Reposted by WillW
Let's see what happens, but I think it will be an unfortunate tell if Carney chooses to throw BC under the bus while teaming up with Danielle "Notwithstanding" Smith to turn over a tanker ban: stomping on human rights is rewarded by Carney.
November 25, 2025 at 11:18 PM
Let's see what happens, but I think it will be an unfortunate tell if Carney chooses to throw BC under the bus while teaming up with Danielle "Notwithstanding" Smith to turn over a tanker ban: stomping on human rights is rewarded by Carney.
This is the kind of independent reporting people need to see
Many Surrey residents have simply had enough with the extortion crisis plaguing the city – and they shouted “shame on you” at police officials at a public forum on the issue last week.
Read more in the Surrey Citizen: buff.ly/8zzTQty
#Crime #SurreyBC #SurreyCitizen
Read more in the Surrey Citizen: buff.ly/8zzTQty
#Crime #SurreyBC #SurreyCitizen
'Shame on you': Surrey residents fed up with extortion crisis – Surrey Citizen
Unsplash photo Many Surrey residents have simply had enough with the extortion crisis plaguing the city – and they shouted “shame on you” at police
surreycitizen.com
November 20, 2025 at 3:31 AM
This is the kind of independent reporting people need to see
Reposted by WillW
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
October 13, 2025 at 9:00 AM
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
Reposted by WillW
We’re a small team of seven journalists who investigate stories wealthy and powerful people don’t want Canadians to know about
Now we need your help to defend our journalism and continue shining a light on information politicians want to keep secret
Help us out 👉 JournalismDefence.ca
Now we need your help to defend our journalism and continue shining a light on information politicians want to keep secret
Help us out 👉 JournalismDefence.ca
November 11, 2025 at 6:01 PM
We’re a small team of seven journalists who investigate stories wealthy and powerful people don’t want Canadians to know about
Now we need your help to defend our journalism and continue shining a light on information politicians want to keep secret
Help us out 👉 JournalismDefence.ca
Now we need your help to defend our journalism and continue shining a light on information politicians want to keep secret
Help us out 👉 JournalismDefence.ca
Reposted by WillW
Microsoft has discovered a side-channel attack (Whisper Leak) on the network communications between AI chatbots and their backend LLMs
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
November 9, 2025 at 2:38 PM
Microsoft has discovered a side-channel attack (Whisper Leak) on the network communications between AI chatbots and their backend LLMs
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
Reposted by WillW
I’ve written for them. They pay a fair wage. And they pay you quickly. All to say I’ve experienced them on the back end 👌🏾
@pressprogress.ca needs your solidarity and support right now more than ever
We’re raising money to pay our legal bills – and to be blunt, we’re going to need a lot of help
If you’re able, please help us out and support our Journalism Defence Fund:
pressprogress.ca/journalism-d...
We’re raising money to pay our legal bills – and to be blunt, we’re going to need a lot of help
If you’re able, please help us out and support our Journalism Defence Fund:
pressprogress.ca/journalism-d...
PressProgress: Defend Canadian Journalism
pressprogress.ca
November 9, 2025 at 3:09 PM
I’ve written for them. They pay a fair wage. And they pay you quickly. All to say I’ve experienced them on the back end 👌🏾
Reposted by WillW
OpenAI's CISO Dane Stuckey posted an essay (on Twitter) about how their new ChatGPT Atlas browser attempts to deal with the risk of prompt injection attacks, I ended up writing a point-by-point commentary on my blog: simonwillison.net/2025/Oct/22/...
Dane Stuckey (OpenAI CISO) on prompt injection risks for ChatGPT Atlas
My biggest complaint about the launch of the ChatGPT Atlas browser the other day was the lack of details on how OpenAI are addressing prompt injection attacks. The launch post …
simonwillison.net
October 22, 2025 at 8:51 PM
OpenAI's CISO Dane Stuckey posted an essay (on Twitter) about how their new ChatGPT Atlas browser attempts to deal with the risk of prompt injection attacks, I ended up writing a point-by-point commentary on my blog: simonwillison.net/2025/Oct/22/...
Reposted by WillW
Our investigative folks at the Fifth Estate having been trying for months to get the province to talk about a leak of thousands of Interior Health employees’ personal information, and who was responsible.
