When Signal was designed, our threat model was protecting the communications of civil society, journalists, just regular citizens ...

The threat model of military operations & sharing your hate of Europeans was not what Signal was designed for. Ephemeral messages and cryptographic deniability are not fit for communications that require accountability.
But I appreciate their effort to make government more efficient by adding journalists to the chat instead of requiring to go through FOIA.

It finally happened - I got phished. Impact is limited to the Mailchimp mailing list for my blog, brief blog post with details here and more to come later: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

When you get invited to the NatSec group chat....

Today, Wiz (Woogle?) released an advisory detailing an attack chain they’ve dubbed IngressNightmare, which, if left exposed and unpatched, can be exploited to achieve remote code execution by unauthenticated attackers. The advisory, covering five separate vulnerabilities, was published after a brief embargo period, once the Kubernetes folks got their patches together.

You can find a brief writeup and search queries for runZero at: https://www.runzero.com/blog/ingress-nightmare/

this is a text block, can you guess which spot that goes in? thats right, the div hole. and how about this spacer? that one, it goes in there too. up next, we got this picture, can you guess where that goes? thats right, it goes in the div hole. and up next, an unordered list. hmm. i think that goes in, the div hole. now i also got this ordered list right here, do you see a tag that would fit the ordered list? thats right! its the div hole. ‘kay. up next, its the underline, we all know what tag that goes into, right? thats right,. the div hole. and up next , we have the audio ., you guessed it, it goes in the div hole.

-carrie

Open source maintainers, did you receive your first vulnerability report? Don't panic! Handling vulnerability reports doesn’t have to be stressful. Read on to find out how you can tackle security issues efficiently and confidently with the right tools and approach. https://github.blog/security/vulnerability-research/a-maintainers-guide-to-vulnerability-disclosure-github-tools-to-make-it-simple/

Here's the paywall-free version of today's insane must-read: The Atlantic's Jeffrey Goldberg was added to a Signal chat including SECDEF, VPOTUS, and others that discussed the Houthi strikes. In addition to being illegal, it's just dumb. A foreign adversary's dream come true

https://archive.is/JEYep

What have we here!

https://www.internetarchive.eu/

current status: scrawling "FUN JIT COMPILER PROBLEM" in sharpie on a big cardboard box, then putting it on my front lawn and seeing who jumps into it

https://www.mattkeeter.com/projects/prospero/

DNA-Testing Firm 23andMe Files for Bankruptcy https://slashdot.org/story/25/03/24/0517231/dna-testing-firm-23andme-files-for-bankruptcy?utm_source=rss1.0mainlinkanon

If you are trying to delete your 23andMe data and get an obnoxious reply asking for ID, tell them no, that's what your password is for, and they will do it. And if they then send you an obnoxious reply saying they will delete everything except the stuff they are required to keep by law, check out this article by actual lawyer @AugustB

https://bourniquelaw.com/2024/10/09/data-23-and-me/

#23andMe