Dan Goodin
@dangoodin.bsky.social
Cybersecurity Reporter, Ars Technica: https://arstechnica.com/author/dan-goodin/ Hungry for tips. Text me on Signal: DanArs.82. "The world isn’t run by weapons anymore, or energy, or money. It’s run by little 1s and 0s, little bits of data."
Reposted by Dan Goodin
Hi hi! I'm happy and proud to announce that I've spent the last few weeks preparing the relaunch of @digitalfoundry.bsky.social as its Launch Site Editor! A dream role in many ways. I'll be translating the DF team's videos in the site's early months while building exclusive content. Check it out:
Digital Foundry
Digital Foundry was founded in 2004 and specialises in technical analysis of video games and hardware, using our own bespoke tools for frame-rate analysis – covering everything from console, PC and be...
digitalfoundry.net
November 6, 2025 at 4:42 PM
Hi hi! I'm happy and proud to announce that I've spent the last few weeks preparing the relaunch of @digitalfoundry.bsky.social as its Launch Site Editor! A dream role in many ways. I'll be translating the DF team's videos in the site's early months while building exclusive content. Check it out:
Reposted by Dan Goodin
The administration at Indiana University Bloomington fired the adviser to the student newspaper and barred the publication from putting out a print edition. The dispute has left student journalists and press advocates accusing the university of censorship.
Indiana University Fires Adviser to Student Newspaper and Bars Print Publication
The administration at Indiana University Bloomington fired the adviser to the paper and barred the publication from putting out a print edition.
nyti.ms
October 17, 2025 at 4:00 PM
The administration at Indiana University Bloomington fired the adviser to the student newspaper and barred the publication from putting out a print edition. The dispute has left student journalists and press advocates accusing the university of censorship.
Reposted by Dan Goodin
For over 3 years my investigation has exposed how major banks enabled Epstein’s sex trafficking operation. I’m glad that his victims are able to use those findings to hold big banks accountable. I fully intend to keep following the money on Epstein. Stay tuned.
Epstein victims sue Bank of America, Bank of NY Mellon, for allegedly funding sex trafficking
Women abused by Jeffrey Epstein sued Bank of America and Bank of New York Mellon in Manhattan on Wednesday, alleging their executives violated banking laws and ignored red flags out of “absolute lo…
www.nydailynews.com
October 17, 2025 at 4:12 PM
For over 3 years my investigation has exposed how major banks enabled Epstein’s sex trafficking operation. I’m glad that his victims are able to use those findings to hold big banks accountable. I fully intend to keep following the money on Epstein. Stay tuned.
The problem solving required for making Signal quantum safe is as daunting as any in engineering. In less adept hands, mucking about with an instrument this complex could have led to unintended consequences. Yet this upgrade is nothing short of a triumph!
arstechnica.com/security/202...
arstechnica.com/security/202...
Why Signal’s post-quantum makeover is an amazing engineering achievement
New design sets a high standard for post-quantum readiness.
arstechnica.com
October 13, 2025 at 4:59 PM
The problem solving required for making Signal quantum safe is as daunting as any in engineering. In less adept hands, mucking about with an instrument this complex could have led to unintended consequences. Yet this upgrade is nothing short of a triumph!
arstechnica.com/security/202...
arstechnica.com/security/202...
How long until the FBI opens an investigation into this judge?
OMG - the judge in Florida just sua sponte struck the complaint in the Trump v NYT case for -wait for it - violating Rule 8.
Lawyers, tell the folks at home how hard it is to get the complaint struck outright for something like that in fed eral court.
storage.courtlistener.com/recap/gov.us...
Lawyers, tell the folks at home how hard it is to get the complaint struck outright for something like that in fed eral court.
storage.courtlistener.com/recap/gov.us...
storage.courtlistener.com
September 19, 2025 at 5:11 PM
How long until the FBI opens an investigation into this judge?
Reposted by Dan Goodin
Judge Merryday has no fucks left to give for Trump's defamation complaint against the NYT:
"As every lawyer knows (or is presumed to know), a complaint isn't a public forum for vituperation & invective—not a protected platform to rage against an adversary"
storage.courtlistener.com/recap/gov.us...
"As every lawyer knows (or is presumed to know), a complaint isn't a public forum for vituperation & invective—not a protected platform to rage against an adversary"
storage.courtlistener.com/recap/gov.us...
storage.courtlistener.com
September 19, 2025 at 4:42 PM
Judge Merryday has no fucks left to give for Trump's defamation complaint against the NYT:
"As every lawyer knows (or is presumed to know), a complaint isn't a public forum for vituperation & invective—not a protected platform to rage against an adversary"
storage.courtlistener.com/recap/gov.us...
"As every lawyer knows (or is presumed to know), a complaint isn't a public forum for vituperation & invective—not a protected platform to rage against an adversary"
storage.courtlistener.com/recap/gov.us...
