Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Pete from Shawnee Mission

High-severity vulnerability found in SecureDrop system

https://www.cyberscoop.com/securedrop-vulnerability-found-fixed/

A high severity vulnerability found in SecureDrop, a whistleblower submission system used by newsrooms and advocacy groups, prompted a patch from developers and coordination with dozens of prominent news organizations that use the software to communicate with sensitive sources.

The bug, blamed on developer error, leaves the system unable to verify key packages and can grant remote code execution against targets.

Who uses SecureDrop? https://securedrop.org/directory/


301 posted on 03/11/2019 9:06:28 PM PDT by Steven W.
[ Post Reply | Private Reply | To 300 | View Replies ]

To: Steven W.

“The bug, blamed on developer error, leaves the system unable to verify key packages and can grant remote code execution against targets.”

“Some SecureDrop users, including the New York Times, are reinstalling the software as part of a general update.

Other organizations “decided that the chance of an attack was so remote that they do not believe a reinstall is necessary,” SecureDrop developers explained.”

How hard is a reinstallation of updated software?
One more reason never to trust a News organization!
Wasn’t there something backthread discussing BlackHats being able to snag information and forward to a remote location?

Well. Time for bed!


318 posted on 03/11/2019 9:40:36 PM PDT by Pete from Shawnee Mission
[ Post Reply | Private Reply | To 301 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson