Dag#SecurityNow 's take on the #AI #API in #Google #Chrome
Steven SandovalOne way to control technology is to defund and prohibit education such that the technicians and technically adept people capable of operating the technology cannot do so unless explicitly trained through government approved schooling.
Then you have a shot at preventing 3D printers from making guns.
This is also an efficient way to hamstring your population, making you vulnerable militarily. #securitynow 1072.
CSB (mastodon.cloud)
Matt Organ@yifanlu Cool find 😎.
I learned about your disclosure this morning when it made it onto this week's #SecurityNow Ep1071 and then saw it go by here on mastodon not long after.
And yes, why are commercial bug reporting platforms such a PITA to deal with trying to get someone to actually listen. Having a public reporting mechanism feels like such a "box ticking exercise" from their end.
OkunaIt is #tax season in the #US. Lots of people use tax software
Some people use #HRblock software to prepare. You may reconsider.
HR Block Business 2025 installs, when you install their software for your tax 2025, a root CA (certificate authority). For whatever strange reason. This is ugly, because it bears lots of risks what they can now do while you are surfing. But this is not enough. The validity of this certificate is set til 2049. You need the sw now, not 2049. But wait, there is more.
They include their private key for the CA in a dll.
This led a security researcher to create a website to create his own self signed certificate, validated with the root CA private key of HR Block.
Check here: https://hrbackdoor.yifanlu.com
https://news.ycombinator.com/item?id=47457162
#itsecurity #privacy #securitynow (thanks)
Watching #SecurityNow pod now: https://www.youtube.com/live/lVJ5tpZJdug
Security Now 1070
Chief TWiT 
New Security Now! is live! 🎙️
🤖 LLMs are getting scary at de-anonymizing people — your aliases might not protect you anymore
🔒 Firefox privacy wins + Apple/Google testing RCS encryption
🚨 TikTok resisting encryption, OpenClaw vulnerabilities, Ubuntu SUDO critical boost
We're diving into mass surveillance implications. What's your take on the security risks?
🎙️ New Security Now! is live: Internal threats are the real danger — perimeter defense isn't enough anymore.
🔑 Zero trust & least privilege aren't buzzwords, they're survival strategies
👤 Most damage comes from compromised accounts & legacy systems
Learn how to implement zero trust without destroying productivity. Recorded live at ThreatLocker's Zero Trust World 2026.
🎯 ClickFix & CrashFix exploits are tricking users into running clipboard malware—Windows nightmare fuel
🤖 AI hacking campaigns targeting Mexican govt while Lapsus$ recruits fresh talent
⚠️ Cisco's rare 10.0 CVSS vulnerability has everyone scrambling + Meta's drowning in AI-generated CSAM false reports
New Security Now is live! https://twit.tv/shows/security-now/episodes/1067
Ur Ya'arRE: https://twit.social/@leo/115885611563070109
I recently heard @leo talk on #SecurityNow about his experiences with #ClaudeCode. While Leo is on the "AI enthusiast" camp, I also heard him talk a lot about Cory Doctorow's (@pluralistic ) concept of #enshittification , as well as the importance of #FOSS.
I want to confront these two sides. For the sake of the argument, let's put the question of whether Claude can generate good code aside. Assume it does. Then what's the problem? Vendor lock-in and enshittification.
1/