Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
helvede.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Velkommen til Helvede, fediversets hotteste instance! Vi er en queerfeministisk server, der shitposter i den 9. cirkel. Welcome to Hell, We’re a DK-based queerfeminist server. Read our server rules!

Administered by:

Server stats:

171
active users

helvede.net: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#security

133 posts90 participants0 posts today
Public
Chuck Darwin

Since the arrival of a team from Elon Musk’s Department of Government Efficiency,
#Social #Security is in a far more precarious place than has been widely understood,
according to #Leland #Dudek,
the acting commissioner of the Social Security Administration.

“I don’t want the system to collapse,”
Dudek said in a closed-door meeting last week, according to a recording obtained by ProPublica.

He also said that it “would be catastrophic for the people in our country”
if DOGE were to make changes at his agency that were as sweeping as those at USAID, the Treasury Department and elsewhere.

Dudek’s comments, delivered to a group of senior staff and Social Security advocates attending both in person and virtually,
offer an extraordinary window into the thinking of a top agency official in the volatile early days of the second Trump administration.

The Washington Post first reported Dudek’s acknowledgement that DOGE is calling the shots at Social Security.

But the full recording reveals that he went much further,
citing not only the actions being taken at the agency by the people he repeatedly called
“the DOGE kids,”
but also extensive input he has received from the White House itself.

When a participant in the meeting asked him why he wouldn’t more forcefully call out Donald Trump’s continued false claims about widespread Social Security fraud as “BS,”
Dudek answered, “So we published, for the record, what was actually the numbers there on our website.
This is dealing with — have you ever worked with someone who’s manic-depressive?”

Throughout the meeting, Dudek made alarming statements about the perils facing the Social Security system,
but he did so in an oddly informal, discursive manner.

It left several participants baffled as to the ultimate fate of the nation’s largest and most popular social program,
one that serves 73 million Americans.

“Are we going to break something?” Dudek asked at one point,
referring to what DOGE has been doing with Social Security data.

“I don’t know.”

propublica.org/article/recordi

ProPublica“The President Wanted It and I Did It”: Recording Reveals Head of Social Security’s Thoughts on DOGE and Trump
More from ProPublica
Public
vascorsd

"The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised. In this attack, the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit. "

Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity - stepsecurity.io/blog/harden-ru

www.stepsecurity.ioHarden-Runner detection: tj-actions/changed-files action is compromised - StepSecuritytj-actions/changed-files
#security#devops#programming
Public
Børge

Is there any push within the EU to work on Linux and other free software alternatives to US software, to stop having the whole administration of every single European country, and the EU itself, be totally dependent on software that can spy on us all for a hostile, nazi regime?

@senficon?

#EU#security#Trump
Public
PrivacyDigest

#TSA Says Its #CreditCards for Bomb-Sniffing #Dogs Are Cut Off

The Transport Security Administration has a freeze on credit card purchases for its bomb-sniffing dogs, TSA confirmed to 404 Media on Friday. The statement follows the leak of an alleged internal email which said TSA was cutting off requests for dog food and vet visits.
#doge #security

404media.co/tsa-k9-bomb-sniffi

404 Media · TSA Says Its Credit Cards for Bomb-Sniffing Dogs Are Cut OffThe statement follows an alleged internal email which said requests for dog food and vet visits had been put on hold.
Public
Tom Sellers

Folks have pointed out that in the current state of ... /waves around .. that it might be a good idea for US based institutions to reconsider hosting sites on non-US country code top-level domains (ccTLD) such as .io (Indian Ocean, going away soon anyway), .it (Italy), and .ai (Anguilla)

One that always bugged me was various Mississippi Gov departments using .ms which belongs to Montserrat. In light of current events these might have more risk than they did before. It looks like most of the State of MS related sites are now forwarders/shorteners for the real sites but there are plenty of official sites for MS counties as well as various private orgs that are still fully hosted on .ms domains.

Search: mississippi site:.ms

This happens for other states to various degrees as well. In some cases it's mostly private company domains and in others there are a few official state domains.

Arizona / Azerbaijan
Search: Arizona site:.az

Georgia / Gabon
Search: georgia site:.ga

Idaho / Indonesia
Search: idaho site:.id

Louisiana / Laos
Search: Louisiana site:.la

Maine / Montenegro
Search: Maine site:.me

etc. etc.

