It seems the smallest alternative #vehicle he could use for secure #transport would be an #Audi A8 #Security (still large, but without many of the disadvantages of an SUV and widely used for protecting VIPs across Europe)

https://www.theguardian.com/uk-news/2026/mar/13/sadiq-khan-may-give-up-armoured-car-clampdown-suvs-london

Palantir, the US AI surveillance and security firm with hundreds of millions of pounds in UK government contracts, poses “a national security threat to the UK”, according to two anonymous MoD senior systems engineers with knowledge of the Palantir software systems the MoD is using.

#Palantir #MoD #Security #UKPolitics

‘It beggars belief’: MoD sources warn Palantir’s role at heart of government is a threat to UK’s security
https://www.thenerve.news/p/palantir-technologies-uk-mod-sources-government-data-insights-security-state-secrets

> "The development comes days after TikTok said it does not plan to introduce E2EE to secure direct messages on the platform, telling BBC News that the technology makes users less safe and that it wants to protect users, especially young people, from harm."

Translation: We can't spy on you and confirm that you're not doing something illegal.

https://thehackernews.com/2026/03/meta-to-shut-down-instagram-end-to-end.html

#privacy #security #cryptogarphy

Meta Platforms: Lobbying, Dark Money, and the App Store Accountability Act

https://github.com/upper-up/meta-lobbying-and-other-findings

#privacy #security

Great #security resarch from the Qualys folks: https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt

Multiple vulnerabilities in AppArmor - everything from information disclosure to DoS to LPE!

#appsec

A set of AppArmor vulnerabilities

https://lwn.net/Articles/1062778/ #LWN #Linux #security #Debian

[$] More timing side-channels for the page cache

In 2019, researchers published a way to identify which file-backed pages were being accessed on a system using timing information from the page cache, leading to a handful of unple [...]

https://lwn.net/Articles/1061743/ #LWN #Linux #security #Git

Security updates for Friday

https://lwn.net/Articles/1062775/ #LWN #Linux #security

This in-depth and well-researched report on the local impact of #Flock cameras in Bloomington, Indiana applies equally to other cities consider whether to start or keep a Flock contract.

https://limestonepost.org/flock-cameras-in-bloomington/?ref=mastodon

#privacy #security

The line between national security and political surveillance is thinning. Congressional Democrats just launched an inquiry into the Department of Homeland Security regarding its use of administrative subpoenas. Unlike the subpoenas you see in courtroom dramas, these do not require a judge’s signature. They allow federal agencies to demand personal information and internal communications directly from technology companies with almost zero outside oversight.

This investigation follows reports that DHS used these "judge-free" demands to gather data on Americans who criticized the agency on social media. It is a significant moment for anyone in the tech industry. When the government can compel your data without a warrant, the First Amendment starts to look very fragile. You should watch how these tech firms respond to the inquiry, as it will set the standard for how they protect your information from administrative overreach.

🧠 Lawmakers are demanding to know how often DHS uses subpoenas without judicial review.
⚡ The inquiry follows evidence that critics of agency policy were specifically targeted.
🎓 Major tech platforms must now disclose their internal protocols for handling these federal demands.
🔍 Civil liberties groups are pushing for new legislation to require a judge’s approval for all data seizures.

https://www.washingtonpost.com/nation/2026/03/02/subpoenas-free-speech-congress-investigation/
#DataPrivacy #DigitalRights #TechLaw #security #privacy #cloud #infosec #cybersecurity

Security updates for Thursday

https://lwn.net/Articles/1062570/ #LWN #Linux #security

Earlier Wednesday 3 vessels were hit by “unknown projectiles” in the #StraitOfHormuz, maritime #security & risk firms said.

That brings the number of ships struck in the region since the #Iran #war began to at least 14.

The Thai-flagged Mayuree Naree dry bulk vessel had been struck by "two projectiles of unknown origin", causing a fire & damaging the engine room, the ship's Thai-listed operator Precious Shipping said in a statement.

