Ubuntu is now allowing users to disable security mitigations Intel has baked into its GPU components. People are claiming the setting provides up to a 20% boost in performance. I'm still trying to understand more about the mitigations, but they appear to involve defending against Spectre-based attacks. Is this wise? On the one hand, I'm not aware of a single Spectre-based attack in the wild. On the other hand, you're leaving yourself potentially exposed. Thoughts

Disabling Intel Graphics Security Mitigations Can Boost GPU Compute Performance By 20% - Phoronix

While not talked about as much as the Intel CPU security mitigations, Intel graphics security mitigations have added up over time that if disabling...

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

Ars Technica

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

The publicly available exploits provide a near-universal way to bypass key protections.

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

Ars Technica

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Signal Messenger is warning that Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store everything a user does every three seconds, poses a risk to its users. Effective immediately, the Windows Desktop version will by default block the ability of Windows to screenshot the app. Of course, Microsoft provides no API to disable Recall from screenshotting specific apps, so Signal is getting creative. They are invoking a digital rights management API that blocks the screenshotting of copyrighted material.

Signal Messenger

By Default, Signal Doesn't Recall

Signal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing scree...

Folks, there is 0 evidence that Steam passwords have been breached. Unless and until credible evidence occurs, please do NOT urge people to change their login credentials and please do NOT boost other people's toots doing the same. Creating unjustified anxiety about a non event does a disservice to us all. Please boost for visibility.

Microsoft writes: "For example, if you have a password and “one time code” set up on your account, we’ll prompt you to sign in with your one time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey." I don't understand this. Why would Microsoft remove the password requirement and rely solely on a 1-time code? And what happens if the user decides not to use a passkey?

From the department of head scratches comes this counterintuitive news: Microsoft says it has no plans to change a remote login protocol in Windows that allows people to log in to machines using passwords that have been revoked.

Ars Technica

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.

Researchers say the behavior amounts to a persistent backdoor.

ICE officers in paramilitary gear appear to be inquiring about the citizenship status of passengers on a Amtrak Empire Builder train. As someone who rides Amtrak a lot, what should I say and do if I'm ever stopped like this?

Havre Weekly Chronicle

Border Patrol agents question Amtrak passengers in Havre about citizenship

Updated at 11:30 a.m. Friday, April 18, 2025. This version updates the headline and clarifies that it was Border Patrol agents who boarded the trai...