security
HAPPENING NOW: @mikalai presents 3NWeb + @privacysafe 😍 Watch @hopeconf #HOPE2025 #hacking #privacy #security https://www.youtube.com/watch?v=zxgoACKKH30
🤖 Most people still treat AI chatbots like a private confessional, but they aren’t. 😳 Every question is logged, stored, and potentially discoverable, sometimes even after you’ve deleted it. OpenAI, Google, and Anthropic all retain user prompts by default, often under the guise of “memory” or “service improvement.”
And here’s the kicker: a federal court order now forces OpenAI to preserve all ChatGPT conversations, including “Temporary” ones users assumed were erased. So the notion of ephemeral chats is gone. That should change how people think about what they type into these systems.
The bigger issue is that the line between “helpful personalization” and “permanent surveillance record” is blurring fast. What looks convenient today could look like an exposure tomorrow.
TL;DR
⚠️ AI queries are logged
🔐 Deleted chats still saved
🧠 “Memory” is default setting
📂 Court orders enforce retention
https://www.theregister.com/2025/08/18/opinion_column_ai_surveillance/
#AI #Privacy #DataSecurity #Surveillance #FRCP #EDRM #security #privacy #cloud #infosec #cybersecurity #LegalHold
🔐 Thank you for your Gold sponsorship of DjangoCon US 2025!
Their identity provider solutions help secure Django applications.
Glad to have you here in Chicago Sept 8-12!
Come join us at the Open Security Conference!
🗓️ Dates: 2025, October 2-5
📍 Location: Rückersbach, close to Frankfurt am Main, Germany
🌐 Website: https://opensecurityconference.org/
❓ FAQ: https://opensecurityconference.org/faq/
➡️ Register: https://register.opensecurityconference.org/
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Our devotion to privacy and security has led to these two noticeable features in iOS:
1. Permission prompt to access the clipboard (iOS 14)
2. Option to disable downloading icons in Passwords (iOS 26)
We have contributed to several bug fixes under the hood, but these two features are special because they surface in the UI. We are very proud that millions of users see the result of our work on their devices.
#Apple #privacy #security #infosec #cybersecurity
1/4
...🧵
STOLEN & CONCEALED NATIONAL DEFENSE DOCUMENTS CASE
Remember:
Cannon was deemed *unqualified* by the American Bar Association.
#DoJ filed a rebuke to Cannon, in what I think is a situation most ripe for an appeal to the Eleventh Circuit for her "clear error" and "manifest injustice."
#DoJ:
“She worked on almost no cases. She had very little courtroom experience. To find a case that actually she worked on and that resulted in a published opinion is in itself improbable... “It’s a brilliant maneuver..."
Unqualified #Judge keeps making bizarre rulings clearly favoring the man who appointed her, federal prosecutors have resorted to citing case law that Cannon should know for one major reason: She worked on it herself.
DoJ fired off a quiet shot across the bow at Cannon in a recent court filing—a filing that seeks to block Trump’s latest ploy to morph this criminal case into some kind of wild goose chase.
🧵 1️⃣
#traitor #traitortrump #crime #national #security #threat #DoJ #natsec
Mastodon 再次发布紧急安全更新。
请站长立刻更新。
更新描述为
安全性:修正对远端贴文的检查不足。
https://github.com/mastodon/mastodon/releases/tags/v4.2.7
目前暂时没有公开的安全告知:
https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36
#Mastodon #MastoAdmin #Security
@board @board@a.gup.pe
RE: https://tech.lgbt/users/ShadowJonathan/statuses/111940983829390502
My new article is out, this time it’s about internet-connected cameras, mostly being marketed as spy cameras. While the cameras themselves are very different, the common factor is the LookCam app used to manage them.
There is already a considerable body of research on these and similar P2P cameras, so it shouldn’t be a surprise that their security is nothing short of horrible. Still, how the developers managed to make all the wrong choices here on every level (firmware, communication protocol, cloud functionality) is quite something.
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
I’m excited to share my latest article, published in Forbes: Deepfakes And Social Engineering: A Growing Threat To Everyone.
This piece is personal to me because I’ve seen how quickly deepfake technology is moving from novelty to real-world attacks. It’s not just companies at risk—families are being targeted with AI-cloned voices and fake video calls.
In the article, I break down the real cases we’re seeing, why multifactor authentication (MFA) is essential, and what both organizations and individuals like you and me can do to protect ourselves.
