avuko

@avuko@infosec.exchange

Everybody wants to be a warrior,
nobody wants to be a nurse.
Move slow and make things.
STIX or it didn't happen.
he/him :donor:

#ThreatIntel #BlueTeam #InfoSec #CTI #DFIR #OSCP #OSCE #GCFA #ISO8601 #ActuallyAutistic#SecularBuddhist #ENTJ-A #SolarPunk #Historian #Dutch #PublicServant

Header image: statues of tyrannicides Harmodius and Aristogeiton, photo by Miguel Hermoso Cuesta
Avatar image: screenshot of the braille Unicode for “As” (⠠⠵) which looks like a glider from the Game of Life.

auto-delete >7 days

This profile is from a federated server and may be incomplete. Browse more on the original instance.

krypt3ia, to random

So yeah, last night I was in a funk due to the whole applying for jobs fuckery, asking me my sexual preferences (once again, how is this fucking legal to even ask?) Then, the whole call from a recruiter but an email from the automated system saying nyet, no interview.

My friends, it is definitely fucked up out there and it's only gonna get worse.

I tell you though, I took a nice pot gummy (half of one, mango flavored) and within a half hour, I was mellowed out and helped.

If you are stressed, half a gummy can do wonders.

Today, I am getting back on the horse and gonna tilt this fucking windmill of unemployment again. This time, I have been working with the LLM to game the fucking automated application systems.

Fuck this, gonna hack this shit and get a job.

avuko,

@krypt3ia sorry to hear this, and besides asking for things which are non of their business (in NL it is normal to ask for or supply without asking the relationship status. Why!?) I’m appalled at the “let’s test out the LLM on job applications.” I thought that was a myth!

Besides the clear and publicly displayed lack of basic technical understanding of every single person involved in that monstrous “let’s do selection based on AI” idea, if I had to pick ONE field where biases are deeply rooted, clear as day and have immediate and real-world implications, it would literally be hiring processes.

Who in the living hell looked at that and thought: “you know what would work well? LLMs!”

Only greed and privilege can fuel evil like this.

avuko,

@krypt3ia so it is either an automated bias, or a social bias. Utter fuckery

avuko,

@krypt3ia

Gif with a person hanging out of a car window shouting “hack the planet!” From “Hackers,” the 1995 cult classic.

ElleGray, (edited ) to random
@ElleGray@mstdn.social avatar

whenever my boss says "think of the big picture, elle" I'm immediately an astronaut floating silently in space tethered to my ship looking down on earth, and nothing he wants seems important or even relevant really so this strategy has backfired on him more than once is what I'm saying

avuko,

@ElleGray if he ever shifts to “making an impact”, just imagine yourself back up there, but now with a tungsten rod in your hands… 😉

avuko, (edited ) to random

I’m sitting in a “high class” (read: white, rich, boomer) establishment, and the complaining is insufferable.

Alcohol and feeling safe amongst their peers (I’m a white man of a certain age, so I blend in) probably makes them say all the quiet things out loud.

Subject of ridicule include:
• Dutch historical figures being removed as namesakes of streets etc.
• transgender people
• inclusion programmes
• young people who don’t want or can’t handle their “feedback” and advise
• addendum: bad snow in ski resorts
• 2nd addendum: climate activists

And I am left wondering how ANY of that in any way would or could EVER impact even a second of their lives.

But clearly that is not how they perceive it. Maybe it is true that if all you’ve known is privilege, even a tiny step towards equality really feels like a threat to your very livelihood or even existence.

avuko, (edited ) to psychology




Please interpret both “emotionally” and “physically” however you like, and feel free to respond in the comments.

If you identify as (mostly) male, did you feel your father is/was:

Sapristiki, to Cybersecurity Dutch

Maar even serieus, had Omtzigt nu echt een bericht via WhatsApp gestuurd om door te geven dat hij zich terugtrok uit het informatieproces?

Ik lees dat om sommige plekken. Op andere plekken staat slechts "appje".

Ik mag toch hopen dat communicatie over staatszaken niet via WhatsApp gaat, maar via een veiliger berichtenservice?

avuko,

@Sapristiki

https://open.overheid.nl/documenten/5e5e1d84-97bc-4fec-a38f-2ac4f0d11410/file
Ze gebruiken het allemaal.

Op zich niet heel erg vind ik (onderliggende protocol is veilig genoeg, hoewel ik liever niet heb dat mijn overheid afhankelijk is van Meta), als het maar gearchiveerd wordt. 🤷🏻‍♂️

Wat ik wèl problematisch vind, is dat er door de selectie “sms, iMessage en WhatsAppberichten”, zaken zoals Threema, Signal–en God verhoede Telegram–buiten beeld blijven. Ik zou wet- en regelgeving over archivering non-protocol specifiek willen houden.

@avhuffelen

avuko,

@Sapristiki @avhuffelen je zou het denken hè? 😂

Maar overheid noch bedrijfsleven hebben hier een goed antwoord (met voldoende draagvlak) op, althans niet voor zover ik weet (en ik heb al heel wat organisaties van binnen gezien).

