#StokeSpace, the #Seattle area's second-best-known rocket company (after Jeff Bezos' #BlueOrigin space venture) says its new status as a launch provider for the U.S. #SpaceForce is a "testament to the company's technical capabilities." https://www.geekwire.com/2025/stoke-space-rocket-lab-space-force-launch/ #Space #Military #Security
"The breach is serious, but security breaches can be plugged. Men and women who have shown themselves to have no character, though, can never be trusted. Not with national security, not with anything." #natsec #military #security
Original: https://www.nytimes.com/2025/03/28/opinion/signal-group-chat-military.html
No paywall/email wall: https://archive.is/J1prB
browsers should implement a standard webauthn element / input type so that js-free websites could use webauthn too...
Dear #AWX users out there (AWX as in Ansible, not AWS as in Amazon...),
does anyone have good pointers on connecting AWX and #Hashicorp #Vault / #OpenBoa **without** having to define each secret/credential again in AWX?
I have set up a basic connection according to the documentation: https://ansible.readthedocs.io/projects/awx/en/24.6.1/userguide/credential_plugins.html#ug-credentials-hashivault
And I have created a credential using that lookup and could successfully output its value in a playbook run in AWX.
But having to define a AWX credential for each secret that I need to pull from Vault/OpenBoa sounds like a lot of unnecessary duplication.
(Yes, I know you can manage AWX via Ansible. We do that already. But still, you need to define the credentials in your code somewhere for the automation to create it in AWX)
Why is it that Home Depot has passkey support and my bank still wants me to answer those three questions?
If you don't know who Micah Lee is yet, here's why you should: Micah is an information security engineer, a software engineer, a journalist, and an author who has built an impressive career developing software for the public good, and working with some of the most respected digital rights organizations in the United States.
https://www.privacyguides.org/articles/2025/03/28/interview-with-micah-lee/
Keylength - Compare all Methods https://www.keylength.com/en/compare/ #cryptography #algorithms #parameter #security #compare #attack #length #method #key
c't 3003: Das Problem mit Passkeys
Passkeys sind sicherer als Passwörter, aber Apple, Google & Co. schränken die Nutzung ein. c't 3003 zeigt, wie man sie plattformübergreifend einsetzen kann.
Since #signal has been popularized by #SignalGate we at #DCG201 highly recommend @mollyim a @signalapp fork that is #FOSS, security hardened and supports no crypto:
For existing Signal users here is a #privacy #security #hardening guide by @privacyguides :
https://www.privacyguides.org/articles/2022/07/07/signal-configuration-and-hardening/
During the #Biden admin, the #US military & #NATO had both started to treat #GlobalWarming in the Arctic as a matter of real #military concern. Whether that will continue under #Trump is an open question [is it?]. Even as Trump has tried to erase US-govt action on #ClimateChange, when he talks about #Greenland, he’s tacitly acknowledging that rising temperatures are rapidly changing that part of the world—& US interests there.
#Arctic #warming could pose a threat to America’s #security too: #Alaska may have new vulnerabilities to both #China & #Russia; changes in #ocean salinity & temp might interfere w/ #submarine detection systems; extremes of climate change, including #permafrost thaw in Russia, may drive #economic #instability, social #unrest, & territorial claims. [#Trump #Intelligence Agencies excluded #ClimateChange from the annual #ThreatAssessment report for the first time in decades — too *woke*]
Their aim, #JDVance said in a video, is to check up on #Greenland’s security, because *unnamed other countries* could “use its territories & its waterways to threaten the United States.” And these are real concerns for the #UnitedStates, rooted in #ClimateChange: As #PolarIce melts away, superpowers are vying for newly open #ShippingRoutes in the #ArcticOcean & largely unexplored #mineral & #FossilFuel reserves.
https://foundation.mozilla.org/en/campaigns/no-data-for-surveillance-tech/
Stop Surveillance Tech: Protect Your Data
A new investigation reveals that ShadowDragon, a U.S. government contractor, is secretly collecting data from over 200 popular websites like Reddit, Etsy, Tinder, and Duolingo. This data is used to create detailed digital profiles, often without the platforms’ consent. Mozilla is launching a campaign urging these sites to block ShadowDragon’s surveillance tools and strengthen privacy protections.
#Signal #signalgate #security #hegseth
You Were Not Supposed to Message it Through by Marsh Family
The talented Marsh Family hail from the UK but have decided to pay attention to US politics regardless. Borowitz Report
https://youtu.be/rPfwtXulKS4?si=yd6R1Ueb3EVKTbut
Oracle Health breach compromises patient data at US hospitals - A breach at Oracle Health impacts multiple US healthcare organizations and hospitals afte... https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/ #healthcare #security
If anybody out there is working on using #LLMs or #AI to analyze #security events in AWS, I wonder if you're considering bullshit attacks via event injection. Let me explain. I'm openly musing about something I don't know much about.
You might be tempted to pipe a lot of EventBridge events into some kind of AI that analyzes them looking for suspicious events. Or you might hook up to CloudWatch log streams and read log entries from, say, your lambda functions looking for suspicious errors and output.
LLMs are going to be terrible at validating message authenticity. If you have a lambda that is doing something totally innocuous, but you make it print() some JSON that looks just like a GuardDuty finding, that JSON will end up in the lambda function's CloudWatch log stream. Then if you're piping CloudWatch Logs into an LLM, I don't think it will be smart enough to say "wait a minute, why is JSON that looks like a GuardDuty finding being emitted by this lambda function on its stdout?"
You and I would say "that's really weird. That JSON shouldn't be here in this log stream. Let's go look at what that lambda function is doing and why it's doing that." (Oh, it's Paco and he's just fucking with me) I think an LLM is far more likey to react "Holy shit! there's a really terrible GuardDuty finding! Light up the pagers! Red Alert!"
Having said this, I'm not doing this myself. I don't have any of my #AWS logging streaming into any kind of #AI. So maybe it's better than I think it is. But LLMs are notoriously bad at ignoring anything in their input stream. They tend to take it all at face value and treat it all as legit.
You might even try this with your #SIEM . Is it smart enough to ignore things that show up in the wrong context? Could you emit the JSON of an AWS security event in, say, a Windows Server Event Log that goes to your SIEM? Would it react as if that was a legit event? If you don't even use AWS, wouldn't it be funny if your SIEM responds to this JSON as if it was a big deal?
I'm just pondering this, and I'll credit the source: I'm evaluating an internal bedrock-based threat modelling tool and it spit out the phrase "EventBridge Event Injection." I thought "oh shit that's a whole class of issues I haven't thought about."
Scenarios for Europe I: Salvaging what's left.
What does a second Donald Trump term mean for European countries?
In the first of a three-part series, we explore a scenario marked by stagnation – when hope is all that remains.
The #law firm Jenner & Block sued the US govt on Friday, after #Trump issued an #ExecutiveOrder suspending #security clearances for its lawyers & restricting access to government buildings, officials & federal contracting work.
#RevengePolitics #MafiaState
https://www.reuters.com/legal/jenner-block-sues-us-government-following-trump-executive-order-2025-03-28/
(plz hire me) 