In the piece, I cover:
🔍 Real-world scams driven by AI voice and video
🔐 Why multifactor authentication (MFA) is essential
📱 How both organizations and families can verify smarter
🧠 The mindset shift from trusting appearances to verifying identities
Deepfakes aren’t a future problem. They’re here. And the time to prepare is now.
https://www.forbes.com/councils/forbestechcouncil/2025/08/25/deepfakes-and-social-engineering-a-growing-threat-to-everyone/
#Forbes #cybersecurity #deepfakes #MFA #security #privacy #cloud #infosec #AI #leadership
@forbes @Forbes@newsie.social @forbestechcncl
Ukraine says it hacked Russia's Ministry of Defense
https://t.me/DIUkraine/3545 #infosec #cybersecurity #security
🤯 LIVE ON SEP 20: We're hosting another #surveillance and counter-surveillance workshop with @JohnKiriakou and @profdiggity
Sign up before it's sold out! 👇
https://ivycyber.com/product/cia-pov-john-kiriakou/
If you got a tip & need anonymity you can message me here. (i don’t respond to corporate flacks on signal)
Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.
"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.
Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:
Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.
After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."
Upgrade your systems now!
The xz package has been backdoored
https://archlinux.org/news/the-xz-package-has-been-backdoored/
I'm giving another #surveillance detection seminar in our intimate small classroom setting. Sign up for our full course at https://ivycyber.com/product/course-surveillance-defense/
Hey! Let's talk about #SSH and #security!
If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.
The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.
This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.
A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24
Let's dive in. 🧵
Somehow bot-detecting algorithms have been degrading over time.
This is a troubling trend because people who aren't using the anointed access points of the internet struggle more and more to connect and interact. Large entities like CloudFlare choke off more and more avenues of access in the name of "security", enforcing digital checkpoints without any accountability to anyone.
#dev #tech #web #bot #DarkPattern #security #infosec #cybersecurity #checkpoint
some people were saying #linux is insecure, even less than Windows
where do these claims come from? are they true? what can we users do? #security #cybersecurity
If you are the tech-savvy person within your family or friends group :
Never ever shame someone for coming to you for advice after being the victim of a scam, malware, or for using an unsecure product.
If you do this,
they might never come back to you later. They might just feel so ashamed they will just stay alone with their tech problems.
Instead, always tell them:
1. It was a good idea to come to you with this. Be empathetic with them 💚
2. Give them advice on how to minimize the damage now. Actionable advice 🚑
3. Help them harden their security for now and for the future. Recommend better products to them. But be careful not to overwhelm them with advice. One step at the time 🔒
4. Talk to them with respect and empathy. Tell them how the people who abused their trust are horrible and anyone can fall for the right scam. Remind them there are things to do to reduce the risks of being victimized again in the future, and help them slowly implementing these 💪
5. Be thankful they trusted you with this. It means they think highly of you 🥰
went down to the hotel lobby to retrieve my dinner delivery in a yoga outfit + snuggly cardigan + face mask.
some men with #RSAC2024 lanyards exited the elevator as I re-entered; they turned back to look at me and one said (very loudly, very pointedly staring at me) to the other, “I was like, did you hire me a hooker?”
if you are a man attending #rsac, please shut that kind of shit down when your peers do it. let’s not let insecurity rule our #security industry.
What is your favorite app for
Multifactor Authentication, and why do you like it most? 2️⃣✌️👀
#PSA #openssh #ssh #security
OpenSSH 高危漏洞
影响版本
8.5p1 <= OpenSSH < 9.8p1
处置建议
更新 OpenSSH > 9.8p1
或
LoginGraceTime=0
https://www.secrss.com/articles/67636?app=1
https://ubuntu.com/security/CVE-2024-6387
Libera IRC Channels Sorted by Number of Users
----
- 2 hours ago | 4 points | 0 comments
- URL: https://netsplit.de/channels/?net=Libera.Chat
- Discussions: https://news.ycombinator.com/item?id=40983500
- Summary: Libera.Chat, an IRC network, reported an average of 33,386 users and 23,157 chat rooms. Notable channels include #linux, #python, #archlinux, #ubuntu, #rust, #security, #kde, #debian, and #thelounge.
Top #Hezbollah commander killed in Israeli strike on #Beirut - 2 security sources
Top Hezbollah commander #IbrahimAqil was killed on Friday in an Israeli strike on Beirut's southern suburos, 2 #security sources told Reuters.
One of the sources said he was killed alongside members of Hezbollah's elite Radwan unit as they were holding a meeting.
#Israel #Lebanon #Iran #Gaza #MiddleEast #war #geopolitics
https://www.reuters.com/world/middle-east/top-hezbollah-commander-killed-israeli-strike-beirut-two-security-sources-2024-09-20/