@briankrebs Roll20 is informing its users that they had a data breach on the 29th of June. Possible compromised are first and last name, email address, last known IP and last 4 digits of credit card number.
Fabian Dellwing
Product Security Manager at Red Lion Europe GmbH - OSCP/OSDA - Blue Team
My posts only contain my personal opinion and are not linked to what my employer thinks.
P.S. Yes, that picture is me. But it is over 20 years old 😜
@WPalant It was actually noticed at 1:30 AM UTC
@WPalant Most of the history is still accessable via the official mirror: https://git.tukaani.org/?p=xz.git;a=summary
@eb Regarding https://boehs.org/node/everything-i-know-about-the-xz-backdoor
Jia Tan disabled the sandbox on Linux on 2024-02-26 with this commit: https://git.tukaani.org/?p=xz.git;a=blobdiff;f=CMakeLists.txt;h=d2b1af7ab0ab759b6805ced3dff2555e2a4b3f8e;hp=76700591059711e3a4da5b45cf58474dac4e12a7;hb=328c52da8a2bbb81307644efdb58db2c422d9ba7;hpb=eb8ad59e9bab32a8d655796afd39597ea6dcc64d
There is a dot present at the start of the first "empty" line making check_c_source_compiles always fail.
@cadey Just a heads up as I'm going to bed now. Kali shipped the backdoored version between 26.03. and 29.03.
@cadey Regarding https://xeiaso.net/notes/2024/xz-vuln/
openSUSE Tumbleweed shipped the backdoored version for 21 days.
@thunderbird Are you aware of any problems with PGP decryption not working with PGP encrypted attachments? Worked fine beforehand, does not work with Supernova.
What is your most annoying security bullshit software and why is it BitSight?
@realn2s It looks like there are two new ones and the project is now abandonware and they will not be fixed.
@infosecsidekick I already have that certificate, but I gladly boosted.
Fabian Dellwing boosted:
To be honest I kind of hate "giveaways" because often times they are lame, but I have the opportunity to give away a pretty legit prize to one person and I also wanted to selfishly raise awareness to my podcast.
If you or someone you know is interested in entering for a chance to win a free Blue Team Level 1 certification voucher, all you have to do is subscribe to my podcast for free at https://www.infosecsidekick.com
I'll be releasing a conversation with the CEO, Joshua Beaman later today and announcing a winner later this week.
Please feel free to share, boost, and comment on this post to reach those that may benefit most from this.
I wish I could give away more than just one...maybe in the future I will...but for now, this is the best I can do and I hope it really helps someone out there kickstart their career growth.
I'm happy to announce that I passed BTL1 first try with 90% score.
https://www.credly.com/badges/369367ef-1f53-48ab-8796-b6d457a0a846/public_url
@thunderbird TbSync and Conversations are not yet compatible. So it's a hard pass for now.
Fabian Dellwing boosted:
Wir suchen einen Linux-Systemadmistrator der einen Großteil meiner aktuellen Aufgaben übernimmt.
Details: https://jobs.mbconnectline.com/o/linuxsystemadministrator-mwd
@katzenjens @milan Nutzer können diese Inhalte markieren. Funktioniert sehr gut bei allen Youtubern die nicht extrem klein sind.
Wir suchen einen Linux-Systemadmistrator der einen Großteil meiner aktuellen Aufgaben übernimmt.
Details: https://jobs.mbconnectline.com/o/linuxsystemadministrator-mwd
@Ichinin Sorry, that was a typo on my end.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst