banner
LightNews
dangoodin.bsky.social
Dan Goodin
@dangoodin.bsky.social
9.6K followers 630 following 88 posts
Cybersecurity Reporter, Ars Technica: https://arstechnica.com/author/dan-goodin/ Hungry for tips. Text me on Signal: DanArs.82. "The world isn’t run by weapons anymore, or energy, or money. It’s run by little 1s and 0s, little bits of data."
arstechnica.com
Posts Media Videos Starter Packs
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · 2d
The problem solving required for making Signal quantum safe is as daunting as any in engineering. In less adept hands, mucking about with an instrument this complex could have led to unintended consequences. Yet this upgrade is nothing short of a triumph!

arstechnica.com/security/202...
Why Signal’s post-quantum makeover is an amazing engineering achievement
New design sets a high standard for post-quantum readiness.
arstechnica.com
6 29
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · 26d
How long until the FBI opens an investigation into this judge?
questauthority.bsky.social
The Questionable Authority @questauthority.bsky.social · 27d
OMG - the judge in Florida just sua sponte struck the complaint in the Trump v NYT case for -wait for it - violating Rule 8.

Lawyers, tell the folks at home how hard it is to get the complaint struck outright for something like that in fed eral court.

storage.courtlistener.com/recap/gov.us...
storage.courtlistener.com
5
Reposted by Dan Goodin
ericgoldman.bsky.social
Eric Goldman @ericgoldman.bsky.social · 26d
Judge Merryday has no fucks left to give for Trump's defamation complaint against the NYT:

"As every lawyer knows (or is presumed to know), a complaint isn't a public forum for vituperation & invective—not a protected platform to rage against an adversary"

storage.courtlistener.com/recap/gov.us...
storage.courtlistener.com
2 5 13
Reposted by Dan Goodin
mmasnick.bsky.social
Mike Masnick @mmasnick.bsky.social · 26d
Wow. Florida judge makes quick work of the Trump lawsuit against the NYTimes and Penguin Random House. The lawsuit was silly and Judge Merryday does not hide how he feels about it!

Trump can amend though.

storage.courtlistener.com/recap/gov.us...
Even under the most generous and lenient application of Rule 8, the complaint is decidedly improper and impermissible. The pleader initially alleges an electoral victory by President Trump “in historic fashion” — by “trouncing” the opponent — and alludes to “persistent election interference from the legacy media, led most notoriously by the New York Times.” The pleader alludes to “the halcyon days” of the newspaper but complains that the newspaper has become a “fullthroated mouthpiece of the Democrat party,” which allegedly resulted in the “deranged endorsement” of President Trump’s principal opponent in the most recent presidential election. The reader of the complaint must labor through allegations, such as “a new journalistic low for the hopelessly compromised and tarnished ‘Gray Lady.’” The reader must endure an allegation of “the desperate need to defame with a partisan spear rather than report with an authentic looking glass” and an allegation that “the false narrative about ‘The Apprentice’ was just the tip of Defendants’ melting iceberg of falsehoods.” Similarly, in one of many, often repetitive, and laudatory (toward President Trump) but superfluous allegations, the pleader states, “‘The Apprentice’ represented the cultural magnitude of President Trump’s singular brilliance, which captured the [Z]eitgeist of our time.” The complaint continues with allegations in defense of President Trump’s father and the acquisition of the Trumps’ wealth; with a protracted list of the many properties owned, developed, or managed by The Trump Organization and a list of President Trump’s many books; with a long account of the history of “The Apprentice”; with an extensive list of President Trump’s “media appearances”; with a detailed account of other legal actions both by and against President Trump, including an account of the “Russia Collusion Hoax” and incidents of alleged “lawfare” against President Trump; and with much more, persistently alleged in abundant, florid, and enervating detail. Even assuming that each allegation in the complaint is true (of course, that is for a jury to decide and is not pertinent here; this order suggests nothing about the truth of the allegations or the validity of the claims but addresses only the manner of the presentation of the allegations in the complaint); even assuming that at trial the plaintiff offers evidence supporting every allegation in the complaint and that the evidence is accepted by the jury as fact; and even assuming that after finally “melting” the defendants’ alleged “iceberg of falsehoods” the plaintiff prevails for each reason alleged in the complaint — even assuming all of that — a complaint remains an improper and impermissible place for the tedious and burdensome aggregation of prospective evidence, for the rehearsal of tendentious arguments, or for the protracted recitation and explanation of legal authority putatively supporting the pleader’s claim for relief. As every lawyer knows (or is presumed to know), a complaint is not a public forum for vituperation and invective — not a protected platform to rage against an adversary. A complaint is not a megaphone for public relations or a podium for a passionate oration at a political rally or the functional equivalent of the Hyde Park Speakers’ Corner. A complaint is a mechanism to fairly, precisely, directly, soberly, and economically inform the defendants — in a professionally constrained manner consistent with the dignity of the adversarial process in an Article III court of the United States — of the nature and content of the claims. A complaint is a short, plain, direct statement of allegations of fact sufficient to create a facially plausible claim for relief and sufficient to permit the formulation of an informed response. Although lawyers receive a modicum of expressive latitude in pleading the claim of a client, the complaint in this action extends far beyond the outer bound of that latitude. This complaint stands unmistakably and inexcusably athwart the requirements of Rule 8. This action will begin, will continue, and will end in accord with the rules of procedure and in a professional and dignified manner. The complaint is STRUCK with leave to amend within twenty-eight days. The amended complaint must not exceed forty pages, excluding only the caption, the signature, and any attachment. ORDERED in Tampa, Florida, on September 19, 2025.
6 32 180
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · 27d
So long, #disneyplus. I stand for @jimmykimmel.com and for media independence.

Also, nothing Jimmy said about the MAGA people politicizing and weaponizing Kirk's assassination was untrue.

cc: @jimmykimmellive.bsky.social
Ok, your subscription has been cancelled We’ve sent a confirmation to your email on file. You may continue to watch Disney+ until October 5, 2025.
3 24
Reposted by Dan Goodin
arstechnica.com
Ars Technica @arstechnica.com · 27d
New attack on ChatGPT research agent pilfers secrets from Gmail inboxes
Unlike most prompt injections, ShadowLeak executes on OpenAI’s cloud-based infrastructure.
arstechnica.com
1 10 38
Reposted by Dan Goodin
noahshachtman.bsky.social
Noah Shachtman @noahshachtman.bsky.social · 27d
@lurabardley.bsky.social sees this for what it is www.vanityfair.com/hollywood/st...
Late-Night TV Isn’t Dying—It’s Being Murdered
And we’re not just talking about Jimmy Kimmel. In part one of a two-part series, nearly a dozen insiders explain how one of comedy’s oldest genres is being strangled—starting with the chilling effect ...
www.vanityfair.com
19 160 640
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · 27d
Did you find a way to contact someone to register your complaint?
2
Reposted by Dan Goodin
ncweaver.skerry-tech.com
Nicholas Weaver @ncweaver.skerry-tech.com · 27d
This really makes it clear just HOW negligent Microsoft is in their design. Enabling such a trivially vulnerable default fallback is outright misconduct. It should have been moved to default off over a decade ago, REQUIRING admins to turn it on if they have old broken shit.
2 1
Reposted by Dan Goodin
matthewdgreen.bsky.social
Matthew Green @matthewdgreen.bsky.social · 27d
Nice article by @dangoodin.bsky.social on the Ascension hack and bad Kerberos: arstechnica.com/security/202...
How weak passwords and other failings led to catastrophic breach of Ascension
A deep-dive into Active Directory and how “Kerberoasting” breaks it wide open.
arstechnica.com
2 3 16
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · 27d
Thanks, Matt.
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · Sep 5
Because Apple, like Google and Mozilla, didn't trust the certificates.
1
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · Sep 5
Wednesday’s discovery of 3 unauthorized TLS certificates for Cloudflare’s 1.1.1.1 generated intense interest and concern. Since then, new information has become available, including the issuance of 9 more certificates. This FAQ answers questions and gives the latest: arstechnica.com/information-...
The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest.
Everything to know about the mishap that threatened to expose millions of users’ queries.
arstechnica.com
8
Reposted by Dan Goodin
neurovagrant.bsky.social
Ian Campbell @neurovagrant.bsky.social · Sep 3
Dunno who Fina Root CA is, but they finna learn some hard lessons in TLS certificate justice.

