mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-23 13:21:34 -05:00
Merge branch 'main' into main
This commit is contained in:
commit
927eabfaf2
10
config.yml
10
config.yml
@ -56,6 +56,8 @@ params:
|
|||||||
url: "https://github.com/PrivSec-dev"
|
url: "https://github.com/PrivSec-dev"
|
||||||
- name: email
|
- name: email
|
||||||
url: "mailto:contact@privsec.dev"
|
url: "mailto:contact@privsec.dev"
|
||||||
|
- name: rss
|
||||||
|
url: /index.xml
|
||||||
|
|
||||||
cover:
|
cover:
|
||||||
hidden: true # hide everywhere but not in structured data
|
hidden: true # hide everywhere but not in structured data
|
||||||
@ -63,7 +65,7 @@ params:
|
|||||||
hiddenInSingle: true # hide on single page
|
hiddenInSingle: true # hide on single page
|
||||||
|
|
||||||
editPost:
|
editPost:
|
||||||
URL: "https://github.com/PrivSec-dev/privsec.dev/content"
|
URL: "https://github.com/PrivSec-dev/privsec.dev/blob/main/content"
|
||||||
Text: "Suggest Changes" # edit text
|
Text: "Suggest Changes" # edit text
|
||||||
appendFilePath: true # to append file path to Edit link
|
appendFilePath: true # to append file path to Edit link
|
||||||
|
|
||||||
@ -87,9 +89,9 @@ menu:
|
|||||||
name: Operating Systems
|
name: Operating Systems
|
||||||
url: /os/
|
url: /os/
|
||||||
weight: 20
|
weight: 20
|
||||||
- identifier: Software
|
- identifier: Applications
|
||||||
name: Software
|
name: Applications
|
||||||
url: /software/
|
url: /apps/
|
||||||
weight: 30
|
weight: 30
|
||||||
- identifier: Providers
|
- identifier: Providers
|
||||||
name: Providers
|
name: Providers
|
||||||
|
@ -39,7 +39,7 @@ GrapheneOS Developer. Friendliest Indian tech support on planet Earth.
|
|||||||
**Matrix**: [@randomhydrosol:grapheneos.org](https://matrix.to/#/@randomhydrosol:grapheneos.org)
|
**Matrix**: [@randomhydrosol:grapheneos.org](https://matrix.to/#/@randomhydrosol:grapheneos.org)
|
||||||
|
|
||||||
### Madaidan
|
### Madaidan
|
||||||
Security Researcher. Whonix developer. Uses Firefox, Telegram, and Linux against his own advice like a true hypocrite.
|
Security Researcher. Whonix developer. Uses Firefox, Telegram, and Linux against his own advice like a hypocrite.
|
||||||
|
|
||||||
**Website**: [https://madaidans-insecurities.github.io/](https://madaidans-insecurities.github.io/)\
|
**Website**: [https://madaidans-insecurities.github.io/](https://madaidans-insecurities.github.io/)\
|
||||||
**Matrix**: [@madaidan.:matrix.org](https://matrix.to/#/@madaidan.:matrix.org)
|
**Matrix**: [@madaidan.:matrix.org](https://matrix.to/#/@madaidan.:matrix.org)
|
@ -1,6 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: "F-Droid Security Analysis"
|
title: "F-Droid Security Analysis"
|
||||||
date: 2022-01-02T21:28:31Z
|
|
||||||
tags: ['software', 'android', 'security']
|
tags: ['software', 'android', 'security']
|
||||||
author: Wonderfall
|
author: Wonderfall
|
||||||
canonicalURL: https://wonderfall.dev/fdroid-issues
|
canonicalURL: https://wonderfall.dev/fdroid-issues
|
||||||
@ -155,7 +154,6 @@ In modern Android, the background restriction toggle is what really provides the
|
|||||||
|
|
||||||
Another example to illustrate the shortcomings of this approach would be the `QUERY_ALL_PACKAGES` low-level permission, which is referred to as the *query all packages* permission that "allows an app to see all installed packages". While this is somewhat correct, this can also be misleading: apps do not need `QUERY_ALL_PACKAGES` to list other apps within the same user profile. Even without this permission, some apps are visible automatically (visibility is restricted by default [since Android 11](https://developer.android.com/training/package-visibility)). If an app needs more visibility, it will declare a `<queries>` element in its manifest file: in other words, `QUERY_ALL_PACKAGES` is only one way to achieve visibility. Again, this goes to show low-level manifest permissions are not intended to be interpreted as high-level permissions the user should fully comprehend.
|
Another example to illustrate the shortcomings of this approach would be the `QUERY_ALL_PACKAGES` low-level permission, which is referred to as the *query all packages* permission that "allows an app to see all installed packages". While this is somewhat correct, this can also be misleading: apps do not need `QUERY_ALL_PACKAGES` to list other apps within the same user profile. Even without this permission, some apps are visible automatically (visibility is restricted by default [since Android 11](https://developer.android.com/training/package-visibility)). If an app needs more visibility, it will declare a `<queries>` element in its manifest file: in other words, `QUERY_ALL_PACKAGES` is only one way to achieve visibility. Again, this goes to show low-level manifest permissions are not intended to be interpreted as high-level permissions the user should fully comprehend.
|
||||||
|
|
||||||
Play Store for instance conveys the permissions in a way less misleading way: the main low-level permissions are first grouped in their high-level user-facing toggles, and the rest is shown under "Other". This permission list can only be accessed by taping "About this app" then "App permissions - See more" at the bottom of the page. Play Store will tell the app may request access to the following permissions: this kind of wording is more important than it seems. *Update: since July 2022, Play Store doesn't offer a way to display low-level permissions anymore.*
|
|
||||||
|
|
||||||
Moreover, [Play Store restricts the use of highly invasive permissions](https://support.google.com/googleplay/android-developer/answer/9888170) such as `MANAGE_EXTERNAL_STORAGE` which allows apps to opt out of scoped storage if they can't work with [more privacy friendly approaches](https://developer.android.com/guide/topics/providers/document-provider) (like a file explorer). Apps that can't justify their use of this permission (which again has to be granted dynamically) may be removed from Play Store. This is where an app repository can actually be useful in their review process to protect end-users from installing poorly made apps that might compromise their privacy. Not that it matters much if these apps target very old API levels that are inclined to require invasive permissions in the first place...
|
Moreover, [Play Store restricts the use of highly invasive permissions](https://support.google.com/googleplay/android-developer/answer/9888170) such as `MANAGE_EXTERNAL_STORAGE` which allows apps to opt out of scoped storage if they can't work with [more privacy friendly approaches](https://developer.android.com/guide/topics/providers/document-provider) (like a file explorer). Apps that can't justify their use of this permission (which again has to be granted dynamically) may be removed from Play Store. This is where an app repository can actually be useful in their review process to protect end-users from installing poorly made apps that might compromise their privacy. Not that it matters much if these apps target very old API levels that are inclined to require invasive permissions in the first place...
|
||||||
|
|
3
content/apps/_index.md
Normal file
3
content/apps/_index.md
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
title: Applications
|
||||||
|
---
|
@ -32,7 +32,7 @@ If you have a [Yubikey](https://www.yubico.com/), you should store the "shared s
|
|||||||
|
|
||||||
Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 60 seconds + grace period).
|
Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 60 seconds + grace period).
|
||||||
|
|
||||||
Despite of its short comings, TOTP is considered better and safer than Push Confirmations.
|
Despite of its short comings, we consider TOTP better and safer than Push Confirmations.
|
||||||
|
|
||||||
### Yubico OTP
|
### Yubico OTP
|
||||||
|
|
||||||
@ -48,7 +48,7 @@ The Yubico validation server is a cloud based service, and you're placing trust
|
|||||||
|
|
||||||
Yubico OTP is an inferior protocol compared to TOTP since TOTP does not need trust in a third party server and most security keys that support Yubico OTP (namely the Yubikey and OnlyKey) supports TOTP anyway. Yubico OTP is still better than Push Confirmation, however.
|
Yubico OTP is an inferior protocol compared to TOTP since TOTP does not need trust in a third party server and most security keys that support Yubico OTP (namely the Yubikey and OnlyKey) supports TOTP anyway. Yubico OTP is still better than Push Confirmation, however.
|
||||||
|
|
||||||
### FIDO (Fast IDentity Online)
|
### FIDO2 (Fast IDentity Online)
|
||||||
|
|
||||||
[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards; first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
|
[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards; first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
|
||||||
|
|
||||||
@ -56,15 +56,9 @@ U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikiped
|
|||||||
|
|
||||||
WebAuthn is the most secure and private form of second factor authentication. While the authentication experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third-party server. Instead, it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication.
|
WebAuthn is the most secure and private form of second factor authentication. While the authentication experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third-party server. Instead, it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication.
|
||||||
|
|
||||||
When you create an account, the public key is sent to the service, then when you log in, the service will require you to "sign" some data with your private key. The benefit of this is that no password data is ever stored by the service, so there is nothing for an adversary to steal.
|
|
||||||
|
|
||||||
{{< youtube id="aMo4ZlWznao">}}
|
{{< youtube id="aMo4ZlWznao">}}
|
||||||
|
|
||||||
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
|
Since FIDO2/WebAuthn uses unique cryptographic keys with each internet site, a site pretending to be another one will not be able to get the correct response to the challenge for MFA, making FIDO2/Webauthn is invulnerable phising. It is also because of this authentication mechanism that a physical FIDO2 security key is not identifiable across different services like Yubico OTP. Even better, FIDO2 uses a counter for each authentication, which would help with detecting cloned keys.
|
||||||
|
|
||||||
Web services typically use WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
|
|
||||||
|
|
||||||
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
|
|
||||||
|
|
||||||
If a website or service supports WebAuthn for the authentication, it is highly recommended that you use it over any other form of MFA.
|
If a website or service supports WebAuthn for the authentication, it is highly recommended that you use it over any other form of MFA.
|
||||||
|
|
||||||
@ -78,4 +72,12 @@ When buying a security key, it is important that you change the default credenti
|
|||||||
|
|
||||||
You should always have backups for your MFA method. Hardware security keys can get lost, stolen, or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one.
|
You should always have backups for your MFA method. Hardware security keys can get lost, stolen, or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one.
|
||||||
|
|
||||||
When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt)).
|
When using TOTP with an authenticator app, be sure to back up your recovery keys to an offline and encrypted storage device.
|
||||||
|
|
||||||
|
### Weakest link
|
||||||
|
|
||||||
|
You are only as secure as the weakest authentication method you use. For instance, it makes little sense to add SMS 2FA as an alternative MFA method if you are already using FIDO2. An adversary who can compromise your SMS 2FA will get into your account just as easily as if you didn't use FIDO2 at all.
|
||||||
|
|
||||||
|
Thus, it is important to stick to the best authentication method you have acess to. It is better to have 2 Yubikeys for FIDO2 than 1 FIDO2 key and one authenticator app for TOTP. Likewise, it is better to have 1 TOTP instance and a backup key than to use TOTP alongside with Email or SMS 2FA.
|
||||||
|
|
||||||
|
|
||||||
|
108
content/os/Choosing Your Desktop Linux Distribution.md
Normal file
108
content/os/Choosing Your Desktop Linux Distribution.md
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
---
|
||||||
|
title: "Choosing Your Desktop Linux Distribution"
|
||||||
|
tags: ['operating system', 'security', 'linux']
|
||||||
|
author: Tommy
|
||||||
|
---
|
||||||
|
|
||||||
|
Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
|
|
||||||
|
## Release cycle
|
||||||
|
|
||||||
|
You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such [example](https://www.debian.org/security/faq#handling)) rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
|
||||||
|
|
||||||
|
Holding packages back and applying interim patches is generally not a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this:
|
||||||
|
|
||||||
|
{{< youtube id="i8c0mg_mS7U">}}
|
||||||
|
|
||||||
|
## Traditional and Atomic updates
|
||||||
|
|
||||||
|
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating.
|
||||||
|
|
||||||
|
Atomic updating distributions apply updates in full or not at all. Typically, transactional update systems are also atomic.
|
||||||
|
|
||||||
|
A transactional update system creates a snapshot that is made before and after an update is applied. If an update fails at any time (perhaps due to a power failure), the update can be easily rolled back to a “last known good state."
|
||||||
|
|
||||||
|
[Adam Šamalík](https://twitter.com/adsamalik) has a presentation with `rpm-ostree` in action:
|
||||||
|
|
||||||
|
{{< youtube id="-hpV5l-gJnQ">}}
|
||||||
|
|
||||||
|
Even if you are worried about the stability of the system because of regularly updated packages (which you shouldn't), it makes more sense to use a system which you can safely update and rollback instead of an outdated distribution partially made up of unreliable backport packages without an easy to actually roll back in case something goes wrong like Debian.
|
||||||
|
|
||||||
|
## Arch-based distributions
|
||||||
|
|
||||||
|
Acrh Linux has very up to date packages with minimal downstream patching. That being said, Arch based distributions are not recommended for those new to Linux, regardless of the distribution. Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
|
||||||
|
|
||||||
|
For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).
