Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail.
https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/
=> More informations about this toot | View the thread
People keep warning about how awful the next 4 years are going to be. That sounds optimistic to me.
=> More informations about this toot | View the thread
When Deepseek says it's being hit with a "largescale cyber attack," what does it mean? A DDoS? Anyone have any intel or insights on what's going on? So far, I'm not seeing any specifics beyond "largescale cyber attack," which tells us next to nothing.
=> More informations about this toot | View the thread
A reminder to journalists still tweeting away with the blue check marks the Nazi saluter gave to keep them on the platform: you have no place lecturing other journalists on anything.
=> More informations about this toot | View the thread
A patch for a "major" vulnerability in AMD chips has leaked before it became available for Linux users, Tavis Ormandy says. It's not clear if a patch for Windows users is available or not. I asked AMD about this 24 hours ago, and it's still not saying a peep about this. So much for transparency.
https://seclists.org/oss-sec/2025/q1/45
=> More informations about this toot | View the thread
Late last month, researchers revealed a finding that’s likely to shock some people and confirm the low expectations of others: Renewable energy facilities throughout Central Europe use unencrypted radio signals to receive commands to feed or ditch power into or from the grid that serves some 450 million people throughout the continent.
https://arstechnica.com/security/2025/01/could-hackers-use-new-attack-to-take-down-european-power-grid/
=> More informations about this toot | View the thread
This probably isn't new, but I've never heard of it. Thieves emptied a built-in safe by cutting a hole into its side and sucking out the contents with a vacuum cleaner.
https://sfstandard.com/2025/01/22/alnico-san-francisco-restaurant-burglaries/
=> More informations about this toot | View the thread
Robert F. Kennedy Jr., President-elect Donald J. Trump’s choice to lead the nation’s health agencies, formally asked the Food and Drug Administration to revoke the authorization of all Covid vaccines during a deadly phase of the pandemic when thousands of Americans were still dying every week.
https://www.nytimes.com/2025/01/17/health/rfk-jr-covid-vaccines.html
=> More informations about this toot | View the thread
Wow, my comment really touched a nerve with many of you.
=> More informations about this toot | View the thread
So many responses from people trying to find reasons to hold onto their payment cards. Fine, go ahead. Have your purchases, contacts and whereabouts permanently stored and tracked. Just don't lecture anyone about the dangers of unencrypted comms or website tracking.
=> More informations about this toot | View the thread
privacy is another good reason for paying with cash. What's the point of using encrypted comms or ad blockers or taking other privacy-preserving measures and then buying everything with a payment card? Payment cards allow data brokers to track every purchase you make, every business you visit and when. When you split a check with someone else, it lets them know who your friends and coworkers are. The amount of privacy lost using payment cards is astounding.
=> More informations about this toot | View the thread
If you're choosing locally owned businesses for your coffee, groceries or other things, kudos for supporting alternatives to corporate-owned outlets. A reminder that paying with cash allows them to keep the full proceeds rather than sharing them with moneygrubbing banks and payment processors.
=> More informations about this toot | View the thread
Is there a way to hide long threads that you don't want to see?
=> More informations about this toot | View the thread
ChatGPT reveals the system prompt for newly implemented ChatGPT Tasks feature:
https://simonwillison.net/2025/Jan/15/chatgpt-tasks/#atom-everything
=> More informations about this toot | View the thread
A fork of the Signal Messenger known as Sessions has omitted several important security properties found in the original source code, making it a less secure alternative, a researcher says. The deficiencies include:
-- no forward secrecy
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
=> More informations about this toot | View the thread
Color me unimpressed. Mark Lemley is continuing to use a platform he believes is has descended into "toxic masculinity and Neo-Nazi madness." So much for principles.
https://www.linkedin.com/posts/marklemley_i-have-struggled-with-how-to-respond-to-mark-activity-7284685204676362241-7h9r/
=> More informations about this toot | View the thread
Researchers, please, please, please create RSS feeds for your blogs. We desperately need alternatives to social media to get your work out there.
=> More informations about this toot | View the thread
@josephcox is out with another barnburner of a story, this time about more than 1,000 iOS and Android apps that surreptitiously harvest users' location data. I'm assuming this works only when people enable location tracking, although I'm guessing IPs are still exposed. Someone please correct me if I'm wrong.
https://www.404media.co/candy-crush-tinder-myfitnesspal-see-the-thousands-of-apps-hijacked-to-spy-on-your-location/
=> More informations about this toot | View the thread
Checkpoint says a developer of a macOS infostealer "stole" a string encryption algorithm that Apple uses in Xprotect. How significant is that? Did this supposed theft require some sort of breach, or is extracting and reusing an algorithm like this something anyone can do?
https://research.checkpoint.com/2025/banshee-macos-stealer-that-stole-code-from-macos-xprotect/
=> More informations about this toot | View the thread
The doomscrolling opportunities keep coming.
=> More informations about this toot | View the thread
=> This profile with reblog | Go to dangoodin@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini