RE: https://abyssdomain.expert/@filippo/116296240048747450
Filippo is spot on. The question we should be asking now is: "What does Google know that the rest of us don't?"
D
dangoodin@infosec.exchange
@dangoodin@infosec.exchange
Posts
-
Filippo is spot on. -
I was lucky enough to cover Cindy Cohn's trailblazing work BEFORE she joined @eff .I was lucky enough to cover Cindy Cohn's trailblazing work BEFORE she joined @eff . Here's one of several stories I wrote about her when she was still an associate attorney in private practice.
-
Wow, TeamPCP is hacking open-source developers faster than we can report on them.For context, please see:
Self-propagating malware poisons open source software and wipes Iran-based machines
Development houses: It's time to check your networks for infections.
Ars Technica (arstechnica.com)
-
Wow, TeamPCP is hacking open-source developers faster than we can report on them.Wow, TeamPCP is hacking open-source developers faster than we can report on them. The latest (that I'm aware of, anyway) is LiteLLM. They worked with Trivy but didn't bother to change their credentials after Trivy was hacked, despite an ample amount of advice to do so.
Folks, if any of you used LiteLLM, now is the time to change your credentials, at an atomic level. Now, as in immediately.
-
Does anybody with a STRONG BACKGROUND IN WEBSITE PRIVACY have time to vet this research?Does anybody with a STRONG BACKGROUND IN WEBSITE PRIVACY have time to vet this research? Are TikTok and Meta pixels REALLY doing the things claimed? I'm concerned it may be overstating things in an attempt to sell its tag monitoring tools.
The Collection of Commercial Intelligence: TikTok & Meta Ad Pixels
Jscrambler analyzed the TikTok and Meta ad pixels used on websites and found that their default behavior requires immediate attention.
Jscrambler (jscrambler.com)
-
Dear readers.Dear readers. If you're not willing to support the families of those you want to read then we regretfully will be preventing you from obtaining our work for free.
Infosec Exchange
A Mastodon instance for info/cyber security-minded people.
Mastodon hosted on infosec.exchange (infosec.exchange)
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier.Sigh. removing the sensors may be viable. Do the sensors come with the tires (and hence change each time they're replaced)? Sounds like swapping out the sensors would be a lot of work for the average vehicle owner.
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier.OK, so it's just for tracking people's TPMS? It's not for changing your own?
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier.I'll rephrase: To prevent TPMS from identifying my vehicle, do I use this kit to regularly change my TPMS? If not, how does this mitigation work?
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier.Very cool. Now I want to do it for my vehicle. How do I get started? Has anyone put together a how-to article?
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier.Interesting. So is the idea to regularly change the TPMS?
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier.Please say more. What does one buy? How easy is it for people with only intermediate tech skills to do? Are there any tutorials explaining all of this?
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier.Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
-
RIP burner accountsRIP burner accounts
LLMs can unmask pseudonymous users at scale with surprising accuracy
Pseudonymity has never been perfect for preserving privacy. Soon it may be pointless.
Ars Technica (arstechnica.com)
-
Google has devised a means for securing HTTPS certificates against quantum computing attacks without massive performance hits stemming from the considerably longer size of data required to be included.Great question . . . and one I don't know the answer to.
-
Google has devised a means for securing HTTPS certificates against quantum computing attacks without massive performance hits stemming from the considerably longer size of data required to be included.Google has devised a means for securing HTTPS certificates against quantum computing attacks without massive performance hits stemming from the considerably longer size of data required to be included.
Is anyone following this work?
Cultivating a robust and efficient quantum-safe HTTPS
Posted by Chrome Secure Web and Networking Team Today we're announcing a new program in Chrome to make HTTPS certificates secure against ...
Google Online Security Blog (security.googleblog.com)
-
That guest SSID you set up for your neighbors may not be as secure as you thinkThat guest SSID you set up for your neighbors may not be as secure as you think
