Tootfinder

Prompt Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous
#security #llm
https://arxiv.org/abs/2508.12175

Am I seeing #Django test failures because #Gentoo is up-to-date on #security backports to #Python? Of course.
(I didn't have time to report them yet.)

While I do maintain that "it's coming from the LAN" is not a good #security boundary, there are services where it is practical (eg. media center volume control), but also fault prone (oups my phone just switched to LTE for power saving – a generally justified thing).
Before I start formalizing how "a device can retain permissions it gets from being local for a few days&quo…

You can now find my public #PGP key at my website.
#Security

Harley is keeping a sharp lookout for sharks while our granddaughter is digging on the beach.
#DogsOfMastadon #BeachLife #Security

Hey #dotnet folks and #security wonks, join our #livestream today to learn about FAPI 2.0 and how to enhance security at your organization with the latest specification.
Also, drop in and say h…

20 ans après avoir été traumatisé par le projet Palladium de Microsoft, je m'intéresse enfin au TPM2
#Security

Here is a sketch of #security issues in a typical #PC-alike #boot flow. 💾
The red squiggly bits are paths of uncertainty. 🤨
Coming from the

I disabled my browser password extension for now #Security

I'm sending a digitally signed and encrypted #email with somewhat sensitive data to an external party.
His thank-you-answer with the full quote of the while conversation came back signed and unencrypted.
Oh boy. 😔
#PIM

Well, that's lovely...
#Security

Google Confirms Most Gmail Users Must Change Passwords
Do not let hackers gain access to your account.

Passwords are a scourge foisted on elderly tech-users. :(
I just got back from a house call with a fellow who can’t remember his passwords for his email. None of his backups work. His little book of passwords, useless.
There is no support to call for help.
His only option is to create a new email and leave the other behind.
Over and over I have seen this trouble. Not always to this extent, but always the same frustration.
Passwords are elder abuse.
#techsupport #life #security

🗑️ TapTrap: Animation‑Driven Tapjacking on Android
#android #security

Are you worried your #dotnet #security could be more secure? Join us for a #livestream on August 21st, 2025, to discuss FAPI 2.0, its relation to

Want to know how to write and distribute #SecurityAdvisories that can be parsed and processed automatically?
Freshly announced are this years workshops for the Common Security Advisory Framework (#CSAF). They will be held in Nuremberg, Germany, November 10th to 12th.
See

Well done for making us all safe online:
#onlinesafety #security

ID photos of 70,000 users may have been leaked, Discord says
The platform says hackers targeted a firm that helped to verify the ages of its users.

#Schlagzeilen, die ich nicht lesen möchte:
#Security #Hacker #dataleak

New iPhone Air, iPhone 17, and iPhone 17 Pro have an anti-spyware feature #iphone #apple #spyware #security

Apple's new anti-spyware feature is out
Built-into all iPhone Air, iPhone 17 and 17 Pro.

Who would have thought that creating a programming language for rapidly developing, deploying and abandoning lots of packages would have lead to this…
"Forking confusing: Vulnerable Rust crate exposes #uv #Python packager"
#RustLang #security

#UK Police Investigating #Handicapped Entrance #Security Scam At #Wembley After Hundreds Reportedly Gained Entry On Same

#hungary #eu #security #russia
From: @…

Here are some key takeaways from implementing #PyPI attestations in #Gentoo:
• With OpenPGP, you need to validate the authenticity of a key. With attestations, you need to validate the authenticity of the identity (i.e. know the right GitHub repository). No problem really solved here.
• They verify that the artifact was created by the Continuous Deployment workflow of a given repository. A compromised workflow can produce valid attestations.
• They don't provide sufficient protection against PyPI being compromised. You can't e.g. detect whether new releases weren't hidden.
On the plus side, TOFU is easier here: we don't have to maintain hundreds of key packages, just short URLs on top of ebuilds.
Security-wise, I think PEP 740 itself summarizes it well in the "rationale and motivation" section. To paraphrase, maintainers wanted to create some signatures, and downstreams wanted to verify some signatures, so we gave them some signatures.
#security #Python

I've drafted support for verification of #PyPI provenance for #Gentoo.
You know, the new fancy thing that protects against supply chain attacks on PyPI, and verifies that you're using genuine #GitHub artifacts. Because, you know, GitHub repositories and deployment pipelines are an unlikely attack vector. And you definitely don't need to worry about #Microsoft owning the keys, the repositories and the pipelines at all.
#security #Python #SigStore

Please do your part! This page makes it easy, just fill in the details, and send the email. I did it, so should you! This same shit is happening all over again. Wtf?
#ChatControl #EU #europe #FightBack #privacy #FightChatControl #security

Well, I am complaining about #AI slop introducing some random bugs in a minor userspace project, and in the meantime I learn that #Linux #kernel LTS developers are using AI to backport patches, and creating new vulnerabilities in the process.
Note: the whole thread is quite toxic, so I'd take it with a grain of salt, but still looks like the situation is quite serious.
"You too can crash today's 6.12.43 LTS kernel thanks to a stable maintainer's AI slop."
And apparently this isn't the first time either:
"When AI decided to select a random CPU mitigation patch for backport last month that turned a mitigation into a no-op, nothing was done, it sat unfixed with a report for a month (instead of just immediately reverting it), and they rejected a CVE request for it."
#security #LLM #NVIDIA #Gentoo

Do you use #Orbot?
#Android #GrapheneOS #Privacy #Security #Tor #TorBrowser #Google #Apple #iOS
Yes
Yes, but...
No, but...
No