Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>0xF21D</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@morattisec" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>morattisec</span></a></span> yeah, I think that <a href="https://infosec.space/tags/regulators" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>regulators</span></a> like <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> & <span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bsi</span></a></span> need to clamp down <em>way harder</em> on <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> and other <a href="https://infosec.space/tags/SaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaaS</span></a> as well as <a href="https://infosec.space/tags/CCSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCSS</span></a> than they do on <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> and make them own up to their <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> failures because unlike <a href="https://infosec.space/tags/OpebSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpebSource</span></a> they monopolize <a href="https://infosec.space/tags/SourceCodeAccess" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SourceCodeAccess</span></a> <em>and</em> also don't have the excuse of not being able to maintain it as they have billions on their hands and thousands of talented staff…</p>
#itsec
3 posts3 participants1 post today
Replied in thread
@BleepingComputer will they be liable for the costs and consequences amidst this #breach as that is evidently dependant on their gross neglect in terms of #ITsec, #InfoSec& #OpSec?
- If not, why?
Imagine This:
You are security researcher
You don't have a #PGP pubkey nor #XMPP+#OMEMO setup
You insist on using #Signal and/or #Telegram and/or #ProtonMail
What are you?
- An #ITsec - #Cosplayer??
Replied in thread
@itnewsbot I'm shure all big #ITsec sites archive that...
re: Apple & Ethics
That cybersec expert I met recently agreed that what computers need is an immune system; a way to know "Me" from "Not me", even for stuff inside the system - current security can only try to stop "Not me" from getting in; once inside the defenses, it runs right alongside actual "Me" code.
In that light AI, and especially agents, is literally the opposite of a computer immune system.
Which is just one of the legio reasons it's such a bad idea.
Guten Morgen aus der Webinar-Moderation. Die nächsten Tage sitze ich offenbar in einem Online-Kurs zu #SAP-Hacking und Security und ich bin noch nicht sicher, ob ich das alles so genau wissen will. 
#ITSec #ITSecurity #Hacking
Replied in thread
@Dendrobatus_Azureus personally, I think it's high time that #ISPs will force customers to take #ITsec seriously and terminate connections upon abuse reports.
Not that I'd take #AbuseReports by #RogueISP|s like #CloudFlare serious anyway but I've yet to find any #ISP that doesn't allow them to terminate services at any time without warning if the services are used against their ToS and every #B2C / #consumer ISP explicitly bans #DDoS, #malware distribution and #hacking in said Terms of Service.
- And yes I've seen cases where ISPs (most notably #DTAG) did terminate connectivity following a malware infection and #Spamming from a consumer's #DSL line.
Sounds harsh but #LackOfAccountability & #LackOfConsequences got us here!
#McDonald’s #AI Hiring #Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the #Password ‘123456’
Basic #security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm https://Paradox.ai.
https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
https://archive.ph/1Y8Oq
#ITSec
paradox.aiConversational hiring software that gets work done for you — ParadoxWe believe every great hire starts with hello. Our conversational software automates recruiting tasks like screening, interview scheduling, and onboarding to get your candidates from hello to hired faster, and easier, than ever.
For my English speaking friends:
https://www.norran.se/english/engelska/artikel/cyberattack-strikes-skelleftea-hackers-demand-ransom/re7g4kyj
The strikes is not only hitting Skellefteå. It is nation wide.
Norran · Cyberattack strikes Skellefteå: hackers demand ransom
A summary of the #xzutils #backdoor for #TechIlliterates....
#TLDW: Never underestimate "weapons-grade autism" when it comes to finding #sus stuff...
Replied in thread
@technadu that's actually a pretty good deal...
- He just made the cardinal sin of getting caught!
OSINT confirms that #Qubic is lying and did not achieve a #51Percent majority in the #Monero network.
- Which I was already certain didn't happen!
At peak they had 40%, and as of that post only about 30%
- Which is still too much but still…
#TLDR: Qubic used "#SelfishMining" and had a streak of luck! Not to mention said blicks didn't get included in the blockchain anyway, so all it did was "#LyingWithNumbers" in some stats that rely on self-reported claims instead of actual evidence.
- There's even a writeup on how they faked their hashrate…
IOW: Just because one got 51 of 100 blocks at some arbitrary timeframe doesn't mean one "owns" 51% of the network hashrate!
- It's just short-term luck and is also known as "Gambler's Fallacy"...
Already the cost of this operation is estimated to be U$D 150M per day to fake sad #51PercentAttack and the success entirely predicated on #FUD.
- I hope #shitcoin - "#apes" get their brains wrikly and start hammering these #PumpAndDump - #Scammers back hard...
Replied in thread
@molly0xfff and even if said Person/Company disliked the reporting, unless they're doing #Monero it would be trivial to search and find said details, espechally since they're not some smol retail investor nor darknet drug lord, so yeah...
- That's why "#dusting" as a form of #harrassment is even possible: There is no #privacy with #shitcoins!
https://www.youtube.com/watch?v=x7gaqhF-wrQ&t=4m48s
https://web.archive.org/web/20230407103343/https://ofac.treasury.gov/faqs/1078
Replied in thread
@AeonCypher yeah...
Teaching #TechLiteracy at like a #CryptoParty will do more in terms of #ITsec, #InfoSec, #OpSec & #ComSec than any #UK #Cyberfacism will.
- Help kids become the 10X 1337h@x0rz the #NCA is afraid of...
Hm. Vor paar Tagen massive Einbruchsversuche in meinen dovecot (POP3), und zwar mit einer Mailadresse, die ich nur gegenüber einer bestimmten Firma angegeben habe. Ich leg mir tatsächlich mittlerweile für jede Firma/Orga eigene Mailadressen unter meiner Domain an.
Firma behauptet: Bei uns isse nich' weggekommen, es sei alles dicht und auf dem aktuellen Stand.
Un' nu?
Ihr Lieben, die #Neuauflage von "Dann haben die halt meine Daten. Na und?!" #NaUndDasBuch ist im Werden. Was sind eurer Meinung nach Themen, die jetzt beim #Überarbeiten keinesfalls fehlen sollten?
#Datenschutz #TeamDatenschutz #ITSec #Computerliteracy #Internetliteracy
RT welcome.
Replied in thread
@HonkHase leider war das abzusehen.
#ITsec ist bei #BOS|en wie #Feuerwehr auch eher unbekannt.