The response from Health Minister Josie Osborne is not exactly inspirational.
The response from Health Minister Josie Osborne is not exactly inspirational.
October 16, 2025 at 10:08 PM
Our investigative folks at the Fifth Estate having been trying for months to get the province to talk about a leak of thousands of Interior Health employees’ personal information, and who was responsible.
The response from Health Minister Josie Osborne is not exactly inspirational.
The response from Health Minister Josie Osborne is not exactly inspirational.
Reposted by WillW
“It will not be possible for apps like Signal to provide strong privacy guarantees (…) if device-makers and OS developers insist on puncturing the metaphoric blood-brain barrier between apps and the OS”
#tech #Ia
#tech #Ia
AI agents promise to “put our brain in a jar while a bundle of AI systems does our living for us”, writes Meredith Whittaker. “But as in fairy tales, so in life: relying on magical fixes leads to trouble,” she warns
AI agents are coming for your privacy, warns Meredith Whittaker
The Signal Foundation’s president worries they will also blunt competition and undermine cyber-security
econ.st
September 11, 2025 at 7:23 AM
Reposted by WillW
Canada’s digital software is critical infrastructure. It runs our country, and we depend upon it. Please consider signing my petition, asking for Canada to adopt my secure coding policy.
https://twp.ai/9PUQIn
#securecanadasfuture
https://twp.ai/9PUQIn
#securecanadasfuture
September 16, 2025 at 4:40 PM
Canada’s digital software is critical infrastructure. It runs our country, and we depend upon it. Please consider signing my petition, asking for Canada to adopt my secure coding policy.
https://twp.ai/9PUQIn
#securecanadasfuture
https://twp.ai/9PUQIn
#securecanadasfuture
Reposted by WillW
🚨 Malicious update to @ctrl/tinycolor on npm is part of an active supply chain attack hitting 40+ packages across multiple maintainers. Audit & remove affected versions.
Our analysis of the malware: socket.dev/blog/tinycol... #NodeJS #JavaScript
Our analysis of the malware: socket.dev/blog/tinycol... #NodeJS #JavaScript
Popular Tinycolor npm Package Compromised in Supply Chain At...
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
socket.dev
September 15, 2025 at 11:23 PM
🚨 Malicious update to @ctrl/tinycolor on npm is part of an active supply chain attack hitting 40+ packages across multiple maintainers. Audit & remove affected versions.
Our analysis of the malware: socket.dev/blog/tinycol... #NodeJS #JavaScript
Our analysis of the malware: socket.dev/blog/tinycol... #NodeJS #JavaScript
Reposted by WillW
Report: At this point we are just trying to figure who Canadian Parliament WON'T give a standing ovation to
Report: At this point we are just trying to figure who Canadian Parliament WON'T give a standing ovation to
OTTAWA - After members of the Canadian Parliament earlier today gave a standing ovation to recently deceased far-right agitator who touted white supremacist theories, Charlie Kirk, we here at The Beaverton are stuck trying to figure out if there’s literally anyone our elected officials won’t celebrate.
www.thebeaverton.com
September 16, 2025 at 4:13 AM
Report: At this point we are just trying to figure who Canadian Parliament WON'T give a standing ovation to
Reposted by WillW
The recording for my latest research has been released! If you prefer to listen rather than read, now is your chance.
P.S. It may be worth listening to it at a slower speed due to my tendency to talk at the speed of light...
P.S. It may be worth listening to it at a slower speed due to my tendency to talk at the speed of light...
The Single-Packet Shovel: Digging For Desync-Powered Request Tunnelling - Thomas Stacey
YouTube video by Bsides Exeter
www.youtube.com
September 11, 2025 at 3:19 PM
The recording for my latest research has been released! If you prefer to listen rather than read, now is your chance.
P.S. It may be worth listening to it at a slower speed due to my tendency to talk at the speed of light...
P.S. It may be worth listening to it at a slower speed due to my tendency to talk at the speed of light...
Reposted by WillW
Every lens leaves a blur signature—a hidden fingerprint in every photo.
In our new #TPAMI paper, we show how to learn it fast (5 mins of capture!) with Lens Blur Fields ✨
With it, we can tell apart ‘identical’ phones by their optics, deblur images, and render realistic blurs.