Always appreciate @dangoodin.bsky.social getting stuff like this out into the daylight.

#infosec #cybersecurity

arstechnica.com/security/202...
Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet
The three certificates were issued in May but only came to light Wednesday.
arstechnica.com
1 10 25
Reposted by Dan Goodin
vcsjones.dev
Kevin Jones @vcsjones.dev · Aug 28
Solid debunking from @dangoodin.bsky.social on the Passkeys “Pwned” thing. arstechnica.com/security/202...
Unpacking Passkeys Pwned: Possibly the most specious research in decades
Researchers take note: When the endpoint is compromised, all bets are off.
arstechnica.com
2 5 19
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · Aug 6
I asked Google how many detections Big Sleep made in total and how many false positives and false negatives there were. The company declined to say. It's certainly Google's prerogative to withhold data that may not cast Big Sleep in a favorable light, but calling this a"commitment to transparency"?
argv.bsky.social
Heather Adkins @argv.bsky.social · Aug 4
Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our AI-based "Big Sleep" system powered by Gemini — goo.gle/bigsleep
Google Issue Tracker
goo.gle
2 12
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · Aug 6
Heather, has Google provided any more details about these detections? How many detections did Big Sleep make in total? How many false positives were there? How many false negatives were there? What's the basis for saying Big Sleep demonstrates a "new frontier in automated vulnerability discovery"?
2
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · Jul 17
I'm an adoptive dad, too. Very touching account of David meeting Naomi for the first time.
5
Reposted by Dan Goodin
neurovagrant.bsky.social
Ian Campbell @neurovagrant.bsky.social · Jul 16
Talked with @dangoodin.bsky.social of Ars Technica on our Tuesday piece on malware in TXT records.

Thanks, Dan!

arstechnica.com/security/202...
Hackers exploit a blind spot by hiding malware inside DNS records
Technique transforms the Internet DNS into an unconventional file storage system.
arstechnica.com
2 7
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · Jul 14
GPUhammer is the first to flip bits in onboard GPU memory. It likely won't be the last.

arstechnica.com/security/202...
Nvidia chips become the first GPUs to fall to Rowhammer bit-flip attacks
GPUhammer is the first to flip bits in onboard GPU memory. It likely won’t be the last.
arstechnica.com
1 5
Reposted by Dan Goodin
arstechnica.com
Ars Technica @arstechnica.com · Jun 10
Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.
The publicly available exploits provide a near-universal way to bypass key protections.
arstechnica.com
1 8 30
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · Jun 10
Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

arstechnica.com/security/202...
Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.
The publicly available exploits provide a near-universal way to bypass key protections.
arstechnica.com
1 2 10
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · Jun 3
Tracking code Meta and Yandex embed into millions of sites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers discovered.

arstechnica.com/security/202...
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.
arstechnica.com
15 17
Reposted by Dan Goodin
bill-of-lefts.bsky.social
No true bill @bill-of-lefts.bsky.social · May 22
I cannot tell you how excited I am about windows recall as a plaintiffs’ attorney
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · May 21
arstechnica.com/security/202...
“Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall
Even after its refurbishing, Recall provides few ways to exclude specific apps.
arstechnica.com
2 2 18
Reposted by Dan Goodin
kennwhite.bsky.social
Kenn White @kennwhite.bsky.social · May 21
I love that @signal.org is using Microsoft's own DRM copyright API to block Windows from its own stupid new "feature" which takes screenshots of, well, everything and saves them. It's like an intellectual property Jedi mind trick.
dangoodin.bsky.social
Dan Goodin @dangoodin.bsky.social · May 21
arstechnica.com/security/202...
“Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall
Even after its refurbishing, Recall provides few ways to exclude specific apps.
arstechnica.com
5 130 520