#US #Israel #Trump #warmonger #geopolitics #MiddleEast

[$] California's Digital Age Assurance Act and Linux distributions

A recently enacted law in California imposes an age-verification requirement on operating-system providers beginning next year. The language of the Digital Age Assurance Act does n [...]

https://lwn.net/Articles/1062112/ #LWN #Linux #security #Debian

[$] HTTPS certificates in the age of quantum computing

There has been ongoing discussion in the Internet Engineering Task Force (IETF) about how to protect internet traffic against future quantum computers. So far, that work has focus [...]

https://lwn.net/Articles/1060941/ #LWN #Linux #security

Office.eu launches as 100% European-owned alternative to Microsoft 365/Google Workspace, built on Nextcloud/Collabora with EU-only data centers. 🧩

Aims for digital sovereignty amid Big Tech data scandals and US CLOUD Act risks, offering docs, email, calendars, and video on open-source stack. 🛡️

🔗 https://www.siliconrepublic.com/enterprise/office-eu-and-the-want-for-a-digitally-sovereign-europe

#TechNews #OpenSource #Privacy #Security #Government #Europe #EU #IT #Microsoft #Office #Tech #Cloud #FOSS #Linux #OfficeEU #DigitalSovereignty #Nextcloud #US #Google #BigTech

Security updates for Wednesday

https://lwn.net/Articles/1062403/ #LWN #Linux #security

I know it probably seems like it was just yesterday we were talking about Patch Tuesday and a lot of scary Windows flaws, but here we are again. Mercifully, unlike last month's five zero-day bonanza, this month is bereft of known 0days, but there are some reliably critical bugs like a pair of Office vulnerabilities that can be exploited through the Preview Pane.

https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/

#patchtuesday #windows #office #security

Alt...

A picture of a Windows update screen, white lettering on a black background, saying checking for updates.

Well, a bit late but when it happened I was busy helping people directly, and then so tired I took some days off and just played games 😅.

But I finally got around to finishing this #blogpost about the #Odido #hack (and such hacks/data breaches in general). I guess better late than never 🫠.

You can read it here:
https://cambionn.nl/the-odido-hack-and-stuff-about-big-data-breaches

#databreach #blog #blogging #privacy #security #datasecurity #data

Alt...

The text "The Odido Hack, and stuff about (big) data breaches" in front of a handprint (personal) with the Odido logo on it, and a wire-frame looking like woven/folded fabric (data flowing everywhere).

Security updates for Tuesday

https://lwn.net/Articles/1062260/ #LWN #Linux #security

Hundreds of scientists say stop! ✋🚨

Governments should pause plans for mandatory #AgeChecks on online services until serious #privacy and #security concerns are addressed.

As countries push to ban children from social media, the risk to everyone’s privacy is growing. 🔐🌍

👉 Read more on #AgeVerification, why scientist say NO & whether your country wants it: https://tuta.com/blog/age-verification-kills-anonymity

Alt...

First they came for Adult Sites And I did not speak out Because I was not interested in Adult sites Then they came for chat apps And I did not speak out Because I was not interested in chat apps Then they came for Social Media And I did not speak out Because I was not interested in Social Media Then they locked the whole web behind ID verification Then they came for VPNs And I did not speak out Because I was not interested in VPNs And there was nowhere left To speak up

@vfrmedia @gettie Point is that #Telco regulations stems from #Telegraphy and #Postal operations, and whilst there are legitimate reasons for #regulators to disconnect phone lines (otherwise #robocalling and #SMS-#Spam would be even more rampant than #eMail-#Spamming!)

• Which OFC also intertwines with "#LawfulInterception" and the means of Governments to exercise control.
  • So anything claiming #security must inherently acknowledge the unfixable #insecurity of the #PSTN and completely cease using it and it's per-design compromised Infrastructure as a matter of principle.

That's why any "#secure communications" treats it as a hostile network and not to be trusted!

• And that's not even scratching the surface that countries try to outlaw #anonymity - starting with #Prepaid - #SIM - Cards.
  • Because those traditionally had no reason for "#KYC" as there was no means for a customer to incur #debt or commit #fraud against the telco that provided said services, so there was [and IMHO still is] no "legitimate interest" in demanding any #ID for those, as any crime committed would be investigated with the existing #Govware inside the networks and thus found out.

A kiddie and their script, part N of N!

Mar 9 17:54:52 skapet sshd-session[97161]: Failed password for invalid user %company% from 20.83.3.189 port 17677 ssh2

#scriptkiddies #sshgropers #passwordguessing #cybercrime #ssh #security

And if you need some reading material, https://nxdomain.no/~peter/hailmary_lessons_learned.html (or g-tracked https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html)

"Russian state hackers are engaged in a large-scale global cyber campaign to gain access to #Signal and #WhatsApp accounts belonging to dignitaries, military personnel and civil servants. The Dutch intelligence and security services MIVD and AIVD can confirm that targets and victims of the campaign include Dutch government employees."

Read the details here:
https://english.defensie.nl/latest/news/2026/03/09/russia-targets-signal-and-whatsapp-accounts-in-cyber-campaign

#phishing #socialengineering #privacy #cybersecurity #Netherlands #security #government #signalapp

Security updates for Monday

https://lwn.net/Articles/1062103/ #LWN #Linux #security

Oh, this is good...