In our new #TPAMI paper, we show how to learn it fast (5 mins of capture!) with Lens Blur Fields ✨
With it, we can tell apart ‘identical’ phones by their optics, deblur images, and render realistic blurs.
September 9, 2025 at 10:48 PM
Every lens leaves a blur signature—a hidden fingerprint in every photo.
In our new #TPAMI paper, we show how to learn it fast (5 mins of capture!) with Lens Blur Fields ✨
With it, we can tell apart ‘identical’ phones by their optics, deblur images, and render realistic blurs.
In our new #TPAMI paper, we show how to learn it fast (5 mins of capture!) with Lens Blur Fields ✨
With it, we can tell apart ‘identical’ phones by their optics, deblur images, and render realistic blurs.
Reposted by WillW
This Saturday, we're finally heading out on the town!
Meet Chris Campbell of the Surrey Citizen at our table at the Surrey Urban Farmers Market on Sept. 13 - bring us your story ideas, or simply drop by and say hi.
Meet Chris Campbell of the Surrey Citizen at our table at the Surrey Urban Farmers Market on Sept. 13 - bring us your story ideas, or simply drop by and say hi.
September 10, 2025 at 10:13 PM
This Saturday, we're finally heading out on the town!
Meet Chris Campbell of the Surrey Citizen at our table at the Surrey Urban Farmers Market on Sept. 13 - bring us your story ideas, or simply drop by and say hi.
Meet Chris Campbell of the Surrey Citizen at our table at the Surrey Urban Farmers Market on Sept. 13 - bring us your story ideas, or simply drop by and say hi.
Reposted by WillW
I’ve been watching the inside track on this one, it’s super cool.
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
September 10, 2025 at 1:45 PM
I’ve been watching the inside track on this one, it’s super cool.
Reposted by WillW
NEW: Spyware installed on Kenyan filmmakers' phones in police custody @citizenlab.ca confirms cpj.org?p=516177
Spyware installed on Kenyan filmmakers' phones in police custody - Committee to Protect Journalists
New York, September 10, 2025—The Committee to Protect Journalists is gravely alarmed by the installation of spyware on two Kenyan filmmakers’ phones while the devices were in police custody, and calls...
cpj.org
September 10, 2025 at 2:02 PM
NEW: Spyware installed on Kenyan filmmakers' phones in police custody @citizenlab.ca confirms cpj.org?p=516177
Reposted by WillW
Signal Secure Backups are here 🙌
Until now, if you lost or broke your phone, your Signal message history was *gone,* a real challenge for everyone whose most important conversations happen in Signal. So, with careful design and development, we’re rolling out opt-in secure backups.
signal.org/blog/introducing-secure-backups
signal.org/blog/introducing-secure-backups
Introducing Signal Secure Backups
In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet...
signal.org
September 8, 2025 at 4:19 PM
Signal Secure Backups are here 🙌
Reposted by WillW
This talk by Ollie Whitehouse is worth watching for Cybersecurity vendors, startups and purchasers.
0 hype, with a bunch of plain-talk current and future challenges (and opportunities).
Vendors: do better..
Buyers: demand better..
youtu.be/UVNMozEgYtY?...
0 hype, with a bunch of plain-talk current and future challenges (and opportunities).
Vendors: do better..
Buyers: demand better..
youtu.be/UVNMozEgYtY?...
The Wicked Problems and Opportunities of Cyber - Ollie Whitehouse
YouTube video by BSides Bournemouth
youtu.be
September 6, 2025 at 12:12 PM
This talk by Ollie Whitehouse is worth watching for Cybersecurity vendors, startups and purchasers.
0 hype, with a bunch of plain-talk current and future challenges (and opportunities).
Vendors: do better..
Buyers: demand better..
youtu.be/UVNMozEgYtY?...
0 hype, with a bunch of plain-talk current and future challenges (and opportunities).
Vendors: do better..
Buyers: demand better..
youtu.be/UVNMozEgYtY?...
