what is already annoying: if updates per program are 100MBytes and more… (always downloads the full thing (signal.org desktop client) no differential updates?)
• word of advice: never blindly follow “the trends”
  • always think for yourself, “does it make sense”?
    • test it if it works for you, if not, drop it, what’s the point?

#linux #gnu #gnulinux #opensource #administration #sysops #rant #software #quality #mess #archive #heise #url #urls #redirects #ci-cd #cd-ci #CICD #CDCI #dev

Originally posted at: https://dwaves.de/2022/02/03/rant-open-source-and-the-concept-of-release-early-release-often-or-publish-early-publish-often-continuous-development-continuous-integration-cd-ci-tight-loops-ok-but-still-linking-to-n/

linking to nirvana without redirection & badly written software that everyone uses - another case of - nothing works "ok" - klarer fall von "nichts funktioniert ok"

https://administrator.de/forum/wol-geht-nicht-mit-broadcast-adresse-101944.html

-> it’s catastrophic, when webpages change their url setup…

https://www.heise.de/netze/Wake-on-WAN–/artikel/89304/0

because it will result in

“nothing works” “ok”

this does not have nothing to do with luck, but with:

1. bad url management:
   • wordpress does an pretty good job there, as whenever the user changes the url (more keywords?) it will also redirect from the older past urls to the new url
     • that is how it is SUPPOSED to be for EVERY website of the (not so) “ethernal” part of the internet called www
2. elastic search seems to be a very very badly written software that does not do any sort of software quality checks?
   • why is everyone using it?

#linux #gnu #gnulinux #opensource #administration #sysops #rant #software #quality #mess #archive #heise #url #urls #redirects

Originally posted at: https://dwaves.de/2022/06/03/linking-to-nirvana-without-redirection-badly-written-software-that-everyone-uses-another-case-of-nothing-works-ok-klarer-fall-von-nichts-funktioniert-ok/

#PeerTube : Erreur Cannot fetch remote information of this URL

Cannot fetch remote information of this URL
Impossible de récupérer l’information à distance de cette URL.

Une #erreur apparaît sur certaines instances, lorsqu’on essaye de #télécharger une #vidéo d’une #Instance vers une autre, en se servant de l’ #URL de la vidéo.
Cela fonctionne vers certaines instances, et bloque sur d’autres.
Quelqu’un a une idée de quel est le problème ? Pour indiquer quoi corriger à l’ #Admin administrateur de l’instance ?

#Numérique #LogicielLibre #Décentralisé

(redit du post, car aucun retour durant les congés d’été… )