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

Enjoying this fully patched Ivanti Pulse Connect box (yes, the kernel has dirty in it)

Linux version 2.6.32-00366-gsd3b182-dirty - December 2009

curl 7.19.7 2009-11-04 (14 years)
openssl 1.0.2n-fips 2017-12-07 (6 years)
perl 5.6.1 2001-04-09 (23 years)
psql 9.6.14 2019-06-20 (5 years)
cabextract 0.5 2001-08-20 (22 years)
ssh 5.3p1 2009-10-01 (14 years)
unzip 6.00 2009-04-29 (15 years)

avuko,

@fencepost @GossiTheDog the only thing they updated consistently on that thing is the corporate logos.

avuko,

@GossiTheDog @postmodern noticed python modules in the licences. Any idea where those are used?

https://infosec.exchange/@postmodern/111902953325063485

avuko,

@postmodern @GossiTheDog

If I read this right, they see python used for internal API functions:

https://labs.watchtowr.com/are-we-now-part-of-ivanti/

unrelatedwaffle, to random
@unrelatedwaffle@kolektiva.social avatar

a male engineer just referred to the only woman on the team as "the team mom." dear men: don't ever. EVER. do this

avuko,

@theWeaver @unrelatedwaffle referring, probably not.

Acting out their unresolved daddy issues? If they are okay with the “mom” remark, I’m 💯 certain of it.

dave_aitel, to random
@dave_aitel@mastodon.social avatar

Out of curiosity, what is Ivanti written in?

avuko,

@regnil @dave_aitel

Correct afaik.

https://help.ivanti.com/ps/help/en_US/ICS/22.x/22.6R2/ICS%20Attributions.pdf

avuko,

@postmodern @regnil hm, interesting. I think we can probably conclude this is the most correct answer:

https://excelsior.furytech.net/notes/9pihoh9wq2vm7vob

avuko,

@postmodern @regnil @thegpfury

https://cyberplace.social/@GossiTheDog/111902975029133512

Well, there you have it.

avuko, (edited ) to random Dutch

https://www.bnnvara.nl/joop/artikelen/terug-naar-de-goede-oude-tijd-en-daar-voorbij

Ja graag. Fuck het kapitalisme. Fuck het neoliberalisme. Fuck nul verantwoordelijkheid en alle macht. Fuck de nihilistische verdeel-en-heers genaamd individualisme.

En vooral: lang leve eerlijk delen. Lang leve de gezamenlijkheid. Lang leve verantwoordelijkheid en dienend leiderschap. Lang leve de gemeenschap.

Ps: “Als je niet echt om mensen geeft kan je ze ook voorliegen.” Een perfectere omschrijving van rechtse politiek ben ik nog nooit tegengekomen.

avuko, to CASIO

Okay, dear , please bring the F-91WC-8AEF back.

avuko,

@UniqueSanja flash-backs! I didn’t have one, but I was jealous of those who did!

da_667, to random

Ride never ends. lmao. https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

avuko,

@da_667

“We have no evidence of this vulnerability being exploited in the wild as it was found during our internal review and testing of our code.”

Dear Ivanti,

The fact your customers aren’t allowed to look into your systems, actively reduces the possibility to create the “evidence” you say you don’t have.

I’m a strong proponent of Hanlon’s razor, but the likes of you are making it very effin hard…

avuko, to random

That whole story about toothbrushes and the way it was regurgitated across all kinds of “news outlets” (I’m using that word sarcastically) just makes me so sad about the state of journalism.

It’s crashed to the level of click/ outrage generating content. That’s all it is now.

And actual journalists doing the actual work are squeezed out by these click bait companies flooding the zone.

avuko,

@binsk I know, and I didn’t pay much attention to it myself, but before I would put it on a “news” website for my work…
I honestly don’t think most online news outlets have a journalist checking what goes on there though: auto-aggregation all the way.

jvagle, to random
@jvagle@mastodon.lawprofs.org avatar

Justice Alito expresses deep concern for a potential national "cascading effect" of a decision by the Court.

(pause for laughter)

avuko,

@jvagle

There must be a moment when the people will stop accepting the gaslighting, right?

avuko, to infosec

https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear/TLP-CLEAR+MIVD+AIVD+Advisory+COATHANGER.pdf

If you work in I suggest you read the above, even if just to get a feel for what we are collectively up against. No fluffy or whitepaper stuff, I promise.

Then, if you have any device running anywhere, especially if the Chinese government might be interested in anything you do, dump a diskimage of the device(s) (with a virtual device this would be easy, I haven't found info on how to do this from a device) and head over to https://github.com/JSCU-NL/COATHANGER to at least run the checks. There is also some live checking you could do; See the report.

Pass anything sufficiently suspicious by your DFIR team, and if the experts think it is "sus", report to your national CSIRT/CERT, or as per the request in the report to the NCSC of the Netherlands: https://english.ncsc.nl/contact.


avuko, to random

There is a reason many know Molon labe (μολὼν λαβέ) and few Gnothi sauton (Γνῶθι σεαυτόν)

avuko, to CloudComputing

The Cloud Is Just Someone Else's Orchestration

#CloudComputing #Azure #DigitalOcean #aws #GCP

  • All
  • Subscribed
  • Moderated
  • Favorites
  • tester
  • tsrsr
  • DreamBathrooms
  • Durango
  • magazineikmin
  • mdbf
  • Youngstown
  • vwfavf
  • slotface
  • ethstaker
  • rosin
  • thenastyranch
  • kavyap
  • PowerRangers
  • Leos
  • ngwrru68w68
  • osvaldo12
  • cubers
  • everett
  • GTA5RPClips
  • cisconetworking
  • hgfsjryuu7
  • InstantRegret
  • tacticalgear
  • normalnudes
  • modclub
  • khanakhh
  • anitta
  • All magazines
    •