security
HAPPENING NOW: @mikalai presents 3NWeb + @privacysafe 😍 Watch @hopeconf #HOPE2025 #hacking #privacy #security https://www.youtube.com/watch?v=zxgoACKKH30
🤖 Most people still treat AI chatbots like a private confessional, but they aren’t. 😳 Every question is logged, stored, and potentially discoverable, sometimes even after you’ve deleted it. OpenAI, Google, and Anthropic all retain user prompts by default, often under the guise of “memory” or “service improvement.”
And here’s the kicker: a federal court order now forces OpenAI to preserve all ChatGPT conversations, including “Temporary” ones users assumed were erased. So the notion of ephemeral chats is gone. That should change how people think about what they type into these systems.
The bigger issue is that the line between “helpful personalization” and “permanent surveillance record” is blurring fast. What looks convenient today could look like an exposure tomorrow.
TL;DR
⚠️ AI queries are logged
🔐 Deleted chats still saved
🧠 “Memory” is default setting
📂 Court orders enforce retention
https://www.theregister.com/2025/08/18/opinion_column_ai_surveillance/
#AI #Privacy #DataSecurity #Surveillance #FRCP #EDRM #security #privacy #cloud #infosec #cybersecurity #LegalHold
Come join us at the Open Security Conference!
🗓️ Dates: 2025, October 2-5
📍 Location: Rückersbach, close to Frankfurt am Main, Germany
🌐 Website: https://opensecurityconference.org/
❓ FAQ: https://opensecurityconference.org/faq/
➡️ Register: https://register.opensecurityconference.org/
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Our devotion to privacy and security has led to these two noticeable features in iOS:
1. Permission prompt to access the clipboard (iOS 14)
2. Option to disable downloading icons in Passwords (iOS 26)
We have contributed to several bug fixes under the hood, but these two features are special because they surface in the UI. We are very proud that millions of users see the result of our work on their devices.
#Apple #privacy #security #infosec #cybersecurity
1/4
...🧵
STOLEN & CONCEALED NATIONAL DEFENSE DOCUMENTS CASE
Remember:
Cannon was deemed *unqualified* by the American Bar Association.
#DoJ filed a rebuke to Cannon, in what I think is a situation most ripe for an appeal to the Eleventh Circuit for her "clear error" and "manifest injustice."
#DoJ:
“She worked on almost no cases. She had very little courtroom experience. To find a case that actually she worked on and that resulted in a published opinion is in itself improbable... “It’s a brilliant maneuver..."
Unqualified #Judge keeps making bizarre rulings clearly favoring the man who appointed her, federal prosecutors have resorted to citing case law that Cannon should know for one major reason: She worked on it herself.
DoJ fired off a quiet shot across the bow at Cannon in a recent court filing—a filing that seeks to block Trump’s latest ploy to morph this criminal case into some kind of wild goose chase.
🧵 1️⃣
#traitor #traitortrump #crime #national #security #threat #DoJ #natsec
Mastodon 再次发布紧急安全更新。
请站长立刻更新。
更新描述为
安全性:修正对远端贴文的检查不足。
https://github.com/mastodon/mastodon/releases/tags/v4.2.7
目前暂时没有公开的安全告知:
https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36
#Mastodon #MastoAdmin #Security
@board @board@a.gup.pe
RE: https://tech.lgbt/users/ShadowJonathan/statuses/111940983829390502
I’m excited to share my latest article, published in Forbes: Deepfakes And Social Engineering: A Growing Threat To Everyone.
This piece is personal to me because I’ve seen how quickly deepfake technology is moving from novelty to real-world attacks. It’s not just companies at risk—families are being targeted with AI-cloned voices and fake video calls.
In the article, I break down the real cases we’re seeing, why multifactor authentication (MFA) is essential, and what both organizations and individuals like you and me can do to protect ourselves.
In the piece, I cover:
🔍 Real-world scams driven by AI voice and video
🔐 Why multifactor authentication (MFA) is essential
📱 How both organizations and families can verify smarter
🧠 The mindset shift from trusting appearances to verifying identities
Deepfakes aren’t a future problem. They’re here. And the time to prepare is now.
https://www.forbes.com/councils/forbestechcouncil/2025/08/25/deepfakes-and-social-engineering-a-growing-threat-to-everyone/
#Forbes #cybersecurity #deepfakes #MFA #security #privacy #cloud #infosec #AI #leadership
@forbes @Forbes@newsie.social @forbestechcncl
Ukraine says it hacked Russia's Ministry of Defense
https://t.me/DIUkraine/3545 #infosec #cybersecurity #security
🤯 LIVE ON SEP 20: We're hosting another #surveillance and counter-surveillance workshop with @JohnKiriakou and @profdiggity
Sign up before it's sold out! 👇
https://ivycyber.com/product/cia-pov-john-kiriakou/
If you got a tip & need anonymity you can message me here. (i don’t respond to corporate flacks on signal)
Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.
