Oct 222024
 

The Supreme Court’s Carpenter decision created a warrant requirement for obtaining location data from service providers. It was a limited ruling, albeit one that has had far-ranging implications.
Thanks to this ruling, law enforcement agencies have started buying location data from third-party brokers, rather than suffer the apparent indignity of having to ask a judge to approve a warrant. The underlying theme of the ruling — that the Fourth Amendment ain’t what it used to be now that everyone’s online all the time — has seen it applied to cases where location data isn’t the underlying concern. Anything law enforcement might use to engage in tracking of individuals is now under additional scrutiny.
And while this is…

External feed Read More at the Source: https://www.techdirt.com/2024/10/21/federal-court-says-three-hits-from-flock-alpr-cameras-isnt-enough-for-a-carpenter-violation/

 2024-10-22  No Responses »
Oct 222024
 

A security issue has been identified in
guix-daemon
which allows for a local user to gain the privileges of any of the build users
and subsequently use this to manipulate the output of any build. Your
are strongly advised to upgrade your daemon now (see instructions
below), especially on multi-user systems.This exploit requires the ability to start a derivation build and the ability to
run arbitrary code with access to the store in the root PID namespace on the
machine the build occurs on. As such, this represents an increased risk
primarily to multi-user systems and systems using dedicated privilege-separation
users for various daemons: without special sandboxing measures, any process of
theirs can take advantage of this vulnerability.VulnerabilityFor a very long time, guix-daemon has helpfully made…

External feed Read More at the Source: https://guix.gnu.org/blog/2024/build-user-takeover-vulnerability//

 2024-10-22  No Responses »