2025-04-24 06:26:54
Fears grow that Signal leaks make Pete Hegseth top espionage target | Signal group chat leak | The Guardian
https://www.theguardian.com/us-news/2025/apr/23/pete-hegseth-pentagon-espionage
2025-04-24 00:48:43
[Any…] system as-described can be trivially repurposed … to identify content pertaining to LGBTQ community, sexual health, abortion rights, political activism, democracy campaigns and resistance to foreign invasion. There is no such thing as a … system which can be permanently technologically limited to a narrow, politically defined “duty of care” scope, so there is a fundamental risk to liberty in building such a mechanism in the first place.
https://github.com/DPGAlliance/dpg-standard/issues/198#issuecomment-2824866724
2025-04-20 16:23:10
You can’t make this stuff up:
https://en.wikipedia.org/wiki/Sundae_%28sausage%29
See also the history of “black pudding” and “boudin noir”.
2025-04-18 02:09:05
About the security content of iOS 18.4.1 and iPadOS 18.4.1 – Apple Support
Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
2025-04-17 01:17:30
Join us for the May edition of the London Security Engineering meetup at Wise’s London offices!
We are thrilled to host Alec Muffett, a distinguished technologist and security consultant with over 30 years of experience in cryptography and security.
https://www.meetup.com/london-security-engineering-group/events/307320393/
I’m going to try something a little more experimental with this presentation, aiming avoid slides and foster a little more audience discussion than the usual “slide deck and slick talk” typical of some meetups; given the nature of the audience my hope is for people who build systems and solutions to come away with a greater understanding of how to shape their code and solutions to build a product with a smaller attack surface and less risk.
If you have questions or issues that you would like to raise, please feel free to post a comment below.
2025-04-16 07:49:09
This is incalculable harm to coordination of infosec response; via Brian Krebs:
MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16.
The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn’t really anyone else left who does this, and it’s typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.
I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.[…]
Yosry Barsoum, vice president and director at MITRE’s Center for Securing the Homeland, said:
“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”
https://www.linkedin.com/feed/update/urn:li:activity:7318006192021143554