Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
PureOS Crimson Development Report: July 2025
Welcome back! In our last update, we mentioned a fix in pureos-meta for some missing essential system components.
This seemed trivial at the time - just add the missing components. However, when the fix went into review and we looked deeper, it turned out to be anything but trivial.
The post PureOS Crimson Development Report: July 2025 appeared first on Purism.
The UK May Be Dropping Its Backdoor Mandate
The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately.
Payy and Privacy for Stablecoins: The Unlock for Real-World Adoption
Payy introduces a zk-powered Visa card that brings privacy and real-world usability to stablecoins
Introducing the Librem PQC Comms Server
SF, CA, US – Purism is excited to announce its Librem PQC Comms Server, encrypting data-in-transit (DIT) with post-quantum cryptography (PQC) according to the NIST FIPS 203 standard. When bundled as a complete ecosystem with the Liberty Phone or other Purism Products will also address data-at-rest (DAR) encrypted with PQC.
The post Introducing the Librem PQC Comms Server appeared first on Purism.
We Are Still Unable to Secure LLMs from Malicious Inputs
Nice indirect prompt injection attack:
Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks like an official document on company meeting policies. But inside the document, Bargury hid a 300-word malicious prompt that contains instructions for ChatGPT. The prompt is written in white text in a size-one font, something that a human is unlikely to see but a machine will still read.
In a proof of concept video of the attack, Bargury shows the victim asking ChatGPT to...
A Privacy Shield in the Wake of AT&T Data Breaches
Purism AweSIM: A Privacy Shield in the Wake of AT&T Data Breaches AT&T was found liable to pay customers an estimated $177M to resolve multiple lawsuits stemming from two separate data breaches – March 30 and July 12, 2024. Both breaches exposed huge amounts of Personal Identifiable Information (PII) to the public. These two breaches […]
The post A Privacy Shield in the Wake of AT&T Data Breaches appeared first on Purism.
Encryption Backdoor in Military/Police Radios
I wrote about this in 2023. Here’s the story:
Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now.
There’s new news:
In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based in the Netherlands, discovered vulnerabilities in encryption algorithms that are part of a European radio standard created by ETSI...
FTC Issues Letters to Big Tech: No Back Doors
FTC to Big Tech: No Back Doors — Purism Was Already There Protecting against Jurisdictional Arbitrage When the Federal Trade Commission (FTC) makes a determined move like this, it’s not a casual policy tweak — it’s a line drawn in permanent ink. On August 21, FTC Chairman Andrew Ferguson sent formal notices to over a […]
The post FTC Issues Letters to Big Tech: No Back Doors appeared first on Purism.
Poor Password Choices
Look at this: McDonald’s chose the password “123456” for a major corporate system.
Friday Squid Blogging: Bobtail Squid
Nice short article on the bobtail squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation policy.