Oct 24 2017 - 12:01pm

On the evening of Monday October 16th, just as the SecureDrop team was about to head home for the day, two of our engineers, while doing some testing for a new version of SecureDrop expected to be released the following week, discovered a serious vulnerability in the SecureDrop code.

Oct 24 2017 - 12:01pm

Today we are announcing the release of SecureDrop 0.4.4. This is a hotfix release to fix a security vulnerability where during initial provisioning of the SecureDrop servers, three packages - tor, ntp, and the Tor keyring are installed without verifying cryptographic signatures.

Sep 19 2017 - 10:56am

The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process.

Sep 12 2017 - 11:06am

Today we are announcing the release of SecureDrop 0.4.3. This release:

Sep 5 2017 - 3:23pm

The release of the next version of SecureDrop, 0.4.3, is scheduled for September 12th, 2017. We will send out another notification through our blog on securedrop.org, Twitter, and the support portal when the release goes live.  

 

Aug 31 2017 - 9:23pm

Summary

We have recently become aware of attacks attempting to exfiltrate data from the SecureDrop airgapped Secure Viewing Station. These attacks come in the form of QR codes that journalists must scan with an internet-connected device such as a phone. The QR code contains a link that sends exfiltrated data from the airgap environment to an attacker.

Aug 14 2017 - 5:48pm

Today we are announcing the release of SecureDrop 0.4.2. This is a bugfix release to fix an issue with the AppArmor profile for Apache, which caused the Source and Journalist Interface web applications to fail. The root of the problem was an implicit dependency on upstream AppArmor abstractions from the Tor package, which has been resolved.

Aug 2 2017 - 5:17pm

Today we are announcing the release of SecureDrop 0.4.1. This is a bugfix release to fix an issue with one of the scripts that configures the Tails workstation environment. If you encountered a permissions issue when running securedrop-admin tailsconfig, this release will fix that issue. We have updated our upgrade guide accordingly.

Jul 25 2017 - 1:06pm

Today we are announcing the release of SecureDrop 0.4.

This release:

Jul 11 2017 - 10:32am

The release of the next version of SecureDrop, 0.4, is scheduled for July 25th, 2017. We will send out another notification through this blog on securedrop.org, Twitter, and the support portal when the release goes live.

Pages