Category: General Security News

News that do not only apply to Whonix, but to computer security in general.

Hardware Endorsed by the FSF

The Free Software Foundation endorses hardware that is Libre software friendly and respects your freedom and privacy. Take a look and consider supporting the OEMs behind these great projects: https://www.fsf.org/resources/hw/endorsement/respects-your-freedom

audit if torbrowser-launcher GnuPG signature verification bypass attack applies to Whonix or other projects

Issue of torbrowser-launcher using gpg command line. [or call it an issue of the gnupg interface and its difficulty using it inside scripts, unfinished python gpg libraries etc.] https://github.com/micahflee/torbrowser-launcher/issues/229 Whonix consistently uses gpg-bash-lib. I’ve checked, that it is not affected

a browser is not a safe environment to type

A browser is no safe environment to write stuff such as for example forum posts or e-mails, webmail or IMAP. You could accidentally paste things you don’t want to paste for example into the search or url bar, which could

Why I prefer PGP/INLINE over PGP/MIME in Thunderbird/Enigmail

Due to the recent Enigmail security issue, where e-mail drafts could end up unencrypted on IMAP servers. (You might wonder, no, Whonix was luckily not affected by this, because the version in Debian wheezy did not have that bug.) In

How safe are signed git tags? Only as safe as SHA-1 or somehow safer?

Info How safe are signed git tags? Especially because git uses SHA-1. There is contradictory information around. So if one verifies a git tag (`git tag -v tagname`), then `checksout`s the tag, and checks that `git status` reports no untracked/modified

Security Fixes and Transparency of Free Software

Within a day there has been a raft of some major security bug reports coming in on. A summary: – Bash bug that allows remote arbitrary execution of malicious input – RSA Signature Forgery in NSS – FireFox’s crypto-library –

The Linux Security Circus: On GUI isolation – Your opinion?

Check this out… Already a bit older, but if true – and it seems to be true (I’ve tested this!) – it would be still up to date – and quite a scandal! The Linux Security Circus: On GUI isolation:

Top