ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
Just another privacy nightmare
The Widespread Power of U.S. Law Enforcement to Search Mobile Phones
Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant.
“When we see new technology come out, people often think, ‘Wow, my life is going to be a lot safer‘, but we often see the opposite with survivors of domestic violence.”
Building a fenced garden, one step at a time
"In the name of security and privacy, Google is taking away the ability for users to select third-party camera apps in Android 11, forcing users to rely on the built-in camera app."
Which basically can mean that if secret court in US decide they need backdoor in Jira, friendly ASIO (intelligence agency in Australia) might force Atlassian to include backdoor in their products and then pass info to US agencies or others from Five Eyes countries.
And since Atlassian was recently complaining how law impacted Australia and their company... 2/2
@threed according to the legislation as long as they have end users in Australia they might be compelled to include backdoors for following reasons: "enforcing the criminal law, so far as it relates to serious
Australian offences; or assisting the enforcement of the criminal laws in force in
a foreign country, so far as those laws relate to serious foreign offences; or safeguarding national security" 1/2
Considering that Atlassian’s policy and government affairs head, Patrick Zhang complained about the encryption laws in Australia, I'd suggest to give 0 trust to Atlassian products like jira, since most likely it contains some backdoor as required by local laws. Also isolating any email account used by its products #encryption
@stephaniewalter why not alternatives as gitlab or codeberg.org?
Grandmother Ordered To Delete Facebook Photos Under GDPR
Sequoia PGP makes final preparations for the 1.0 release