2025-10-17T15:14:40Z https://yabu.me LΞX/NØVΛ :Fire_Lesbian: https://yabu.me/npub1vncf9zrwjrndy0p4w60q5f0dkhrpxnx7rjxcsarm46d7lpahjc2qvzqzq2 https://media.infosec.exchange/infosec.exchange/accounts/avatars/115/335/787/096/818/073/original/b649f0b62d55c309.jpg https://media.infosec.exchange/infosec.exchange/accounts/avatars/115/335/787/096/818/073/original/b649f0b62d55c309.jpg https://yabu.me/nevent1qqsp6ts2uq07ycdsg9pacwldjeuyqvrdzl7w4uwc3gyjqzamkgkfpmgzypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpg0lstnj So today as #CISO i recommended to a meeting to add a <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1rk6czmpvny876kqvc4aqseuku3zmnxlphyxs2940g6u59te5m2yq57hv4q" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Nextcloud 📱☁️💻</span> (<span class="italic">npub1rk6…hv4q</span>)</a></span> server in our system to see if it can help us, increase our data security while cutting the cost of Microsoft.<br/><br/>3 years ago i would not even dared to propose it, now they will research onto it so they consider it.<br/><br/>Big win for #FOSS 2025-10-16T12:55:19Z https://yabu.me/nevent1qqsdc2cxp90dujzhsutwuy5mhpvlyqhwglkewneatvxm4e46xnkdtrgzypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpg8qxl6t In reply to <a href='/nevent1qqs826vwu9jguctpuydeg7shm2p94szjftjx9rdys7nkmsa7xffq7mcqtazus'>nevent1q…azus</a><br/>_________________________<br/><br/>at least if we also had open sim, both hardware and software, we could, unlike know, be sure that even if the tower wanted they could not infect our device.<br/><br/>because even if not probable, as i guess many people have monitored the sim, it&#39;s possible that they have a function in the sim that try to infect the OS or try to take over the GPS to give info to the tower.<br/><br/>the lack of transparency open the door for many bad thing to happen. 2025-10-15T23:27:17Z https://yabu.me/nevent1qqstgnj79m3td3fcj4pe3z0gll0v6kdchsaz4x3f8c9rg085gez7n2gzypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpgp7t3v2 In reply to <a href='/nevent1qqs885uz6epvvpqkffgch9euh3l025j58597njj2fsr6gg6u2wdpqwqkhq08t'>nevent1q…q08t</a><br/>_________________________<br/><br/>you must mean open hardware and source sim ?<br/><br/>because the sim is a micro computer in itself, with it&#39;s own cpu, ram etc.<br/><br/>Also here even if we had an open hardware sync and all source open the issue reside in the network itself, so even there they could track you.<br/><br/>we can only fix this by disabling anything before 5G SA, as the SS7 issue was only fixed on 5G SA, so even 5G NSA is vulnerable as it reuse the 4G config.<br/><br/>NSA for Non Stand Alone 2025-10-15T23:12:12Z https://yabu.me/nevent1qqsfz2mutfuetder45mpc06gvapuazgen9cgc4ykal9608x286vemugzypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpgt58n9t In reply to <a href='/nevent1qqsgghsp6h80f3ekx4lzzv4pdv9tnkkay5z77efaunlgnlg2q73eulqp2fuge'>nevent1q…fuge</a><br/>_________________________<br/><br/>just hope they will support modern and secure hardware, like the one <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1kwarc5z9lwhen05uknd2nuwhhthd4ws0cku3t9j3rchm0fcd6luslse0nj" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>GrapheneOS</span> (<span class="italic">npub1kwa…e0nj</span>)</a></span> like to work with so we can have more open and secure device to chose from. 2025-10-15T21:18:49Z https://yabu.me/nevent1qqsfk0vy6f9rytpn7ydtld09mxuhnquk3ffnw4dv4a8utu35vm9fl6szypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpglc3vyh In reply to <a href='/nevent1qqsrk9fc8dskrkpn3fegslxl6w9v4c02734vgz2x4wa6aq0kjdkpcpsz0ezng'>nevent1q…ezng</a><br/>_________________________<br/><br/>they will still track you, because it&#39;s not your phone they track but your sim.