Mastodawn

https://news.itsfoss.com/youtube-self-host-fiasco/

vax_10h ago

@zvhxxl @QasimRashid

The only thing I saw is this: "While Hamas leaders will not agree to leave Gaza or disarm, the terror group is prepared to cede governing control of the Strip to independent Palestinian technocrats and agree to a years-long truce with Israel that includes “security arrangements,” the senior Palestinian official claimed.", which is definitely not the same.

vax_Jun 7

It's FOSS Jun 6

YouTube doesn't like self-hosting content.

#youtube #selfhost

Self-Hosting and Media Servers are Big Tech's Next Target

YouTube is actively silencing legitimate self-hosting content. They don't want you to own your data?

It's FOSS News

vax_Jun 3

@dominik @eff That's news to me, as at the last time I looked for an answer I found that it's quite redundant. I'll try it out then. Thanks

vax_Jun 3

@eff Is it worth using PB if I have uBlock Origin configured?

Electronic Frontier Foundation Jun 1

vax_Jun 3

@Lydie @eff They might try to convince ISPs to block IPs of services that won't break e2ee. But even then we can self host servers that implements the Matrix Protocol.

vax_Jun 1

A Texas sheriff used 83,000+ license plate reader cameras to track a woman “suspected of having an abortion.” The reason listed in the record: “had an abortion, search for female.” https://www.eff.org/deeplinks/2025/05/she-got-abortion-so-texas-cop-used-83000-cameras-track-her-down

She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

We’ve said it before, and we’ll say it again: Lawmakers who support reproductive rights must recognize that abortion access and mass surveillance are incompatible. The systems built to track stolen cars and issue parking tickets have become tools to enforce the most personal and politically charged laws in the country.

Electronic Frontier Foundation

vax_May 30

@zog

I didn't actually read the article, are these the specific models that the backdoor was found? Although even if they are, it's definitely not the first case that was found in the routers space.In fact, in general, these are so common at the routers space that I'd recommend anyone who buys a new router to choose one that supports OpenWRT.

Unfortunately people don't even know about these things and they think router just works, like a fridge or a laundry machine for example.. That's why so many people uses VERY outdated routers. We are indeed in a very problematic situation and basically the only solution is OpenWRT.

@FediFollows sad @Kodi noises

They give us no choice but to flash #OpenWRT

Ars Technica May 28

Thousands of Asus routers are being hit with stealthy, persistent backdoors
Backdoor giving full administrative control can survive reboots and firmware updates.
https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Ars Technica May 28

T_X May 28

@arstechnica "To remove the backdoor, infected users should remove the key and the port setting."

Or should maybe flash the device with an #OpenWrt firmware, if available? That should be the best way to get rid of the backdoor. If someone has SSH/root access then they could also hide that key in the web UI...

https://codeberg.org/divested/Divested-WRT

@T_X @arstechnica

Divested-WRT based on openwrt available for linksys routers (1900, 1200 ) 🏝️

Divested-WRT

Configs and patches for Divested-WRT

Codeberg.org

T_X May 29

@thereisnoanderson @arstechnica I think it's a bad recommendation to use a fork that is only maintained by a single, random, unknown person. Even if those changes were valid and trusted it's too easy for one person to accidentally mess things up.

@T_X @arstechnica are most repos out there in the wild made by a single person or companies?

https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/

@T_X @arstechnica there is a credits section with 9 people who obviosly reviewed code and submitted patches.

@divested is well known for his contributions to the foss, privacy and security community. DivestOS (LineageOS fork) is a great example to what one person can do.

Index of /unofficial-openwrt-builds/mvebu-linksys

@T_X @arstechnica i get your point tho, there are people who decieve to infiltrate and destroy

T_X May 30

@thereisnoanderson @arstechnica sorry, didn't want to sound too harsh, I guess it's probably great work from Divested (only heard of that now from you, so thanks for sharing!). But imo it would be even better to try to get such things upstream, to collaborate. We can achieve more together :-). Though that's s usually easier said than done, I know... (and sometimes some people aren't compatible with each other. Then a fork might be the only option, too.)

Kevin Russell May 28

@arstechnica

"....being hit with backdoors..." isnt a thing.

A built-in weakness, a designed hidden entrance, is allowing criminal/criminal states, easy access to controlling thousands of designed to fail ASUS routers... would be more accurate.

Armed Concrete Bunker has screen door entrance by the bushes there.

Those soldiers are "being hit" with "their guns don't fire."

@kevinrns @arstechnica More like the soldiers are being hit with "the soldiers waved the person through because they wore a fake badge."

@nazokiyoubinbou @arstechnica

Kevin Russell May 29

Just talking about passive voice-ish construction of the sentence that de-emphasizes the manufacturer putting in a backdoor for themselves or their government.

With "intended to be crazy" examples of similarly removing the actor cause.

#asus #backdoor

@kevinrns @arstechnica Yeah, I just wanted to throw in some extra emphasis for the fact that it's equivalent to them letting the bad actors in willingly.

@nazokiyoubinbou @arstechnica

Kevin Russell May 29

Yes, on re read it was another example in the same manner as my examples.

Thanks.

Glen, waiting for the pre-poll May 28

@arstechnica "Users of any router brand should always ensure their devices receive security updates in a timely manner."

Although I understand the author is doing the Lord's Work in that closing statement, pushing responsibility for maintenance onto users rather than onto device manufacturers shipping with an automated software update program for the life of the hardware, is letting the manufacturers off the hook.

