masto.es es uno de los varios servidores independientes de Mastodon que puedes usar para participar en el fediverso.
Bienvenidos a masto.es, el mayor servidor de Mastodon para hispanohablantes de temática general. Registros limitados actualmente a invitaciones.

Administrado por:

Estadísticas del servidor:

1,9 K
usuarios activos

#computersecurity

3 publicaciones3 participantes1 publicación hoy

Which completely ignores the growing threat of network-based credential stealing attacks that are mitigated by #TPM chips that few (if any) of these old PCs have, and which also completely ignore the very real threat of speculative execution CPU vulnerabilities present in these CPUs that can not be completely mitigated by software because the flaws are in the design of the CPUs themselves. #InfoSec #ComputerSecurity
---


RE: https://floss.social/users/Endof10/statuses/114935543364324535

Esta publicación está pendiente de aprobación del autor original.

"Just because a piece of software is #OpenSource it does not mean the software is secure." --me

I've been saying that for years and it really bothers me to hear developers and users alike quip that because a package is open source it automatically means it's more secure than a comparable package that is closed-source.

As EricS. Raymond, one of the people behind open source, said in Linus's Law, "Given enough eyeballs, all bugs are shallow." If no one is looking, though -- as appears to be the case here — then simply because a codebase is open, it doesn't provide any safety or security at all.
https://www.zdnet.com/article/hacker-slips-malicious-wiping-command-into-amazons-q-ai-coding-assistant-and-devs-are-worried/

https://developers.slashdot.org/story/25/07/26/0352242/hacker-slips-malicious-wiping-command-into-amazons-q-ai-coding-assistant

#amazon #hacker #hacking #github #PullRequest #patch #vulnerability #ComputerSecurity #InformationSecurity #ITSecurity #MaliciousCode #aws #q #ai #agent #vscode
ZDNET · Hacker slips malicious 'wiping' command into Amazon's Q AI coding assistant - and devs are worriedPor Steven Vaughan-Nichols

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google AI "Big Sleep" Stops Exploitation of Critical SQLite... #cyber security news #cyber news #cyber security news today #cyber security updates #cyber updates #hacker news #hacking news #software vulnerability #cyber attacks #data breach #ransomware malware #how to hack #network security #information security #the hacker news #computer security

thehackernews.com/2025/07/goog

The Hacker NewsGoogle AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers ActGoogle AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.