|
||||||
|
|
||||||
|
If you are experienced with Linux and wish to use an Arch-based distribution, you should use Arch Linux proper, not any of its derivatives. Here are some examples of why that is the case:
|
||||||
|
|
||||||
|
- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes do not break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories.
|
||||||
|
- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks.
|
||||||
|
|
||||||
|
## Kicksecure
|
||||||
|
|
||||||
|
While you should not use an outdated distributions like Debian, if you decide to use it, it would be a good idea to [convert](https://www.kicksecure.com/wiki/Debian) it into [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default.
|
||||||
|
|
||||||
|
## “Security-focused” distributions
|
||||||
|
|
||||||
|
There is often some confusion about “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use.
|
||||||
|
|
||||||
|
## Linux-libre kernel and “Libre” distributions
|
||||||
|
|
||||||
|
**Do not** the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
|
||||||
|
|
||||||
|
If you want to use one of these distributions for reasons other than ideology, you should make sure that they there is a way to easily obtain, install and update a proper kernel and missing firmware. For example, if you are looking to use [GUIX](https://guix.gnu.org/en/download/), you should absolutely use something like the [Nonguix](https://gitlab.com/nonguix/nonguix) repository and get all of the fixes as mentioned above.
|
||||||
|
|
||||||
|
## Wayland
|
||||||
|
|
||||||
|
You should a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland.
|
||||||
|
|
||||||
|
Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
|
||||||
|
|
||||||
|
Try **not** to use desktop environments or window managers that do not have Wayland support such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
|
||||||
|
|
||||||
|
## Generally good distributions
|
||||||
|
|
||||||
|
Here is a quick non authoritative list of distributions that are generally better than others:
|
||||||
|
|
||||||
|
### Fedora Workstation
|
||||||
|
|
||||||
|
![Fedora](/fedora-screenshot.png)
|
||||||
|
|
||||||
|
Fedora Workstation is a great general purpose Linux distribution, especially for those who are new to Linux. It is a semi-rolling release distribution. While some packages like GNOME are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
|
||||||
|
|
||||||
|
WIth that, Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org/), and soon, [FS-Verity](https://fedoraproject.org/wiki/Changes/FsVerityRPM). These new technologies often come with improvements in security, privacy, and usability in general.
|
||||||
|
|
||||||
|
While lacking transactional or atomic updates, Fedora's package manager, `dnf`, has a great rollback and undo feature that is generally missing from other package managers. You can read more about it on [Red Hat's documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_software_with_the_dnf_tool/assembly_handling-package-management-history_managing-software-with-the-dnf-tool).
|
||||||
|
|
||||||
|
### Fedora Silverblue & Kinoite
|
||||||
|
|
||||||
|
Fedora Silverblue and Fedora Kinoite are immutable variants of Fedora with a strong focus on container workflows. Silverblue comes with the [GNOME](https://www.gnome.org/) desktop environment while Kinoite comes with [KDE](https://kde.org/). Silverblue and Kinoite follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
|
||||||
|
|
||||||
|
You can refer to the video by [Adam Šamalík](https://twitter.com/adsamalik) linked [above](#traditional-and-atomic-updates) on how these distributions work.
|
||||||
|
|
||||||
|
### openSUSE Tumbleweed and MicroOS
|
||||||
|
|
||||||
|
Fedora Workstation and Silverblue's European counterpart. These are rolling release, fast updating distributions with [transactional update](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) using [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial).
|
||||||
|
|
||||||
|
MicroOS has a much smaller base system than Tumbleweed and mounts the running BTRFS subvomumes as read-only (hence its name and why it is considered an immutable distribution). Currently, it is still in Beta so bugs are to be expected. Nevertheless, it is an awesome project.
|
||||||
|
|
||||||
|
{{< youtube id="jcl_4Vh6qP4">}}
|
||||||
|
|
||||||
|
### Whonix
|
||||||
|
|
||||||
|
Whonix is a distribution focused on anonimity based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure). It is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden.
|
||||||
|
|
||||||
|
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator.
|
||||||
|
|
||||||
|
Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
|
||||||
|
|
||||||
|
Although Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has [various disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.
|
||||||
|
|
||||||
|
### Tails
|
||||||
|
|
||||||
|
Tails is a live operating system based on Debian focusing on anonimity and amnesia.
|
||||||
|
|
||||||
|
While it is great for counter forensics as nothing is written to the disk; it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
|
257
content/os/Docker and OCI Hardening.md
Normal file
257
content/os/Docker and OCI Hardening.md
Normal file
@ -0,0 +1,257 @@
|
|||||||
|
---
|
||||||
|
title: "Docker and OCI Hardening"
|
||||||
|
tags: ['operating systems', 'linux', 'container', 'security']
|
||||||
|
author: Wonderfall
|
||||||
|
canonicalURL: https://wonderfall.dev/docker-hardening/
|
||||||
|
ShowCanonicalLink: true
|
||||||
|
---
|
||||||
|
|
||||||
|
Containers aren't that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
|
||||||
|
> \- Hey, your software doesn't work...
|
||||||
|
>
|
||||||
|
> \- Sorry, it works on my computer! Can't help you.
|
||||||
|
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries. The developer can therefore provide a known-good environment where it is expected that their software "just works". That is particularly useful for development to eliminate environment-related issues, and that is often used in production as well.
|
||||||
|
|
||||||
|
Containers are often perceived as a great tool for isolation, that is, they can provide an isolated workspace that won't pollute your host OS - all that without the overhead of virtual machines. Security-wise: containers, as we know them on Linux, are glorified namespaces at their core. Containers usually share the same kernel with the host, and **namespaces** is the kernel feature for separating kernel resources across containers (IDs, networks, filesystems, IPC, etc.). Containers also leverage the features of **cgroups** to separate system resources (CPU, memory, etc.), and security features such as seccomp to restrict syscalls, or MACs (AppArmor, SELinux).
|
||||||
|
|
||||||
|
At first, it seems that containers may not provide the same isolation boundary as virtual machines. That's fine, they were not designed to. But they can't be simplified to a simple `chroot` either. We'll see that a "container" can mean a lot of things, and their definition may vary a lot depending on the implementation: as such, containers are mostly defined by their semantics.
|
||||||
|
|
||||||
|
## Docker is dead, long live Docker... and OCI!
|
||||||
|
When people think of containers, a large group of them may think of Docker. While Docker played a big role in the popularity of containers a few years ago, it didn't introduce the technology: on Linux, LXC did (*Linux Containers*). In fact, Docker in its early days was a high-level wrapper for LXC which already combined the power of namespaces and cgroups. Docker then replaced LXC with `libcontainer` which does more or less the same, plus extra features.
|
||||||
|
|
||||||
|
Then, what happened? *Open Container Initiative* (OCI). That is the current standard that defines the container ecosystem. That means that whether you're using Docker, Podman, or Kubernetes, you're in fact running OCI-compliant tools. That is a good thing, as it saves a lot of interoperability headaches.
|
||||||
|
|
||||||
|
**Docker** is no longer the monolithic platform it once was. `libcontainer` was absorbed by `runc`, the reference OCI runtime. The high-level components of Docker split into different parts related to the upstream Moby project (Docker is the "assembled product" of the "Moby components"). When we refer to Docker, we refer in fact at this powerful high-level API that manages OCI containers. By design, Docker is a daemon that communicates with `containerd`, a lower-level layer, which in turn communicates with the OCI runtime. That also means that you could very well skip Docker altogether and use `containerd` or even `runc` directly.
|
||||||
|
|
||||||
|
```
|
||||||
|
Docker client <=> Docker daemon <=> containerd <=> containerd-shim <=> runc
|
||||||
|
```
|
||||||
|
|
||||||
|
**Podman** is an alternative to Docker developed by RedHat, that also intends to be a drop-in replacement for Docker. It doesn't work with a daemon, and can work rootless by design (Docker has support for rootless too, but that is not without caveats). I would largely recommend Podman over Docker for someone who wants a simple tool to run containers and test code on their machine.
|
||||||
|
|
||||||
|
**Kubernetes** (also known as K8S) is the container platform made by Google. It is designed with scaling in mind, and is about running containers across a cluster whereas Docker focuses on packaging containers on a single node. Docker Swarm is the direct alternative to that, but it has never really took off due to the popularity of K8S.
|
||||||
|
|
||||||
|
For the rest of this article, we will use Docker as the reference for our examples, along with the [Compose specification](https://docs.docker.com/compose/compose-file/) format. Most of these examples can be adapted to other platforms without issues.
|
||||||
|
|
||||||
|
## The nightmare of dependencies
|
||||||
|
Containers are made from images, and images are typically built from a Dockerfile. Images can be built and distributed through OCI registries: [Docker Hub](https://hub.docker.com/), [Google Container Registry](https://cloud.google.com/container-registry), [GitHub Container Registry](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry), and so on. You can also set up your own private registry as well, but the reality is that people often pull images from these public registries.
|
||||||
|
|
||||||
|
### Images, immutability and versioning
|
||||||
|
Images are what make containers, well, containers. Containers made from the same image should behave similary on different machines. Images can have **tags**, which are useful for software versioning. The usage of generic tags such as `latest` is often discouraged because it defeats the purpose of the expected behavior of the container. Tags are not necessarily immutable by design, and they shouldn't be (more on that below). **Digest**, however, is the attribute of an immutable image, and is often generated with the SHA-256 algorithm.
|
||||||
|
|
||||||
|
```
|
||||||
|
docker.io/library/golang:1.17.1@sha256:232a180dbcbcfa7250917507f3827d88a9ae89bb1cdd8fe3ac4db7b764ebb25
|
||||||
|
^ ^ ^ ^
|
||||||
|
| | | |
|
||||||
|
Registry Image Tag Digest (immutable)
|
||||||
|
```
|
||||||
|
|
||||||
|
Now onto why tags shouldn't be immutable: as written above, containers bring us an abstraction over the OS dependencies that are used by the packaged software. That is nice indeed, but this shouldn't lure us into believing that we can forget security updates. The fact is, **there is still a whole OS to care about**, and we can't just think of the container as a simple package tool for software.
|
||||||
|
|
||||||
|
For these reasons, good practices were established:
|
||||||
|
- An image should be as minimal as possible (Alpine Linux, or scratch/distroless).
|
||||||
|
- An image, with a given tag, should be regularly built, without cache to ensure all layers are freshly built.
|
||||||
|
- An image should be rebuilt when the images it's based on are updated.
|
||||||
|
|
||||||
|
### A minimal base system
|
||||||
|
[Alpine Linux](https://alpinelinux.org/) is often the choice for official images for the first reason. This is not a typical Linux distribution as it uses musl as its C library, but it works quite well. Actually, I'm quite fond of Alpine Linux and `apk` (its package manager). If a supervision suite is needed, I'd look into `s6`. If you need a glibc distribution, Debian provides slim variants for lightweight base images. We can do even better than using Alpine by using **distroless images**, allowing us to have state-of-the-art application containers.
|
||||||
|
|
||||||
|
"Distroless" is a fancy name referring to an image with a minimal set of dependencies, from none (for fully static binaries) to some common libraries (typically the C library). Google maintains [distroless images](https://github.com/GoogleContainerTools/distroless) you can use as a base for your own images. If you were wondering, the difference with `scratch` (empty starting point) is that distroless images contain common dependencies that "almost-statically compiled" binaries may need, such as `ca-certificates`.
|
||||||
|
|
||||||
|
However, distroless images are not suited for every application. In my experience though, distroless is an excellent option with pure Go binaries. Going with minimal images drastically reduces the available attack surface in the container. For example, here's a [multi-stage Dockerfile](https://docs.docker.com/develop/develop-images/multistage-build/) resulting in a minimal non-root image for a simple Go project:
|
||||||
|
|
||||||
|
```
|
||||||
|
FROM golang:alpine as build
|
||||||
|
WORKDIR /app
|
||||||
|
COPY . .
|
||||||
|
RUN CGO_ENABLED=0 go mod -o /my_app cmd/my_app
|
||||||
|
|
||||||
|
FROM gcr.io/distroless/static
|
||||||
|
COPY --from=build /my_app /
|
||||||
|
USER nobody
|
||||||
|
ENTRYPOINT ["/my_app"]
|
||||||
|
```
|
||||||
|
|
||||||
|
The main drawback of using minimal images is the lack of tools that help with debugging, which also constitute the very attack surface we're trying to get rid of. The trade-off is probably not worth the hassle for development-focused containers, and if you're running such images in production, you have to be confident enough to operate with them. Note that the `gcr.io/distroless` images have a `:debug` tag to help in that regard.
|
||||||
|
|
||||||
|
### Keeping images up-to-date
|
||||||
|
The two other points are highly problematic, because most software vendors just publish an image on release, and forget about it. You should take it up to them if you're running images that are versioned but not regularly updated. I'd say running scheduled builds **once a week** is the bare minimum to make sure dependencies stay up-to-date. Alpine Linux is a better choice than most other "stable" distributions because it usually has more recent packages.
