GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Dan Goodin (dangoodin@infosec.exchange)

  1. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Friday, 04-Jul-2025 01:45:51 JST Dan Goodin Dan Goodin

    Interesting article reporting that Android will soon give Gemini broadened access to phones and the apps they run, even when Gemini has not been turned on. Article gos on to say people who don't want this should "open the Gemini app from your Android device" and turn off each app extension. Sounds simple enough, but I'm not finding any Gemini app installed on my pixel. Can anyone help me figure out what precisely people must do too keep Gemini off of their android devices?

    https://tuta.com/blog/how-to-disable-gemini-on-android#_

    In conversation about a day ago from infosec.exchange permalink
  2. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Tuesday, 24-Jun-2025 02:53:38 JST Dan Goodin Dan Goodin

    Is it possible to opt out of all Substack invitations like this one? I'm so tired of having to unsubscribe from them one by one. It's 2025. Does Substack really require me to opt out each time someone subscribes me to a list I don't want to be on?

    In conversation about 11 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/733/559/504/625/289/original/7a68061583d34194.png
  3. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Tuesday, 24-Jun-2025 02:53:37 JST Dan Goodin Dan Goodin
    in reply to
    • Brad Rubenstein “:verified:”

    @BradRubenstein

    I don't think I have a substack account. I really don't want one. I just want Substack to leave me alone.

    In conversation about 11 days ago from infosec.exchange permalink
  4. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 12-Jun-2025 03:26:21 JST Dan Goodin Dan Goodin

    If the only masterpiece Brian Wilson ever made was PetSounds, his work on this earth could have been finished. Instead, he did so much more to bring happiness and beauty to the world. Rest in power, Brian.

    https://www.rollingstone.com/music/music-news/brian-wilson-beach-boys-dead-1234810073/

    In conversation about 23 days ago from infosec.exchange permalink
  5. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Wednesday, 04-Jun-2025 01:20:12 JST Dan Goodin Dan Goodin

    Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

    https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/

    In conversation about a month ago from infosec.exchange permalink
  6. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 22-May-2025 02:52:58 JST Dan Goodin Dan Goodin

    Signal Messenger is warning that Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store everything a user does every three seconds, poses a risk to its users. Effective immediately, the Windows Desktop version will by default block the ability of Windows to screenshot the app. Of course, Microsoft provides no API to disable Recall from screenshotting specific apps, so Signal is getting creative. They are invoking a digital rights management API that blocks the screenshotting of copyrighted material.

    https://signal.org/blog/signal-doesnt-recall/

    In conversation about a month ago from infosec.exchange permalink
  7. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 15-May-2025 03:18:01 JST Dan Goodin Dan Goodin

    Folks, there is 0 evidence that Steam passwords have been breached. Unless and until credible evidence occurs, please do NOT urge people to change their login credentials and please do NOT boost other people's toots doing the same. Creating unjustified anxiety about a non event does a disservice to us all.

    Please boost for visibility.

    In conversation about 2 months ago from infosec.exchange permalink
  8. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 15-May-2025 02:42:47 JST Dan Goodin Dan Goodin
    in reply to
    • Rich Felker
    • rvstaveren
    • thinkberg
    • Mischa 🐡😎

    @dalias @mischa @thinkberg @rvstaveren

    I respect your preferences and choices, but I have to ask, what's the factual basis for saying Roku doesn't collect as much data as Smart TV makers? Roku collects the same data about viewing habits as Samsung et al., and they see every stream you do over its platform.

    https://forums.puri.sm/t/data-collected-on-me-by-roku/16337

    https://www.mozillafoundation.org/en/privacynotincluded/roku-streaming-sticks/

    https://www.zdnet.com/home-and-office/home-entertainment/is-your-roku-tv-spying-on-you-likely-but-heres-how-you-can-take-back-control/

    In conversation about 2 months ago from infosec.exchange permalink
  9. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 15-May-2025 01:26:41 JST Dan Goodin Dan Goodin
    in reply to
    • Rich Felker
    • rvstaveren
    • thinkberg
    • Mischa 🐡😎

    @mischa @thinkberg @rvstaveren @dalias

    Sorry for crashing your thread, but I'm curious: do y'all just not ever stream videos or do you somehow stream without using smart TVs?

    In conversation about 2 months ago from infosec.exchange permalink
  10. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Friday, 02-May-2025 08:03:56 JST Dan Goodin Dan Goodin

    April was the first full month since I installed my 4.1 kW solar system and accompanying batteries. And just like that, I went from drawing 200-250 kWh per month from the grid to 3 kWh. For the month, I produced 583 kWh, 284 kWh of which I exported 284 kWh to the grid.

