News

Release Announcement

SecureDrop 0.5.2 Released

We are annoucing the release of SecureDrop 0.5.2. The important changes in this release are summarized below:Updates Tor to 0.3.2.9-1~trusty+1 on all SecureDrop serversResolves a bug in the registration of OSSEC agents during securedrop-admin-installFor full details, see the changelog. Development for this ... Read More

Interest Article

A tribute to James Dolan, co-creator of SecureDrop, who has tragically passed away at age 36

Cross posted from the Freedom of the Press Foundation blog.It was with an extremely heavy heart that we recently learned our friend and former colleague James Dolan—one of the co-creators of SecureDrop and Freedom of the Press Foundation’s first full time employee—took his own life over ... Read More

Release Announcement

SecureDrop 0.5.1 Released

Today we are announcing the release of SecureDrop 0.5.1. The important changes in this release are summarized below: SecureDrop servers will now use an apt server run by Freedom of the Press Foundation for future Tor package updates.The source and journalist interfaces are localized in four additional ... Read More

Security Advisory

How the Spectre and Meltdown Vulnerabilities impact SecureDrop Users

Based on publicly available information and our current understanding of the Meltdown and Spectre vulnerabilities, both vulnerabilities require an adversary to have arbitrary code execution capabilities on the host. Given that SecureDrop’s Application and Monitor servers do not allow arbitrary code execution, these vulnerabilities appear not to be directly ... Read More

Release Announcement

SecureDrop 0.5 Released

Today we are announcing the release of SecureDrop 0.5. This release adds support for six additional languages. The important changes in this release are summarized below:  The source and journalist interfaces are localized in Dutch, French, German, Norwegian, Portuguese and Spanish. Administrators are able to enable any or all ... Read More

Pre-Release Announcement

SecureDrop 0.5: Pre-Release Announcement

 The release of the next version of SecureDrop, 0.5, is scheduled for December 5th, 2017. We will send out another notification through our blog on securedrop.org, Twitter, and the support portal when the release is live. User-facing changes that administrators should be aware of are summarized in this ... Read More

Interest Article

December SecureDrop Hackathon at EFF

Come work on SecureDrop at the Electronic Frontier Foundation at 815 Eddy St in San Francisco on Thursday December 7th at 6-9pm!SecureDrop is a whistleblower submission system that media organizations use to securely accept documents from and communicate with anonymous sources. Originally written by Aaron Swartz, it has been ... Read More

Security Advisory

We found a vulnerability in the SecureDrop installation process. Here’s how we’re fixing it.

On the evening of Monday October 16th, just as the SecureDrop team was about to head home for the day, two of our engineers, while doing some testing for a new version of SecureDrop expected to be released the following week, discovered a serious vulnerability in the SecureDrop code. Read More