Bert Driehuis
- 14 Followers
- 59 Following
- 187 Posts
Security noob since 1986
Alex Russell
The Spamhaus Project⚠️ 🎣 We’re seeing an ongoing phishing campaign targeting hotels and hosts, impersonating messages from 'Booking.com' - see sample image below.
Here’s what we know so far:
➡️ Emails appear to target actual 'Booking.com' host email addresses, which may indicate that recipient data was obtained from a previous breach - the timing is particularly relevant given the 'Booking.com' data breach last month (see article - https://www.bbc.co.uk/news/articles/cly00jnnxypo).
➡️ While the emails appear to come from 'Booking.com', they are actually sent via compromised accounts.
➡️ Messages typically reference a “complaint” or “special request” requiring urgent action.
➡️ Links often use URL shorteners or services like 'share.google' to hide phishing pages
➡️ Goal is to steal login credentials or payment details through fake portals
These phishing emails are very convincing, so extra caution is prudent - here are some steps you can take to reduce risk:
✅ Be cautious of urgency or pressure in booking-related emails
✅ Avoid clicking shortened or unfamiliar links
✅ Verify requests by logging into the platform directly
✅ Report suspicious emails internally or to the platform provider
LibreOfficeOpen Letter to European Citizens
The door to digital sovereignty is open, please come in
We ask European citizens, and through them those who govern European countries, to understand one important thing: the door to digital sovereignty does not open simply by choosing different software, but by understanding what sovereignty actually entails.
It requires open document formats, open fonts, continuity of expertise, and honesty about what "open" means.
https://blog.documentfoundation.org/blog/2026/03/31/open-letter-to-european-citizens/
Way back in 1993, I tried to get my name attached to an amicus brief for USL vs BSDi. Apparently, I missed my target as there is no mention whatsoever of my name in the docket for 832 F. Supp. 790 (1993). But if today you are using MySQL or any of its derivatives, and enjoy having an alternative to the 800 pound (albeit very nice) gorilla that PostgreSQL has become, you may want to review this petition:
I just signed it. And it's weird to name an open source entity as the 800 pound gorilla.
Kim Crawley 😷 (she/her)I want you to spread the word that Tim O'Reilly of O'Reilly Media is forcing his editors to "use" Gen AI as much as possible. The book I wrote for them, Hacker Culture: A to Z, is probably the last non-tech manual they ever published that isn't tainted by Gen AI.
I quit my goddamn fucking professor position at OPIT because I would rather risk my ability to pay my rent than subject my students to Gen AI "e proctoring."
Please check out https://stopgenai.com, I beg of you.
Does anyone have a good feel for how many apps that use React will be vulnerable in practice to CVE-2025-55182? In particular, what are the chances of encountering the vulnerable React Server components in the client parts of a React app? If that is a vector for vulnerability, it will be a bear to even find, as many React clients are compressed and/or obfuscated. #vulnerability
koehntopp ~ :Wie sich ein Physikstudent fühlt, wenn er PolitikerInnen zuhört
(Auf LinkedIn gefunden, netterweise hat mir jemand den Link zur Quelle geschickt:)
https://www.instagram.com/wochenendrebellen/reel/DRxdmFkDWgi/
FWIW, learned two new things yesterday:
1- ad.doubleclick.net works as an open redirect. You may wish to block it in your proxy or firewall.
2- If you double click a .js in a .zip in a default Windows installation, it will get passed to Windows Script Host (I kid you not).
1- ad.doubleclick.net works as an open redirect. You may wish to block it in your proxy or firewall.
2- If you double click a .js in a .zip in a default Windows installation, it will get passed to Windows Script Host (I kid you not).
Found a lovely new style of open redirect in an e-mail phish. I have redacted the victim's e-mail address, but do not follow this link unless you have a solid sandbox. It redirects to AWS, which will show a convincing "your file is ready", and the download is a .zip containing a .js which on cursory reading generates some helpful PowerShell commands for you on the fly. Ton of chinese glyphs in the strings, but that may be a false flag.
https://ad[.]doubleclick[.]net/ddm/trackclk/N4892.5020.4774291382421/B23999293.271539123;dc_trk_aid=466016770;dc_trk_cid=131101292;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https://arihantjainsangh[.]org/z#dmljdGltQHZpY3RpbS5jb20K
Anyone have a good contact at Google to get this addressed? #google
Em 
We need more than 2 popular and accessible types of mobile OS 📱
We need more than 2 popular and accessible types of desktop OS 🖥️
We need more than 2 popular and accessible types of browsers 
We need more than 2 popular high-capacity cloud services ☁️
We need more than a 2 popular and secure end-to-end encrypted email services 📧
We need more than a few popular and secure end-to-end encrypted messaging apps 💬
We need SO much more diversity in tech!
There seems to be a tendency to just pit projects against each other (or buy each other) until we only get 2 options in the end. This is horrible for consumer choices, for security, for privacy, for resilience, and just leads to more enshitification everywhere once people are locked in systems without viable alternatives.
We need much more options, everywhere.
Celebrate and encourage diversity.
In tech, and everywhere else.