|
||||||
|
|
||||||
|
Stable distributions often rely on backporting security fixes from CVEs, which is known to be a flawed approach to security since CVEs aren't always assigned or even taken care of. Alpine has more recent packages, and it has versioning, so it's once again a particulary good choice as long as `musl` doesn't cause issues.
|
||||||
|
|
||||||
|
### Is it really a security nightmare?
|
||||||
|
When people say Docker is a security nightmare because of that, that's a fair point. On a traditional system, you could upgrade your whole system with a single command or two. With Docker, you'll have to recreate several containers... if the images were kept up-to-date in the first place. Recreating itself is not a big deal actually: hot upgrades of binaries and libraries often require the services that use them to restart, otherwise they could still use an old (and vulnerable) version of them in memory. But yeah, the fact is most people are running outdated containers, and more often than not, they don't have the choice if they rely on third-party images.
|
||||||
|
|
||||||
|
[Trivy](https://github.com/aquasecurity/trivy) is an excellent tool to scan images for a subset of **known vulnerabilities** an image might have. You should play with it and see for yourself how outdated many publicly available images are.
|
||||||
|
|
||||||
|
### Supply-chain attacks
|
||||||
|
As with any code downloaded from a software vendor, OCI images are not exempt from supply-chain attacks. The good practice is quite simple: rely on official images, and ideally build and maintain your own images. One should definitely not automatically trust random third-party images they can find on Docker Hub. Half of these images, if not more, contain vulnerabilities, and I bet a good portion of them contains malwares [such as miners](https://www.trendmicro.com/vinfo/fr/security/news/virtualization-and-cloud/malicious-docker-hub-container-images-cryptocurrency-mining) or worse.
|
||||||
|
|
||||||
|
As an image maintainer, you can sign your images to improve the authenticity assurance. Most official images make use of [Docker Content Trust](https://docs.docker.com/engine/security/trust/), which works with a OCI registry attached to a [Notary server](https://github.com/notaryproject/notary). With the Docker toolset, setting the environment variable `DOCKER_CONTENT_TRUST=1` enforces signature verification (a signature is only good if it's checked in the first place). The SigStore initiative is developing [cosign](https://github.com/sigstore/cosign), an alternative that doesn't require a Notary server because it works with features already provided by the registry such as tags. Kubernetes users may be interested in [Connaisseur](https://github.com/sse-secure-systems/connaisseur) to ensure all signatures have been validated.
|
||||||
|
|
||||||
|
## Leave my root alone!
|
||||||
|
|
||||||
|
### Attack surface
|
||||||
|
Traditionally, Docker runs as a daemon owned by root. That also means that root in the container is actually the root on the host and may be a few commands away from compromising the host. More generally, the attacker has to exploit the available attack surface to escape the container. There is a huge attack surface, actually: the Linux kernel. [Someone wise once said](https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability):
|
||||||
|
|
||||||
|
> The kernel can effectively be thought of as the largest, most vulnerable setuid root binary on the system.
|
||||||
|
|
||||||
|
That applies particulary to traditional containers which weren't designed to provide a robust level of isolation. A recent example was [CVE-2022-0492](https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/): the attacker could abuse root in the container to exploit cgroups v1, and compromise the host. Of course defense-in-depth measures would have prevented that, and we'll mention them. But fundamentally, container escapes are possible by design.
|
||||||
|
|
||||||
|
Breaking out via the OCI runtime `runc` is also possible, although [CVE-2019-5736](https://unit42.paloaltonetworks.com/breaking-docker-via-runc-explaining-cve-2019-5736/) was a particularly nasty bug. The attacker had to gain access to root in the container first in order to access `/proc/[runc-pid]/exe`, which indicates them where to overwrite the `runc` binary.
|
||||||
|
|
||||||
|
Good practices have been therefore established:
|
||||||
|
- Avoid using root in the container, plain and simple.
|
||||||
|
- Keep the host kernel, Docker and the OCI runtime updated.
|
||||||
|
- Consider the usage of user namespaces.
|
||||||
|
|
||||||
|
By the way, it goes without saying that any user who has access to the Docker daemon should be considered as privileged as root. Mounting the Docker socket (`/var/run/docker.sock`) in a container makes it highly privileged, and so it should be avoided. The socket should only be owned by root, and if that doesn't work with your environment, use Docker rootless or Podman.
|
||||||
|
|
||||||
|
### Avoiding root
|
||||||
|
root can be avoided in different ways in the final container:
|
||||||
|
- Image creation time: setting the `USER` instruction in the Dockerfile.
|
||||||
|
- Container creation time: via the tools available (`user:` in the Compose file).
|
||||||
|
- Container runtime: degrading privileges with entrypoints scripts (`gosu UID:GID`).
|
||||||
|
|
||||||
|
Well-made images with security in mind will have a `USER` instruction. In my experience, most people will run images blindly, so it's good harm reduction. Setting the user manually works in some images that aren't designed without root in mind, and it's also great to mitigate some *scenarii* where the image is controlled by an attacker. You also won't have surprises when mounting volumes, so I highly recommend setting the user explicitly and make sure volume permissions are correct once.
|
||||||
|
|
||||||
|
Some images allow users to define their own user with UID/GID environment variables, with an entrypoint script that runs as root and takes care of the volume permissions before dropping privileges. While technically fine, it is still attack surface, and it requires the `SETUID`/`SETGID` capabilities to be available in the container.
|
||||||
|
|
||||||
|
### User namespaces: sandbox or paradox?
|
||||||
|
As mentioned just above, [user namespaces](https://www.man7.org/linux/man-pages/man7/user_namespaces.7.html) are a solution to ensure root in the container is not root on the host. Docker supports user namespaces, for instance you could set the default mapping in `/etc/docker/daemon.json`:
|
||||||
|
|
||||||
|
```
|
||||||
|
"userns-remap": "default"
|
||||||
|
```
|
||||||
|
|
||||||
|
`whoami && sleep 60` in the container will return root, but `ps -fC sleep` on the host will show us the PID of another user. That is nice, but it has limitations and therefore shouldn't be considered as a real sandbox. In fact, the paradox is that [user namespaces are attack surface](https://lists.archlinux.org/pipermail/arch-general/2017-February/043066.html) (and vulnerabilities are still being found [years later](https://www.openwall.com/lists/oss-security/2022/01/29/1)), and it's common wisdom to restrict them to privileged users (`kernel.unprivileged_userns_clone=0`). That is fine for Docker with its traditional root daemon, but Podman expects you to let unprivileged users interact with user namespaces (so essentially privileged code).
|
||||||
|
|
||||||
|
Enabling `userns-remap` in Docker shouldn't be a substitute for running unprivileged application containers (where applicable). User namespaces are mostly useful if you intend to run full-fledged OS containers which need root in order to function, but that is out of the scope of the container technologies mentioned in this article; for them, I'd argue exposing such a vulnerable attack surface from the host kernel for dubious sandboxing benefits isn't an interesting trade-off to make.
|
||||||
|
|
||||||
|
### The no_new_privs bit
|
||||||
|
After ensuring root isn't used in your containers, you should look into setting the `no_new_privs` bit. [This Linux feature](https://docs.kernel.org/userspace-api/no_new_privs.html) restricts syscalls such as `execve()` from granting privileges, which is what you want to restrict in-container privilege escalation. This flag can be set for a given container in a Compose file:
|
||||||
|
|
||||||
|
```
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges: true
|
||||||
|
```
|
||||||
|
|
||||||
|
Gaining privileges in the container will be much harder that way.
|
||||||
|
|
||||||
|
### Capabilities
|
||||||
|
Furthermore, we should mention capabilities: root powers are divided into distinct units by the Linux kernel, called capabilities. Each granted capability also grants privilege and therefore access to a significant amount of attack surface. Security researcher Brad Spengler enumerates [19 important capabilities](https://forums.grsecurity.net/viewtopic.php?f=7&t=2522#p10271). Docker **restricts certain capabilities by default**, but [some of the most important ones](https://github.com/moby/moby/blob/1308a3a99faa13ff279dcb4eb5ad23aee3ab5cdb/oci/caps/defaults.go) are still available to a container by default.
|
||||||
|
|
||||||
|
You should consider the following rule of thumb:
|
||||||
|
- Drop all capabilities by default.
|
||||||
|
- Allow only the ones you really need to.
|
||||||
|
|
||||||
|
If you already run your containers unprivileged without root, your container will very likely work fine with all capabilities dropped. That can be done in a Compose file:
|
||||||
|
|
||||||
|
```
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
#cap_add:
|
||||||
|
# - CHOWN
|
||||||
|
# - DAC_READ_SEARCH
|
||||||
|
# - SETUID
|
||||||
|
# - SETGID
|
||||||
|
```
|
||||||
|
Never use the `--privileged` option unless you really need to: a privileged container is given access to almost all capabilities, kernel features and devices.
|
||||||
|
|
||||||
|
## Other security features
|
||||||
|
MACs and seccomp are robust tools that may vastly improve container security.
|
||||||
|
|
||||||
|
### Mandatory Access Control
|
||||||
|
MAC stand for Mandatory Access Control: traditionnally a Linux Security Module that will enforce a policy to restrict the userspace. Examples are **AppArmor** and **SELinux**: the former being more easy-to-use, the later being more fine-grained. Both are strong tools that can help... Yet, their sole presence does not mean they're really effective. A robust policy starts from a *deny all* policy, and only allows the necessary resources to be accessed.
|
||||||
|
|
||||||
|
### seccomp
|
||||||
|
seccomp (short for secure computing mode) on the other hand is a much simpler and complementary tool, and there is no reason not to use it. What it does is restricting a process to a set of system calls, thus drastically reducing the attack surface available.
|
||||||
|
|
||||||
|
Docker provides default profiles for [AppArmor](https://github.com/moby/moby/tree/85eaf23bf46b12827273ab2ff523c753117dbdc7/profiles/apparmor) and [seccomp](https://github.com/moby/moby/blob/85eaf23bf46b12827273ab2ff523c753117dbdc7/profiles/seccomp/default.json), and they're enabled by default for newly created containers unless the `unconfined` option is explicitly passed. Note: Kubernetes doesn't enable the default seccomp profile by default, so you should probably [try it](https://kubernetes.io/docs/tutorials/security/seccomp/#enable-the-use-of-runtimedefault-as-the-default-seccomp-profile-for-all-workloads).
|
||||||
|
|
||||||
|
These profiles are a great start, but you should do much more if you take security seriously, because they were made to not break compatibility with a large range of images. The default seccomp profile only disables [around 44 syscalls](https://docs.docker.com/engine/security/seccomp/#significant-syscalls-blocked-by-the-default-profile), which are mostly not very common and/or obsoleted. Of course, the best profile you can get is supposed to be written for a given program. It also doesn't make sense to insist on the permissiveness of the default profiles, and [a lof of work has gone](https://blog.jessfraz.com/post/containers-security-and-echo-chambers/) into hardening containers.
|
||||||
|
|
||||||
|
### cgroups
|
||||||
|
Use cgroups to restrict access to hardware and system resources. You likely don't want a guest container to monopolize the host resources. You also don't want to be vulnerable to stupid fork bomb attacks. In a Compose file, consider setting these limits:
|
||||||
|
|
||||||
|
```
|
||||||
|
mem_limit: 4g
|
||||||
|
cpus: 4
|
||||||
|
pids_limit: 256
|
||||||
|
```
|
||||||
|
|
||||||
|
More runtime options can be found in [the official documentation](https://docs.docker.com/config/containers/resource_constraints/). All of them should have a [Compose spec](https://github.com/compose-spec/compose-spec/blob/master/spec.md) equivalent.
|
||||||
|
|
||||||
|
The `--cgroup-parent` option should be avoided as it uses the host cgroup and not the one configured from Docker (or else), which is the default.
|
||||||
|
|
||||||
|
### Read-only filesystem
|
||||||
|
It is good practice to treat the image as some refer to as the "golden image".
|
||||||
|
|
||||||
|
In other words, you'll run containers in *read-only* mode, with an immutable filesystem inherited from the image. Only the mounted volumes will be read/write accessible, and those should ideally be mounted with the `noexec`, `nosuid` and `nodev` options for extra security. If read/write access isn't needed, mount these volumes as read-only too.
|
||||||
|
|
||||||
|
However, the image may not be perfect and still require read/write access to some parts of the filesystem, likely directories such as `/tmp`, `/run` or `/var`. You can make a **tmpfs** for those (a temporary filesystem in the container attributed memory), because they're not persistent data anyway.
|
||||||
|
|
||||||
|
In a Compose file, that would look like the following settings:
|
||||||
|
|
||||||
|
```
|
||||||
|
read_only: true
|
||||||
|
tmpfs:
|
||||||
|
- /tmp:size=10M,mode=0770,uid=1000,gid=1000,noexec,nosuid,nodev
|
||||||
|
```
|
||||||
|
|
||||||
|
That is quite verbose indeed, but that's to show you the different options for a tmpfs mount. You want to restrict them in size and permissions ideally.
