The entry point was exploiting the service's main functionality itself — adding a server internal address in the "read it later" user list — to retrieve sensitive server information like the /etc/passwd file, its internal IP and the ssh private key needed to connect to it without a password. With this information it would be possible to SSH into the machine from another instance purchased in the same cloud service giving the security researcher unrestricted access. All the vulnerabilities were reported by the researcher to Pocket, and the disclosure was voluntarily delayed for 21 days from the initial report to allow Pocket time to remediate the issues identified. Pocket does not provide monetary compensation for any identified or possible vulnerability.
The celebrations of Debian's 22nd birthday on 16 August, the traditional "Cheese & Wine BoF", a screening of the Oscar-award-winning documentary Citizenfour (which mentions Debian in its end credits), and a day trip for all attendees top off the programme. Additionally, DebConf15 will be preceeded by DebCamp, a week of sprints, workshops and hacking sessions. It is expected that much progress will be made on Debian (gcc5 transition, planning of the next stable release "stretch", etc.), and of course Free Software in general. The conference itself begins with an Open Weekend geared to the public, and featuring a job fair.
Attendance is free of charge thanks to numerous sponsors, including Platinum Sponsor Hewlett-Packard. Registration is required nonetheless and only very few places are left.
The conference will be tracked on various social media sites using hashtag #DebConf15. Even though Debian does not endorse proprietary services, @DebConf will have the news.
They're still using a proprietary BIOS, but have people working on a Free one. The main thing, though, is that Purism is working to give you all the privacy and freedom they can -- with more coming as they keep working to replace proprietary bits of the OS, BIOS, and hardware drivers with Free Software. Best of all, even if you don't need a new laptop right now, you can download PureOS and run it on any compatible hardware you already own.
As maintainer of the software I wonder what Slashdot readers think about what we are doing, how we are doing it and more in general about the need for simplicity in secure systems, a debate I perceive as transversal to many other GNU/Linux/BSD projects and their evolution. Given the increasing responsibility in maintaining such a software, considering the human-interface side of things is an easy to reach surface of attack, I can certainly use some advice and criticism.
Today's interview is with OpenDaylight Project Executive Director Nicolas "Neela" Jacques, who has held this position since the project was not much more than a gleam in (parent) Linux Foundation's eye. This is one of the more important Linux Foundation collaborative software projects, even if it's not as well known to the public as some of the foundation's other efforts, including -- of course -- GNU/Linux itself.