@glent @arstechnica It also is useless in this case because updating the router doesn't fix the issue. (In fact, since it's just modifying system settings, the settings simply carry over with the firmware update...)

Tarknassus May 29

@nazokiyoubinbou @glent @arstechnica Not like Asus are the quickest to respond to security issues with their routers. For example: "Hackers expose eight-month-old Asus weakness by leaving note on victims' drives." https://arstechnica.com/information-technology/2014/02/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw/

Dear Asus router user: You’ve been pwned, thanks to easily exploited flaw

Hackers expose eight-month-old Asus weakness by leaving note on victims’ drives.

Ars Technica

Dash Jackson May 29

@arstechnica class action when?

CyberFrog May 29

@dashjackson @arstechnica never, this happens daily, router companies in particular never get in trouble for this

Dash Jackson May 29

@froge @arstechnica So frustratingly shitty of them to keep known backdoors open.

Kevin Karhan

https://github.com/kkarhan/windows-ca-backdoor-fix

@dashjackson @froge @arstechnica this isn't new either.

#Microsoft refuses to fix their #CrpytoAPI #Backdoor so anything that uses it (all browsers excpet #Firefox & #TorBrowser as well as all eMail clients except #Thunderbird) are vulnerable, and that vulnerable is trigger-able with a single HTTPS request.

GitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHub

@kkarhan @dashjackson @froge @arstechnica

�May 29

> all mail clients except thunderbird

is this really true? looking e.g. at gnome evolution

MarjorieR May 29

@utf_7 @kkarhan @dashjackson @froge @arstechnica I don't think Evoution runs on Windows, unless you run it in WSL2.

�May 29

@marjolica i missed the point that it is about windows, sorry

Kevin Karhan

@marjolica @utf_7 @dashjackson @froge @arstechnica It'll impact any application that uses #Windows' #CryptoAPI and doesn't come with it's own #Encryption Library and #CertificateManagment.

IDK if the "#Linux Subsystem for #Windows" (The real "#WindowsSubsystemForLinux" is #Wine!) may or may not be as #cursed as to just wrap said functions into the #CryptoAPI instead of doing it with the applications' dependencies.

Needless to say all #Chromium variants and #IE / #Edge are vulnerable to this #Backdoor which exists since at least #WindowsXP to this day!

Thus consider said #OS inherently unsafe!

hojalot May 29

@arstechnica picture of the affected hardware shows a possible mitigation by not plugging in any network cables.

josh

@arstechnica ah fudge I have one of these routers. Time to check if I'm infected.

Kellic Tiger

@arstechnica Ubiquiti 4 Life. I am about to upgrade the GF's router and I think she has one of these piles of junk.

@arstechnica The article doesn't seem to go into much detail at all. Just "Asus routers." I got the impression from a different one that it's probably two specific models? Sure would be nice if someone would say what mitigations are required. Is SSH enabled by default on those? Is it enough simply to disable it if so? I have an Asus router, but a very different model and as far as I can remember (without doing a system reset to verify) I don't think SSH was on by default.

Meghadeep Roy Chowdhury

@arstechnica holy shit, looks like I switched my home network from being entirely MerlinWRT based (no shade on Merlin though, they were doing god’s work) to being entirely OpenWRT based at the right time.

RejZoR May 29

@roy @arstechnica Issue is that OpenWRT's QOS is absolute dogshit (well, at least it was years ago). Ages ago, Tomato firmware had one of best QOS systems and now that's ASUS from my experience. Maybe it's not impprtant for most users, but it is for me because I have a lot of devices and a lot of traffic and congestions and bandwidth misuse happens without QOS on local network level.

Also ASUS provides updates for routers for years and years which is good.

Meghadeep Roy Chowdhury

@rejzor I have only been using OpenWRT for the last six months, and the highest number of devices I have ever had on my network was probably only 40; I am yet to see any issues so far with QoS disabled. But then again, I grew up with dialup, so my patience is a quite high.

I had been using AsusWRT (and subsequently MerlinWRT) for decades, and never had any issues with those either. Never needed to turn on QoS either, so can't say anything about that; I only made the switch (and trust me, it wasn't easy) because I needed an easier way to deal with VLANs than writing custom startup scripts (and also to get a hackable router without breaking the bank).

RejZoR May 29

@roy Issue is bandwidth starvation. If I doenload something at max speed, my TV that operates through WiFi gets starved of bandwidth if QoS is not prioritizing TV over bulk download. ASUS QOS really does this exceptionally well no matter how congested my line is, nothing is ever stalled.

They give us no choice but to flash #OpenWRT

FKA ZOG May 29

@vax_ unfortunately https://forum.openwrt.org/t/openwrt-and-asus-ax55/160226

Asus AX55 not supported, but the RT-AC3100, RT-AC3200 are.

OpenWRT and ASUS AX55

I want to know if there will ever be support for this router? (ASUS AX55) Want to use it for WireGuard

OpenWrt Forum

@vax_ I concur 100%

Reading about it's hard to find a definitive list of affected routers but this link mentions the 3 I mentioned: https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/

I'm even recommending people get ones from GL-INET which supports #OpenWRT out of the box - although I still prefer to install the stock OpenWRT from the OpenWRT site on GL-INET devices instead of the slightly "slick UI" version of OpenWRT that GL-INET provide with the device.

In another post I just purchased an #OpenWRTOne to check it out - since I'm all sorted at home with my #VyOS firewall and #Unifi wifi I'm going to upgrade my mum's home internet with the OpenWRT One 🙂

edit: add GL-INET link https://www.gl-inet.com/support/firmware-versions/

Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.

BleepingComputer