Mastodawn

After threatening to ban TP-Link router sales over alleged links to China (which TP-Link denies), the Trump administration has reportedly put that ban plan on hold ahead of a summit with China, suggesting it was political leverage and not about cybersecurity.

From me in November: https://this.weekinsecurity.com/banning-tp-link-wont-save-america-from-its-own-terrible-cybersecurity/

From Reuters today: https://reuters.com/business/media-telecom/us-china-trade-detente-fuels-mothballing-key-china-tech-curbs-2026-02-12/ (via @metacurity)

Banning TP-Link won't save America from its own terrible cybersecurity

TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.

~this week in security~

Likewise. This. 💯

Google is shutting down dark web reports in January because they weren’t helpful
Google says the reports lacked "helpful next steps."
https://arstechnica.com/gadgets/2025/12/google-is-shutting-down-dark-web-reports-in-january-because-they-werent-helpful/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

vinny Dec 7

T’Chris Dec 7

Novel clickjacking attack relies on CSS and SVG
#cybersecurity

https://www.theregister.com/2025/12/05/css_svg_clickjacking/

Novel clickjacking attack relies on CSS and SVG

: Who needs JavaScript?

The Register

vinny May 4, 2025

Ars Technica May 4, 2025

A DOGE recruiter is staffing a project to deploy AI agents across the US government
A startup founder said that AI agents could do the work of tens of thousands of government employees.
https://arstechnica.com/tech-policy/2025/05/a-doge-recruiter-is-staffing-a-project-to-deploy-ai-agents-across-the-us-government/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

A DOGE recruiter is staffing a project to deploy AI agents across the US government

A startup founder said that AI agents could do the work of tens of thousands of government employees.

Ars Technica

vinny Apr 25, 2025

Jack Cable Apr 25, 2025

New from Jen Easterly and me: as threats to our critical infrastructure increase, U.S. policymakers need to defend + strengthen the role of security research. This is personal for me, having received legal threats for good-faith security research.

We call on Congress to protect security researchers by codifying the DMCA security research exemption, exempt good-faith security research from the CFAA, and require software vendors to operate a VDP and publish CVEs.

https://www.lawfaremedia.org/article/advancing-secure-by-design-through-security-research

Advancing Secure by Design Through Security Research

It is essential for U.S. policymakers to actively protect and promote the role of security research within an open and transparent ecosystem.

Default

vinny Jul 12, 2024

Why is it that I can't use ssh until I enable LAN connections in WindScribe?
That would be the last thing I'd consider.

vinny Jul 12, 2024

jan sama toki ni: jan kule li ike, li pakala e ma. nasin ona li ike tan seme?
ona li pilin ike lon tenpo ale. ma ale li pakala tawa ona.
ona li alasa e ijo pakala la nasin ona taso li pakala tawa mi.

#tokipona

vinny Jul 5, 2024

I'm starting to remember why I stopped playing #mahjongsoul. I always get halfway to Adept 2, then hit a streak like this. "Fold more", I know.
I guess it's greed.
#mahjong @riichi

vinny Jul 1, 2024

The Record Jul 1, 2024

China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices

https://therecord.media/cisco-velvet-ant-hackers-china

China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices

The newly identified zero-day vulnerability was used in an April attack by the Beijing-linked hackers.