From UNIX World, 1985: "It finds the subtle bugs in my C programs" - Claude B. Finn.

40 years later, people are using Claude to find bugs in programs. What's old is new again.

#Anthropic #LLM #Claude #ClaudeCode #AI #Security #Programming #UNIX #C

Alt...

Vintage magazine advertisement for SAFE C™, a software development tool for UNIX and VAX/VMS. A man in a dark sweater and jeans sits casually on a desk next to a computer terminal and keyboard. A testimonial quote reads "It Finds The Subtle Bugs In My C Programs," attributed to Claude B. Finn, V.P. Software Development, EnMasse Computer Corporation. The tagline at the bottom reads "The SAFE C™ Family Can Literally Cut Software Development Time In Half. For UNIX™ and VAX/VMS.™"

Alt...

Vintage magazine advertisement for SAFE C™, a software development tool for UNIX and VAX/VMS. A man in a dark sweater and jeans sits casually on a desk next to a computer terminal and keyboard. A testimonial quote reads "It Finds The Subtle Bugs In My C Programs," attributed to Claude B. Finn, V.P. Software Development, EnMasse Computer Corporation. The tagline at the bottom reads "The SAFE C™ Family Can Literally Cut Software Development Time In Half. For UNIX™ and VAX/VMS.™"

@GrapheneOS is being threatened by French authorities for refusing to add backdoors and they're dealing with coordinated attacks in French media right now. They're pulling out of France entirely, moving all their servers, and fighting off a wave of bullshit one-sided reporting that makes them look like they're helping criminals.

They need us to fight back. Support them however you can, whether that's a dollar, sharing their story, pushing back on the garbage news coverage when you see it, or just telling someone you know about what's happening. All of it matters because they're drowning in attacks from governments and media and bad actors who want them gone.

This is the only Android OS that actually makes me feel like privacy isn't just marketing. They fight for us now they need us to fight for them.

The EU is pushing Chat Control and creating an environment where governments feel empowered to threaten developers into compliance, and if we stay quiet we're letting it happen. Show up for them in whatever way you're able to.

#grapheneos #Privacy #NoBackdoors #encryption #security #chatControl

Huston: Revisiting time

https://lwn.net/Articles/1061930/ #LWN #Linux #security

No to ID checks for web #access

Tell your MP:

https://action.openrightsgroup.org/no-id-checks-web-access

#UK #ID #oppression #ToxicTories #censorship #tracking #security #privacy #Internet #web

GrapheneOS version 2026030500 released:

https://grapheneos.org/releases#2026030500

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/32816-grapheneos-version-2026030500-released

#GrapheneOS #privacy #security

The Book of PF, 4th Edition Spotted in the Wild https://undeadly.org/cgi?action=article;sid=20260306131150 #openbsd #freebsd #pf #packetfilter #networking #security #networktrickery #freesoftware #libresoftware

Security updates for Friday

https://lwn.net/Articles/1061738/ #LWN #Linux #security

The Book of PF, 4th Edition: It's Here, It's Real https://nxdomain.no/~peter/its_real_its_here.html #openbsd #freebsd #pf #packetfilter #networking #firewall #networktrickery #security #freesoftware #libresoftware @nostarch

A GitHub Issue Title Compromised 4,000 Developer Machines (grith.ai)

https://lwn.net/Articles/1061548/ #LWN #Linux #security

Security updates for Thursday

https://lwn.net/Articles/1061464/ #LWN #Linux #security

Security updates for Wednesday

https://lwn.net/Articles/1061295/ #LWN #Linux #security

Motorola partners with GrapheneOS at MWC 2026 to bring the de-Googled, privacy-hardened OS to future phones beyond Pixel exclusivity. 🔒

Ends Google's hardware monopoly for serious privacy users, with joint work on security features and pre-installed GrapheneOS devices expected 2027. 📱

@GrapheneOS

🔗 https://itsfoss.com/news/motorola-grapheneos-team-up/

#TechNews #Privacy #GrapheneOS #Motorola #Android #Google #DeGoogle #Security #OpenSource #Smartphones #Pixel #MWC #Linux #FOSS #Data #Freedom #Mobile #Security

Oops! Can you say "username enumeration"?

This is at bloomsbury.com, who, in an unrelated matter, seem to also have removed my country from their selection widget when making an order, even though I successfully ordered some books from them last year. 🤷

#security #securityfail

Alt...

A website "forgot password" dialog, with a bogus "my@email.com" address entered, and an "User not found" response in red.