|
||||||
|
|
||||||
|
### Network isolation
|
||||||
|
By default, all Docker containers will use the default network bridge. They will see and be able to communicate with each other. Each container should have its own user-defined bridge network, and each connection between containers should have an internal network. If you intend to run a reverse proxy in front of several containers, you should make a dedicated network for each container you want to expose to the reverse proxy.
|
||||||
|
|
||||||
|
The `--network host` option also shouldn't be used for obvious reasons since the container would share the same network as the host, providing no isolation at all.
|
||||||
|
|
||||||
|
## Alternative runtimes (gVisor)
|
||||||
|
`runc` is the reference OCI runtime, but that means other runtimes can exist as well as long as they're compliant with the OCI standard. These runtimes can be interchanged quite seamlessly. There's a few alternatives, such as [crun](https://github.com/containers/crun) or [youki](https://github.com/containers/youki), respectively implemented in C and Rust (`runc` is a Go implementation). However, there is one particular runtime that does a lot more for security: `runsc`, provided by the [gVisor project](https://gvisor.dev/) by the folks at Google.
|
||||||
|
|
||||||
|
**Containers are not a sandbox**, and while we can improve their security, they will fundamentally share a common attack surface with the host. Virtual machines are a solution to that problem, but you might prefer container semantics and ecosystem. gVisor can be perceived as an attempt to get the "best of both worlds": containers that are easy to manage while providing a native isolation boundary. gVisor did just that by implementing two things:
|
||||||
|
|
||||||
|
- **Sentry**: an application kernel in Go, a language known to be memory-safe. It implements the Linux logic in userspace such as various system calls.
|
||||||
|
- **Gofer**: a host process which communicates with Sentry and the host filesystem, since Sentry is restricted in that aspect.
|
||||||
|
|
||||||
|
A platform like ptrace or KVM is used to intercept system calls and redirect them from the application to Sentry, which is running in the userspace. This has some costs: there is a higher per-syscall overhead, and compatibility is reduced since not all syscalls are implemented. On top of that, gVisor employs security mechanisms we've glanced over above, such as a [very restrictive seccomp profile](https://github.com/google/gvisor/blob/86ad7d5b5838da1b539e976886d04b93c939ca3d/runsc/boot/filter/config.go) between Sentry and the host kernel, the [no_new_privs bit](https://github.com/google/gvisor/blob/6ef268409620c57197b9d573e23be8cb05dbf381/pkg/sentry/kernel/task_identity.go#L464), and isolated namespaces from the host.
|
||||||
|
|
||||||
|
The security model of gVisor is comparable to what you would expect from a virtual machine. It is also very easy to [install and use](https://gvisor.dev/docs/user_guide/install/). The path to runsc along with its different configuration flags (`runsc flags`) should be added to `/etc/docker/daemon.json`:
|
||||||
|
|
||||||
|
```
|
||||||
|
"runtimes": {
|
||||||
|
"runsc-ptrace": {
|
||||||
|
"path": "/usr/local/bin/runsc",
|
||||||
|
"runtimeArgs": [
|
||||||
|
"--platform=ptrace"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"runsc-kvm": {
|
||||||
|
"path": "/usr/local/bin/runsc",
|
||||||
|
"runtimeArgs": [
|
||||||
|
"--platform=kvm"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`runsc` needs to start with root to set up some mitigations, including the use of its own network stack separated from the host. The sandbox itself drops privileges to nobody as soon as possible. You can still use `runsc` rootless if you want (which should be needed for Podman):
|
||||||
|
|
||||||
|
```
|
||||||
|
./runsc --rootless do uname -a
|
||||||
|
*** Warning: sandbox network isn't supported with --rootless, switching to host ***
|
||||||
|
Linux 4.4.0 #1 SMP Sun Jan 10 15:06:54 PST 2016 x86_64 GNU/Linux
|
||||||
|
```
|
||||||
|
|
||||||
|
Linux 4.4.0 is shown because that is the version of the Linux API that Sentry tries to mimic. As you've probably guessed, you're not really using Linux 4.4.0, but the application kernel that behaves like it. By the way, gVisor is of course compatible with cgroups.
|
||||||
|
|
||||||
|
## Conclusion: what's a container after all?
|
||||||
|
Like I wrote above, a container is mostly defined by its semantics and ecosystem. Containers shouldn't be solely defined by the OCI reference runtime implementation, as we've seen with gVisor that provides an entirely different security model.
|
||||||
|
|
||||||
|
Still not convinced? What if I told you a container can leverage the same technologies as a virtual machine? That is exactly what [Kata Containers](https://katacontainers.io/) does by using a VMM like QEMU-lite to provide containers that are in fact lightweight virtual machines, with their traditional resources and security model, compatibility with container semantics and toolset, and an optimized overhead. While not in the OCI ecosystem, Amazon achieves quite the same with [Firecracker](https://firecracker-microvm.github.io/).
|
||||||
|
|
||||||
|
If you're running untrusted workloads, I highly suggest you consider gVisor instead of a traditional container runtime. Your definition of "untrusted" may vary: for me, almost everything should be considered untrusted. That is how modern security works, and how mobile operating systems work. It's quite simple, security should be simple, and gVisor simply offers native security.
|
||||||
|
|
||||||
|
Containers are a popular, yet strange world. They revolutionized the way we make and deploy software, but one should not loose the sight of what they really are and aren't. This hardening guide is non-exhaustive, but I hope it can make you aware of some aspects you've never thought of.
|
@ -8,3 +8,16 @@ There is a common misconception among privacy communities that Linux is one of t
|
|||||||
|
|
||||||
There is already a very in-depth technical blog explaining the various security weaknesses of Linux by Madaidan, [Whonix](https://www.whonix.org/)'s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post. You can find the original article [here](https://madaidans-insecurities.github.io/linux.html).
|
There is already a very in-depth technical blog explaining the various security weaknesses of Linux by Madaidan, [Whonix](https://www.whonix.org/)'s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post. You can find the original article [here](https://madaidans-insecurities.github.io/linux.html).
|
||||||
|
|
||||||
|
### Why is Linux used on servers if it is so insecure?
|
||||||
|
|
||||||
|
On servers, while most of the problems referenced in the article still exists, they are somewhat less problematic.
|
||||||
|
|
||||||
|
On Desktop Linux, GUI applications run under your user, and thus have access to all of your files in `/home`. This is in contrast to how system daemons typically run on servers, where they have their own group and user. For example, NGINX will run under `nginx:nginx` on Red Hat distributions, or `www-data:www-data` on Debian based ones. Discreationary Access Control does help with filesystem access control for server processes, but is useless for desktop applications.
|
||||||
|
|
||||||
|
Another thing to keep in mind is that Mandatory Access Control is also somewhat effective on servers, as commonly run system daemons are confined.
|
||||||
|
|
||||||
|
Work in progress
|
||||||
|
|
||||||
|
### Can't Linux be configured to be most secure operating system?
|
||||||
|
|
||||||
|
### Isn't it impossible to backdoor Linux because it is open source?
|
74
content/os/Securing OpenSSH with FIDO2.md
Normal file
74
content/os/Securing OpenSSH with FIDO2.md
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
---
|
||||||
|
title: "Securing OpenSSH with FIDO2"
|
||||||
|
tags: ['operating systems', 'linux', 'security']
|
||||||
|
author: Wonderfall
|
||||||
|
canonicalURL: https://wonderfall.dev/openssh-fido2/
|
||||||
|
ShowCanonicalLink: true
|
||||||
|
---
|
||||||
|
|
||||||
|
Passwordless authentication with OpenSSH keys has been the *de facto* security standard for years. SSH keys are more robust since they're cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They're also easier to manage while enabling a form of decentralized authentication (it's easy and painless to revoke them). So, what's the next step? And more exactly, why would one need something even better?
|
||||||
|
|
||||||
|
|
||||||
|
## Why?
|
||||||
|
|
||||||
|
The main problem with SSH keys is that they're not magic: they consist of a key pair, of which the private key is stored on your disk. You should be wary of various exfiltration attempts, depending on your theat model:
|
||||||
|
|
||||||
|
- If your disk is not encrypted, any physical access could compromise your keys.
|
||||||
|
- If your private key isn't encrypted, malicious applications could compromise it.
|
||||||
|
- Even with both encrypted, malicious applications could register your keystrokes.
|
||||||
|
|
||||||
|
All these attempts are particularly a thing on desktop platforms, because they don't have a proper sandboxing model. On Windows, non-UWP apps could likely have full access to your `.ssh` directory. On desktop Linux distributions, sandboxing is also lacking, and the situation is even worse if you're using X.org since it allows apps to spy on each other (and on your keyboard) by design. A first good step would be to only use SSH from a trusted & decently secure system.
|
||||||
|
|
||||||
|
Another layer of defense would obviously be multi-factor authentification, or the fact that you're relying on a shared secret instead. We can use FIDO2 security keys for that. That way, even if your private key is compromised, the attacker needs physical access to your security key. TOTP is another common 2FA technique, but it's vulnerable to various attacks, and relies on the quality of the implementation on the server.
|
||||||
|
|
||||||
|
|
||||||
|
## How?
|
||||||
|
|
||||||
|
Fortunately for us, [OpenSSH 8.2](https://www.openssh.com/txt/release-8.2) (released in February 2020) introduced native support for FIDO2/U2F. Most OpenSSH distributions should have the middleware set to use the `libfido2` library, including portable versions such as the one [for Win32](https://github.com/PowerShell/Win32-OpenSSH).
|
||||||
|
|
||||||
|
Basically, `ssh-keygen -t ${key_type}-sk` will generate for us a token-backed key pair. The key types that are supported depend on your security key. Newer models should support both ECDSA-P256 (`ecdsa-sk`) and Ed25519 (`ed25519-sk`). If the latter is available, you should prefer it.
|
||||||
|
|
||||||
|
### Client configuration
|
||||||
|
To get started:
|
||||||
|
|
||||||
|
```
|
||||||
|
ssh-keygen -t ed25519-sk
|
||||||
|
```
|
||||||
|
|
||||||
|
This will generate a `id_ed25519_sk` private key and a `id_ed25519_sk.pub` public key in `.ssh`. These are defaults, but you can change them if you want. We will call this key pair a "handle", because they're not sufficient by themselves to derive the real secret (as you guessed it, the FIDO2 token is needed). `ssh-keygen` should ask you to touch the key, and enter the PIN prior to that if you did set one (you probably should).
|
||||||
|
|
||||||
|
You can also generate a **resident key** (referred to as *discoverable credential* in the WebAuthn specification):
|
||||||
|
|
||||||
|
```
|
||||||
|
ssh-keygen -t ed25519-sk -O resident -O application=ssh:user1
|
||||||
|
```
|
||||||
|
|
||||||
|
As you can see, a few options must be specified:
|
||||||
|
|
||||||
|
- `-O resident` will tell `ssh-keygen` to generate a resident key, meaning that the private "handle" key will also be stored on the security key itself. This has security implications, but you may want that to move seamlessly between different computers. In that case, you should absolutely protect your key with a PIN beforehand.
|
||||||
|
- `-O application=ssh:` is necessary to instruct that the resident key will use a particular slot, because the security key will have to index the resident keys (by default, they use `ssh:` with an empty user ID). If this is not specificed, the next key generation might overwrite the previous one.
|
||||||
|
- `-O verify-required` is optional but instructs that a PIN is required to generate/access the key.
|
||||||
|
|
||||||
|
Resident keys can be retrieved using `ssh-keygen -K` or `ssh-add -K` if you don't want to write them to the disk.
|
||||||
|
|
||||||
|
### Server configuration
|
||||||
|
Next, transfer your public key over to the server (granted you have already access to it with a regular key pair):
|
||||||
|
|
||||||
|
```
|
||||||
|
ssh-copy-id -i ~/.ssh/id_ed25519_sk.pub user@server.domain.tld
|
||||||
|
```
|
||||||
|
|
||||||
|
*Ta-da!* But one last thing: we need to make sure the server supports this public key format in `sshd_config`:
|
||||||
|
|
||||||
|
```
|
||||||
|
PubkeyAcceptedKeyTypes ssh-ed25519,sk-ssh-ed25519@openssh.com
|
||||||
|
```
|
||||||
|
|
||||||
|
Adding `sk-ssh-ed25519@openssh.com` to `PubkeyAcceptedKeyTypes` should suffice. It's best practice to only use the cryptographic primitives that you need, and hopefully ones that are also modern. This isn't a full-on SSH hardening guide, but you should take a look at the [configuration file GrapheneOS uses](https://github.com/GrapheneOS/infrastructure/blob/main/sshd_config) for their servers to give you an idea on a few good practices.