Ice Ice Baby (Summer Synthwave Remix) - Auralnauts
YouTube video by Craven In Outer Space
youtu.be
September 4, 2025 at 7:04 AM
Reposted by WillW
The CFIA hasn’t fined a single grocer for selling US products as Canadian. #cdnpoli
So I built a toolkit: a library of 101 of ready-to-use letters you can send to your MP.
Copy one, add your name, hit send.
(I'll make a video about this in the morning. I gotta get sleep now.)
👉 b.link/mpemails
So I built a toolkit: a library of 101 of ready-to-use letters you can send to your MP.
Copy one, add your name, hit send.
(I'll make a video about this in the morning. I gotta get sleep now.)
👉 b.link/mpemails
101 Email Templates to Send Your MP
by Tod Maffin If you like this, consider subscribing to my free weekly newsletter about Canada. Or Join our Discord and check out the #buy-canadian channel
Got a suggestion or correction?
Tell me at ...
b.link
September 4, 2025 at 5:16 AM
The CFIA hasn’t fined a single grocer for selling US products as Canadian. #cdnpoli
So I built a toolkit: a library of 101 of ready-to-use letters you can send to your MP.
Copy one, add your name, hit send.
(I'll make a video about this in the morning. I gotta get sleep now.)
👉 b.link/mpemails
So I built a toolkit: a library of 101 of ready-to-use letters you can send to your MP.
Copy one, add your name, hit send.
(I'll make a video about this in the morning. I gotta get sleep now.)
👉 b.link/mpemails
Reposted by WillW
We've just published a novel technique to bypass the __Host and __Secure cookie flags, to achieve maximum impact for your cookie injection findings: portswigger.net/research/coo...
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and serve
portswigger.net
September 3, 2025 at 2:54 PM
We've just published a novel technique to bypass the __Host and __Secure cookie flags, to achieve maximum impact for your cookie injection findings: portswigger.net/research/coo...
Reposted by WillW
Some notes on the insecurity baked into Perplexity's Comet "AI Browser" - the Brave security team reported serious prompt injection vulnerabilities in it, but Brave themselves are developing a similar feature that looks doomed to have similar problems simonwillison.net/2025/Aug/25/...
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
The security team from Brave took a look at Comet, the LLM-powered "agentic browser" extension from Perplexity, and unsurprisingly found security holes you can drive a truck through. The vulnerability...
simonwillison.net
August 25, 2025 at 9:42 AM
Some notes on the insecurity baked into Perplexity's Comet "AI Browser" - the Brave security team reported serious prompt injection vulnerabilities in it, but Brave themselves are developing a similar feature that looks doomed to have similar problems simonwillison.net/2025/Aug/25/...
Reposted by WillW
At long last - Phrack 72 has been released online for your reading pleasure!
Check it out: phrack.org
Check it out: phrack.org
August 18, 2025 at 9:33 PM
At long last - Phrack 72 has been released online for your reading pleasure!
Check it out: phrack.org
Check it out: phrack.org
Reposted by WillW
🎤Speaker Spotlight: Pierre-Nicolas Allard-Coutu
We’re excited to welcome back to BSides Vancouver Island Pierre-Nicolas Allard-Coutu, Senior pentester and offensive security R&D lead at Bell Canada’s STIRT team with his talk on Stolen Laptops.
#BSidesVI2025 #CyberSecurity #Infosec #RedTeam
We’re excited to welcome back to BSides Vancouver Island Pierre-Nicolas Allard-Coutu, Senior pentester and offensive security R&D lead at Bell Canada’s STIRT team with his talk on Stolen Laptops.
#BSidesVI2025 #CyberSecurity #Infosec #RedTeam
August 15, 2025 at 5:12 PM
🎤Speaker Spotlight: Pierre-Nicolas Allard-Coutu
We’re excited to welcome back to BSides Vancouver Island Pierre-Nicolas Allard-Coutu, Senior pentester and offensive security R&D lead at Bell Canada’s STIRT team with his talk on Stolen Laptops.
#BSidesVI2025 #CyberSecurity #Infosec #RedTeam
We’re excited to welcome back to BSides Vancouver Island Pierre-Nicolas Allard-Coutu, Senior pentester and offensive security R&D lead at Bell Canada’s STIRT team with his talk on Stolen Laptops.
#BSidesVI2025 #CyberSecurity #Infosec #RedTeam