Posted on 03/11/2019 2:24:20 PM PDT by ransomnote
High-severity vulnerability found in SecureDrop system
https://www.cyberscoop.com/securedrop-vulnerability-found-fixed/
A high severity vulnerability found in SecureDrop, a whistleblower submission system used by newsrooms and advocacy groups, prompted a patch from developers and coordination with dozens of prominent news organizations that use the software to communicate with sensitive sources.
The bug, blamed on developer error, leaves the system unable to verify key packages and can grant remote code execution against targets.
Who uses SecureDrop? https://securedrop.org/directory/
Whistle blower on U1.
Okay, break time. (7) posts to go. Whew.
Oh KO!
Strange bedfellows. Or maybe not so strange.
Explains a lot.
What's QBM, precious?
Thank you for that great information!
So many connections...like a spider web.
I'm a sucker for a pretty face.
And green eyes are my thing.
Oh yea, huh?
our go-to man! thanks!
You're right. That is VERY interesting.
You mean the snapshot With what looks like a broken-beak shaped support flange with the circular milled channel? Looks a bit like a chunk of shrapnel? (I assume we are looking at Mars and not some Hawaiian lava field or a Death Valley golf course?)
I liked the distance images that look like there is something standing and hovering just out of camera range, like a mirage on a hot summer road! I would think about for an explanation but its late and time to sleep!
Good night!
gisd O
That’s a broken martian soft ice cream machine part. Duh.
It’s not your fault. You were just the straw that broke the Oracle’s back. :)
Dat be truth.
greenie, see #290
is that the story you read too?
“The bug, blamed on developer error, leaves the system unable to verify key packages and can grant remote code execution against targets.”
“Some SecureDrop users, including the New York Times, are reinstalling the software as part of a general update.
Other organizations decided that the chance of an attack was so remote that they do not believe a reinstall is necessary, SecureDrop developers explained.”
How hard is a reinstallation of updated software?
One more reason never to trust a News organization!
Wasn’t there something backthread discussing BlackHats being able to snag information and forward to a remote location?
Well. Time for bed!
‘QBM’
either Q BOOKMARK
or Q boogey man.
Bump That!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.