|
||||||
|
|
||||||
|
Restart the `sshd` service and try to connect to your server using your key handle (by passing `-i ~/.ssh/id_ed25519_sk` to `ssh` for instance). If that works for you (your FIDO2 security key should be needed to derive the real secret), feel free to remove your previous keys from `.ssh/authorized_keys` on your server.
|
||||||
|
|
||||||
|
## That's cool, right?
|
||||||
|
If you don't have a security key, you can buy one from [YubiKey](https://www.yubico.com/fr/store/) (I'm very happy with my 5C NFC by the way), [Nitrokey](https://www.nitrokey.com/), [SoloKeys](https://solokeys.com/) or [OnlyKey](https://onlykey.io/) (to name a few). If you have an Android device with a hardware security module (HSM), such as the Google Pixels equipped with Titan M (Pixel 3+), you could even use them as bluetooth security keys.
|
||||||
|
|
||||||
|
*No reason to miss out on the party if you can afford it!*
|
@ -1,3 +0,0 @@
|
|||||||
---
|
|
||||||
title: Software
|
|
||||||
---
|
|
@ -1,11 +1,34 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
#F-Droid Issues Blog
|
#F-Droid Security Analysis
|
||||||
rm -rf './content/software/F-Droid Security Analysis.md'
|
rm -rf './content/apps/F-Droid Security Analysis.md'
|
||||||
curl https://raw.githubusercontent.com/Wonderfall/wonderfall.github.io/main/content/posts/fdroid-issues.md -o './content/software/F-Droid Security Analysis.md'
|
curl https://raw.githubusercontent.com/Wonderfall/wonderfall.github.io/main/content/posts/fdroid-issues.md -o './content/apps/F-Droid Security Analysis.md'
|
||||||
sed -i 's/title: "A brief and informal analysis of F-Droid security"/title: "F-Droid Security Analysis"/' './content/software/F-Droid Security Analysis.md'
|
sed -i 's/title:.*/title: "F-Droid Security Analysis"/' './content/apps/F-Droid Security Analysis.md'
|
||||||
sed -i '/draft: false/d' './content/software/F-Droid Security Analysis.md'
|
sed -i '/date:.*/d' './content/apps/F-Droid Security Analysis.md'
|
||||||
sed -i "s/tags:.*/tags: ['software', 'android', 'security']/" './content/software/F-Droid Security Analysis.md'
|
sed -i '/draft:.*/d' './content/apps/F-Droid Security Analysis.md'
|
||||||
sed -i '/^tags:.*/a ShowCanonicalLink: true' './content/software/F-Droid Security Analysis.md'
|
sed -i "s/tags:.*/tags: ['applications', 'android', 'security']/" './content/apps/F-Droid Security Analysis.md'
|
||||||
sed -i '/^tags:.*/a canonicalURL: https://wonderfall.dev/fdroid-issues' './content/software/F-Droid Security Analysis.md'
|
sed -i '/^tags:.*/a ShowCanonicalLink: true' './content/apps/F-Droid Security Analysis.md'
|
||||||
sed -i '/^tags:.*/a author: Wonderfall' './content/software/F-Droid Security Analysis.md'
|
sed -i '/^tags:.*/a canonicalURL: https://wonderfall.dev/fdroid-issues' './content/apps/F-Droid Security Analysis.md'
|
||||||
|
sed -i '/^tags:.*/a author: Wonderfall' './content/apps/F-Droid Security Analysis.md'
|
||||||
|
|
||||||
|
#Docker and OCI Hardening
|
||||||
|
rm -rf './content/os/Docker and OCI Hardening.md'
|
||||||
|
curl https://raw.githubusercontent.com/Wonderfall/wonderfall.github.io/main/content/posts/docker-hardening.md -o './content/os/Docker and OCI Hardening.md'
|
||||||
|
sed -i 's/title:.*/title: "Docker and OCI Hardening"/' './content/os/Docker and OCI Hardening.md'
|
||||||
|
sed -i '/date:.*/d' './content/os/Docker and OCI Hardening.md'
|
||||||
|
sed -i '/draft:.*/d' './content/os/Docker and OCI Hardening.md'
|
||||||
|
sed -i "s/tags:.*/tags: ['operating systems', 'linux', 'container', 'security']/" './content/os/Docker and OCI Hardening.md'
|
||||||
|
sed -i '/^tags:.*/a ShowCanonicalLink: true' './content/os/Docker and OCI Hardening.md'
|
||||||
|
sed -i '/^tags:.*/a canonicalURL: https://wonderfall.dev/docker-hardening/' './content/os/Docker and OCI Hardening.md'
|
||||||
|
sed -i '/^tags:.*/a author: Wonderfall' './content/os/Docker and OCI Hardening.md'
|
||||||
|
|
||||||
|
#Securing OpenSSH with FIDO2
|
||||||
|
rm -rf './content/os/Securing OpenSSH with FIDO2.md'
|
||||||
|
curl https://raw.githubusercontent.com/Wonderfall/wonderfall.github.io/main/content/posts/openssh-fido2.md -o './content/os/Securing OpenSSH with FIDO2.md'
|
||||||
|
sed -i 's/title:.*/title: "Securing OpenSSH with FIDO2"/' './content/os/Securing OpenSSH with FIDO2.md'
|
||||||
|
sed -i '/date:.*/d' './content/os/Securing OpenSSH with FIDO2.md'
|
||||||
|
sed -i '/draft:.*/d' './content/os/Securing OpenSSH with FIDO2.md'
|
||||||
|
sed -i "s/tags:.*/tags: ['operating systems', 'linux', 'security']/" './content/os/Securing OpenSSH with FIDO2.md'
|
||||||
|
sed -i '/^tags:.*/a ShowCanonicalLink: true' './content/os/Securing OpenSSH with FIDO2.md'
|
||||||
|
sed -i '/^tags:.*/a canonicalURL: https://wonderfall.dev/openssh-fido2/' './content/os/Securing OpenSSH with FIDO2.md'
|
||||||
|
sed -i '/^tags:.*/a author: Wonderfall' './content/os/Securing OpenSSH with FIDO2.md'
|
BIN
public/.DS_Store
vendored
Normal file
BIN
public/.DS_Store
vendored
Normal file
Binary file not shown.
@ -1,4 +1,4 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>404 Page not found | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/404.html><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="404 Page not found"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/404.html"><meta name=twitter:card content="summary"><meta name=twitter:title content="404 Page not found"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><div class=not-found>404</div></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>404 Page not found | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/404.html><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="404 Page not found"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/404.html"><meta name=twitter:card content="summary"><meta name=twitter:title content="404 Page not found"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><div class=not-found>404</div></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
File diff suppressed because one or more lines are too long
41
public/apps/f-droid-security-analysis/index.html
Normal file
41
public/apps/f-droid-security-analysis/index.html
Normal file
File diff suppressed because one or more lines are too long
7
public/apps/index.html
Normal file
7
public/apps/index.html
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Applications | PrivSec.dev</title><meta name=keywords content><meta name=description content="Applications - PrivSec.dev"><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/apps/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/apps/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Applications"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/apps/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Applications"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":2,"name":"Applications","item":"https://privsec.dev/apps/"}]}</script></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span class=active>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a></div><h1>Applications
|
||||||
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class=post-entry><header class=entry-header><h2>F-Droid Security Analysis</h2></header><div class=entry-content><p>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
|
Before we start, a few things to keep in mind:
|
||||||
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....</p></div><footer class=entry-footer>25 min · 5298 words · Wonderfall</footer><a class=entry-link aria-label="post link to F-Droid Security Analysis" href=https://privsec.dev/apps/f-droid-security-analysis/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
|
<span>Powered by
|
||||||
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
20
public/apps/index.xml
Normal file
20
public/apps/index.xml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
|
||||||
|
<channel>
|
||||||
|
<title>Applications on PrivSec.dev</title>
|
||||||
|
<link>https://privsec.dev/apps/</link>
|
||||||
|
<description>Recent content in Applications on PrivSec.dev</description>
|
||||||
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/apps/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
<item>
|
||||||
|
<title>F-Droid Security Analysis</title>
|
||||||
|
<link>https://privsec.dev/apps/f-droid-security-analysis/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/apps/f-droid-security-analysis/</guid>
|
||||||
|
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
|
Before we start, a few things to keep in mind:
|
||||||
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
</channel>
|
||||||
|
</rss>
|
1
public/apps/page/1/index.html
Normal file
1
public/apps/page/1/index.html
Normal file
@ -0,0 +1 @@
|
|||||||
|
<!doctype html><html lang=en><head><title>https://privsec.dev/apps/</title><link rel=canonical href=https://privsec.dev/apps/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://privsec.dev/apps/"></head></html>
|
@ -1,4 +1,4 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Categories | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/categories/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/categories/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Categories"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/categories/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Categories"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><h1>Categories</h1></header><ul class=terms-tags></ul></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Categories | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/categories/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/categories/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Categories"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/categories/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Categories"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><h1>Categories</h1></header><ul class=terms-tags></ul></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
File diff suppressed because one or more lines are too long
BIN
public/fedora-screenshot.png
Normal file
BIN
public/fedora-screenshot.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 424 KiB |
File diff suppressed because one or more lines are too long
@ -4,19 +4,7 @@
|
|||||||
<title>PrivSec.dev</title>
|
<title>PrivSec.dev</title>
|
||||||
<link>https://privsec.dev/</link>
|
<link>https://privsec.dev/</link>
|
||||||
<description>Recent content on PrivSec.dev</description>
|
<description>Recent content on PrivSec.dev</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/index.xml" rel="self" type="application/rss+xml" />
|
||||||
<lastBuildDate>Sun, 02 Jan 2022 21:28:31 +0000</lastBuildDate><atom:link href="https://privsec.dev/index.xml" rel="self" type="application/rss+xml" />
|
|
||||||
<item>
|
|
||||||
<title>F-Droid Security Analysis</title>
|
|
||||||
<link>https://privsec.dev/software/f-droid-security-analysis/</link>
|
|
||||||
<pubDate>Sun, 02 Jan 2022 21:28:31 +0000</pubDate>
|
|
||||||
|
|
||||||
<guid>https://privsec.dev/software/f-droid-security-analysis/</guid>
|
|
||||||
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
|
||||||
Before we start, a few things to keep in mind:
|
|
||||||
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
|
||||||
</item>
|
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>About Us</title>
|
<title>About Us</title>
|
||||||
<link>https://privsec.dev/about/</link>
|
<link>https://privsec.dev/about/</link>
|
||||||
@ -29,6 +17,29 @@ Tommy System Administrator. Benevolent dictator for life @privsec.dev.
|
|||||||
Website: tommytran.io</description>
|
Website: tommytran.io</description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Choosing Your Desktop Linux Distribution</title>
|
||||||
|
<link>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</guid>
|
||||||
|
<description>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Docker and OCI Hardening</title>
|
||||||
|
<link>https://privsec.dev/os/docker-and-oci-hardening/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/docker-and-oci-hardening/</guid>
|
||||||
|
<description>Containers aren&rsquo;t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn&rsquo;t work&hellip;
|
||||||
|
- Sorry, it works on my computer! Can&rsquo;t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>Donate</title>
|
<title>Donate</title>
|
||||||
<link>https://privsec.dev/donate/</link>
|
<link>https://privsec.dev/donate/</link>
|
||||||
@ -38,6 +49,17 @@ Website: tommytran.io</description>
|
|||||||
<description>The domain costs us $12/year to renew from Google. We got our repository hosted for free on GitHub. We got our site hosted for free with Firebase. It costs Tommy ~$20/month to run the mail server, but that server is used for a bunch of his projects, not just PrivSec, and we doubt it will be used that much anyways. The point is, this website does not cost much to run, and as such we will not be accepting donation as a project.</description>
|
<description>The domain costs us $12/year to renew from Google. We got our repository hosted for free on GitHub. We got our site hosted for free with Firebase. It costs Tommy ~$20/month to run the mail server, but that server is used for a bunch of his projects, not just PrivSec, and we doubt it will be used that much anyways. The point is, this website does not cost much to run, and as such we will not be accepting donation as a project.</description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>F-Droid Security Analysis</title>
|
||||||
|
<link>https://privsec.dev/apps/f-droid-security-analysis/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/apps/f-droid-security-analysis/</guid>
|
||||||
|
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
|
Before we start, a few things to keep in mind:
|
||||||
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>Linux Insecurities</title>
|
<title>Linux Insecurities</title>
|
||||||
<link>https://privsec.dev/os/linux-insecurities/</link>
|
<link>https://privsec.dev/os/linux-insecurities/</link>
|
||||||
@ -58,5 +80,15 @@ There is already a very indepth technical blog explaning the various security we
|
|||||||
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification.</description>
|
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification.</description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Securing OpenSSH with FIDO2</title>
|
||||||
|
<link>https://privsec.dev/os/securing-openssh-with-fido2/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/securing-openssh-with-fido2/</guid>
|
||||||
|
<description>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they&rsquo;re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They&rsquo;re also easier to manage while enabling a form of decentralized authentication (it&rsquo;s easy and painless to revoke them). So, what&rsquo;s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they&rsquo;re not magic: they consist of a key pair, of which the private key is stored on your disk.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Knowledge Base | PrivSec.dev</title><meta name=keywords content><meta name=description content="Knowledge Base - PrivSec.dev"><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/knowledge/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/knowledge/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Knowledge Base"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/knowledge/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Knowledge Base"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":2,"name":"Knowledge Base","item":"https://privsec.dev/knowledge/"}]}</script></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span class=active>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a></div><h1>Knowledge Base
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Knowledge Base | PrivSec.dev</title><meta name=keywords content><meta name=description content="Knowledge Base - PrivSec.dev"><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/knowledge/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/knowledge/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Knowledge Base"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/knowledge/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Knowledge Base"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":2,"name":"Knowledge Base","item":"https://privsec.dev/knowledge/"}]}</script></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span class=active>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a></div><h1>Knowledge Base
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class=post-entry><header class=entry-header><h2>Multi-factor Authentication</h2></header><div class=entry-content><p>Multi-factor authentication is a security mechanism that requires additional verification beyond your username (or email) and password. This usually comes in the form of a one time passcode, a push notification, or plugging in and tapping a hardware security key.
