"Let's talk about supply chain attacks and backdoored dependencies"
"UK Government Officials Infected with Pegasus"
"Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru"
On @LastWeekTonight, host @iamjohnoliver dug into the problems with data brokers, with a detailed explainer about how they work, how they collect and sell personal information, and how easy it was for him to potentially target and track politicians. https://www.youtube.com/watch?v=wqn3gR1WTcA
"Git security vulnerability announced"
Privilege Escalation to SYSTEM in AWS VPN Client"
"AWS RDS Vulnerability Leads to AWS Internal Service Credentials"
the days of usenet, irc, the web...even email (w PGP)...were amazing. centralizing discovery and identity into corporations really damaged the internet.
I realize I'm partially to blame, and regret it.
"CERT-EU Security Guidance 22-002 - Hardening Signal"
"Longer term, it’s likely these weaponizations are like spitting into the wind: The downsides of vandalizing open source projects far outweigh any possible benefit, and the blowback will ultimately damage the projects and contributors responsible. By extension, all of open source is harmed."
So... "protestware" is now a thing. 🤨
"Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine"