Mastodawn

For my newsletter and blog ~ this week in security ~ I wrote about meaningful steps you can take to ensure your digital security and privacy while traveling through airports. In this post, you'll find resources to understand the risks you face, and what you can do to protect your data.

Please share! https://this.weekinsecurity.com/security-precautions-to-consider-while-traveling-through-airports/

You can also sign up for my free weekly newsletter (via email or RSS). Out Sundays! https://this.weekinsecurity.com

Security precautions to consider while traveling through airports

As border device searches rise, there are practical steps you can take to protect your devices and data from airport searches.

~this week in security~

Dan Goodin 5d ago

Lorenzo Franceschi-Bicchierai 5d ago

Kaspersky has linked Coruna with Operation Triangulation. This somes a few weeks after we reported that L3Harris Trenchant was the company behind some components of Coruna.

And we also reported that it was possible Coruna was used in Operation Triangulation.

https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/

Coruna: the framework used in Operation Triangulation

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.

Kaspersky

Dan Goodin 6d ago

Adam Stasiniewicz

6d ago

@dangoodin @cthos It’s a totally valid question. I remember back when the NSA made a big stink about depreciating SHA-1. Not that many years later, public research came out showing the weaknesses in SHA-1. Lots of people back then wondered what the NSA’s internal research came up with that prompted the rapid depreciation.

Show thread

Dan Goodin 6d ago

@xgranade @cthos

Fair. Personally, I think China or Russia getting access to US national secrets will affect me personally, but this is more about geopolitics than cryptography.

Show thread

Dan Goodin 6d ago

@cwebber

Are you thinking of something like this?

https://arstechnica.com/ai/2026/02/the-rise-of-moltbook-suggests-viral-ai-prompts-may-be-the-next-big-security-threat/

The rise of Moltbook suggests viral AI prompts may be the next big security threat

We don't need self-replicating AI models to have problems, just self-replicating prompts.

Ars Technica

Show thread

Dan Goodin 6d ago

@esoteric_programmer

Do you have a link? Quantum computing doesn't break hash algorithms, although I think it may help create collisions. Maybe @sophieschmieg knows.

Show thread

Dan Goodin 6d ago

@esoteric_programmer

Well, for starters, did you read the Google research from last June? It's linked in the article.

Show thread

Dan Goodin 6d ago

@paulehoffman

Their estimate from last June of 1 million noisy qubits? That's the most recent estimate.

Dan Goodin 6d ago

Google is dramatically shortening its deadline readiness for the arrival of Q Day, the point at which existing quantum computers can break public-key cryptography algorithms that secure decades’ worth of secrets belonging to militaries, banks, governments, and nearly every individual on earth.

https://arstechnica.com/security/2026/03/google-bumps-up-q-day-estimate-to-2029-far-sooner-than-previously-thought/

Google bumps up Q Day deadline to 2029, far sooner than previously thought

Company warns entire industry to move off RSA and EC more quickly.

Ars Technica

Dan Goodin Mar 24

I was lucky enough to cover Cindy Cohn's trailblazing work BEFORE she joined @eff . Here's one of several stories I wrote about her when she was still an associate attorney in private practice.