Notices by Thomas B. Rücker (tbr@society.oftrolls.com)

Huge if true!

Shamelessly stolen from Zev Eisenberg.

Oh, nooo! Nobody could have seen *that* coming… oh, wait, yes, yes, we did.

"The cryptographic backdoor exists in a part of the system that is supposed to verify that all of the ballots and votes counted in an election are the same ones that voters cast. But the flaw could allow someone to swap out all of the legitimate ballots and replace them with fraudulent ones, all without detection."

https://motherboard.vice.com/en_us/article/zmakk3/researchers-find-critical-backdoor-in-swiss-online-voting-system

Adding this to #infosec

If you use Debian: you're not getting the recent Intel CPU bugfixes because Intel updated the firmware package's license to state that it's not redistributable.

If use Linux other than Debian and have the bugfixes: ask your maintainers why they're distributing software they're not legally allowed to.

And in any case: next time you purchase a CPU, evaluate whether AMD might be a better choice than Intel.

https://freeradical.zone/@tek/100583773163723577
via @stevelord @tek

I'd be rolling on the floor if it wouldn't be so sad, predictable and bad at the same time.

"Intel really fucked up the Foreshadow and SSBD microcode updates, beyond any of my wildest thoughts.

https://paste.ubuntu.com/p/z2F3Cj6R8Q/
They added a long license to the microcode that doesn't allow redistribution, which is why Linux distros aren't patched..."

https://twitter.com/never_released/status/1030227014693912576
#infosec

Any of my #polish #infosec followers have any specific hints about current best practices in following this up?
I haven't dealt with such stuff in Poland for years and a lot has changed since I moved away.
cc @rysiek
PS: Despite the appearance (Name, etc.) I'm actually Polish and sent the email to the MPK contacts in Polish. Can obviously follow up rest of process in Polish too.