bontchev

@bontchev@infosec.exchange

Anti-virus, malware and infosec expert, crypto amateur, privacy advocate and general annoyance.

PGP keyID: 0x365697c632dd98d9

This profile is from a federated server and may be incomplete. Browse more on the original instance.

bontchev, to random

"The finding’s of the NTP’s 6-year fluoride neurotoxicity evaluation" (PDF):

https://ntp.niehs.nih.gov/sites/default/files/ntp/about_ntp/bsc/2023/may/presentations/04_neurath_bsc_508.pdf

"52 of 55 human studies found reduction in IQ from fluoride" - now that explains a lot about Americans...

bontchev, to random

"‘Enshittification’ is coming for absolutely everything":

https://www.ft.com/content/6fb1602d-a08b-4a8c-bac0-047b7d64aba5

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    bontchev,

    @GossiTheDog Starship troopers. The book, not the movie. Many people who have only seen the movie don't realize it, but the original Heinlein work was satire too.

    bontchev, to animals

    The cat is not allowed to climb the dining table.

    The cat is absolutely not allowed to climb the dining table.

    The cat knows perfectly well that it is not allowed to climb the dining table.

    The cat is on the dining table.

    bontchev, to random

    Maybe a nuclear war will have its positives?

    "Chernobyl's mutant wolves appear to have developed resistance to cancer, study finds":

    https://news.sky.com/story/chernobyls-mutant-wolves-appear-to-have-developed-resistance-to-cancer-study-finds-13067292

    bontchev,

    @ashar Yeah, we need proper statistical evidence, in order to be scientific. Like, conduct at least 3-5 thousand nuclear wars and see in how many we develop resistance to cancer and whether this number is statistically significant.

    matthew_d_green, to random
    @matthew_d_green@ioc.exchange avatar

    The Flipper Zero bans are amazing to me. And expected. Security on open IP networks only got to the (mediocre) state it’s at as a result of constant, unrelenting attacks. RF protocols are like a delicate species that’s never been exposed to predators.

    bontchev,

    @matthew_d_green Instead of banning research tools like Flipper Zero, maybe Canada ought to ban insecure cars that are trivially stolen? Like, "Car producers, secure your goddamn products, if you want to sell them here!".

    bontchev, to random
    briankrebs, to random

    If Tucker Carlson wasn't already compromised by the Russians....

    https://www.dailymail.co.uk/news/article-13054849/tucker-carlson-vladimir-putin-interview-moscow.html?ico=related-replace

    bontchev,

    @briankrebs Threat model, folks! He's afraid of being compromised by the NSA, not by the Russians, so he's acting accordingly.

    BleepingComputer, to random

    The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.

    https://www.bleepingcomputer.com/news/google/denmark-orders-schools-to-stop-sending-student-data-to-google/

    bontchev,

    @BleepingComputer From now on, student data is only to be funneled to Microsoft through the use of Windows 10/11.

    bontchev, to random
    bontchev, to random

    A friend of mine was admitted to a hospital. 40 degrees fever, throwing up, diarrhea, stomach pains. Tests for COVID-19 and flu turned negative. So, the doctor sent her to a hospital until they can figure out what it is.

    They have a small kid at home with similar symptoms, but also a sore throat, which my friend doesn't have.

    Any ideas what it might be? Some kind of bacterial infection, perhaps?

    BTW, in case you don't know (and as I do know from personal experience), in Bulgarian hospitals you have to bring your own toilet paper. The hospital is under no obligation to provide the rooms with any.

    bontchev,

    @jerry @Sempf Ah, I didn't say how long it has been going on. I didn't know. Just asked, and she said - since Sunday evening, so 2 days.

    gerrymcgovern, to random
    @gerrymcgovern@mastodon.green avatar

    “I prep for survival,” said Sam Altman, who thinks that AI will destroy the world but in the meantime he and his friends will make a lot of money from it. “I try not to think about it too much, but I have guns, gold, potassium iodide, antibiotics, batteries, water, gas masks from the Israeli Defense Force and a big patch of land in Big Sur I can fly to.”

    A.I. Is Being Built by People Who Think It Might Destroy Us, David Wallace-Wells, The New York Times, 2023
    https://www.nytimes.com/2023/03/27/opinion/ai-chatgpt-chatbots.html?smid=em-share

    bontchev,

    @gerrymcgovern

    bontchev, to random

    LOL.

    "Ukraine to Australia: ‘We don’t want your flying trash’":

    https://www.afr.com/policy/foreign-affairs/ukraine-to-australia-we-don-t-want-your-flying-trash-20240130-p5f0zo

    campuscodi, to random
    @campuscodi@mastodon.social avatar

    Me: Watching YouTube videos solely on 3 topics.