Think you’re an anonymous on-line with your fake user name? Recent studies demonstrate that Large Language Models are becoming highly efficient at de-anonymizing internet users. By analyzing linguistic patterns, these models can link pseudonymous accounts to real identities with 85% accuracy. This process does not rely on leaked databases or IP addresses. It focuses entirely on the unique way you construct sentences and use specific vocabulary across different platforms.

The era of hiding behind a screen name is effectively over because your writing style is a biometric marker. A model can scan millions of posts to find a match between an anonymous whistleblower and a public profile. This capability transforms stylometry from a niche forensic tool into a scalable method of mass surveillance.Time to rethink digital privacy when our own habits of expression become the very data points that betray us.

🧠 LLMs identify users by matching unique linguistic fingerprints.
⚡ The accuracy rate for identifying individuals across platforms is 85%.
🎓 Anonymity now requires actively masking your natural prose.
🔍 Automated deanonymization poses a direct threat to journalists and whistleblowers.

https://arstechnica.com/security/2026/03/llms-can-unmask-pseudonymous-users-at-scale-with-surprising-accuracy/
#Privacy #Cybersecurity #AI #DataProtection #security #cloud #infosec

LOL on this sentence about Amazon data centers being hit by Iranian drones.

"They also have physical security, but those measures, including security guards, fences, video surveillance and alarm systems, are designed to keep out intruders rather than defend against missile attacks."

https://www.stripes.com/theaters/middle_east/2026-03-03/iran-drone-strikes-aws-data-centers-20939465.html

#datacenter #security

CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements
(404 Media)

https://lwn.net/Articles/1061085/ #LWN #Linux #security

Garrett: To update blobs or not to update blobs

https://lwn.net/Articles/1061048/ #LWN #Linux #security

Security updates for Tuesday

https://lwn.net/Articles/1061043/ #LWN #Linux #security

Why I'm talking about this: My org #VPN (thank your #Cisco) requires #2FA to login. On a laptop that has full disk encryption, can be unlocked only via biometrics or 20+ char password.

Since it's kicking me out of the session every N hours and takes *a lot* to get back in and is virtually impossible to automate by standard means, I'm this close to just giving some AI automation the keys to just scratch this itch for me.

#UX is inherent part of #security. Drop one, the other one will suffer.

When caring for an elderly person, it is important to praise and reward when they don't interact with a scammer. Because there are so many #scams against the elderly, and they're good. My grandmother gets at least 2 or 3 a week and always says "my daughter handles this. Would you like her number?" like she is supposed to do. Of course, they never want to speak to me or my mother. #security

🚨 New Video: Virtue is Inconvenient - The Nitrokey 3 Review

In my last video, I crowned the YubiKey 5 as the "King of Keys" but it has a fatal flaw. It is proprietary. For those of us who believe in digital sovereignty and the right to audit our own hardware, blind trust is not an option.

Then there is Nitrokey 3A NFC. It promises open-source firmware, transparent design, and code written in memory safe Rust. But does "open" actually mean "good?" Today, we look at whether the moral high ground is worth the inconvenience, why the Android experience might be a deal breaker, and who should actually buy this device.

Part 4 of the Sovereign Authentication series.

100% human made. #NoAI

▶️ YouTube: https://www.youtube.com/watch?v=7I65RPlxqdY

📺 PeerTube: https://gnulinux.tube/w/gtTcaBH4GTEKMunR8CUiaX

Support the mission: ☕ https://liberapay.com/terminaltilt

#TerminalTilt #NoAI #Privacy #Security #PasswordManager #Nitrokey #Yubikey #Yubico #FOSS #OpenSource #Linux #Cybersecurity #SelfHosted #DeGoogle #DigitalSovereignty #QueerCreator #DisabledCreator #HumanMade #TechEthics

Security updates for Monday

https://lwn.net/Articles/1060911/ #LWN #Linux #security

GrapheneOS version 2026030100 released:

https://grapheneos.org/releases#2026030100

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/32622-grapheneos-version-2026030100-released

#GrapheneOS #privacy #security

CI/CD for opensource container scanner Trivy has been exploited: https://github.com/aquasecurity/trivy/discussions/10265

#appsec #security

#IDF KILLS TOP #IRANIAN DEFENSE OFFICIALS: The IDF has announced the deaths of several additional high-ranking #Iranian #security officials, including the former secretary of Supreme National Security Council and the commander of the IRGC in a surprise intelligence-led strike in Tehran. https://www.timesofisrael.com/liveblog_entry/idf-confirms-killing-top-iranian-leaders-including-top-defense-official-ali-shamkhani/