#infosec

See tagged statuses in the local BookWyrm community

Cat 🐈‍⬛🛰️ @catbailey and family are still in the direst situation.

Cat has been out of work for almost a full year and no one is hiring in her fields. Their home is in foreclosure, all the bills are past due.

For now, about $1200 is needed to help pay off some of the past due bills and save storage.

And then there's the vehicle situation...

Please help if you can. Anything at all is appreciated.

🧡🧡🧡🧡🧡 🧡🧡🧡🧡🧡
Thank you to all who have helped Cat and family make it this far.

Thank you for the $200 recently donated via GFM! It really helped!!!
🧡🧡🧡🧡🧡 🧡🧡🧡🧡🧡

And please, please, PLEASE, hire Cat! Cat can do project management, writing, commissions, contract work, editing, and more. (ping Cat for more info)

Cat has a Ko-fi: https://ko-fi.com/catacruthachadh !
(Please do read and share …

An alle Verantwortlichen hier, macht das bitte am Montag.

Ich empfehle, den Zugriff auf X (Twitter) zu sperren und Grok/X-Apps von verwalteten Endgeräten zu entfernen.

❗️Grund: Durch LLM-generierte sexualisierte Darstellungen von Kindern in Timelines besteht ein erhebliches strafrechtliches Risiko.
📱 App-Caching (Android/iOS) kann solche Inhalte lokal speichern – damit kann bereits strafbarer Besitz vorliegen, auch bei KI-Inhalten.

https://swiss.social/@tobi82/115875470402791248

🧬 Ethical question for the Fediverse: Do you have the right to upload your DNA if it exposes your non-consenting relatives?

In Episode 8, we argue that genetic privacy is collective. Your genome isn't a personal diary; it's a shared password for your entire family tree. By uploading it, you might be doxxing them to insurers and law enforcement.

Where do you draw the line?

🎧 Listen: https://impracticalprivacy.com

Podcast cover art for 'Impractical Privacy' featuring the title 'THE DNA MINEFIELD' in bold white text. The central illustration depicts a glowing green, digital DNA double helix winding vertically against a dark, technological background, surrounded by floating, spiky green mines. The host name 'Sudo' is written in a neon script font in the bottom right corner, with 'EPISODE 8' centered at the very bottom.

New blogpost: AI will compromise your cybersecurity posture
https://rys.io/en/181.html

The way “AI” is going to compromise your cybersecurity is not through some magical autonomous exploitation by a singularity from the outside, but by being the poorly engineered, shoddily integrated, exploitable weak point you would not have otherwise had on the inside.

LLM-based systems are insanely complex. And complexity has real cost and introduces very real risk.

1/🧵

As I suspected it probably would be, my bug bounty submission of using an AI email summarizer was closed as being 'infeasible' and an 'acceptable risk' with AI.

But still - I think it's an interesting finding, so I have written it up thus: https://mike-sheward.medium.com/recruiting-google-geminis-email-summarizer-as-a-phishing-aid-417055295ba7

TL;DR = I discovered how you can use Google Workspace's Google Gemini Email Summarizer to make a phishing attack seem more convincing, because it summarizes hidden content.

PSA: If you are running Laravel 12.x you should probably consider updating to 12.45 asap.

@Synchro has discovered and fixed a vulnerability with the remember me cookie, which may leak the password hash.

As I understand it (please correct me if I’m wrong!), I wouldn't consider this catastrophic (unless you disabled encrypted cookies, maybe) but I'd say you should prioritise fixing it nonetheless.

Personally I'm a little disappointed that this took Taylor almost a month to merge, and that it wasn't given any publicity by the team, but there we go …

The DEF CON Training Singapore course lineup is now live!

We’re thrilled to share the full slate of courses for the first-ever DEF CON Training Singapore! Join us in April for hands-on, skills-forward trainings led by top practitioners from across the community. Whether you’re sharpening fundamentals or diving deep into emerging threats and advanced techniques, there’s something here for you!

Explore the full lineup and course details here:
https://training.defcon.org/collections/singapore-2026

Spots go fast, so take a look, grab your seat, and get ready to learn and build.

Early bird pricing available now until February 8. See you in Singapore 🇸🇬

DEF CON Training Singapore Course Lineup is now LIVE!

New year, new password reset at work...

My new password is "NCSC advises against regular password expiry"

Actually TBF that was my old one, my new one is "NCSC advises against regular password expiry2"

Hello world.

I finally decided to park my digital dinosaur bones here on chaos.social.

I’ve been roaming the internet since 1996 and started breaking things around 2000, but honestly, after all these years, I still feel like I have no clue what I'm doing half the time.

I’m always up for a chat, so feel free to reach out if you want to talk shop or just complain about broken configs.

Currently tinkering with eInk devices

Another NZ I'd missed - !

The allegedly compromised data includes:
- Full names
- Email addresses
- Phone numbers
- Physical addresses and verified Neighborhood IDs
- GPS Coordinates (Latitude and Longitude)
- Biographies
- Account status details (isActive, isRegistered, isVerified)
- Private messages and forum posts (including subjects and body text)
- User timestamps (registeredAt, createdAt)

https://dailydarkweb.net/neighbourly-data-breach-150gb-of-user-data-and-messages-put-for-sale/