cybersecurity

#Signalapp doesn't actually delete messages when they're deleted (either manually or by automation). The message deletion is written to Write-ahead Log, and the data is only truly deleted once Signal is restarted or threshold of 1000 pages is reached. For macOS Signal application, extra complication arises from the fact that the signal message database can be backed up before the database consolidation occurs. Large amount of the supposedly already deleted messages could be recovered from the device or backups.

This concerns use cases where deleting messages actually getting removed in timely manner is of high importance and recovery of the deleted messages could lead to grave consequences.

TL;DR: If you don't care about deleted messages being actually deleted you don't need to worry.

Full advisory at: https://sintonen.fi/advisories/signal-deleted-but-not-forgotten.txt

#fulldisclosure #infosec #cybersecurity

#interview #archive ! https://toobnix.org/w/rPKt4GRBwLeWzF3VcMFWNo
8UTC Sunday 10th May ("tomorrow, Sunday morning in Europe") speaking to

@bagder of #curl https://curl.se/ https://en.wikipedia.org/wiki/Curl_(software)

+ @kentpitman

targetted by trillions of dollars of #AI companies #cybersecurity scanning, especially after he rejected their ai-content merge requests. And having to close bug bounties due to #llm spam.

...And what it means for #indie #programming today. #commonLisp #ecl 's 2010 example is curl, and and and.

A startup is putting military-style drones in high school ceilings. Ceiling-mounted. Charging. Waiting. And when something happens, a pilot in Austin, Texas, decides whether to deploy pepper gel on your kid's school. I'm not saying the problem isn't real. It absolutely is. But read that back.... in schools. We've taken a Ukrainian battlefield tactic against Russian soldiers and ported it to Deltona High School in Florida. The co-founder literally said the idea came from watching drone videos of the war in Ukraine. The chief pilot described it as "cheating in a video game after you die." These are children.

Here's what's not in the headline:

🔒 The drones use an encrypted connection — but the article notes they're potentially vulnerable to cyberattack. A compromised drone in a crowded hallway isn't a security tool; it's a weapon pointed in the wrong direction.

⚖️ Mithril reserves the right to act independently during an attack, without waiting for law enforcement. A private company operating remotely is making use-of-force decisions at a school.

💰 Florida and Georgia approved $500K+ each for this. A group of Texas parents raised $200K more. That's real money going to ceiling drones instead of mental health services, counselors, or de-escalation programs.

The ACLU said it plainly: when force becomes a zero-risk remote action, it gets overused. Axon tried a Taser drone for schools in 2022, and its own ethics board killed it. Mithril is picking up where that got dropped.

I teach cybersecurity. I've spent years in boardrooms helping organizations think through risk. And the risk calculus here isn't just about whether the drone works. It's about what we're normalizing when we turn schools into drone-monitored combat zones and call it progress.

"This is the future," said the sheriff's captain.

I hope not.

https://www.wsj.com/business/a-startup-is-supplying-drones-to-high-schools-to-stop-mass-shootings-a7800ade

#SchoolSafety #Cybersecurity #Leadership #security #privacy #cloud #infosec