percepticon, to Cybersecurity
@percepticon@ioc.exchange avatar
Kovah, to infosec
@Kovah@mastodon.social avatar

Wow, this phishing attempt ALMOST got me.

Stay safe.

image/jpeg

QubesOS, to random
@QubesOS@mastodon.social avatar
chiefgyk3d,
@chiefgyk3d@social.chiefgyk3d.com avatar

@QubesOS @debian well... I guess that will be one of my upcoming Twitch streams. Who wants to hang out with me as I completely reinstall Qubes OS on my @purism Librem 14 laptop with the Librem Key. May as well do it before @defcon now and get the @mullvadnet and @yubico set back up. Plus I am migrating from Ledger to Trezor.

chiefgyk3d, to Twitch
@chiefgyk3d@social.chiefgyk3d.com avatar

I'll be making a new account on this server solely for my bot testing for my API tinkering so I don't accidentally spam my account feed. Because I am planning to do some live tinkering to improve my Twitch stream alerter for Mastodon as Snyk.io is screaming at me for some security fixes, and I need to update the libraries used and get it working with a secrets manager and AWS Lambda. I'll livestream some of the tinkering on in a few weeks https://github.com/ChiefGyk3D/twitch-and-toot/tree/main

sanjaymenon, to infosec
@sanjaymenon@mastodon.social avatar

"YARA is dead, long live YARA-X!" 🎉

After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.


https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html

juliewebgirl, to ai
@juliewebgirl@mstdn.social avatar

HOW DO I TURN OFF guessing...

I mean the lame

""

BULLSHIT at the top when I Google something???

Fucking sponsored shit I can ignore.

This is...

Clippy on steroids!!

Stop pretending you know the answers when you don't. Give me the link to the goddamn page you're stealing that info from and STFU!! 🤬🤬🤬

@elfin

percepticon, to Cybersecurity
@percepticon@ioc.exchange avatar
percepticon, to Cybersecurity
@percepticon@ioc.exchange avatar
BootsChantilly, to infosec
@BootsChantilly@mstdn.social avatar

"The bottom line is that when you need to redact text, use black bars covering the whole text. Never use anything else. No pixelization, no blurring, no fuzzing, no swirling. Oh, & be sure to actually edit the text as an image." https://bishopfox.com/blog/unredacter-tool-never-pixelation

percepticon, to Cybersecurity
@percepticon@ioc.exchange avatar
WhyNotZoidberg, (edited ) to microsoft
@WhyNotZoidberg@topspicy.social avatar

Having an AI ("Windows Recall" is enabled by default) that tracks every move you do on your computer and of course has no filter (Microsoft's own FAQ clearly states it will remember every password you type) is idiotic. But Tech bros are frothing at the mouth for anything AI so here we are.

#Microsoft #AI #InfoSec #Security #WIndows #Windows11 #Linux

WhyNotZoidberg,
@WhyNotZoidberg@topspicy.social avatar

Looking at this I am almost certain #Microsoft will have to walk this back. European companies, and the EU, will put pressure on them if not American companies will.
#AI
#InfoSec
#Security
#WIndows
#Windows11
#Linux

shansterable, to technology
@shansterable@c.im avatar

Following a bunch of techies on Mastodon be like:

I am a run-of-the-mill Android-phone-Windows-desktop-Gmail-user but now I'm in the process of transitioning from Gmail and using Duck Duck Go to research how to set up a Linux desktop.

Oh, and also now Signal-curious.

What is this place? Some kind of privacy cult LOL?

jbzfn, to infosec
@jbzfn@mastodon.social avatar

🔎 flawz: A Terminal UI for browsing security vulnerabilities (CVEs) | @orhun

"As default it uses the vulnerability database (NVD) from NIST and provides search and listing functionalities in the terminal with different theming options."

https://github.com/orhun/flawz

percepticon, to Cybersecurity
@percepticon@ioc.exchange avatar
protonprivacy, to infosec
@protonprivacy@mastodon.social avatar

In this month’s we recommend “If It's Smart, It's Vulnerable” by expert Mikko Hypponen.

The book includes:
📚 an overview of how the Internet became what it is
🌏 discussions on the legal and geopolitical aspects of
🛑 a comprehensive overview of the multitudes of threats lurking on the web

And it’s all peppered with real-life stories from Hypponen’s 3-decade-long career: https://www.ifitssmartitsvulnerable.com/

cigitalgem, to infosec
@cigitalgem@sigmoid.social avatar
reederm, to ai
@reederm@qoto.org avatar

Does HIPAA Even Exist for Large Corporations? -- PART 2

Today I got my official reply to my HHS Office of Civil Rights complaint of 5/3/24 against CVS for violating HIPAA regulations. The minor and rather impressive miracle here is that I got a signed letter from an attorney in only 17 days with relevant regulations and interpretations attached. Good so far.

The result was that they are not going to pursue a formal complaint -- instead they are going to "resolve this matter informally through the provision of technical assistance to CVS."