"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.
Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:
Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.
After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."
Upgrade your systems now!
The xz package has been backdoored
https://archlinux.org/news/the-xz-package-has-been-backdoored/
Hey! Let's talk about #SSH and #security!
If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.
The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.
This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.
A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24
Let's dive in. 🧵
some people were saying #linux is insecure, even less than Windows
where do these claims come from? are they true? what can we users do? #security #cybersecurity
If you are the tech-savvy person within your family or friends group 
:
Never ever shame someone for coming to you for advice after being the victim of a scam, malware, or for using an unsecure product.
If you do this,
they might never come back to you later. They might just feel so ashamed they will just stay alone with their tech problems.
Instead, always tell them:
1. It was a good idea to come to you with this. Be empathetic with them 💚
2. Give them advice on how to minimize the damage now. Actionable advice 🚑
3. Help them harden their security for now and for the future. Recommend better products to them. But be careful not to overwhelm them with advice. One step at the time 🔒
4. Talk to them with respect and empathy. Tell them how the people who abused their trust are horrible and anyone can fall for the right scam. Remind them there are things to do to reduce the risks of being victimized again in the future, and help them slowly implementing these 💪
5. Be thankful they trusted you with this. It means they think highly of you 🥰
went down to the hotel lobby to retrieve my dinner delivery in a yoga outfit + snuggly cardigan + face mask.
some men with #RSAC2024 lanyards exited the elevator as I re-entered; they turned back to look at me and one said (very loudly, very pointedly staring at me) to the other, “I was like, did you hire me a hooker?”
if you are a man attending #rsac, please shut that kind of shit down when your peers do it. let’s not let insecurity rule our #security industry.
What is your favorite app for
Multifactor Authentication, and why do you like it most? 2️⃣✌️👀
#PSA #openssh #ssh #security
OpenSSH 高危漏洞
影响版本
8.5p1 <= OpenSSH < 9.8p1
处置建议
更新 OpenSSH > 9.8p1
或
LoginGraceTime=0
https://www.secrss.com/articles/67636?app=1
https://ubuntu.com/security/CVE-2024-6387
Libera IRC Channels Sorted by Number of Users
----
- 2 hours ago | 4 points | 0 comments
- URL: https://netsplit.de/channels/?net=Libera.Chat
- Discussions: https://news.ycombinator.com/item?id=40983500
- Summary: Libera.Chat, an IRC network, reported an average of 33,386 users and 23,157 chat rooms. Notable channels include #linux, #python, #archlinux, #ubuntu, #rust, #security, #kde, #debian, and #thelounge.
Top #Hezbollah commander killed in Israeli strike on #Beirut - 2 security sources
Top Hezbollah commander #IbrahimAqil was killed on Friday in an Israeli strike on Beirut's southern suburos, 2 #security sources told Reuters.
One of the sources said he was killed alongside members of Hezbollah's elite Radwan unit as they were holding a meeting.
#Israel #Lebanon #Iran #Gaza #MiddleEast #war #geopolitics
https://www.reuters.com/world/middle-east/top-hezbollah-commander-killed-israeli-strike-beirut-two-security-sources-2024-09-20/
#Hezbollah exploding #pager trail runs from #Taiwan to #Hungary
A snr Lebanese #security source identified a photograph of the model of the pager, an AR-924.
The source said the #pagers had been modified by #Israel's spy service, #Mossad, "at the production level."
"The Mossad injected a board inside of the device that has explosive material that receives a code. It's very hard to detect it through any means.”
#lebanon #geopolitics
https://www.reuters.com/world/middle-east/israel-planted-explosives-hezbollahs-taiwan-made-pagers-say-sources-2024-09-18/
I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:
https://sethmlarson.dev/slop-security-reports?utm_campaign=mastodon
Urgent Warning for Fedi Admins
We've discovered an ongoing Denial-of-Service attack against Misskey-based instances. The attacks exploit a zero-day vulnerability impacting Misskey, Sharkey, IceShrimp, and other related software. Patches are in progress and will be released ASAP. We encourage all admins to update immediately!
Note: this is a different vulnerability from the ones that were recently announced! You should update today and again tomorrow at the scheduled time.
Update: Sharkey version 2024.9.2 has been released with a patch. You can get the update here: https://activitypub.software/TransFem-org/Sharkey/-/releases/2024.9.2
#Misskey #Sharkey #IceShrimp #FediAdmins #Security
I hope it is no surprise when I tell you that you don't have #privacy and #digitalsovereignty (and #security) if you do not have the right #motivation as well as the #knowledge and/or #money to act accordingly.
Therefore, most people are excluded here because of at least one reason.
In that sense, #postprivacy has arrived long time ago.
https://karl-voit.at/tags/privacy/
https://karl-voit.at/tags/security/
https://karl-voit.at/tags/pim/
https://karl-voit.at/cloud-data-conditions/