Dan Goodin

@[email protected]
15.6K Followers
1.2K Following
5.3K Posts
Reporter covering security at Ars Technica. DM me on Signal: DanArs.82.
Site:https://arstechnica.com/author/dan-goodin/
Dan Goodin5d ago
Zack Whittaker5d ago

For my newsletter and blog ~ this week in security ~ I wrote about meaningful steps you can take to ensure your digital security and privacy while traveling through airports. In this post, you'll find resources to understand the risks you face, and what you can do to protect your data.

Please share! https://this.weekinsecurity.com/security-precautions-to-consider-while-traveling-through-airports/

You can also sign up for my free weekly newsletter (via email or RSS). Out Sundays! https://this.weekinsecurity.com

Security precautions to consider while traveling through airports

As border device searches rise, there are practical steps you can take to protect your devices and data from airport searches.

~this week in security~
Dan Goodin5d ago
Lorenzo Franceschi-Bicchierai5d ago

Kaspersky has linked Coruna with Operation Triangulation. This somes a few weeks after we reported that L3Harris Trenchant was the company behind some components of Coruna.

And we also reported that it was possible Coruna was used in Operation Triangulation.

https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/

Coruna: the framework used in Operation Triangulation

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.

Kaspersky
Dan Goodin6d ago
Adam Stasiniewicz 6d ago
@dangoodin @cthos It’s a totally valid question. I remember back when the NSA made a big stink about depreciating SHA-1. Not that many years later, public research came out showing the weaknesses in SHA-1. Lots of people back then wondered what the NSA’s internal research came up with that prompted the rapid depreciation.
Dan Goodin6d ago

Google is dramatically shortening its deadline readiness for the arrival of Q Day, the point at which existing quantum computers can break public-key cryptography algorithms that secure decades’ worth of secrets belonging to militaries, banks, governments, and nearly every individual on earth.

https://arstechnica.com/security/2026/03/google-bumps-up-q-day-estimate-to-2029-far-sooner-than-previously-thought/

Google bumps up Q Day deadline to 2029, far sooner than previously thought

Company warns entire industry to move off RSA and EC more quickly.

Ars Technica
Dan GoodinMar 24
I was lucky enough to cover Cindy Cohn's trailblazing work BEFORE she joined @eff . Here's one of several stories I wrote about her when she was still an associate attorney in private practice.
Show threadDan GoodinMar 24

For context, please see:

https://arstechnica.com/security/2026/03/self-propagating-malware-poisons-open-source-software-and-wipes-iran-based-machines/

Self-propagating malware poisons open source software and wipes Iran-based machines

Development houses: It's time to check your networks for infections.

Ars Technica
Dan GoodinMar 24

Wow, TeamPCP is hacking open-source developers faster than we can report on them. The latest (that I'm aware of, anyway) is LiteLLM. They worked with Trivy but didn't bother to change their credentials after Trivy was hacked, despite an ample amount of advice to do so.

Folks, if any of you used LiteLLM, now is the time to change your credentials, in an atomic way. Now, as in immediately.

https://news.ycombinator.com/item?id=47501729

LiteLLM Python package compromised by supply-chain attack | Hacker News

Dan GoodinMar 20
Zack WhittakerMar 20

New, by me: A cyberattack on a vehicle breathalyzer company called Intoxalock has left drivers across the United States stranded and unable to start their cars.

https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US | TechCrunch

A cyberattack on a U.S. car breathalyzer company has left drivers across the United States reportedly stranded and unable to start their vehicles.

TechCrunch
Dan GoodinMar 18

Does anybody with a STRONG BACKGROUND IN WEBSITE PRIVACY have time to vet this research? Are TikTok and Meta pixels REALLY doing the things claimed? I'm concerned it may be overstating things in an attempt to sell its tag monitoring tools.

https://jscrambler.com/blog/beyond-analytics-tiktok-meta-ad-pixels

The Collection of Commercial Intelligence: TikTok & Meta Ad Pixels

Jscrambler analyzed the TikTok and Meta ad pixels used on websites and found that their default behavior requires immediate attention.

Jscrambler
Dan GoodinMar 9

Dear readers. If you're not willing to support the families of those you want to read then we regretfully will be preventing you from obtaining our work for free.

https://infosec.exchange/@StefanThinks@beige.party/116199534759633586

https://infosec.exchange/@StefanThinks@beige.party