HHS OCR points out that "a covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of PHI in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure.... Further, under the Security Rule, with certain exceptions, the use of encryption is addressable; i.e., not mandatory." [red emphasis mine]

HHS further states under Reasonable Safeguards that "It is not expected that a covered entity’s safeguards guarantee the privacy of protected health information from any and all potential risks. Reasonable safeguards will vary from covered entity to covered entity depending on factors, such as the size of the covered entity and the nature of its business."

If HHS OCR actually in fact offers this technical assistance in a meaningful way, that WOULD satisfy my complaint -- not that anyone is asking me. This was almost certainly a stupid screw-up by someone in CVS Info Tech programming the canned computer "after visit summary" process to send out way too much information in unencrypted format to people who received a COVID booster at a CVS. If CVS STOPS doing this, I'm good.

To recap -- I received an after-visit summary not only listing what COVID booster med I received, but also my DOB, home address, and all the answers to my screening questionnaire including my answers to whether or not I have ever had a seizure, a bleeding disorder, am currently pregnant, am immunocompromised (including from cancer), have a history of myocarditis, and many other questions.

I will waste my time writing HHS OCR back to thank them and to remind them that to the best of my knowledge I never signed a release for disclosure (which apparently has no legal bearing here?), and that in this new age of AI every major tech company is incorporating AI into EVERYTHING. If I had a Gmail account, Google would have all my medical information from this CVS after visit summary email and likely would be utilizing AI to monetize it in some way.

I suppose the good news here for small psychotherapy practices is that if this is close to acceptable practice for even a giant company like CVS, then maybe we have little to worry about when it comes to client privacy. Heck -- why not just email client PHI to them without getting releases first? Why have encrypted client portals for communication?

-- Michael

**Does HIPAA Even Exist for Large Corporations? -- PART 1**

I don't care if anyone knows I just got a COVID vaccine. Most people don't care.

However, CVS Pharmacy just sent me an after-visit report across unencrypted Internet to my email address.

The form included such fields as:  
-- My Full Name  
-- **DATE OF BIRTH!**  
-- My Full Home Address  
-- Medication Administered  
-- Date and Time of Appointment  
-- Name of Pharmacist I saw  
-- Name of Doctor at CVS overseeing it all  
-- Name and Address of my Primary Care Doctor

Also:  
-- All the answers to my *screening questionnaire!* including my yes/no answers to multiple medical conditions such as heart problems, immunocompromise, seizures & other brain problems, and pregnancy.  
   
So many things wrong here. This is almost enough information for identity theft (lacking only SSN). It gives away LOTS of my medical information. If I had a Gmail email address, Google would now have all this information. What if I was a pregnant female in the southern USA where Attorney Generals are starting to track state of pregnancy for later prosecution if women go out-of-state for abortions or have a suspicious (to them) miscarriage?

**How does CVS get away with this when smaller medical offices have to be so careful?**

Michael Reeder, LCPC

#AI #EHR #medicalnotes #progressnotes #healthcare #patientportal #HIPAA #dataprotection #infosec @infosec@a.gup.pe #doctors #hospitals #CVS #COVID #sars-cov-2 #longcovid #severecovid#covidisnotover #pharmacy #vaccine
vwbusguy, to infosec
@vwbusguy@mastodon.online avatar

Found by two UC students!

The Verge: Two students find security bug that could let millions do laundry for free
https://www.theverge.com/2024/5/19/24160383/students-security-bug-laundry-machines-csc-serviceworks

percepticon, to Cybersecurity
@percepticon@ioc.exchange avatar
chiefgyk3d, to infosec
@chiefgyk3d@social.chiefgyk3d.com avatar

Live now on Twitch with Upcoming Plans | Tiktok Update | Cybersecurity and Chill | Gaming on Linux | Helldivers 2. Join in: https://twitch.tv/chiefgyk3d

tech, to tech
@tech@unfufadoo.net avatar
percepticon, to Cybersecurity
@percepticon@ioc.exchange avatar
tripleo, to random
@tripleo@fosstodon.org avatar

All you nutcases still using , what's actually wrong with it?

aka What are the sharp edges?

mjgardner,
@mjgardner@social.sdf.org avatar

@tripleo You’re thinking of ’s “taint mode” (stop your teenage giggling), where outside data is untrusted unless it’s the extracted subpattern match in a .

It’s only enabled under certain conditions. Read about it in the perlsec manual page: https://perldoc.perl.org/perlsec#Taint-mode

mjgardner,
@mjgardner@social.sdf.org avatar

@tripleo Like I said in https://social.sdf.org/@mjgardner/112476483573909633, the only feature built in to for untrusted data is taint mode.

You might have heard of it or used it 25 years ago with simple scripts (and that still works!) but as I said in https://social.sdf.org/@mjgardner/112481166820565063, it breaks a lot of modern code.

It’s also no silver bullet: a taint failure is a fatal exception and it’s up to the developer to handle that gracefully.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • InstantRegret
  • Youngstown
  • khanakhh
  • slotface
  • Durango
  • rosin
  • thenastyranch
  • kavyap
  • osvaldo12
  • anitta
  • everett
  • ethstaker
  • cubers
  • tacticalgear
  • tester
  • modclub
  • ngwrru68w68
  • provamag3
  • normalnudes
  • cisconetworking
  • Leos
  • megavids
  • lostlight
  • All magazines