Has anyone ever heard of a security breach of a Fedramp moderate or higher authorized environment? I mean the parts that are authorized.

@airwhale @13reak

"companies spending money with the adtech companies do see returns" - Not necessarily, as measuring conversion rates is not easy. If you see that without G your visits plummet (as measured by G) you go back to G. Recommended:

https://thecorrespondent.com/125/the-non-sense-of-online-advertising-when-the-numbers-dont-add-up

I'm not familiar with news specifically, but I assume they don't partner with advertisers directly, but through an ad network, which is in the end owned by Meta or G, who can ~arbitrarily set their prices/payouts?

A vulnerability in a Linux enterprise app can allow attackers root access over devices

The issue impacts Himmelblau, an interoperability suite to integrate Linux with Entra ID and Intune networks.

https://www.akamai.com/blog/security-research/2026/mar/cve-2026-31979-symlink-root-privilege-escalation-himmelblau

NTLM and SMB go opt-in

https://daniel.haxx.se/blog/2026/03/22/ntlm-and-smb-go-opt-in/

#curl

@sassdawe lol OK that makes sense :D I thought you want to exclude advertisers.

@sassdawe Who would scare away their best customers (in this case, companies with the highest turnover rates)? :)

@13reak @airwhale Yes, this is what I mean.

You are right that these are extremely powerful tools, still I feel like most customers (by count, not invoices) are just burning their money on adtech, because that's what everybody does, while you don't have to be Nassim Taleb to see that the numbers justifying the spend are rigged.

@13reak @airwhale Oh GDPR avoidance is a great reason to operate like this!

I think we are talking about different things re: company revenues: as I understand these companies use data to do marketing - this can be translated to money, sure. But how is it possible that these marketing companies work with finances comparable to e.g. Exxon?

@airwhale I still don't get how the market of "telling people about things" can be more profitable than the market for "things" (G and Meta being the largest companies in the world) in the first place.

@airwhale My gut tells me most of these are in fact stand-ins for large adtech companies like Meta and Google.

Does anyone know where to find more info on the surveilance economy online? I was looking for an update on the unfortunate Debora Silvestri who crashed so badly yesterday, and of course, was met with "We value your privacy" banner where I could consent to giving away… something?

The Privacy Policy talks about two cookies - both Google Analytics, and two partners for gaining "audience insights". The actual cookie pop-up list 1.709 (!) so-called "partners", many with "legitimate interest". Basically all these are companies nobody has ever heard of.

I know I'm leaking info like IP-address, browser and device details. What I can't understand is how all these 1.709 little leeches can possibly deliver enough value and generate revenue based on this information. Who pays them, and for what?

Thanks!

#advertisements #surveillance #cookies

We’ve always had a problem with least privilege, but users needed to be owned for it to visibly hurt the enterprise.

Kevin didn’t know what to do with the extra creds, but his agent will.

Maybe the first run of the “paperclip” problem will be agents wiping shares to save us..

Okay these "Background Security Improvements" are definitely worse than RSRs. They show up at random times in your Settings app, and if you tap anywhere else, they disappear immediately. You can find them again, but they're not under Software Updates where they should be, but under Privacy & Security > Background Security Improvements, which also does not seem to show up in search.

EDIT: HOLY SHIT I have to enable "Automatically Install" in order to even be allowed to download them MANUALLY?! And there's no progress indicator either?? Whoever approved this should be hurled into the sea.

Fixing a Buffer Overflow in UNIX v4 Like It’s 1973

https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/

Exploit su on a PDP-11 :)

🚨 We are extending the deadline for our Volume 5 Call For Papers and its Rootkit Competition!

Check out the updated dates below:

→ https://tmpout.sh/blog/vol5-cfp.html (until May 1st 2026)
→ https://tmpout.sh/blog/vol5-rootkit-competition.html (until May 31st 2026)

We are looking forward to reading your work!

Whenever I use Chrome to debug a modern website, it's so funny to see all the requests usually blocked by my normal setup. It's like watching a fish being released back into the sea, swimming happily, gobbling up all the data and sending telemetry out to the other fish.

AI is going great at MS:

"You will see us be more intentional about how and where Copilot integrates across Windows [...] we are reducing unnecessary Copilot entry points, starting with apps like Snipping Tool, Photos, Widgets and Notepad"

To tilt Hungarian election, Russians proposed staging assassination attempt - The Washington Post

https://archive.ph/f8zdV

Great, I finally get myself to learn a Python project management tool then it immediately gets slurped up by OpenAI :P

https://simonw.substack.com/p/thoughts-on-openai-acquiring-astral