AniNIX was informed of CVE-2024-3094 via our OSINT community on 2024-03-28 -- patching was completed in AniNIX/Maat on 2024-03-29 and in all systems the day after. Security review of our access logs in AniNIX/Sharingan do not indicate a compromise, using dork `"accepted" AND application_name:"sshd" AND NOT "Accepted publickey"` and others. We apologize for the delay in follow-up and transparency, but other considerations have required attention prior to this post.
We're starting an open-source intelligence or OSINT feed to announce some of our incoming threat data to the world. We hope this can be the start of meaningfully giving back to the cybersec community.
The SKS keyservers have been shut down -- some recent attacks on the network have made their hosting untenable for the providers. We will be distributing our GPG public key via the AniNIX/ShadowArch package and on our repo. Please add it to your own keyrings.
We want everyone to know that, despite recent law enforcement and Senate cries that they can't do their job without backdoors into encrypted communications, the AniNIX is committed to protecting your communications with our network. We do offer proxies of some semipublic information to outside sources -- Discord and GitHub -- but our internal services over SSH, IRCS, and HTTPS are hardened and audited. We are now additionally offering a warrant canary. This is a GPG-based device for users to know that our communications have not been compromised. If you are cybersecurity-minded, please watch the linked repo.
