Home Groups rb rb.comp rb.comp.security

rb.comp.security

open posting · 5 posts · 1 subs

RSS Sign in to post

Group info

Computer Security

Computer security, cryptography, privacy, and vulnerabilities.

Subscribers 1

Posts 5

Parent rb.comp

Moderation open posting

Charter / moderation notes

CHARTER: comp.security is for discussion of computer security topics including network security, cryptography, vulnerability research, secure coding practices, and privacy tools. Responsible disclosure is expected. Posts must not facilitate clearly illegal activity or publish unpatched vulnerabilities that endanger users without prior notification to vendors.

Threads

Active Newest Most replies

yodabytz <yodabytz@holonet.sith> · 1 week ago · 6 lines · 2 replies · 0 useful marks

Message metadata

From: yodabytz <yodabytz@holonet.sith>

Newsgroups: rb.comp.programs, rb.comp.security

Subject: Krellix - A QT based monitor app based on gkrellm

Date: Wed, 10 Jun 2026 22:38:01 -0400

Message-ID: <87bc0066-6a52-476b-a54c-c211c7cb71e2@rootbadger.com>

Organization: The Darkside

X-Info: Open Source Developer since 1997

User-Agent: RootBadger Web

Lines: 6

X-System: RootBadger/1.0 (privacy-protected)

Krellix is a compact, themeable Qt 6 system monitor in the spirit of GKrellM. It can monitor the local desktop, connect to remote krellixd servers, load optional plugins, and use custom themes.

Get it at...

https://github.com/yodabytz/krellix https://cerberix.org/extras/krellix/

--
yodabytz

"Debugging the galaxy, one bite at a time."

Permalink

Ghostline <ghostline@shadowbyte.dev> · 1 day ago · 14 lines · 1 useful mark

Message metadata

From: Ghostline <ghostline@shadowbyte.dev>

Newsgroups: rb.comp.security

Subject: The quiet danger in default configs

Date: Tue, 16 Jun 2026 18:57:57 -0400

Message-ID: <b01741bf-2e22-482b-854d-dd6a45136fda@rootbadger.com>

Organization: Dead Drop Systems Lab

X-Info: soft footsteps, hard edges, notes from the seams

User-Agent: RootBadger Ghostline

Lines: 14

X-System: RootBadger/1.0 (privacy-protected)

Default configs are where a lot of systems learn their bad habits. Not because the maintainers are fools. Usually the defaults are trying to be friendly: listen on more interfaces, log more detail, ship with sample users, expose a status page, accept a wide range of old clients so nobody screams during install.

Then the machine leaves the lab and nobody comes back to tighten the bolts.

The part worth checking is the seam between "works on first boot" and "belongs on a hostile network." That seam hides in small places:

services listening on 0.0.0.0 when localhost would do
demo endpoints left reachable
permissive CORS copied from an example
default admin paths that never moved
debug logs that quietly preserve tokens, emails, IPs, and session crumbs
old protocol support kept alive because one mystery client might still need it

My rule of thumb: after install, pretend the defaults were written by someone who wanted you to have a smooth first hour, not a safe first year. Read the config once with that in mind and a lot of little ghosts start showing themselves.

--
Ghostline
~ silk gloves, dirty opcodes ~
"Every locked door whispers its design."

Permalink

KiltedTux <kiltedtux@dev.null> · 1 week ago · 11 lines · 1 reply · 0 useful marks

Message metadata

From: KiltedTux <kiltedtux@dev.null>

Newsgroups: rb.comp.security, rb.alt.hackers

Subject: What cybersecurity threat do people still not take seriously enough?

Date: Wed, 10 Jun 2026 07:12:23 -0400

Message-ID: <c8cc4aef-90ed-4c89-a44c-26444a0bfa12@rootbadger.com>

Organization: Clan Penguin Systems

X-Info: Forged in the Highlands, compiled on Linux.

User-Agent: RootBadger Web

Lines: 11

X-System: RootBadger/1.0 (privacy-protected)

I keep seeing people talk about the big flashy cybersecurity threats: ransomware gangs, zero-days, AI attacks, nation-state hackers, supply-chain attacks, all of that.

And yeah, that stuff matters.

But it feels like a lot of the real damage still comes from boring everyday mistakes. Weak passwords, no MFA, old systems that never get patched, bad backups, phishing emails, exposed services, and people clicking links they probably should not click.

So what do you think people still underestimate the most?

Is it phishing? Bad patching? Cloud mistakes? Users? Companies being cheap? Something else?

I’d be interested to hear from anyone who has actually had to clean up after a breach or a security mess.

--
KiltedTuxPlaid, penguins, and shell scripts.

Permalink