✈️ New Blog Post: Your Boarding Pass Is a Skeleton Key. Frontier Airlines Doesn't Care.

Frontier's mobile API returns full passport numbers, home addresses, children's DOB, credit card details, and KTNs for any booking. The only auth? A PNR and last name. Printed on every boarding pass.

Reported March 3rd. 105 days later, still live. They fixed the least important vuln and ghosted me on the rest. They also updated the website code and somehow made the leaks worse.

Full writeup: bobdahacker.com/blog/frontier-…

#InfoSec #BugBounty #ResponsibleDisclosure #FrontierAirlines #Security #CyberSecurity #Privacy #Aviation #PCIDSS #DataExposure

404media.co/fcc-wants-to-kill-…

The FCC wants to make it impossible to buy "burner" phones, such as pre-paid phones not linked to your identity. They plan to do this by forcing all companies to store a ton of data about ALL phone users, including Copy of ID, and Verified address and a ton more info for both new & existing phone users, regardless of company or phone.

#FCC #Privacy #Security

because "safety"

it doesn't matter if russian #drones are unaddressed. #fear operates on other topics the #rightWing #politician can amplify and manufacture. drones take away a sense of #security, the liar promises "security" on some other topic

it doesn't work logically, it works emotionally

people want and need safety, even if just a feeling. right wing rhetoric endlessly harps on any topic that people can be tricked into feeling unsafe on. then they making grandiose promises about it

9/x

New, by me: A number of high-profile and/or valuable Instagram accounts, including those of the Obama White House and the Chief Master Sergeant for the U.S. Space Force, got hacked and defaced with pro-Iran messaging in the past 24h after people figured out that Meta's AI support assistant could be tricked into resetting account passwords.

From the story:

"A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target's usual hometown, requesting a password reset for the account, and then choosing to chat with Meta's AI support assistant. From there, the video shows the attacker told the bot to link the account in question to a new email address, after which the bot dutifully sent that address a one-time code that allowed a password reset."

krebsonsecurity.com/2026/06/ha…

#meta #instagram #hack #ai #security

Something going on with UA Flight 236 (now on the ground)

reddit.com/r/unitedairlines/co…

#aviation #security

Surveillance tech coming to a virtual couch near you!

Headway Therapy Patients Forced to Scan Their Faces to Keep Getting Care

404media.co/headway-therapy-fa…

#Headway #Therapy #Security #Privacy #Surveillance #Health #Tech

But can this be used if the police snatch my phone?

Apple Developing iPhone Anti-Snatching Feature That Locks Stolen Phones Instantly

macrumors.com/2026/05/27/apple…

#Apple #iPhone #AntiTheft #Stolen #Security #Privacy #Tech

Apparently, you can be IDed by what your SSD does

Websites have a new way to spy on visitors: analyzing their SSD activity

arstechnica.com/security/2026/…

#Websites #Spyware #SSD #Hardware #Storage #Privacy #Vulnerability #Security #Surveillance #Tech

Negrodamus strikes again: Data Collection Edition

AI companies and data brokers even resort to fake forms to keep selling our data

9to5mac.com/2026/05/20/ai-comp…

#AI #DataBrokers #Privacy #Security #Surveillance #Tech

I don't know how well E2EE will benefit me if they are trying to surveil me in other ways.

Discord now has end-to-end encryption on all calls - Engadget

engadget.com/2177277/discord-n…

#Discord #E2EE #Encryption #Security #Privacy #Tech #Gaming

"Age verification is an impossibility, and an impossibly terrible idea with impossibly vast consequences for privacy and the open web..." - @pluralistic

pluralistic.net/2025/08/14/bel…

#AgeVerification #privacy #security #tech

Time to patch those GPUs!

NVIDIA reveal more GPU driver security flaws for May 2026

gamingonlinux.com/2026/05/nvid…

#Nvidia #GPU #Drivers #Security #Vulnerabilities #Hardware #Tech

I'm inclined to think @pluralistic has had entirely enough of this bullshit & so should we all...

#AgeVerification #privacy #security #surveillance

Cory Doctorow

2026-05-19 08:11:31

"Object permanence": the ability to understand that things still exist, even if you can't see 'em. Kids acquire a thorough sense of object permanence by the age of two. But when it comes to technopolitics, object permanence eludes full-grown lawmakers. These motherfuckers would lose a game of peek-a-boo.

