@SwiftOnSecurity@infosec.exchange avatar

SwiftOnSecurity

@SwiftOnSecurity@infosec.exchange

Official: https://twitter.com/swiftonsecurity/status/1588670921489125377
Bio:
computer security person at a place. former helpdesk. they/them/tay. Microsoft MVP, Client Security

Dieses Profil is von einem föderierten Server und möglicherweise unvollständig. Auf der Original-Instanz anzeigen

SwiftOnSecurity , an Random Englisch
@SwiftOnSecurity@infosec.exchange avatar

Happy Birthday to the #1 country in the world for 1776 years 🇺🇸🦅

catsalad , an Random Englisch
@catsalad@infosec.exchange avatar

Great success! :)

Parasite , an Random Englisch
@Parasite@kolektiva.social avatar

Until we collectively understand that being oppressed isn’t a cover for being unethical we are doomed as a society.

jk , an Random Englisch
@jk@mastodon.social avatar

1990s: enthusiastic schoolteacher voice the computer is a place where anything can happen

2020s: grizzled, world-weary army sergeant voice the computer is a place where anything can happen

GossiTheDog , an Random Englisch
@GossiTheDog@cyberplace.social avatar

Good find by Elastic - possibly North Korean based threat actors using an unfixed bug in Windows to execute code, undetected across all vendors until that point (and as of writing only Elastic detect still)

They’ve named it GrimResource https://www.elastic.co/security-labs/grimresource

GossiTheDog OP ,
@GossiTheDog@cyberplace.social avatar

@SwiftOnSecurity essentially. I was looking at VirusTotal just now, apparently .msc misuse has been supercharged for a while now, e.g. I can see red teams using WebDAV paths in icon parameters to get SMB hashes

krypt3ia , an Random Englisch
@krypt3ia@infosec.exchange avatar

https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/

arturo182 , an Random Englisch
@arturo182@mastodon.social avatar

I triple-question myself over every decision meanwhile at a $1 billion valued company:

If you want to know how a company makes it all the way to market with such an out-of-touch, poorly performing product, the Times interviewed "23 current and former employees, advisers and investors," and their anecdotes shed a lot of light on how this can happen. The two founders apparently "preferred positivity over criticism, leading them to disregard warnings about the AI Pin’s poor battery life and power consumption. A senior software engineer was dismissed after raising questions about the product, they said, while others left out of frustration." After that software engineer was fired for questioning if the AI pin would be ready for launch, the report describes a staff meeting where the founders "said the employee had violated policy by talking negatively about Humane." It's hard to make a good product if you can't honestly talk about the negatives and positives for fear of retaliation.
ALT
  • Antworten
  • Erweitern (1)
  • Einklappen (1)
    • jalefkowit ,
    @jalefkowit@vmst.io avatar

    @arturo182 There is nothing VCs love to see more in a founder than blind, unreasoning confidence, which is kind of weird when that is also a defining personality characteristic of successful frauds

    SwiftOnSecurity , (Bearbeitet ) an Random Englisch
    @SwiftOnSecurity@infosec.exchange avatar

    Used to be you could order free Ubuntu CD’s. Their first release proved controversial. I got like 48 of them as a teen. They’re now going for $10+.
    Ubuntu is a Zulu word for an African philosophy of interconnectedness, which is the theme they were going for.

    foo ,
    @foo@fosstodon.org avatar

    @SwiftOnSecurity I’ve still got some of them. Even have the AMD64/PowerPC variants, which are probably even more rare.

    theregister Bot , an Random Englisch
    @theregister@geeknews.chat avatar

    Chinese national cuffed on charges of running 'likely the world's largest botnet ever'

    DoJ says 911 S5 crew earned $100M from 19 million PCs pwned by fake VPNs US authorities have arrested the alleged administrator of what FBI director Christopher Wray has described as "likely the world's largest botnet ever," comprising 19 million compromised Windows machines used by its operators to reap mill…
    #theregister #IT
    https://go.theregister.com/feed/www.theregister.com/2024/05/29/911s5_botnet_arrest/

    SwiftOnSecurity , an Random Englisch
    @SwiftOnSecurity@infosec.exchange avatar

    There’s a YouTube Guy for everything

    image/jpeg
    image/jpeg
    image/jpeg

    eri ,
    @eri@moth.zone avatar

    @SwiftOnSecurity engineer guy is so good. dude uploads like once every 5 years and each video is worth the wait

    HowardGees , an Random Englisch
    @HowardGees@mastodonapp.uk avatar

    How do you break an AI that's trying to analyse what's on your monitor?
    Looks like @SwiftOnSecurity was ahead of the game (again).

    Two massive curved monitors filled with a spreadsheet.

    GossiTheDog , an Random Englisch
    @GossiTheDog@cyberplace.social avatar

    For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

    From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

    Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

    video/mp4

    GossiTheDog OP ,
    @GossiTheDog@cyberplace.social avatar

    Turns out speaking out works.

    Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually encrypting the database.

    There is obviously going to be devils in the details - potentially big ones.

    Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs.

    https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-concerns

    astrid , an Random Englisch
    @astrid@fedi.astrid.tech avatar
    astrid OP ,
    @astrid@fedi.astrid.tech avatar

    v2

    dko , an Random Englisch
    @dko@infosec.exchange avatar

    stealing memes is a fake idea in the first place





    P.S. if you repost and write good alt text, the meme is yours forever

    dko OP ,
    @dko@infosec.exchange avatar
    jonny , an Random Englisch
    @jonny@social.coop avatar

    More fun publisher surveillance:
    Elsevier embeds a hash in the PDF metadata that is unique for each time a PDF is downloaded, this is a diff between metadata from two of the same paper. Combined with access timestamps, they can uniquely identify the source of any shared PDFs.

  • Alle
  • Abonniert
  • Moderiert
  • Favoriten
  • random
  • haupteingang
  • Alle Magazine
    •