Hacking the call records of millions of Americans(evanconnelly.github.io) Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.
HP printers try to send data back to HP about your devices and what you print(robertheaton.com) Last week my in-laws politely but firmly asked me to set up their new HP printer. I protested that I’m completely clueless about that sort of thing, despite my tax-return-job-title of “software engineer”. Still remonstrating, I was gently bundled into their study with an instruction pamphlet, a cup of tea, a promise to unlock the door once I’d printed everyone’s passport forms, and a warning not to try the window because the roof tiles are very loose.
Cell Phone OPSEC for Border Crossings(schneier.com) I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones.
2.8B Twitter IDs Leaked(forbes.com) Elon Musk’s social media platform, X, is no stranger to the news. What with the reported purchase of X by xAI for $33 billion, attackers claiming responsibility for platform outages, and X password scams targeting users. Now, another shock awaits the users of what used to be Twitter: a self-proclaimed data enthusiast has just given away what is claimed to be a database containing details of some 200 million X user records. Here’s what we know so far.
9 points by EVa5I7bHFq9mnYK 1 day ago | 6 comments
DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit(github.com/dfd-tud) Document Colour Tracking Dots, or yellow dots, are small systematic dots which encode information about the printer and/or the printout itself. This process is integrated in almost every commercial colour laser printer. This means that almost every printout contains coded information about the source device, such as the serial number.
Discover European alternatives to popular SaaS(xwiki.com) Let’s face it: Big Tech companies will always put their interests first. If Europe truly wants digital sovereignty, we need to stop handing over our infrastructure to Silicon Valley giants. Yet, despite all the talk, many businesses and governments still sign contracts with Microsoft, Google, and Atlassian, locking themselves into foreign control. We can’t afford to keep making the same mistake.
New in Gmail: Making E2E encrypted emails easy to use for all organizations(workspace.google.com) At Google, we believe that secure, confidential communication should be available for organizations of all sizes. However, end-to-end encrypted (E2EE) email was historically a privilege reserved for organizations with significant IT resources, due to the complexity of S/MIME and proprietary solutions.
Kagi for Kids(kagi.com) The Kagi Family Plan is perfect for families wanting to search smarter, emphasizing learning over consumption while respecting your family's privacy.
Moving 18 years of comments out of Disqus and into my 11ty static site(sachachua.com) I've been thinking of getting rid of the Disqus blog commenting system for a while. I used to use it in the hopes that it would handle spam filtering and the "someone has replied to your comment" notification for me. Getting rid of Disqus means one less thing that needs Javascript, one less thing that tracks people in ways we don't want, one less thing that shows ads and wants to sell our attention.
Pixelfed leaks private posts from other Fediverse instances(fokus.cool) Due to an implementation mistake, Pixelfed ignores this and allows anyone to follow even private accounts on other servers. When a legitimate user from a Pixelfed instance follows you on your locked fediverse account, anyone on that Pixelfed instance can read your private posts. You don’t need to be a Pixelfed user to be affected.
52 points by pierremenard 3 days ago | 25 comments
FBI raids home of prominent computer scientist who has gone incommunicado(arstechnica.com) A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.
155 points by SlackingOff123 4 days ago | 83 comments
When the physicists need burner phones, that's when you know America's changed(theguardian.com) At international academic conferences recently, one sees an interesting trend. Some American participants are travelling with “burner” phones or have minimalist laptops running browsers and not much else. In other words, they are equipped with the same kind of kit that security-conscious people used to bring 15 years ago when travelling to China.