Mastodawn

Franco Pyrih May 28

Raphael Robert May 27

RE: https://mastodon.social/@phoenix_r_d/116645814225235776

The OpenMLS audit report is now public!

Franco Pyrih May 20

Will Dormann May 17

There's apparently another Linux LPE.
DirtyDecrypt, also known as DirtyCBC, is a variant of CopyFail / DirtyFrag / Fragnesia.
I suspect it may be CVE-2026-31635.
Patches (change < to >) were committed on April 8, 2026 and also on April 18, 2026 as beee051f259acd286fed64c32c2b31e6f5097eb5 and e2f1a80d8b1ed6a5ae585a399c2b46500bdcc305

I have not been able to get it to actually work on any Linux distro that I've tried.
(Edit: Fedora and mainline Linux repro fine)

atp i just
```nix
boot.blacklistedKernelModules = [
# copyfail fix
"af_alg"
"algif_hash"
"algif_skcipher"
"algif_rng"
"algif_aead"
# dirty frag and fragnesia fix
"esp4"
"esp6"
"rxrpc"
];
```

Franco Pyrih May 16

Will Dormann May 8

The 3 recent Linux LPEs are sort of interesting in that each one took a different path from discovery to disclosure.

Copy Fail: Publicity stunt where they claim to have done the right thing, yet didn't bother to tell a single distro vendor, and lied about updates being available.

Dirty Frag: Attempted to do proper coordination, including notifying the linux-distros mailing list. But the embargo was broken, so it was disclosed unexpectedly ahead of time.

Copy Fail 2: Discovered as an n-day by looking at kernel commit logs and Spender noticing that it was copyfail-class

Each path had basically exactly the same outcome (No fixes at publication time). 😂

Franco Pyrih May 16

Eventos Exactas May 16

DebConf26

Facu. de Inge. en Cs. Hídricas, Uni. Nacional del Litoral, Santa Fe, Argentina, lunes, 20 de julio, 07:00 GMT-3

La DebConf es un evento con charlas sobre temas relacionados a Debian, Linux, y el software libre en general.

DebConf is the annual conference for Debian contributors and users interested in improving Debian. Previous Debian conferences have featured speakers and attendees from all around the world. The last DebConf, DebConf25, took place in Brest, France and was attended by 443 participants from 51 countries.

DebConf26 is taking place in Santa Fe, Argentina, in July 2026.

It is being preceded by DebCamp.

Solo es necesario estar familiarizadx con Linux para poder disfrutar del evento.

¿Cómo vamos a hacer para ir?

Algunxs alumnxs de Compu de FCEN UBA formamos un grupo de chat para quienes quieran ir. Y así organizar el viaje, alojamiento, etc.

¡Sumate!

https://t.me/+TWx4ilqkYho0ODlh

https://cartelera.inexactas.ar/event/debconf26

Franco Pyrih May 7

Greg May 7

Two more copy.fail style exploits have been dropped. I hope everybody enjoys patching and rebooting.

Dirty frag: https://github.com/V4bel/dirtyfrag
Copy fail 2: https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo

#linux #sysadmin #kernel #security

GitHub - V4bel/dirtyfrag

Contribute to V4bel/dirtyfrag development by creating an account on GitHub.

GitHub

Franco Pyrih May 1

some kind of orange shape Apr 30

Supposedly, https://copy.fail has been patched on Ubuntu, and therefore, on Mint 22.3, which I use; but I've run apt update && apt upgrade over and over, and the copy_fail_exp.py script still gets root. What am I missing?

update 2: it's been patched in the generic kernel. Run your updates as usual

update: it's not patched in the generic kernel! If you really need algid_aeaf, you have to switch to one of the vendor kernels. But if you're a desktop user like me, I don't think you'll miss it; just disable it with the instructions in https://copy.fail/#mitigation

#infoSec #linux #linuxMint #ubuntu #copyFail

Copy Fail — 732 Bytes to Root

CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

Xint

Franco Pyrih Apr 29

Sebastian Wild May 1, 2023

Twitter always put me off as too noisy and bloated! Glad to have found this alternative 😀

Franco Pyrih Apr 28

Stéphane Bortzmeyer Apr 28

Beaucoup de gens vont sans doute résumer la faille de sécurité CVE-2026-3854 en « Mon Dieu, la totalité des logiciels hébergés sur GitHub ont peut-être été compromis ».

Mais, en fait, c'était déjà possible, Microsoft (propriétaire de GitHub) pouvait déjà tout modifier.

Tout ce qu'a permis CVE-2026-3854, si des gens l'ont exploité, c'est de démocratiser cette possibilité, en la rendant accessible à tous les gens ayant un compte GitHub.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog

A CVSS 8.7 vulnerability in GitHub Enterprise Server allows remote code execution. Read the threat brief and find vulnerable GHES instances from Wiz.

wiz.io

Franco Pyrih Apr 21

Eventos Exactas Apr 21

ECI N3: Exploiting and securing communication on the Internet

Pabellón Cero + Infinito, Ciudad Universitaria, Buenos Aires, Argentina, lunes, 27 de julio, 18:00 GMT-3

Profesor

Vladimír Veselý

@[email protected]

Turno

Noche (18:00 a 21:00)

Idioma

Inglés

Descripción

During the course, participants will learn about the basic principles of computer communication security. We will explain how authentication, confidentiality and integrity are achieved using various cryptographic techniques (e.g. MD5, SHA, AES and RSA). Next, participants will learn how to communicate securely on the web, send emails and connect to WiFi networks. Furthermore, we will demonstrate the security vulnerabilities in these scenarios using freely available hacking tools.

Programa del curso

* Monday: Computer Networking and Security 101
* Tuesday: TLS/SSL and exploiting HTTP
* Wednesday: Exploiting DNS and SMTP
* Thursday: Exploiting DHCP and Wi-Fi
* Friday: Exploiting Wi-Fi and conducting MitM

https://cartelera.inexactas.ar/event/eci-n3-exploiting-and-securing-communication-on-the-internet

Online chat	https://xmpp.link/#[email protected]?add
OMEMO fingerprint	a1af94ff cf6ee178 0670cbf0 ff5c1241 e885839b ea8ed0e5 a1333b8b 9a507931
OpenPGP fingerprint	BFFA 27B1 7B65 0EEF 321E D606 292F 2E88 32C0 DFAA