onfocus

Waltz, who invited Goldberg into the Signal chat, said yesterday that he was investigating “how the heck he got into this room.”

We’re all looking for the guy who did this.

There's almost no precedent for the heads of Defense, State, Intelligence and National Security to be sharing such sensitive military intelligence in a forum that was known to be unsecured.

Bad boys don't play by the rules. Operational security is for sheeple.

The Trump administration has publicly and privately signaled that it does not believe Russia represents a cyber threat against US national security or critical infrastructure, marking a radical departure from longstanding intelligence assessments.

US Republicans have betrayed their country. They are now the Russian party. Americans need to resist and vote for people who will protect the country, not lower its defenses for takeover.

The operational emphasis on Signal from multiple threat actors in recent months serves as an important warning for the growing threat to secure messaging applications that is certain to intensify in the near-term.

Secure messaging apps under fire. Good to see the methods involved in gaining access to be aware of them.

“I don’t recall seeing an ‘NTSB Board’ being fired during the middle of a plane crash investigation,” Frost said in a recent SANS newsletter. “I can say that the attackers in the phone companies will not stop because the review board has gone away. We do need to figure out how these attacks occurred, and CISA did appear to be doing some good for the vast majority of the federal systems.”

If you never investigate crimes did they really happen?

Harris said he pleaded with the company for several years to address the flaw in the product, a ProPublica investigation has found. But at every turn, Microsoft dismissed his warnings, telling him they would work on a long-term alternative — leaving cloud services around the globe vulnerable to attack in the meantime.

Public corporations that value shareholders more than customers were a mistake and definitely shouldn’t be handling national security. This whole series of events is frustrating because it was preventable.

Hagenah⁩ says that in cases of employers with “bring your own devices” policies, there’s a risk of someone leaving with huge volumes of company data saved on their laptops. That’s a particular risk if they’re disgruntled or leave on bad terms, he says.

Or how about when a company is sued and must turn over all related employee Recall data? Seems like much more information than texts and emails contain. Companies might want to run this feature by their general counsel before deploying.

I think they are probably going to set fire to the entire Copilot brand due to how poorly this has been implemented and rolled out. It’s an act of self harm at Microsoft in the name of AI, and by proxy real customer harm.

AI has really obliterated the idea of getting consent from users. Big companies are just enabling data theft on a grand scale now. It's like people who build houses working for thieves rather than homeowners.

As North Carolina and Montana enact new age verification laws effective January 1, residents can’t view sites in Pornhub’s parent company network.

Interesting Republican effort to raise awareness and use of VPNs in red states.

In a press release, the FTC said that "Ring deceived its customers by failing to restrict employees' and contractors' access to its customers' videos, using customer videos to train algorithms, among other purposes, without consent, and failing to implement security safeguards." In one case, an employee "viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms," the FTC said.

This is awful and why I try not to buy surveillance devices. It’s difficult not to send data out of your house but I hope not being connected to the Internet becomes a selling point for electronics eventually.