Putting the final touches on the first "issue" of AWKzine (my still gestating idea on a series of "literate programming in awk " articles).
First issue is doc & code for an AES-256 CTR mode (with SipHash authentication) secured text chat system (client and server) using just a single script file consisting of #gawk and #openssl (command line).
Nobody asked for this, but I feel compelled to deliver...
Как защитить ключи LUKS с помощью Рутокен ЭЦП 3.0 и алгоритмов ГОСТ Р 34.10-2012. Часть 3
Безопасная эксплуатация ноутбуков, или Защита пользовательского ключа с помощью USB-токена на примере Рутокен ЭЦП 3.0 Из второй части мы узнали, как настроить загрузку компьютера таким образом, чтобы для разблокирования системного диска использовались ключи, размещенные на внешнем USB-накопителе. Однако при краже компьютера вместе с этим накопителем злоумышленник сможет получить доступ к данным так, как если бы они не были защищены вовсе, поэтому наиболее привлекательным способом решения поставленной задачи видится использование USB-токенов и смарт-карт, таких как Рутокен ЭЦП 3.0 или JaCarta-2 ГОСТ. Токены представляют собой защищенные микроконтроллеры со встроенной энергонезависимой памятью, поэтому способны выполнять все вычисления самостоятельно без использования ресурсов центрального процессора, не допуская копирование закрытого ключа с устройства, что обеспечивает максимально высокий уровень безопасности.
https://habr.com/ru/companies/aktiv-company/articles/994834/
#linux #luks #полнодисковое_шифрование #рутокен #plymouth #rsa #openssl #pkcs11 #encrypt #bitlocker
OpenSSL does not appear to support Camellia-GCM. I think it would be nice to have an alternative to AES and ChaCha20.
Diese Woche hatte ich großen Spaß mit #CVE-2025-15467 - beruflich, privat und im Ehrenamt. Ich hoffe, die wichtigsten Stellen mittlerweile erwischt zu haben - oder zumindest mitigiert.
Ein Sorgenkind war #NginxProxyManager, welchen ich von meinem Vorgänger geerbt habe. Ich hadere etwas mit dieser Wahl, aber scheinbar haben die auch zum Ende der Woche sauber geliefert.
Vorher:
$ sudo podman exec -it proxymanager dpkg -l --no-pager | grep openssl
ii openssl 3.0.18-1~deb12u1 amd64 Secure Sockets Layer toolkit - cryptographic utilityNachher:
$ sudo podman exec -it proxymanager dpkg -l --no-pager | grep openssl
ii openssl 3.0.18-1~deb12u2 amd64 Secure Sockets Layer toolkit - cryptographic utilityGot my share of stickers from #FOSDEM, thank you Jordi!
Will put the PostmarketOS on the OSMC Vero2 TV-Box, as a riminder to hack/port it!
#OpenSSL: 12 Sicherheitslecks, eines erlaubt Schadcodeausführung und ist kritisch | Security https://www.heise.de/news/OpenSSL-12-Sicherheitslecks-eines-erlaubt-Schadcodeausfuehrung-und-ist-kritisch-11161775.html #ArtificialIntelligence #Patchday
#OPNsense 26.1.1 has been released #patchday #openssl #python forum.opnsense.org/index.php?to...
#lispyGopherClimate #lisp #technology #podcast #archive, #climate #haiku by @kentpitman
https://communitymedia.video/w/c3GdAXe7BQTbK3VrcXCm7E
& @ramin_hal9001
On the #climate I would like to talk about the company that found #curl and #openssl's #deeplearning many (10ish) 0-day vulns "using #ai ". (#llm s were involved).
This obviously relates to my #lisp #symbolic #DL https://screwlisp.small-web.org/conditions/symbolic-d-l/ (ffnn equiv). Thanks to everyone involved with that so far.
I implemented that using #commonLisp #condition handling viz KMP.
Tails 7.4.1: Notfall-Release wegen OpenSSL-Lücken
https://fed.brid.gy/r/https://linuxnews.de/tails-7-4-1-notfall-release-wegen-openssl-luecken/
OpenSSL: 12 security gaps, one allows malicious code execution and is critical
12 security vulnerabilities have been discovered in OpenSSL – using AI tools. One of them is considered critical. Updated software is available.
#IT #KünstlicheIntelligenz #OpenSSL #Security #Sicherheitslücken #Updates #news
OpenSSL: 12 Sicherheitslecks, eines erlaubt Schadcodeausführung und ist kritisch
In OpenSSL wurden 12 Sicherheitslücken entdeckt – mit KI-Tools. Eine davon gilt als kritisch. Aktualisierte Software steht bereit.
#IT #KünstlicheIntelligenz #OpenSSL #Security #Sicherheitslücken #Updates #news
Tails 7.4.1: Notfall-Release wegen OpenSSL-Lücken
https://linuxnews.de/tails-7-4-1-notfall-release-wegen-openssl-luecken/ #tails #debian #openssl #linux #linuxnews
#Linux Weekly Roundup for February 1st, 2026: #Xfce gets #Rust-based #Wayland compositor, #GParted 1.8, #Transmission 4.1, #GStreamer 1.28, #OpenSSL 3.6.1, #Proton 10.0-4, GParted Live 1.8, #VirtualBox 7.2.6, #Calibre 9.0, #Tails 7.4.1, #AerynOS 2026.01, Linux Lite 7.8, #Shotcut 26.1, TigerVNC 1.16, Emmabuntüs Debian Edition 5 1.05, and more https://9to5linux.com/9to5linux-weekly-roundup-february-1st-2026
For those who didn't wait and installed v3.5.5 on their own or from Sid, FYI it landed in #Debian Testing today. I don't track Stable but generally speaking, when there's a major fashion faux pas updates can actually land in Stable (coming straight from Sid) before they do in Testing.
For those who run #Slackware -current, you wouldn't have really noticed anything, since #OpenSSL version 3.5.5 was pushed out on 27 January. And again, Slackware is one of, if not the first to address and act on exploits and vulnerabilities, often on #0day.
Fun Fact: Following the very public cannibalization of Sun Microsystems by the Evil EllisonCo (Oracle), Slackware Linux was the first major distro to adopt and release #MariaDB, replacing #MySQL as the default in the installation - credit where due, IIRC, the German fork of Slackware, #SuSE, was the second major distro to do so shortly thereafter.
https://hackingpassion.com/openssl-12-cves-ai-january-2026/
AI found 12 of 12 #OpenSSL #CVE's . CVE-2025-15467 is most remarkable
For #DNSSEC, the domain crate can use different crypto backends such as the ring crate or the #OpenSSL bindings. (But there are more.)
There is now a common-line tool to query the DNS, dnsi. And a CLI tool to do misc. manipulations, dnst ("people are using the ldns library example programs in production"). And a key manager, keyset.
Lol. Looking at openssl v3.5.4 PKCS#7 command and it only understands rfc 2315 but not rfc 2630.
It doesn't even mention rfc 5652 (sep 2009) which obsoletes rfc 3852 (July 2004) which obsoletes rfc 3369 (August 2002) which obsoletes rfc 2630 (June 1999).
So openssl is literally stuck in the last millennia when dealing with encrypted files/data.
It's possible that it's smime subcommand may do it as there's a pkcs7 option, but it doesn't mention which, if any rfc that the smime command follows.
#Tails 7.4.1 Is Out as an Emergency Release Patching Critical #OpenSSL Vulnerabilities https://9to5linux.com/tails-7-4-1-is-out-as-an-emergency-release-patching-critical-openssl-vulnerabilities