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class=post-entry><header class=entry-header><h2>Multi-factor Authentication</h2></header><div class=entry-content><p>Multi-factor authentication is a security mechanism that requires additional verification beyond your username (or email) and password. This usually comes in the form of a one time passcode, a push notification, or plugging in and tapping a hardware security key.
|
||||||
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification....</p></div><footer class=entry-footer>6 min · 1259 words · Tommy</footer><a class=entry-link aria-label="post link to Multi-factor Authentication" href=https://privsec.dev/knowledge/multi-factor-authentication/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification....</p></div><footer class=entry-footer>6 min · 1223 words · Tommy</footer><a class=entry-link aria-label="post link to Multi-factor Authentication" href=https://privsec.dev/knowledge/multi-factor-authentication/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
63
public/os/docker-and-oci-hardening/index.html
Normal file
63
public/os/docker-and-oci-hardening/index.html
Normal file
File diff suppressed because one or more lines are too long
@ -1,6 +1,12 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Operating Systems | PrivSec.dev</title><meta name=keywords content><meta name=description content="Operating Systems - PrivSec.dev"><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/os/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/os/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Operating Systems"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/os/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Operating Systems"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":2,"name":"Operating Systems","item":"https://privsec.dev/os/"}]}</script></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span class=active>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a></div><h1>Operating Systems
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Operating Systems | PrivSec.dev</title><meta name=keywords content><meta name=description content="Operating Systems - PrivSec.dev"><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/os/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/os/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Operating Systems"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/os/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Operating Systems"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":2,"name":"Operating Systems","item":"https://privsec.dev/os/"}]}</script></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span class=active>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a></div><h1>Operating Systems
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class=post-entry><header class=entry-header><h2>Linux Insecurities</h2></header><div class=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class=post-entry><header class=entry-header><h2>Choosing Your Desktop Linux Distribution</h2></header><div class=entry-content><p>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footer class=entry-footer>1 min · 86 words · Tommy</footer><a class=entry-link aria-label="post link to Linux Insecurities" href=https://privsec.dev/os/linux-insecurities/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer....</p></div><footer class=entry-footer>7 min · 1431 words · Tommy</footer><a class=entry-link aria-label="post link to Choosing Your Desktop Linux Distribution" href=https://privsec.dev/os/choosing-your-desktop-linux-distribution/></a></article><article class=post-entry><header class=entry-header><h2>Docker and OCI Hardening</h2></header><div class=entry-content><p>Containers aren’t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn’t work…
|
||||||
|
- Sorry, it works on my computer! Can’t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries....</p></div><footer class=entry-footer>19 min · 3925 words · Wonderfall</footer><a class=entry-link aria-label="post link to Docker and OCI Hardening" href=https://privsec.dev/os/docker-and-oci-hardening/></a></article><article class=post-entry><header class=entry-header><h2>Linux Insecurities</h2></header><div class=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
|
||||||
|
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footer class=entry-footer>2 min · 238 words · Tommy</footer><a class=entry-link aria-label="post link to Linux Insecurities" href=https://privsec.dev/os/linux-insecurities/></a></article><article class=post-entry><header class=entry-header><h2>Securing OpenSSH with FIDO2</h2></header><div class=entry-content><p>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they’re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They’re also easier to manage while enabling a form of decentralized authentication (it’s easy and painless to revoke them). So, what’s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they’re not magic: they consist of a key pair, of which the private key is stored on your disk....</p></div><footer class=entry-footer>5 min · 863 words · Wonderfall</footer><a class=entry-link aria-label="post link to Securing OpenSSH with FIDO2" href=https://privsec.dev/os/securing-openssh-with-fido2/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -5,6 +5,29 @@
|
|||||||
<link>https://privsec.dev/os/</link>
|
<link>https://privsec.dev/os/</link>
|
||||||
<description>Recent content in Operating Systems on PrivSec.dev</description>
|
<description>Recent content in Operating Systems on PrivSec.dev</description>
|
||||||
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/os/index.xml" rel="self" type="application/rss+xml" />
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/os/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
<item>
|
||||||
|
<title>Choosing Your Desktop Linux Distribution</title>
|
||||||
|
<link>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</guid>
|
||||||
|
<description>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Docker and OCI Hardening</title>
|
||||||
|
<link>https://privsec.dev/os/docker-and-oci-hardening/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/docker-and-oci-hardening/</guid>
|
||||||
|
<description>Containers aren&rsquo;t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn&rsquo;t work&hellip;
|
||||||
|
- Sorry, it works on my computer! Can&rsquo;t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>Linux Insecurities</title>
|
<title>Linux Insecurities</title>
|
||||||
<link>https://privsec.dev/os/linux-insecurities/</link>
|
<link>https://privsec.dev/os/linux-insecurities/</link>
|
||||||
@ -15,5 +38,15 @@
|
|||||||
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix&rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post.</description>
|
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix&rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post.</description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Securing OpenSSH with FIDO2</title>
|
||||||
|
<link>https://privsec.dev/os/securing-openssh-with-fido2/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/securing-openssh-with-fido2/</guid>
|
||||||
|
<description>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they&rsquo;re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They&rsquo;re also easier to manage while enabling a form of decentralized authentication (it&rsquo;s easy and painless to revoke them). So, what&rsquo;s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they&rsquo;re not magic: they consist of a key pair, of which the private key is stored on your disk.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
File diff suppressed because one or more lines are too long
13
public/os/securing-openssh-with-fido2/index.html
Normal file
13
public/os/securing-openssh-with-fido2/index.html
Normal file
File diff suppressed because one or more lines are too long
@ -1,4 +1,4 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Providers | PrivSec.dev</title><meta name=keywords content><meta name=description content="Providers - PrivSec.dev"><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/providers/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/providers/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Providers"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/providers/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Providers"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":2,"name":"Providers","item":"https://privsec.dev/providers/"}]}</script></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span class=active>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a></div><h1>Providers
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Providers | PrivSec.dev</title><meta name=keywords content><meta name=description content="Providers - PrivSec.dev"><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/providers/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/providers/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Providers"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/providers/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Providers"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":2,"name":"Providers","item":"https://privsec.dev/providers/"}]}</script></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span class=active>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a></div><h1>Providers
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
|
@ -2,32 +2,23 @@
|
|||||||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
||||||
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||||
<url>
|
<url>
|
||||||
<loc>https://privsec.dev/tags/android/</loc>
|
|
||||||
<lastmod>2022-01-02T21:28:31+00:00</lastmod>
|
|
||||||
</url><url>
|
|
||||||
<loc>https://privsec.dev/software/f-droid-security-analysis/</loc>
|
|
||||||
<lastmod>2022-01-02T21:28:31+00:00</lastmod>
|
|
||||||
</url><url>
|
|
||||||
<loc>https://privsec.dev/</loc>
|
|
||||||
<lastmod>2022-01-02T21:28:31+00:00</lastmod>
|
|
||||||
</url><url>
|
|
||||||
<loc>https://privsec.dev/tags/security/</loc>
|
|
||||||
<lastmod>2022-01-02T21:28:31+00:00</lastmod>
|
|
||||||
</url><url>
|
|
||||||
<loc>https://privsec.dev/tags/software/</loc>
|
|
||||||
<lastmod>2022-01-02T21:28:31+00:00</lastmod>
|
|
||||||
</url><url>
|
|
||||||
<loc>https://privsec.dev/software/</loc>
|
|
||||||
<lastmod>2022-01-02T21:28:31+00:00</lastmod>
|
|
||||||
</url><url>
|
|
||||||
<loc>https://privsec.dev/tags/</loc>
|
|
||||||
<lastmod>2022-01-02T21:28:31+00:00</lastmod>
|
|
||||||
</url><url>
|
|
||||||
<loc>https://privsec.dev/about/</loc>
|
<loc>https://privsec.dev/about/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/tags/android/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/apps/</loc>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>https://privsec.dev/categories/</loc>
|
<loc>https://privsec.dev/categories/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/tags/container/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/os/docker-and-oci-hardening/</loc>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>https://privsec.dev/donate/</loc>
|
<loc>https://privsec.dev/donate/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/apps/f-droid-security-analysis/</loc>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>https://privsec.dev/tags/knowledge-base/</loc>
|
<loc>https://privsec.dev/tags/knowledge-base/</loc>
|
||||||
</url><url>
|
</url><url>
|
||||||
@ -40,9 +31,21 @@
|
|||||||
<loc>https://privsec.dev/knowledge/multi-factor-authentication/</loc>
|
<loc>https://privsec.dev/knowledge/multi-factor-authentication/</loc>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>https://privsec.dev/tags/operating-system/</loc>
|
<loc>https://privsec.dev/tags/operating-system/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/tags/operating-systems/</loc>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>https://privsec.dev/os/</loc>
|
<loc>https://privsec.dev/os/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/</loc>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>https://privsec.dev/providers/</loc>
|
<loc>https://privsec.dev/providers/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/os/securing-openssh-with-fido2/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/tags/security/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/tags/software/</loc>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://privsec.dev/tags/</loc>
|
||||||
</url>
|
</url>
|
||||||
</urlset>
|
</urlset>
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>android | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/android/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/android/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="android"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/android/"><meta name=twitter:card content="summary"><meta name=twitter:title content="android"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>android
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>android | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/android/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/android/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="android"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/android/"><meta name=twitter:card content="summary"><meta name=twitter:title content="android"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>android
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>F-Droid Security Analysis</h2></header><div class=entry-content><p>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>F-Droid Security Analysis</h2></header><div class=entry-content><p>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
Before we start, a few things to keep in mind:
|
Before we start, a few things to keep in mind:
|
||||||
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....</p></div><footer class=entry-footer><span title='2022-01-02 21:28:31 +0000 UTC'>January 2, 2022</span> · 26 min · 5392 words · Wonderfall</footer><a class=entry-link aria-label="post link to F-Droid Security Analysis" href=https://privsec.dev/software/f-droid-security-analysis/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....</p></div><footer class=entry-footer>25 min · 5298 words · Wonderfall</footer><a class=entry-link aria-label="post link to F-Droid Security Analysis" href=https://privsec.dev/apps/f-droid-security-analysis/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -4,14 +4,13 @@
|
|||||||
<title>android on PrivSec.dev</title>
|
<title>android on PrivSec.dev</title>
|
||||||
<link>https://privsec.dev/tags/android/</link>
|
<link>https://privsec.dev/tags/android/</link>
|
||||||
<description>Recent content in android on PrivSec.dev</description>
|
<description>Recent content in android on PrivSec.dev</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/android/index.xml" rel="self" type="application/rss+xml" />
|
||||||
<lastBuildDate>Sun, 02 Jan 2022 21:28:31 +0000</lastBuildDate><atom:link href="https://privsec.dev/tags/android/index.xml" rel="self" type="application/rss+xml" />
|
|
||||||
<item>
|
<item>
|
||||||
<title>F-Droid Security Analysis</title>
|
<title>F-Droid Security Analysis</title>
|
||||||
<link>https://privsec.dev/software/f-droid-security-analysis/</link>
|
<link>https://privsec.dev/apps/f-droid-security-analysis/</link>
|
||||||
<pubDate>Sun, 02 Jan 2022 21:28:31 +0000</pubDate>
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
<guid>https://privsec.dev/software/f-droid-security-analysis/</guid>
|
<guid>https://privsec.dev/apps/f-droid-security-analysis/</guid>
|
||||||
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
Before we start, a few things to keep in mind:
|
Before we start, a few things to keep in mind:
|
||||||
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
||||||
|
8
public/tags/container/index.html
Normal file
8
public/tags/container/index.html
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>container | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/container/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/container/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="container"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/container/"><meta name=twitter:card content="summary"><meta name=twitter:title content="container"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>container
|
||||||
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Docker and OCI Hardening</h2></header><div class=entry-content><p>Containers aren’t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn’t work…
|
||||||
|
- Sorry, it works on my computer! Can’t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries....</p></div><footer class=entry-footer>19 min · 3925 words · Wonderfall</footer><a class=entry-link aria-label="post link to Docker and OCI Hardening" href=https://privsec.dev/os/docker-and-oci-hardening/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
|
<span>Powered by
|
||||||
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
21
public/tags/container/index.xml
Normal file
21
public/tags/container/index.xml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
|
||||||
|
<channel>
|
||||||
|
<title>container on PrivSec.dev</title>
|
||||||
|
<link>https://privsec.dev/tags/container/</link>
|
||||||
|
<description>Recent content in container on PrivSec.dev</description>
|
||||||
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/container/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
<item>
|
||||||
|
<title>Docker and OCI Hardening</title>
|
||||||
|