#security#risk
Public
PrivacyDigest

Researchers astonished by tool’s apparent success at revealing AI’s hidden motives

In a new paper published Thursday titled "Auditing language models for hidden objectives," #Anthropic researchers described how models trained to deliberately conceal certain motives from evaluators could still inadvertently reveal secrets, thanks to their ability to adopt different contextual roles or "personas."
#ai #security

arstechnica.com/ai/2025/03/res

Robot hiding behind happy human face mask on blue background
Ars Technica · Researchers astonished by tool’s apparent success at revealing AI’s hidden motivesBy Benj Edwards
Public
Mark Stosberg

The Flash browser plugin supported interactive apps & games befor the modern web could handle them.

It were a such frequent source of vulnerabilities that browsers eventually banned it.

SAML feels like that, but for authentication. SAMLStorm is the latest in an ongoing history of XML-parsing vulns, and probably not the last.

workos.com/blog/samlstorm

An alternative, OIDC, is based on REST and JSON, avoiding that class of problems.

workos.comSAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries — WorkOSAny service using xml-crypto or a Node.js SAML implementation using it, should update immediately to the latest version. WorkOS customers are safe and were not impacted.
#CyberSecurity#security#infosec
Public *
Chuck Darwin

One after another, callers on a telephone town hall with U.S. Rep. Bill Huizenga pressed the Michigan Republican about possible cuts to #Social #Security.

“We worked our entire life,” one said. “But we can’t get any help because we can’t get through to anybody.”

Huizenga pledged throughout the meeting: “Let me just reiterate, Social Security is not being touched.”
Similar exchanges have played out across the political battleground of Michigan and elsewhere in the U.S. in recent days,
as widespread cuts prompt fears among constituents about the popular program,
which provides monthly benefits to retirees and some children.

It’s left Republicans scrambling to reassure voters and play down Musk’s comments about Social Security and his ability to make cuts.

At a fiery in-person town hall in Asheville, North Carolina, one of the first questions Rep. Chuck Edwards fielded was on how he would
“ensure the protection of our Social Security benefits.”

After the question was read, the room of about 300 people erupted in applause.

While Trump has repeatedly said he “will not cut Social Security, Medicare or Medicaid benefits,” the administration has begun layoffs affecting over 10% of the Social Security Administration workforce and the closure of dozens of offices nationwide.

The GOP accuses Democrats of “fear-mongering” on the matter.

apnews.com/article/musk-trump-

Public
Em :official_verified:

New Privacy Guides video 📺✨
by @jw

If you've wondered about
the difference between:

Privacy,
Security,
and Anonymity :neocat_foxmask:

And why some privacy-focused
services are worth using even when they don't provide perfect anonymity, watch this!

It's truly an amazing short video!
Everyone should watch it 👇

privacyguides.org/videos/2025/

PeerTubeStop Confusing Privacy & Anonymity (and Security)By Privacy Guides
#PrivacyGuides#Privacy#Security
Public
Stefan Bohacek

If you still use one of these devices, you might want to start looking into alternatives.

"In an email sent to customers today, Amazon said that Echo users will no longer be able to set their devices to process Alexa requests locally [...] Starting on March 28, recordings of everything command spoken to the Alexa living in Echo speakers and smart displays will automatically be sent to Amazon and processed in the cloud."

arstechnica.com/gadgets/2025/0

via mamot.fr/@pluralistic/11416699

In this photo illustration, Echo Dot smart speaker with working Alexa with blue light ring seen displayed.
Ars Technica · Everything you say to your Echo will be sent to Amazon starting on March 28By Scharon Harding
#news#TechNews#technology
Public
Ivan Enderlin 🦀

GitHub Action tj-actions/changed-files is compromised, stepsecurity.io/blog/harden-ru.

> the attackers modified the action’s code and retroactively updated multiple version tags to reference the malicious commit. The […] Action prints CI/CD secrets in GitHub Actions build logs. If the workflow logs are publicly accessible (such as in public repositories), anyone could potentially read these logs and obtain exposed secrets.

www.stepsecurity.ioHarden-Runner detection: tj-actions/changed-files action is compromised - StepSecuritytj-actions/changed-files
#security
ExploreLive feeds
About