    YouTube: Hey... look at these three videos about anti-western conspiracy theories! Did you know Biden is to blame for everything? derp derp derp....

    Literally... how did those videos get even remotely in my recommendations?

    bontchev,

    @campuscodi I dunno but I'm not getting that.

    It was the same with Twitter - you kept complaining that you were seeing right-winger nonsense, while I kept seeing left-winger nonsense.

    Maybe the algorithms are simply designed to show whatever annoys you the most.

    bontchev, to random

    This is hilarious...

    "Your Security Program Is Shit":

    https://crankysec.com/blog/shite/

    bontchev, to random

    Analyzing BPFDoor with strace and ltrace:

    https://dfir.ch/posts/strace/

    bontchev, to random

    This is because Tether literally makes their money, while Goldman Sachs has to earn it.

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    deleted_by_author

    •
    bontchev,

    @malwaretech @GossiTheDog Don't worry, come November, Americans will have to make a critical decision. Who gets to lead their once-great country? An incompetent, leftist, senile clown, or a narcistic, misogynic, racist criminal? Decisions, decisions...

    bontchev, to random

    Holly fuck! According to a leaked secret document, the EU plots to destroy the economy of Hungary (one of its members), if Hungary refuses to lift its veto on Ukraine aid:

    https://www.ft.com/content/9dabcd4b-9c64-4124-9f9c-b0c898c84c8f

    mttaggart, to random

    When the Director of CSIS calls for kinetic responses to cyberattacks, we should all sit up and take note. We should also all be very concerned. The proposed rules of engagement in this article include:

    The United States can and will use all elements of state power to effectively defend the homeland against any threat, in any domain. The Department of Defense stated a version of this policy in the context of integrated deterrence, but it is worth a high-level official saying it again. The official should point out that U.S. policy refuses to target civilian critical infrastructure, so a proportional response to a cyberattack on our critical infrastructure would be serious and likely include economic or military measures.

    The article directly calls out the challenges of attribution and understanding of intent, but defaults to a retaliatory stance for reasons that are, in my opinion, deeply hypothetical—especially the hand-wavy claim that "AI" is going to make these threats more dangerous. There is absolutely no evidence for that claim.

    The cyberwar might be here, but every day the intelligence community and military make de-escalatory choices about how to respond to these attacks. I contend we're better off for them doing so.

    www.lawfaremedia.org/article/the-united-states-needs-a-new-way-to-think-about-cyber

    bontchev,

    @malwaretech @mttaggart Maybe but the official narrative is still "North Korea unleashed WannaCry" and "NotPetya was the work of the Russian intelligence agencies".

    Neither of which is true or, more exactly, the truth is much more nuanced than this.

    The WannaCry case was pretty close to the hypothetical scenario I described (except some British security researcher prevented it from causing major damage to the USA 😀 ) and NotPetya was the Russian intel agencies giving the tools and access to some retarded cyber criminals, along with the general direction to "cause grief to Ukraine" and then not bothering to supervise the operation because, hey, it's the Russians we're talking about.

    Maybe someone with better access to classified info in the US intel community does know better (e.g., they were careful enough to say that "the Russian intel agencies are responsible for NotPetya" - which is true - and not that they actually did it) but they never bothered to correct the official narrative, so we don't know for sure that this is the case.

    Mistakes are very easy to make in this area and I dread to think what the results will be if the generals' first thought is to look for the "nuke 'em" button every time somebody port scans their secretary's PC...

    bontchev,

    @malwaretech @mttaggart It was a very sloppy job. If they were pros and wanted to disguise a destructive attack as ransomware, they would have made a real ransomware and just not deliver the keys once ransom was paid.

    No, it was some retarded guy patching incompetently known ransomware. And only part of it; there was also a different, file-encrypting part that wasn't destructive - meaning you could decrypt, if you had the key. The only explanation for both parts to exist (i.e., it was neither obviously destructive, nor real ransomware) is that whoever did it, didn't know what they were doing.

    bontchev,

    @malwaretech @mttaggart Well, the compromise of MEDoc, the entry point for NotPetya, was quite professional. I have absolutely no problems believing that that part of the op was done by Russian intel.

    It's just that the actual malware was made by somebody else, who was much less qualified.

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    ⚠️ want a highly impactful, actively exploited border gateway zero days situation to wake you up?

    Ivanti Pulse Secure aka Ivanti Connect Secure and Ivanti Policy Secure Gateway customers - prepare to deploy mitigations and await follow on patches.

    In the wild exploitation, probable nation state - includes authentication (including MFA) bypass and code execution.

    Looks like Ivanti have done a really good job identifying.

    I call it ConnectAround.

    bontchev,

    @GossiTheDog

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • megavids
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • provamag3
  • tester
  • Leos
  • JUstTest
  • All magazines
    •