<link>https://privsec.dev/os/docker-and-oci-hardening/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/docker-and-oci-hardening/</guid>
|
||||||
|
<description>Containers aren&rsquo;t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn&rsquo;t work&hellip;
|
||||||
|
- Sorry, it works on my computer! Can&rsquo;t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
</channel>
|
||||||
|
</rss>
|
1
public/tags/container/page/1/index.html
Normal file
1
public/tags/container/page/1/index.html
Normal file
@ -0,0 +1 @@
|
|||||||
|
<!doctype html><html lang=en><head><title>https://privsec.dev/tags/container/</title><link rel=canonical href=https://privsec.dev/tags/container/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://privsec.dev/tags/container/"></head></html>
|
@ -1,4 +1,4 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Tags | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Tags"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Tags"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><h1>Tags</h1></header><ul class=terms-tags><li><a href=https://privsec.dev/tags/android/>android <sup><strong><sup>1</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/knowledge-base/>knowledge base <sup><strong><sup>1</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/linux/>linux <sup><strong><sup>1</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/operating-system/>operating system <sup><strong><sup>1</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/security/>security <sup><strong><sup>3</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/software/>software <sup><strong><sup>1</sup></strong></sup></a></li></ul></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Tags | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Tags"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Tags"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><h1>Tags</h1></header><ul class=terms-tags><li><a href=https://privsec.dev/tags/android/>android <sup><strong><sup>1</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/container/>container <sup><strong><sup>1</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/knowledge-base/>knowledge base <sup><strong><sup>1</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/linux/>linux <sup><strong><sup>4</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/operating-system/>operating system <sup><strong><sup>2</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/operating-systems/>operating systems <sup><strong><sup>2</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/security/>security <sup><strong><sup>6</sup></strong></sup></a></li><li><a href=https://privsec.dev/tags/software/>software <sup><strong><sup>1</sup></strong></sup></a></li></ul></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -4,32 +4,22 @@
|
|||||||
<title>Tags on PrivSec.dev</title>
|
<title>Tags on PrivSec.dev</title>
|
||||||
<link>https://privsec.dev/tags/</link>
|
<link>https://privsec.dev/tags/</link>
|
||||||
<description>Recent content in Tags on PrivSec.dev</description>
|
<description>Recent content in Tags on PrivSec.dev</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/index.xml" rel="self" type="application/rss+xml" />
|
||||||
<lastBuildDate>Sun, 02 Jan 2022 21:28:31 +0000</lastBuildDate><atom:link href="https://privsec.dev/tags/index.xml" rel="self" type="application/rss+xml" />
|
|
||||||
<item>
|
<item>
|
||||||
<title>android</title>
|
<title>android</title>
|
||||||
<link>https://privsec.dev/tags/android/</link>
|
<link>https://privsec.dev/tags/android/</link>
|
||||||
<pubDate>Sun, 02 Jan 2022 21:28:31 +0000</pubDate>
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
<guid>https://privsec.dev/tags/android/</guid>
|
<guid>https://privsec.dev/tags/android/</guid>
|
||||||
<description></description>
|
<description></description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>security</title>
|
<title>container</title>
|
||||||
<link>https://privsec.dev/tags/security/</link>
|
<link>https://privsec.dev/tags/container/</link>
|
||||||
<pubDate>Sun, 02 Jan 2022 21:28:31 +0000</pubDate>
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
<guid>https://privsec.dev/tags/security/</guid>
|
<guid>https://privsec.dev/tags/container/</guid>
|
||||||
<description></description>
|
|
||||||
</item>
|
|
||||||
|
|
||||||
<item>
|
|
||||||
<title>software</title>
|
|
||||||
<link>https://privsec.dev/tags/software/</link>
|
|
||||||
<pubDate>Sun, 02 Jan 2022 21:28:31 +0000</pubDate>
|
|
||||||
|
|
||||||
<guid>https://privsec.dev/tags/software/</guid>
|
|
||||||
<description></description>
|
<description></description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
@ -60,5 +50,32 @@
|
|||||||
<description></description>
|
<description></description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>operating systems</title>
|
||||||
|
<link>https://privsec.dev/tags/operating-systems/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/tags/operating-systems/</guid>
|
||||||
|
<description></description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>security</title>
|
||||||
|
<link>https://privsec.dev/tags/security/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/tags/security/</guid>
|
||||||
|
<description></description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>software</title>
|
||||||
|
<link>https://privsec.dev/tags/software/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/tags/software/</guid>
|
||||||
|
<description></description>
|
||||||
|
</item>
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>knowledge base | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/knowledge-base/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/knowledge-base/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="knowledge base"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/knowledge-base/"><meta name=twitter:card content="summary"><meta name=twitter:title content="knowledge base"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>knowledge base
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>knowledge base | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/knowledge-base/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/knowledge-base/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="knowledge base"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/knowledge-base/"><meta name=twitter:card content="summary"><meta name=twitter:title content="knowledge base"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>knowledge base
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Multi-factor Authentication</h2></header><div class=entry-content><p>Multi-factor authentication is a security mechanism that requires additional verification beyond your username (or email) and password. This usually comes in the form of a one time passcode, a push notification, or plugging in and tapping a hardware security key.
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Multi-factor Authentication</h2></header><div class=entry-content><p>Multi-factor authentication is a security mechanism that requires additional verification beyond your username (or email) and password. This usually comes in the form of a one time passcode, a push notification, or plugging in and tapping a hardware security key.
|
||||||
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification....</p></div><footer class=entry-footer>6 min · 1259 words · Tommy</footer><a class=entry-link aria-label="post link to Multi-factor Authentication" href=https://privsec.dev/knowledge/multi-factor-authentication/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification....</p></div><footer class=entry-footer>6 min · 1223 words · Tommy</footer><a class=entry-link aria-label="post link to Multi-factor Authentication" href=https://privsec.dev/knowledge/multi-factor-authentication/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -1,6 +1,12 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>linux | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/linux/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/linux/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="linux"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/linux/"><meta name=twitter:card content="summary"><meta name=twitter:title content="linux"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>linux
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>linux | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/linux/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/linux/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="linux"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/linux/"><meta name=twitter:card content="summary"><meta name=twitter:title content="linux"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>linux
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Linux Insecurities</h2></header><div class=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Choosing Your Desktop Linux Distribution</h2></header><div class=entry-content><p>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footer class=entry-footer>1 min · 86 words · Tommy</footer><a class=entry-link aria-label="post link to Linux Insecurities" href=https://privsec.dev/os/linux-insecurities/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer....</p></div><footer class=entry-footer>7 min · 1431 words · Tommy</footer><a class=entry-link aria-label="post link to Choosing Your Desktop Linux Distribution" href=https://privsec.dev/os/choosing-your-desktop-linux-distribution/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Docker and OCI Hardening</h2></header><div class=entry-content><p>Containers aren’t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn’t work…
|
||||||
|
- Sorry, it works on my computer! Can’t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries....</p></div><footer class=entry-footer>19 min · 3925 words · Wonderfall</footer><a class=entry-link aria-label="post link to Docker and OCI Hardening" href=https://privsec.dev/os/docker-and-oci-hardening/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Linux Insecurities</h2></header><div class=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
|
||||||
|
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footer class=entry-footer>2 min · 238 words · Tommy</footer><a class=entry-link aria-label="post link to Linux Insecurities" href=https://privsec.dev/os/linux-insecurities/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Securing OpenSSH with FIDO2</h2></header><div class=entry-content><p>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they’re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They’re also easier to manage while enabling a form of decentralized authentication (it’s easy and painless to revoke them). So, what’s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they’re not magic: they consist of a key pair, of which the private key is stored on your disk....</p></div><footer class=entry-footer>5 min · 863 words · Wonderfall</footer><a class=entry-link aria-label="post link to Securing OpenSSH with FIDO2" href=https://privsec.dev/os/securing-openssh-with-fido2/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -5,6 +5,29 @@
|
|||||||
<link>https://privsec.dev/tags/linux/</link>
|
<link>https://privsec.dev/tags/linux/</link>
|
||||||
<description>Recent content in linux on PrivSec.dev</description>
|
<description>Recent content in linux on PrivSec.dev</description>
|
||||||
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/linux/index.xml" rel="self" type="application/rss+xml" />
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/linux/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
<item>
|
||||||
|
<title>Choosing Your Desktop Linux Distribution</title>
|
||||||
|
<link>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</guid>
|
||||||
|
<description>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Docker and OCI Hardening</title>
|
||||||
|
<link>https://privsec.dev/os/docker-and-oci-hardening/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/docker-and-oci-hardening/</guid>
|
||||||
|
<description>Containers aren&rsquo;t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn&rsquo;t work&hellip;
|
||||||
|
- Sorry, it works on my computer! Can&rsquo;t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>Linux Insecurities</title>
|
<title>Linux Insecurities</title>
|
||||||
<link>https://privsec.dev/os/linux-insecurities/</link>
|
<link>https://privsec.dev/os/linux-insecurities/</link>
|
||||||
@ -15,5 +38,15 @@
|
|||||||
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix&rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post.</description>
|
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix&rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post.</description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Securing OpenSSH with FIDO2</title>
|
||||||
|
<link>https://privsec.dev/os/securing-openssh-with-fido2/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/securing-openssh-with-fido2/</guid>
|
||||||
|
<description>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they&rsquo;re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They&rsquo;re also easier to manage while enabling a form of decentralized authentication (it&rsquo;s easy and painless to revoke them). So, what&rsquo;s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they&rsquo;re not magic: they consist of a key pair, of which the private key is stored on your disk.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>operating system | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/operating-system/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/operating-system/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="operating system"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/operating-system/"><meta name=twitter:card content="summary"><meta name=twitter:title content="operating system"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>operating system
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>operating system | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/operating-system/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/operating-system/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="operating system"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/operating-system/"><meta name=twitter:card content="summary"><meta name=twitter:title content="operating system"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>operating system
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Linux Insecurities</h2></header><div class=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Choosing Your Desktop Linux Distribution</h2></header><div class=entry-content><p>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footer class=entry-footer>1 min · 86 words · Tommy</footer><a class=entry-link aria-label="post link to Linux Insecurities" href=https://privsec.dev/os/linux-insecurities/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer....</p></div><footer class=entry-footer>7 min · 1431 words · Tommy</footer><a class=entry-link aria-label="post link to Choosing Your Desktop Linux Distribution" href=https://privsec.dev/os/choosing-your-desktop-linux-distribution/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Linux Insecurities</h2></header><div class=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
|
||||||
|
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footer class=entry-footer>2 min · 238 words · Tommy</footer><a class=entry-link aria-label="post link to Linux Insecurities" href=https://privsec.dev/os/linux-insecurities/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -5,6 +5,17 @@
|
|||||||
<link>https://privsec.dev/tags/operating-system/</link>
|
<link>https://privsec.dev/tags/operating-system/</link>
|
||||||
<description>Recent content in operating system on PrivSec.dev</description>
|
<description>Recent content in operating system on PrivSec.dev</description>
|
||||||
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/operating-system/index.xml" rel="self" type="application/rss+xml" />
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/operating-system/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
<item>
|
||||||
|
<title>Choosing Your Desktop Linux Distribution</title>
|
||||||
|
<link>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</guid>
|
||||||
|
<description>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>Linux Insecurities</title>
|
<title>Linux Insecurities</title>
|
||||||
<link>https://privsec.dev/os/linux-insecurities/</link>
|
<link>https://privsec.dev/os/linux-insecurities/</link>
|
||||||
|
9
public/tags/operating-systems/index.html
Normal file
9
public/tags/operating-systems/index.html
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>operating systems | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/operating-systems/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/operating-systems/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="operating systems"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/operating-systems/"><meta name=twitter:card content="summary"><meta name=twitter:title content="operating systems"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>operating systems
|
||||||
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Docker and OCI Hardening</h2></header><div class=entry-content><p>Containers aren’t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn’t work…
|
||||||
|
