You know you want to speak at Disobey. Do it. Here it begins. Disobey 2025 Call for Papers is now open! We are looking for the most awesome speakers on the most interesting topics - in other words, we want you. The CfP is open until EoD Sep 30th. cfp.disobey.fi/disobey2025/cfp

This also applies to security consulting. Like many others, I started my career doing it. I didn't actually know how to secure anything at the companies that I was doing penetration tests for, but I wrote "key insights" and "strategic recommendations" in the doc template.

CNN Exclusive: US has detected increased Russian military activity around key undersea cables and believes Russia may now be more likely to carry out potential sabotage aimed at disabling a critical communications infrastructure, two US officials tell me. cnn.com/2024/09/06/pol…

“No EU company with a market capitalisation over €100B has been set up from scratch in the last 50 years, while all six US companies with a valuation above €1T were created during that time.” - EU Report on The Future of European Competitiveness commission.europa.eu/document/downl…

This is holding a much-needed mirror to the EU. Regulation in the EU is typically pro-residents. A frustrating part is how it also tends to be anti-startups thanks to regulating upstarts + innovative companies the exact same way as large businesses. Aka handcuffing tech startups

Sponsor and support packages now open for Disobey 2025! If your company is interested (of course you are), ping our sponsor team at sponsors<at>disobey<dot>fi !

🇬🇧New EU #ChatControl proposal leaked +++ Governments to position themselves by 23 September, will be very tight... +++ Will messenger services be blocked in Europe? patrick-breyer.de/en/new-eu-push… Help pressure your government now to defend privacy and secure encryption:

Alright this one I just don’t get. I could list dozens of more sensible buyers.

Link encryption isn't easy and a lot of fun (as this blog well demonstrates) but this very performant setup using Wireguard, VXLAN and some Linux kernel tuning is just beautiful. synacktiv.com/en/publication…

Next release of ISO 27701 will change the standard to be a standalone management system, which most importantly allows organizations to implement a privacy management system without implementing ISO 27001. grclab.com/newsletter-fee…

Interesting turn of events: "Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure" securityaffairs.com/168450/laws-an…

Again great writing by Michael Rasmussen - EU's AI Act, CSRD and DORA (also upcoming CRA) require evidence of compliance and a risk-based approach rather than being prescriptive. Although I must say now when reading DORA RTS docs, they are quite prescriptive. grc2020.com/2024/09/16/inc…

LinkedIn is now using everyone's content to train their AI tool -- they just auto opted everyone in. I recommend opting out now (AND that orgs put an end to auto opt-in, it's not cool) Opt out steps: Settings and Privacy > Data Privacy > Data for Generative AI Improvement (OFF)

FTC Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens - I'm looking forward to the suggested US federal privacy legislation. ftc.gov/news-events/ne…

Open source software maintainers increasingly spend time on security (a good thing), but on the other hand it's putting more pressure on unpaid hobbyists who are getting older. Good to see OpenSSF Scorecard getting significant adoption! theregister.com/2024/09/18/ope…

German law enforcement has successfully used timing analysis techniques on several occasions to deanonymize Tor network users. securityaffairs.com/168667/securit…

My CISO to the board: We're tracking AI powered Attacks and Quantum Computing threats My Board: And rekdt, what is Security Architecture working on? Me: I just notified our internal teams they haven't remediated their deployed public S3 buckets

A timely example of AI generated malware caught by HP researchers: all lines of code are commented (unusual for malware authors) but common practice in GenAI produced code. securityaffairs.com/168840/malware…

Never has technology industry completely eliminated classes of vulnerabilities - just made the exploitation different and harder. This is also the case with the migration from BIOS to UEFI. A great writeup from LeviathanSecurity! leviathansecurity.com/blog/uefi-is-t…

Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling): 4 digits: ~13min worst (~6.5avg) 6 digits: ~22.2hrs worst (~11.1avg) 8 digits: ~92.5days worst (~46avg) 10 digits: ~9259days worst (~4629avg)