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/435/036/168/526/123/original/0d40dc72a404ce84.jpg
  11. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 01-May-2025 05:51:10 JST Dan Goodin Dan Goodin

    From the department of head scratches comes this counterintuitive news: Microsoft says it has no plans to change a remote login protocol in Windows that allows people to log in to machines using passwords that have been revoked.

    https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/

    In conversation about 2 months ago from infosec.exchange permalink
  12. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 01-May-2025 05:51:09 JST Dan Goodin Dan Goodin
    in reply to

    It's one thing for Microsoft to make a call that prioritizes not getting locked out of a device. It's an entirely different thing for Microsoft to a) not prominently disclosing the behavior and b) advising users on steps they should take when their password is compromised.

    In conversation about 2 months ago from infosec.exchange permalink
  13. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Tuesday, 29-Apr-2025 01:48:49 JST Dan Goodin Dan Goodin

    About a decade ago, Apple and Google started updating iOS and Android, to make them less susceptible to “juice jacking,” a form of attack that could surreptitiously steal data or execute malicious code when users plug their phones into special-purpose charging hardware. Now, researchers are revealing that, for years, the mitigations have suffered from a fundamental defect that has made them trivial to bypass.

    https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/

    In conversation about 2 months ago from infosec.exchange permalink
  14. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Friday, 18-Apr-2025 15:36:14 JST Dan Goodin Dan Goodin

    ICE officers in paramilitary gear inquiring about the citizenship status of passengers on a Amtrak Empire Builder train. As someone who rides Amtrak a lot, what should I say and do if I'm ever stopped like this?

    #amtrak

    https://www.havredailynews.com/story/2025/04/17/local/ice-questions-amtrak-passengers-in-havre-about-citizenship/547792.html#

    In conversation about 3 months ago from infosec.exchange permalink
  15. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Saturday, 12-Apr-2025 08:09:44 JST Dan Goodin Dan Goodin

    Snapshotting and AI processing a screen every 3 seconds. What could possibly go wrong?

    https://arstechnica.com/security/2025/04/microsoft-is-putting-privacy-endangering-recall-back-into-windows-11/

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
      That groan you hear is users’ reaction to Recall going back into Windows
      Snapshotting and AI processing a screen every 3 seconds. What could possibly go wrong?
  16. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Saturday, 12-Apr-2025 08:09:43 JST Dan Goodin Dan Goodin
    in reply to

    So, send an email or DM that even passes through a Windows machine with Recall turned on and it's screenshotted, swept into OCR, processed by Copilot and stashed away in perpetuity. Recall reminds me a lot of the backdoor the FBI wanted Apple to build. The FBI said it would be safe because only the FBI would have access to it. Apple rightly pointed out that no, something that powerful would inevitably get hacked and abused in ways no one could control. Now, Microsoft is trying to say that the guardrails it has put on Recall will curb any unintended consequences and we're supposed to take that at face value?

    In conversation about 3 months ago from infosec.exchange permalink
  17. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Saturday, 12-Apr-2025 08:09:43 JST Dan Goodin Dan Goodin
    in reply to

    People in comments keep saying, oh well, time to move to Linux, as if that somehow insulates them. They forget that even then every interaction their Linux box has with a Windows 11 installation will STILL be compiled into a database that can be abused.

    In conversation about 3 months ago from infosec.exchange permalink
  18. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Friday, 11-Apr-2025 04:45:09 JST Dan Goodin Dan Goodin

    Yet another aviation accident in the US. WTF is going on here?

    https://www.nbcnews.com/news/us-news/plane-5-house-members-clipped-aircraft-taxiway-dcs-reagan-national-air-rcna200692

    In conversation about 3 months ago from infosec.exchange permalink
  19. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Tuesday, 08-Apr-2025 01:14:00 JST Dan Goodin Dan Goodin
    • Kevin Beaumont

    @GossiTheDog

    The problem is someone is using his current account to masqurade as him. Creating a new account from scratch won't stop that.

    In conversation about 3 months ago from gnusocial.jp permalink
  20. Embed this notice
    Dan Goodin (dangoodin@infosec.exchange)'s status on Tuesday, 08-Apr-2025 01:11:09 JST Dan Goodin Dan Goodin
    in reply to

    Reupping this request for help from someone at Facebook to help restore a journalist's hijacked account. As mentioned before, he has sent Facebook a scan of his driver license on multiple occasions and received a reset links, but they always fail to work. Please boost for reach.

    In conversation about 3 months ago from infosec.exchange permalink
  • Before

User actions

    Dan Goodin

    Dan Goodin

    Reporter covering security at Ars Technica. DM me on Signal: DanArs.82.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          92418
          Member since
          27 Jan 2023
          Notices
          132
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.