It is #tax season in the #US. Lots of people use tax software
Some people use #HRblock software to prepare. You may reconsider.
HR Block Business 2025 installs, when you install their software for your tax 2025, a root CA (certificate authority). For whatever strange reason. This is ugly, because it bears lots of risks what they can now do while you are surfing. But this is not enough. The validity of this certificate is set til 2049. You need the sw now, not 2049. But wait, there is more.
They include their private key for the CA in a dll.
This led a security researcher to create a website to create his own self signed certificate, validated with the root CA private key of HR Block.
Check here: https://hrbackdoor.yifanlu.com

https://news.ycombinator.com/item?id=47457162
#itsecurity #privacy #securitynow (thanks)

New Security Now! is live! 🎙️

🤖 LLMs are getting scary at de-anonymizing people — your aliases might not protect you anymore
🔒 Firefox privacy wins + Apple/Google testing RCS encryption
🚨 TikTok resisting encryption, OpenClaw vulnerabilities, Ubuntu SUDO critical boost

We're diving into mass surveillance implications. What's your take on the security risks?

https://twit.tv/shows/security-now/episodes/1069

#SecurityNow #Cybersecurity #TWiT

🎙️ New Security Now! is live: Internal threats are the real danger — perimeter defense isn't enough anymore.

🔑 Zero trust & least privilege aren't buzzwords, they're survival strategies
👤 Most damage comes from compromised accounts & legacy systems

Learn how to implement zero trust without destroying productivity. Recorded live at ThreatLocker's Zero Trust World 2026.

https://twit.tv/shows/security-now/episodes/1068

#SecurityNow #Cybersecurity #TWiT

🎯 ClickFix & CrashFix exploits are tricking users into running clipboard malware—Windows nightmare fuel

🤖 AI hacking campaigns targeting Mexican govt while Lapsus$ recruits fresh talent

⚠️ Cisco's rare 10.0 CVSS vulnerability has everyone scrambling + Meta's drowning in AI-generated CSAM false reports

New Security Now is live! https://twit.tv/shows/security-now/episodes/1067

#SecurityNow #Cybersecurity #TWiT

RE: https://twit.social/@leo/115885611563070109

I recently heard @leo talk on #SecurityNow about his experiences with #ClaudeCode. While Leo is on the "AI enthusiast" camp, I also heard him talk a lot about Cory Doctorow's (@pluralistic ) concept of #enshittification , as well as the importance of #FOSS.
I want to confront these two sides. For the sake of the argument, let's put the question of whether Claude can generate good code aside. Assume it does. Then what's the problem? Vendor lock-in and enshittification.

1/

Dang, This Week in Tech and #SecurityNow used to be okay.
Paying for their "Club Twit" used to be a good way to get around their advertisement, but since @leo has been AI-pilled and can't stop making advertisements for AI bullshit both shows have become unbearable.

Meanwhile, @joeress remains solid with the @latenightlinux podcasts ❤️

To all of you who are eager to learn about #enshittification and how we are dragged more and more into dependency by #bigtech, I recommend the #securitynowpodcast #securitynow by #twittv.
The shortening of certificates for code signing and the smart app control by Microsoft in windows 11 are just another step into dependency and money making. Thanks Steve, for this podcast.

Maybe the #heise #passwortpodcast can also consider this is German language.
@heisec @syt @christopherkunz