Reposted by Dan Goodin
Wow. Florida judge makes quick work of the Trump lawsuit against the NYTimes and Penguin Random House. The lawsuit was silly and Judge Merryday does not hide how he feels about it!
Trump can amend though.
storage.courtlistener.com/recap/gov.us...
Trump can amend though.
storage.courtlistener.com/recap/gov.us...
![Apprentice’ represented the cultural magnitude of President Trump’s singular brilliance, which captured the [Z]eitgeist of our time.”
The complaint continues with allegations in defense of President Trump’s father and the acquisition of the Trumps’ wealth; with a protracted list of the many
properties owned, developed, or managed by The Trump Organization and a list of
President Trump’s many books; with a long account of the history of “The Apprentice”; with an extensive list of President Trump’s “media appearances”; with a detailed account of other legal actions both by and against President Trump, including
an account of the “Russia Collusion Hoax” and incidents of alleged “lawfare”
against President Trump; and with much more, persistently alleged in abundant,
florid, and enervating detail.
Even assuming that each allegation in the complaint is true (of course, that is
for a jury to decide and is not pertinent here; this order suggests nothing about the
truth of the allegations or the validity of the claims but addresses only the manner of
the presentation of the allegations in the complaint); even assuming that at trial the
plaintiff offers evidence supporting every allegation in the complaint and that the evidence is accepted by the jury as fact; and even assuming that after finally “melting”
the defendants’ alleged “iceberg of falsehoods” the plaintiff prevails for each reason
alleged in the complaint — even assuming all of that — a complaint remains an improper and impermissible place for the tedious and burdensome aggregation of prospective evidence, for the rehearsal of tendentious arguments, or for the protracted
recitation and explanation of legal authority putatively supporting the pleader’s claim](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:cak4klqoj3bqgk5rj6b4f5do/bafkreigqb45uegomspx6v7b3fydtj6uquljbtfpyedvxaq4l53dezf5ktu@jpeg)
September 19, 2025 at 4:50 PM
Wow. Florida judge makes quick work of the Trump lawsuit against the NYTimes and Penguin Random House. The lawsuit was silly and Judge Merryday does not hide how he feels about it!
Trump can amend though.
storage.courtlistener.com/recap/gov.us...
Trump can amend though.
storage.courtlistener.com/recap/gov.us...
So long, #disneyplus. I stand for @jimmykimmel.com and for media independence.
Also, nothing Jimmy said about the MAGA people politicizing and weaponizing Kirk's assassination was untrue.
cc: @jimmykimmellive.bsky.social
Also, nothing Jimmy said about the MAGA people politicizing and weaponizing Kirk's assassination was untrue.
cc: @jimmykimmellive.bsky.social
September 18, 2025 at 7:12 PM
So long, #disneyplus. I stand for @jimmykimmel.com and for media independence.
Also, nothing Jimmy said about the MAGA people politicizing and weaponizing Kirk's assassination was untrue.
cc: @jimmykimmellive.bsky.social
Also, nothing Jimmy said about the MAGA people politicizing and weaponizing Kirk's assassination was untrue.
cc: @jimmykimmellive.bsky.social
Reposted by Dan Goodin
Reposted by Dan Goodin
@lurabardley.bsky.social sees this for what it is www.vanityfair.com/hollywood/st...
Late-Night TV Isn’t Dying—It’s Being Murdered
And we’re not just talking about Jimmy Kimmel. In part one of a two-part series, nearly a dozen insiders explain how one of comedy’s oldest genres is being strangled—starting with the chilling effect ...
www.vanityfair.com
September 18, 2025 at 4:49 PM
@lurabardley.bsky.social sees this for what it is www.vanityfair.com/hollywood/st...
Reposted by Dan Goodin
This really makes it clear just HOW negligent Microsoft is in their design. Enabling such a trivially vulnerable default fallback is outright misconduct. It should have been moved to default off over a decade ago, REQUIRING admins to turn it on if they have old broken shit.
September 18, 2025 at 4:59 PM
This really makes it clear just HOW negligent Microsoft is in their design. Enabling such a trivially vulnerable default fallback is outright misconduct. It should have been moved to default off over a decade ago, REQUIRING admins to turn it on if they have old broken shit.
Reposted by Dan Goodin
Nice article by @dangoodin.bsky.social on the Ascension hack and bad Kerberos: arstechnica.com/security/202...
How weak passwords and other failings led to catastrophic breach of Ascension
A deep-dive into Active Directory and how “Kerberoasting” breaks it wide open.
arstechnica.com
September 18, 2025 at 4:53 PM
Nice article by @dangoodin.bsky.social on the Ascension hack and bad Kerberos: arstechnica.com/security/202...
Wednesday’s discovery of 3 unauthorized TLS certificates for Cloudflare’s 1.1.1.1 generated intense interest and concern. Since then, new information has become available, including the issuance of 9 more certificates. This FAQ answers questions and gives the latest: arstechnica.com/information-...
The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest.