- Sorry, it works on my computer! Can’t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries....</p></div><footer class=entry-footer>19 min · 3925 words · Wonderfall</footer><a class=entry-link aria-label="post link to Docker and OCI Hardening" href=https://privsec.dev/os/docker-and-oci-hardening/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Securing OpenSSH with FIDO2</h2></header><div class=entry-content><p>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they’re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They’re also easier to manage while enabling a form of decentralized authentication (it’s easy and painless to revoke them). So, what’s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they’re not magic: they consist of a key pair, of which the private key is stored on your disk....</p></div><footer class=entry-footer>5 min · 863 words · Wonderfall</footer><a class=entry-link aria-label="post link to Securing OpenSSH with FIDO2" href=https://privsec.dev/os/securing-openssh-with-fido2/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
|
<span>Powered by
|
||||||
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
31
public/tags/operating-systems/index.xml
Normal file
31
public/tags/operating-systems/index.xml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
|
||||||
|
<channel>
|
||||||
|
<title>operating systems on PrivSec.dev</title>
|
||||||
|
<link>https://privsec.dev/tags/operating-systems/</link>
|
||||||
|
<description>Recent content in operating systems on PrivSec.dev</description>
|
||||||
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/operating-systems/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
<item>
|
||||||
|
<title>Docker and OCI Hardening</title>
|
||||||
|
<link>https://privsec.dev/os/docker-and-oci-hardening/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/docker-and-oci-hardening/</guid>
|
||||||
|
<description>Containers aren&rsquo;t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn&rsquo;t work&hellip;
|
||||||
|
- Sorry, it works on my computer! Can&rsquo;t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Securing OpenSSH with FIDO2</title>
|
||||||
|
<link>https://privsec.dev/os/securing-openssh-with-fido2/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/securing-openssh-with-fido2/</guid>
|
||||||
|
<description>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they&rsquo;re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They&rsquo;re also easier to manage while enabling a form of decentralized authentication (it&rsquo;s easy and painless to revoke them). So, what&rsquo;s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they&rsquo;re not magic: they consist of a key pair, of which the private key is stored on your disk.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
</channel>
|
||||||
|
</rss>
|
1
public/tags/operating-systems/page/1/index.html
Normal file
1
public/tags/operating-systems/page/1/index.html
Normal file
@ -0,0 +1 @@
|
|||||||
|
<!doctype html><html lang=en><head><title>https://privsec.dev/tags/operating-systems/</title><link rel=canonical href=https://privsec.dev/tags/operating-systems/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://privsec.dev/tags/operating-systems/"></head></html>
|
@ -1,9 +1,14 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>security | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/security/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/security/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="security"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/security/"><meta name=twitter:card content="summary"><meta name=twitter:title content="security"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>security
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>security | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/security/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/security/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="security"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/security/"><meta name=twitter:card content="summary"><meta name=twitter:title content="security"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>security
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>F-Droid Security Analysis</h2></header><div class=entry-content><p>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Choosing Your Desktop Linux Distribution</h2></header><div class=entry-content><p>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer....</p></div><footer class=entry-footer>7 min · 1431 words · Tommy</footer><a class=entry-link aria-label="post link to Choosing Your Desktop Linux Distribution" href=https://privsec.dev/os/choosing-your-desktop-linux-distribution/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Docker and OCI Hardening</h2></header><div class=entry-content><p>Containers aren’t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn’t work…
|
||||||
|
- Sorry, it works on my computer! Can’t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries....</p></div><footer class=entry-footer>19 min · 3925 words · Wonderfall</footer><a class=entry-link aria-label="post link to Docker and OCI Hardening" href=https://privsec.dev/os/docker-and-oci-hardening/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>F-Droid Security Analysis</h2></header><div class=entry-content><p>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
Before we start, a few things to keep in mind:
|
Before we start, a few things to keep in mind:
|
||||||
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....</p></div><footer class=entry-footer><span title='2022-01-02 21:28:31 +0000 UTC'>January 2, 2022</span> · 26 min · 5392 words · Wonderfall</footer><a class=entry-link aria-label="post link to F-Droid Security Analysis" href=https://privsec.dev/software/f-droid-security-analysis/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Linux Insecurities</h2></header><div class=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....</p></div><footer class=entry-footer>25 min · 5298 words · Wonderfall</footer><a class=entry-link aria-label="post link to F-Droid Security Analysis" href=https://privsec.dev/apps/f-droid-security-analysis/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Linux Insecurities</h2></header><div class=entry-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
|
||||||
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footer class=entry-footer>1 min · 86 words · Tommy</footer><a class=entry-link aria-label="post link to Linux Insecurities" href=https://privsec.dev/os/linux-insecurities/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Multi-factor Authentication</h2></header><div class=entry-content><p>Multi-factor authentication is a security mechanism that requires additional verification beyond your username (or email) and password. This usually comes in the form of a one time passcode, a push notification, or plugging in and tapping a hardware security key.
|
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post....</p></div><footer class=entry-footer>2 min · 238 words · Tommy</footer><a class=entry-link aria-label="post link to Linux Insecurities" href=https://privsec.dev/os/linux-insecurities/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>Multi-factor Authentication</h2></header><div class=entry-content><p>Multi-factor authentication is a security mechanism that requires additional verification beyond your username (or email) and password. This usually comes in the form of a one time passcode, a push notification, or plugging in and tapping a hardware security key.
|
||||||
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification....</p></div><footer class=entry-footer>6 min · 1259 words · Tommy</footer><a class=entry-link aria-label="post link to Multi-factor Authentication" href=https://privsec.dev/knowledge/multi-factor-authentication/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification....</p></div><footer class=entry-footer>6 min · 1223 words · Tommy</footer><a class=entry-link aria-label="post link to Multi-factor Authentication" href=https://privsec.dev/knowledge/multi-factor-authentication/></a></article><footer class=page-footer><nav class=pagination><a class=next href=https://privsec.dev/tags/security/page/2/>Next »</a></nav></footer></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -4,14 +4,36 @@
|
|||||||
<title>security on PrivSec.dev</title>
|
<title>security on PrivSec.dev</title>
|
||||||
<link>https://privsec.dev/tags/security/</link>
|
<link>https://privsec.dev/tags/security/</link>
|
||||||
<description>Recent content in security on PrivSec.dev</description>
|
<description>Recent content in security on PrivSec.dev</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/security/index.xml" rel="self" type="application/rss+xml" />
|
||||||
<lastBuildDate>Sun, 02 Jan 2022 21:28:31 +0000</lastBuildDate><atom:link href="https://privsec.dev/tags/security/index.xml" rel="self" type="application/rss+xml" />
|
<item>
|
||||||
|
<title>Choosing Your Desktop Linux Distribution</title>
|
||||||
|
<link>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/choosing-your-desktop-linux-distribution/</guid>
|
||||||
|
<description>Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind.
|
||||||
|
Release cycle You should choose a distribution which stays close to the stable upstream software releases, typically rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||||
|
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Docker and OCI Hardening</title>
|
||||||
|
<link>https://privsec.dev/os/docker-and-oci-hardening/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/docker-and-oci-hardening/</guid>
|
||||||
|
<description>Containers aren&rsquo;t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem:
|
||||||
|
- Hey, your software doesn&rsquo;t work&hellip;
|
||||||
|
- Sorry, it works on my computer! Can&rsquo;t help you.
|
||||||
|
Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>F-Droid Security Analysis</title>
|
<title>F-Droid Security Analysis</title>
|
||||||
<link>https://privsec.dev/software/f-droid-security-analysis/</link>
|
<link>https://privsec.dev/apps/f-droid-security-analysis/</link>
|
||||||
<pubDate>Sun, 02 Jan 2022 21:28:31 +0000</pubDate>
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
<guid>https://privsec.dev/software/f-droid-security-analysis/</guid>
|
<guid>https://privsec.dev/apps/f-droid-security-analysis/</guid>
|
||||||
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
Before we start, a few things to keep in mind:
|
Before we start, a few things to keep in mind:
|
||||||
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
||||||
@ -37,5 +59,15 @@ There is already a very indepth technical blog explaning the various security we
|
|||||||
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification.</description>
|
Common protocols Email and SMS MFA Email and SMS MFA are examples of the weaker MFA protocols. Email MFA is not great as whoever controls your email account can typically both reset your password and recieve your MFA verification.</description>
|
||||||
</item>
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Securing OpenSSH with FIDO2</title>
|
||||||
|
<link>https://privsec.dev/os/securing-openssh-with-fido2/</link>
|
||||||
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
|
<guid>https://privsec.dev/os/securing-openssh-with-fido2/</guid>
|
||||||
|
<description>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they&rsquo;re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They&rsquo;re also easier to manage while enabling a form of decentralized authentication (it&rsquo;s easy and painless to revoke them). So, what&rsquo;s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they&rsquo;re not magic: they consist of a key pair, of which the private key is stored on your disk.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
6
public/tags/security/page/2/index.html
Normal file
6
public/tags/security/page/2/index.html
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>security | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/security/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/security/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="security"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/security/"><meta name=twitter:card content="summary"><meta name=twitter:title content="security"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>security
|
||||||
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>Securing OpenSSH with FIDO2</h2></header><div class=entry-content><p>Passwordless authentication with OpenSSH keys has been the de facto security standard for years. SSH keys are more robust since they’re cryptographically sane by default, and are therefore resilient to most bruteforce atacks. They’re also easier to manage while enabling a form of decentralized authentication (it’s easy and painless to revoke them). So, what’s the next step? And more exactly, why would one need something even better?
|
||||||
|
Why? The main problem with SSH keys is that they’re not magic: they consist of a key pair, of which the private key is stored on your disk....</p></div><footer class=entry-footer>5 min · 863 words · Wonderfall</footer><a class=entry-link aria-label="post link to Securing OpenSSH with FIDO2" href=https://privsec.dev/os/securing-openssh-with-fido2/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://privsec.dev/tags/security/>« Prev</a></nav></footer></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
|
<span>Powered by
|
||||||
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -1,7 +1,7 @@
|
|||||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>software | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/software/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/software/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="software"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/software/"><meta name=twitter:card content="summary"><meta name=twitter:title content="software"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/software/ title=Software><span>Software</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>software
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>software | PrivSec.dev</title><meta name=keywords content><meta name=description content><meta name=author content="PrivSec Team"><link rel=canonical href=https://privsec.dev/tags/software/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://privsec.dev/tags/software/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="software"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://privsec.dev/tags/software/"><meta name=twitter:card content="summary"><meta name=twitter:title content="software"><meta name=twitter:description content></head><body class="list dark" id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a> » <a href=https://privsec.dev/tags/>Tags</a></div><h1>software
|
||||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>F-Droid Security Analysis</h2></header><div class=entry-content><p>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>F-Droid Security Analysis</h2></header><div class=entry-content><p>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
Before we start, a few things to keep in mind:
|
Before we start, a few things to keep in mind:
|
||||||
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....</p></div><footer class=entry-footer><span title='2022-01-02 21:28:31 +0000 UTC'>January 2, 2022</span> · 26 min · 5392 words · Wonderfall</footer><a class=entry-link aria-label="post link to F-Droid Security Analysis" href=https://privsec.dev/software/f-droid-security-analysis/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....</p></div><footer class=entry-footer>25 min · 5298 words · Wonderfall</footer><a class=entry-link aria-label="post link to F-Droid Security Analysis" href=https://privsec.dev/apps/f-droid-security-analysis/></a></article></main><footer class=footer><span>© 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
|
||||||
<span>Powered by
|
<span>Powered by
|
||||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
@ -4,14 +4,13 @@
|
|||||||
<title>software on PrivSec.dev</title>
|
<title>software on PrivSec.dev</title>
|
||||||
<link>https://privsec.dev/tags/software/</link>
|
<link>https://privsec.dev/tags/software/</link>
|
||||||
<description>Recent content in software on PrivSec.dev</description>
|
<description>Recent content in software on PrivSec.dev</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator><atom:link href="https://privsec.dev/tags/software/index.xml" rel="self" type="application/rss+xml" />
|
||||||
<lastBuildDate>Sun, 02 Jan 2022 21:28:31 +0000</lastBuildDate><atom:link href="https://privsec.dev/tags/software/index.xml" rel="self" type="application/rss+xml" />
|
|
||||||
<item>
|
<item>
|
||||||
<title>F-Droid Security Analysis</title>
|
<title>F-Droid Security Analysis</title>
|
||||||
<link>https://privsec.dev/software/f-droid-security-analysis/</link>
|
<link>https://privsec.dev/apps/f-droid-security-analysis/</link>
|
||||||
<pubDate>Sun, 02 Jan 2022 21:28:31 +0000</pubDate>
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||||||
|
|
||||||
<guid>https://privsec.dev/software/f-droid-security-analysis/</guid>
|
<guid>https://privsec.dev/apps/f-droid-security-analysis/</guid>
|
||||||
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
<description>F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider.
|
||||||
Before we start, a few things to keep in mind:
|
Before we start, a few things to keep in mind:
|
||||||
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else&rsquo;s work.</description>
|
||||||
|
BIN
static/fedora-screenshot.png
Normal file
BIN
static/fedora-screenshot.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 424 KiB |
Loading…
Reference in New Issue
Block a user