Backdoor in upstream xz/liblzma leading to ssh server compromise openwall.com/lists/oss-secu…

Solar Designer Adam 'pi3' Zabrocki LKRG github.com/YuriiCrimson/E… (with the kernel_path fixed) gives me a root shell on a fully patched Debian 12. But with LKRG loaded I see

CVE-2024-31497: PuTTY: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces openwall.com/lists/oss-secu… Affected Products - PuTTY 0.68 - 0.80 - FileZilla 3.24.1 - 3.66.5 - WinSCP 5.9.5 - 6.3.2 - TortoiseGit 2.4.0.2 - 2.15.0 - TortoiseSVN 1.10.0 - 1.14.6

Is Open Source focused threat intelligence - Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IOCs), exploits/rootkits/backdoors in the wild - a desirable topic for oss-security or for a separate mailing list? If separate, where to draw the line (reply)?

Just published slides of Solar Designer's offensivecon keynote talk "Password cracking: past, present, future" openwall.com/lists/announce…

Updated my offensivecon keynote talk slides page to include links to our other related presentations openwall.com/presentations/…

Announcing yescrypt-go, our pure Go reimplementation of yescrypt key derivation function (KDF) and password hashing scheme. Builds upon Dmitry Chestnykh ☮️'s Go scrypt, with yescrypt support added by Solar Designer. Sponsored by Sandfly Security. openwall.com/lists/announce… x.com/SandflySecurit…

We sponsored the porting of the yescrypt Linux password hash algorithm to Go as an open source project. Read more below. This is now part of our agentless password auditor feature on Linux as well.

Linux Kernel Runtime Guard LKRG 0.9.9 by Adam 'pi3' Zabrocki et al. is out, adds support for Linux 6.11+, 6.10.10+, 5.10.220+, CentOS Stream 9 (upcoming RHEL 9.5). openwall.com/lists/announce… Updated packages for Rocky Linux 9.4 and 8.10 being released sig-security.rocky.page/packages/lkrg/ Rocky Linux

Interview with Adam 'pi3' Zabrocki and me about LKRG, in English adwersarz.pl/polish-it-secu… and Polish

I'm happy to build upon and extend the ideas and approaches we had tested and proven, and expertise gained building Openwall's security enhanced Linux distribution, now for CIQ's wider audience and in a modern context.

#MITRE #CVE is great (dead?), but Openwall 's #OVE has been a system for vuln. tracking-ID since 2016 ! Ex: #Exim CVE-2019-13917 also has OVE ID: OVE-20190718-0006 I used both for tracking vulnerabilities since 2k16. Time to give #OVE more visibility: openwall.com/ove/

🔒 Enhancing LKRG: A Step Toward Stronger Security. CIQ's own Sultan Alsawaf recently contributed impactful updates to the LKRG project, fixing longstanding bugs & making it stronger & more stable than ever. Learn more here 🔗 hubs.li/Q03jDBsj0 #HPC #IT #LKRG #OpenSource

End of an era: our CVSweb service turned 21 today, and was promptly retired. Our anoncvs was similarly shut down at the age of 21 two years ago, quietly.

At #NullconBerlin2025, Solar Designer will walk us through the journey from LKRG’s edgy debut to its 1.0 release – complete with real-world attacks, trade-offs, nasty bugs, & some honest truths about kernel hardening. Know More: nullcon.net/berlin-2025/sp… #LKRG #LinuxSecurity

Linux Kernel Runtime Guard LKRG 1.0.0 by Adam 'pi3' Zabrocki Solar Designer Sultan Alsawaf et al. is out, adds support for Linux 6.13+ (tested to 6.17-rc4), forward-edge CFI (Intel CET IBT, KCFI), ..., reduces performance overhead, shrinks the codebase by ~2500 lines. openwall.com/lists/announce…

Strengthening Linux Security With Kernel Runtime Guard 🎯 #Linux security remains a pressing concern as vulnerabilities continue to expose critical systems. Solar Designer, founder of Openwall, and senior principal security engineer at CIQ, said Linux Kernel Runtime Guard's, or

We've just published the slides of Solar Designer's @Nullcon Berlin 2025 talk "Linux Kernel Runtime Guard (LKRG) 1.0" openwall.com/lists/announce… #LKRG #nullconBerlin2025 #nullcon