<br/><br/>So if you move your sim to an hotspot, you move the problem and they will track the hotspot instead.<br/><br/>also Wi‑Fi‑calling can leak the same IMSI over the internet, so you will remain trackable.<br/><br/>And disabling 2G, 3G, or 4G on the client side will do nothing as it&#39;s a vulnerability in the ISP core network.<br/><br/>As such it will remain.<br/><br/>The only FIX is to disable everything brefore 5G (Stand alone) and use 5G stand alone.<br/><br/>As 5G NSA (Non Stand Alone), use 4G control model that is vulnerable too.<br/><br/>and as i said previously, the hotspot itself will be tracked anyway in your &#34;test&#34; 2025-10-15T13:31:33Z https://yabu.me/nevent1qqsfz7xltum3h7e9fvhslklfs62u7yjlhkchgazgseqe7tp3rj455lczypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpgmr4mpp In reply to <a href='/nevent1qqs2c3yqd4k26su06vnt7scdxdkpqtaaktmga9twcm3djg5j0hw7rssayaht8'>nevent1q…aht8</a><br/>_________________________<br/><br/>thanks, i was asking if the &#34;missing part&#34; is already in the 901 (i obviously enabled the preview), but since it cover december it&#39;s the case.<br/><br/>I was asking because i like to maintain track of issue per device to know witch one are vulnerable to what.<br/><br/>Thanks again for your work :) 2025-10-15T01:29:49Z https://yabu.me/nevent1qqs0eff8lwwwhydp0ww2gnxv2ru90cdk0yw48cegcsf8mh8pal68l6qzypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpg93awdu <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1kwarc5z9lwhen05uknd2nuwhhthd4ws0cku3t9j3rchm0fcd6luslse0nj" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>GrapheneOS</span> (<span class="italic">npub1kwa…e0nj</span>)</a></span> does this mean that on the last 901 version it&#39;s already fix ? (the CVE from december update i mean).<br/><br/>Tracked as CVE-2025-48561, the underlying flaw was addressed by Google in a recent Android security patch. The research team told Google and Samsung that the initial fix was insufficient, and Google now plans to issue an additional patch for Pixnapping in the December Android update cycle. No exploitation attempts are currently known in the wild. GPU vendors, however, are reportedly still declining to patch the underlying GPU.zip side-channel issue. 2025-10-14T23:58:44Z https://yabu.me/nevent1qqsxe50p2j9t2yn45r9plte9xdvc7vptlnurcmwvt2txzzem5xfc4xczypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpgnd6tde In reply to <a href='/nevent1qqstjfm5nvvza2wzzrq2f5gg0sygwx89mp2e8ghkxzqc9yr5mp7tv3snjkvkq'>nevent1q…kvkq</a><br/>_________________________<br/><br/>at later date could you make more clear witch new cve is &#34;fixed&#34; between 01 patch in the release note, because it&#39;s not clear on the first read witch are the new cve fixed and witch one where already<br/><br/>for instance here i had to go to the older post, to see, on this version of .01 the new CVE are : CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629 2025-10-10T00:30:49Z https://yabu.me/nevent1qqsdzq7wjlcs4ske6acz2qg90ej8ckk5ug58whuj30tzqp07pmys6aczypj0py5gd6gwd53ux4mfuz39ak6uvy6vmcwgmzr50whfhmu8k7tpg4q7xmv In reply to <a href='/nevent1qqsvwqmu22s22pjfa4hjpev9rz3ljtzzwkf9quntvk08svvphyw2ecs6kvgzn'>nevent1q…vgzn</a><br/>_________________________<br/><br/>both apple / google make billion with it with nearly no return for <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1ncyt83v7dhf4u0lec6r0jt93a4rqwauec5eu6wa2azem8ss8w7ls5h3x0q" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>KDE</span> (<span class="italic">npub1ncy…3x0q</span>)</a></span> 2025-10-09T13:18:26Z