I see a couple online news sources stating that CISA has extended the funding. They are using statements such as the following:

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

They leave out the sourcing on this. Who said it? How was it said? Via direct email requesting a comment? X post? Was it official or OTR? Like, I believe them but please provide SOME form of indication of provenance when claiming statements are made by the US Gov.

The Perl 5 Porters have released #Perl versions 5.40.2 and 5.38.4 to address CVE-2024-56406. It is believed that this #security #vulnerability can enable Denial of Service or Arbitrary Code Execution attacks on platforms that lack sufficient defenses.

You can soon download both from your favorite #CPAN mirror or find them at:

https://metacpan.org/release/SHAY/perl-5.40.2/

https://metacpan.org/release/SHAY/perl-5.38.4/

Changes are listed in their respective “perldelta” documents:

https://metacpan.org/release/SHAY/perl-5.40.2/view/pod/perldelta.pod

Privacy Guides is formally taking a stand against dangerous and frightening technologies.

Security-focused developers and misguided "advocates" have long attempted to convince those involved in privacy and security that E2EE is an advanced security measure designed to protect your sensitive data, and Privacy Guides has stood by for far too long not setting the record straight.

https://www.privacyguides.org/articles/2025/04/01/the-dangers-of-end-to-end-encryption/

On VPN usage...

Hypothetically, any system on the web that you interact with can "know" you. And while it is true that VPNs are no different, the reality is that using a paid ProtonVPN or similar non-US based service would require that service to cooperate internationally with a warrant. Proton does not store where you visited. Good luck getting that info operationally into the hands of ICE as part of a dragnet.

❌ No safe message scanning technology exists.

⚠️ These powers would force a cybersecurity weakness onto apps like WhatsApp and Signal.

‼️ Hackers, predators and spies could crowbar their way into everything you send.

✍️ Tell Ofcom: End-to-end Encryption Means Online Safety ➡️ https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text

⏰ CLOSES Monday 10 March at 5pm.

#PracticeSafeText 💬

🚨 Time is Running Out to Save Encryption 🔐

Ofcom is consulting on implementing message scanning powers in the UK Online Safety Act.

This would break end-to-end encryption on the messaging apps we all use!

⏰ CLOSES Monday 10 March, 5pm.

Use our tool to tell Ofcom #PracticeSafeText 💬

ACT NOW ⬇️

https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text

Well, that was quick!

I wrote about about my disappointment with @mozillaofficial changes:

https://mastodon.social/@BjornW/114032743031437841

Seems they were just starting 🙄

Read
https://blog.mozilla.org/en/products/firefox/firefox-terms-of-use/

Check
- https://www.mozilla.org/en-US/about/legal/terms/firefox/

- https://www.mozilla.org/en-US/privacy/firefox/#notice

Consider other Open Source apps you may use: aren't you sad that these lack ToS & Privacy legalese?

My advise: move away from Mozilla.

They have lost my trust.

1/N

Read this:

https://blog.mozilla.org/en/mozilla/mozilla-leadership-growth-planning-updates

👀 at this:

https://www.mozilla.org/en-US/about/leadership

I'm baffled about the myriad of @mozillaofficial structures, amount of directors / C-level people & how to rhyme 'investing in privacy-respecting advertising; with 'draw a bigger circle of supporters over the long run.'

As a long time Mozilla supporter, I was already unhappy about the direction of the last years & this does certainly not bode well for the future. 😞 😩

#Firefox #Mozilla #Thunderbird #Tech #OpenSource

France is about to pass the worst surveillance law in the EU.

Here's how you can stop them: 👉 https://tuta.com/blog/france-surveillance-nacrotrafic-law

If you’re a Windows user, I can help you switch to Linux. Please stop supporting an insecure and privacy-intrusive operating system. What’s stopping you from switching to Linux/macOS? Ask all your questions, and I’ll answer everything.

Today I learned that the alarm system that came with our house – a very popular one here in Ireland – can be disarmed via Siri.

The default command?

“Hey, Siri, disarm.”

I shit you not.

#security #smartHome #youGottaBeFuckingKiddingMe

This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz

https://www.jwz.org/xscreensaver/google.html

Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.

Wel treurig dat ook hier weer gesuggereerd wordt dat een cloud veilig is omdat het door grote bedrijven geleverd wordt. Als je de contracten bekijkt wentelen PaaS leveranciers alle verantwoordelijkheid af op de afnemers. Als jij vulnerabilities laat zitten in je code, wordt die code echt niet automagisch veilig door het in de cloud te hosten.

🇬🇧 Security company Assist Security exposed over 100,000 sensitive files publicly.

If you're curious what kind of wild excuses I get from companies, this one tried to claim only the file structure was exposed. Apparently I look at filenames and paths and figure what's there from the names only and report this to companies :blobwizard:

https://jltee.substack.com/p/security-company-assist-security-exposed-data

We've won security. You can all go home now.

Let's just be clear: #Telegram has proven that they'll gladly accommodate nation states and probably has been doing so for years.

To think that it is secure when all the content, all the messages, are actually available to the company - albeit dispersed across nation states - is false.

#Privacy is #security, full stop. You've got #Signal for IM, #Session as well, not to mention #Matrix for group chats and servers. All have actual, factual peer-to-peer encryption and obvious key systems.