-

If you'd like an essay-formatted version of this thread to read/share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2026/05/19/she…

1/

Pluralistic: There’s no such thing as “age verification” (19 May 2026) – Pluralistic: Daily links from Cory Doctorow

Pluralistic: There's no such thing as "age verification" (19 May 2026)

^{Cory Doctorow (Pluralistic: Daily links from Cory Doctorow)}

It's only so they can keep tabs on Kash Patel, right? Right?!

The FBI Wants to Buy Nationwide Access to License Plate Readers

404media.co/the-fbi-wants-to-b…

#FBI #US #Surveillance #Privacy #Security #ACAB #Tech

Have you used an LLM to scan for vulnerabilities in an Open Source codebase?

#EvanPoll #poll #opensource #security #ai

• Yes (9%, 25 votes)
• Yes, but... (0%, 1 vote)
• No, but... (7%, 20 votes)
• No (83%, 229 votes)

I don't like this one bit.

Bitwarden scrubs 'Always free' and 'Inclusion' values from its website as longtime execs step down

fastcompany.com/91542655/bitwa…

#Bitwarden #PasswordManager #Security #Technology

20 million people! The New jim Crow has a list of 20 million people, but y'all stay mad at people for just surviving!

ICE Agents Have List of 20 Million People on Their iPhones Thanks to Palantir

404media.co/ice-agents-have-li…

#ICE #Palantir #AI #Security #Privacy #Surveillance #ACAB #Tech

I know its slim pickings nowadays, but if the Feds reset your router, maybe buy a new one

The FBI may have reset your wireless router; if so, you should replace it

9to5mac.com/2026/05/12/the-fbi…

#FBI #NSA #Wireless #Router #Surveillance #Security #Privacy #TPLink #ACAB #Tech

Would you pass a background check?

#EvanPoll #poll #security #backgroundcheck

• Yes (56%, 120 votes)
• Yes, but... (30%, 65 votes)
• No, but... (3%, 8 votes)
• No (9%, 21 votes)

This is such a cunning, shameless, beautiful scam.

Got an email from Equifax (who exposed zillions of records to hackers not long ago if memory serves), the gist of which was:

'Nice credit rating you got there. Be a shame if something happened to it...'

I took the bait and logged in.

The images tell the story.

It's a sublime shakedown.

@pluralistic

#economics #equifax #security #tech

@pluralistic dang

#zkp #privacy #security #zeroKnowledgeProof

BREAKING! Meshcore team splits over dispute over AI-generated code disclosure, and hostile trademark takeover.

Meshcore is an off-grid, decentralised mesh radio platform powered by low-cost and public access LoRa radio technology for reliable, long-range emergency text and embedded sensors communication. It can communicate across kilometres — no towers, no subscriptions, no single point of failure.

blog.meshcore.io/2026/04/23/th…

#meshcore #meshtastic #lora #radio #opensource #foss #drama #privacy #security #selfsovereignty #ai #copyright #takeover

Google announced several months ago that its Chrome browser would make secure connections the standard in October 2026. But you can already block shady websites by taking one simple step. PC World tells us how to do it in Chrome, Edge and Firefox:

flip.it/Tl04k8

#Tech #CyberSecurity #Chrome #Edge #Firefox #Technology #Security

The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought

wired.com/story/deepfake-nudif…

#news #tech #technology #AI #deepfake #aislop #security #privacy

The death of phishing cannot come soon enough. Alas, the scamming mechanism is alive and well, tricking some of the savviest web users. But if you know what to look for, you can bolster your security, avoid the embarrassment of telling your friends how you got hoodwinked, and much worse. PC World shows us how:

flip.it/2tgxfj

#Tech #Phishing #Security #Technology

We know (the ever transactional) Tangerine Tyrant sees NATO as a cost to the US from which they derive little if any benefit... and we all know this is essentially nonsense.

But as Andrew Gawthorpe notes its not just historical ignorance (or lack of interest), it is also because a significant aspect of the value fo NATO to the US is really based on a counter-factual - things avoided because of NATO's existence & that is much more difficult to see?

#security #politics
theconversation.com/donald-tru…

LinkedIn Is Illegally Searching Your Computer

browsergate.eu

#tech #technology #BigTech #IT #enshittification #microslop #microsoft #LinkedIn #social #media #SocialMedia #data #security #safety #InfoSec #internet #web