Everything to know about the mishap that threatened to expose millions of users’ queries.
arstechnica.com
September 5, 2025 at 4:16 PM
Wednesday’s discovery of 3 unauthorized TLS certificates for Cloudflare’s 1.1.1.1 generated intense interest and concern. Since then, new information has become available, including the issuance of 9 more certificates. This FAQ answers questions and gives the latest: arstechnica.com/information-...
Reposted by Dan Goodin
Dunno who Fina Root CA is, but they finna learn some hard lessons in TLS certificate justice.
Always appreciate @dangoodin.bsky.social getting stuff like this out into the daylight.
#infosec #cybersecurity
arstechnica.com/security/202...
Always appreciate @dangoodin.bsky.social getting stuff like this out into the daylight.
#infosec #cybersecurity
arstechnica.com/security/202...
Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet
The three certificates were issued in May but only came to light Wednesday.
arstechnica.com
September 3, 2025 at 11:35 PM
Dunno who Fina Root CA is, but they finna learn some hard lessons in TLS certificate justice.
Always appreciate @dangoodin.bsky.social getting stuff like this out into the daylight.
#infosec #cybersecurity
arstechnica.com/security/202...
Always appreciate @dangoodin.bsky.social getting stuff like this out into the daylight.
#infosec #cybersecurity
arstechnica.com/security/202...
Reposted by Dan Goodin
Solid debunking from @dangoodin.bsky.social on the Passkeys “Pwned” thing. arstechnica.com/security/202...
Unpacking Passkeys Pwned: Possibly the most specious research in decades
Researchers take note: When the endpoint is compromised, all bets are off.
arstechnica.com
August 28, 2025 at 1:57 PM
Solid debunking from @dangoodin.bsky.social on the Passkeys “Pwned” thing. arstechnica.com/security/202...
I asked Google how many detections Big Sleep made in total and how many false positives and false negatives there were. The company declined to say. It's certainly Google's prerogative to withhold data that may not cast Big Sleep in a favorable light, but calling this a"commitment to transparency"?
Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our AI-based "Big Sleep" system powered by Gemini — goo.gle/bigsleep
Google Issue Tracker
goo.gle
August 6, 2025 at 10:46 PM
I asked Google how many detections Big Sleep made in total and how many false positives and false negatives there were. The company declined to say. It's certainly Google's prerogative to withhold data that may not cast Big Sleep in a favorable light, but calling this a"commitment to transparency"?
Reposted by Dan Goodin
Talked with @dangoodin.bsky.social of Ars Technica on our Tuesday piece on malware in TXT records.
Thanks, Dan!
arstechnica.com/security/202...
Thanks, Dan!
arstechnica.com/security/202...
Hackers exploit a blind spot by hiding malware inside DNS records
Technique transforms the Internet DNS into an unconventional file storage system.
arstechnica.com
July 16, 2025 at 11:32 AM
Talked with @dangoodin.bsky.social of Ars Technica on our Tuesday piece on malware in TXT records.
Thanks, Dan!
arstechnica.com/security/202...
Thanks, Dan!
arstechnica.com/security/202...
GPUhammer is the first to flip bits in onboard GPU memory. It likely won't be the last.
arstechnica.com/security/202...
arstechnica.com/security/202...
Nvidia chips become the first GPUs to fall to Rowhammer bit-flip attacks
GPUhammer is the first to flip bits in onboard GPU memory. It likely won’t be the last.
arstechnica.com
July 14, 2025 at 7:21 PM
GPUhammer is the first to flip bits in onboard GPU memory. It likely won't be the last.
arstechnica.com/security/202...
arstechnica.com/security/202...
Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.
arstechnica.com/security/202...
arstechnica.com/security/202...
Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.
The publicly available exploits provide a near-universal way to bypass key protections.
arstechnica.com
June 10, 2025 at 7:22 PM
Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.
arstechnica.com/security/202...
arstechnica.com/security/202...
Tracking code Meta and Yandex embed into millions of sites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers discovered.
arstechnica.com/security/202...
arstechnica.com/security/202...
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.
arstechnica.com
June 3, 2025 at 2:26 PM
Tracking code Meta and Yandex embed into millions of sites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers discovered.
arstechnica.com/security/202...
arstechnica.com/security/202...
Reposted by Dan Goodin
I cannot tell you how excited I am about windows recall as a plaintiffs’ attorney
May 22, 2025 at 1:22 AM
I cannot tell you how excited I am about windows recall as a plaintiffs’ attorney
Reposted by Dan Goodin
I love that @signal.org is using Microsoft's own DRM copyright API to block Windows from its own stupid new "feature" which takes screenshots of, well, everything and saves them. It's like an intellectual property Jedi mind trick.
May 21, 2025 at 9:45 PM
I love that @signal.org is using Microsoft's own DRM copyright API to block Windows from its own stupid new "feature" which takes screenshots of, well, everything and saves them. It's like an intellectual property Jedi mind trick.
Reposted by Dan Goodin
