RE: https://wikis.world/@legoktm/116557912530796630

🚨 we have a second job posting up at Freedom of the Press Foundation 🚨

We're looking for a security researcher to support the #SecureDrop team (up to 30hr/wk)

🔒 fully remote
🔒 work on security-focused project where it's not merely an afterthought
🔒 real security problems that affect real whistleblowers and journalists

This is a contractor position; you do not need to be US-based (unlike the other one). Happy to answer any questions!

https://freedomofthepress.na.teamtailor.com/jobs/611576-rfp-security-researcher

#GetFediHired

🚨 the @securedrop team at Freedom of Press Foundation is hiring 🚨

We're looking for a Cryptography Engineer to help us build out the new end-to-end encrypted version of #SecureDrop

✔️ fully remote (must be US based)
✔️ all FOSS
✔️ help secure whistleblowers and investigative journalists all around the world

More details in the job posting, happy to answer any questions

https://freedomofthepress.na.teamtailor.com/jobs/610227-cryptography-engineer

#GetFediHired #Rust #FormalMethods #Encryption #Cryptography #Whistleblowing #OpenSource

SecureDrop Workstation 1.5.2 has been released, as well as SecureDrop Client 0.17.4.

This update contains multiple security fixes, all of which are low or informational priority. We are not aware of any exploitation in the wild for any vulnerability.

https://securedrop.org/news/securedrop-workstation-1_5_2-released/

#OpenSource #Whistleblowing #SecureDrop

Interesting new project from #Tor #SecureDrop - that’s essentially digitally signed web pages that are client-verified to prevent any server-side covert injection or backdooring. Sounds a bit like SRI (Subresource Integrity) but for the whole page and using digital signature not just server-delegated hash. Obviously, it won’t work for a typical ‘modern’ mash-up website that changes every minute, but sounds perfect for high-integrity and largely static pages such as SecureDrop.

WEBCAT helps protect users from malicious or unexpected changes to the client-side code of a web application. When a user visits a site that has enrolled in WEBCAT, the WEBCAT browser extension verifies the application’s served assets against a signed manifest before any content is executed. If verification fails, WEBCAT blocks the page from loading and shows a warning.

https://securedrop.org/news/webcat-alpha/

#infosec

SecureDrop 2.14.0 has been released. This release ensures KeePassXC remains installed on Tails. It also lays groundwork for the upcoming SecureDrop App.

https://securedrop.org/news/securedrop-2_14_0-released/

#OpenSource #Whistleblowing #SecureDrop

SecureDrop Client 0.17.2 has been released! This release addresses potential undefined behavior in a dependency.

https://securedrop.org/news/securedrop-client-0_17_2-released/

#OpenSource #Whistleblowing #SecureDrop

Can hackers truly redeem themselves? Kevin Poulsen (aka Dark Dante) went from cracking systems to being a successful insider tech journalist for Wired, SecurityFocus, and The Daily Beast.

#hackers #darkDante #secureDrop #KIISFM #journalists #tech

https://negativepid.blog/kevin-poulsen-the-story-of-dark-dante/
https://negativepid.blog/kevin-poulsen-the-story-of-dark-dante/

What does it take to make web applications auditable?

Here's why reproducibility matters, and how WEBCAT—a framework for signing and verifying web applications—approaches the problem in practice.

https://securedrop.org/news/webcat-towards-auditable-web-application-runtimes/

#WebCrypto #OpenSource #Cryptography #SecureDrop #WEBCAT

Journalists are increasingly relying on insider sources, and protecting those sources is more important than ever.

Here's how SecureDrop is rising to the challenge, safeguarding whistleblowers’ anonymity against ever-evolving threats.

https://securedrop.org/news/looking-back-at-2025/

#OpenSource #Whistleblowing #SecureDrop