@mttaggart@infosec.town

mttaggart

@mttaggart@infosec.town

Displaced Philly boy. Threat hunter. Streamer. Educator. Dad. Captain in the fight against #llm insanity. #infosec, #programming #rust, #python, #haskell, and #webapp. #opensource advocate. Cofounder of https://infosec.exchange/@thetaggartinstitute. Made wtfbins.wtf. Not your bro. All opinions my own. #fedi24 #searchable

This profile is from a federated server and may be incomplete. Browse more on the original instance.

mttaggart, to random

Dying at this being the next thing up in my to-read list. I think maybe some folks at Microsoft should take a gander www.microsoft.com/en-us/security/blog/2023/12/05/microsoft-incident-response-lessons-on-preventing-cloud-identity-compromise

mttaggart, to random

Do you think gas stoves are "better" for cooking?

Are you sure you know why you think that? www.npr.org/2023/10/17/1183551603/gas-stove-utility-tobacco

mttaggart, to random

There are basically two irreconcilable camps in the Threads debate here.

  • Camp 1, understandably, wants nothing to do with Meta and view them as an existential threat to the Fediverse for plenty of well-precedented reasons.

  • Camp 2, also understandably, sees potential in connecting a managed platform that appeals to entities like news outlets and other services to the Fediverse, enabling us to access that information without requiring an account on a Meta-owned platform.

Camp 1 will not cede ground because they view the issue as existential.

Camp 2 will, I dunno, deal with it or move to a server where they can see what they want to see?

But given the scale of Threads already, widespread blocking of it will create a pretty noticeably weird gap in the federation graph, and make onboarding for new potential Fedi users even more confusing. That part, by itself, kinda sucks.

mttaggart, to random

Good morning, nerds! The British Library just dropped its after-incident report on the ransomware attack that has disabled the Library for, uh, months?

Let's dig in.

mttaggart, to random

When the Director of CSIS calls for kinetic responses to cyberattacks, we should all sit up and take note. We should also all be very concerned. The proposed rules of engagement in this article include:

The United States can and will use all elements of state power to effectively defend the homeland against any threat, in any domain. The Department of Defense stated a version of this policy in the context of integrated deterrence, but it is worth a high-level official saying it again. The official should point out that U.S. policy refuses to target civilian critical infrastructure, so a proportional response to a cyberattack on our critical infrastructure would be serious and likely include economic or military measures.

The article directly calls out the challenges of attribution and understanding of intent, but defaults to a retaliatory stance for reasons that are, in my opinion, deeply hypothetical—especially the hand-wavy claim that "AI" is going to make these threats more dangerous. There is absolutely no evidence for that claim.

The cyberwar might be here, but every day the intelligence community and military make de-escalatory choices about how to respond to these attacks. I contend we're better off for them doing so.

www.lawfaremedia.org/article/the-united-states-needs-a-new-way-to-think-about-cyber

mttaggart, to random

Where does all of this leave the Firefox browser. Surman argued that the organization is very judicious about rolling AI into the browser — but he also believes that AI will become part of everything Mozilla does.

I can't wait to find out what will happen when all the Firefox evangelists wake up to find an LLM baked into their darling.

techcrunch.com/2024/01/03/whats-next-for-mozilla/

mttaggart, to random

Post your first cell phone and memento mori baybee. I'll start.

mttaggart, to random

If I'm reading this correctly, Chrome will route your traffic through its own proxies—and a chosen third party, which you can't decide about. It'll be opt-in for now.

The amount of concerns that this introduces to both individuals and organizations is significant. What will it take before Chrome itself is labeled a PUP? Even with the best of intentions, the browser is taking more and more for Google, leaving less and less for the open web.

https://www.bleepingcomputer.com/news/google/google-chromes-new-ip-protection-will-hide-users-ip-addresses/

https://github.com/GoogleChrome/ip-protection

mttaggart, to random

Okay hear me out.

Lockdown Mode for WordPress sites.

mttaggart, to random

Is there yet a list of Electron apps and whether they've updated to patch for CVE-2023-5129?

mttaggart, to random

I feel like, if you're a site admin, and your site is brought down by toothbrushes, you gotta switch careers. Time to buy that farm you've been fantasizing about.

www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages

mttaggart, to random

To recap:

  • X added a Settings option for using HTTP proxies in the app.
  • But, it doesn't actually route any traffic to a proxy. Nothing in the app references the setting, and dynamic analysis shows no traffic being sent to the proxy.
  • This means people trying to stay safe by using this feature are in greater danger due to a false sense of security.

The bug report I reference below was closed instantly as not-a-bug.

RE: https://infosec.town/notes/9ky1hz9tcj5gf8va

mttaggart, to random

I need a Creative Commons license that explicitly prohibits the use of material for training ML/generative models.

mttaggart, to random

My white Christmas

mttaggart, to random

Perhaps they could simply...make smaller phones.

RE: mastodon.social/users/verge/statuses/111891185741328818

mttaggart, to random

Okay, a continually-updated list of Electron apps and their Electron versions, and whether they're vulnerable to .

https://docs.google.com/spreadsheets/d/1QLLFYCO0FMAu1ob6mnYCapW8dnx-HXunbf_zc9QLXlM/edit?usp=sharing

And for those of you who refuse to click on Google links: https://gist.github.com/mttaggart/02ed50c03c8283f4c343c3032dd2e7ec

mttaggart, to random

Japan determines copyright doesn't apply to LLM/ML training data.

On a global scale, Japan’s move adds a twist to the regulation debate. Current discussions have focused on a “rogue nation” scenario where a less developed country might disregard a global framework to gain an advantage. But with Japan, we see a different dynamic. The world’s third-largest economy is saying it won’t hinder AI research and development. Plus, it’s prepared to leverage this new technology to compete directly with the West.

I am going to live in the sea.

www.biia.com/japan-goes-all-in-copyright-doesnt-apply-to-ai-training/

mttaggart, to random

My "Mozilla is fine" take continues to age like milk, it would seem.

From an internal memo:

In 2023, generative AI began rapidly shifting the industry landscape. Mozilla seized an opportunity to bring trustworthy AI into Firefox, largely driven by the Fakespot acquisition and the product integration work that followed.

It is clear Mozilla has every intention of integrating generative models into Firefox. So enjoy that, I guess.

techcrunch.com/2024/02/13/mozilla-downsizes-as-it-refocuses-on-firefox-and-ai-read-the-memo/

mttaggart, to random

Via a password spray. No MFA.

What are we even doing here?

www.theverge.com/2024/1/19/24044561/microsoft-senior-leadership-emails-hack-russian-security-attack

mttaggart, to random

Probably the most important habit of mind you can develop is aversion to simple explanations. Almost nothing is simple, even if it seems that way as an outsider.

But you must work against your brain in this, because your brain wants an easy-to-tell story. Your own sense-making mechanisms are working against your understanding of a complex reality, in favor of one that is easy to recount.

Embrace complexity.

mttaggart, to random

So in case you needed more reasons to ditch Chrome, generative models are coming in Chrome 121, with a theme generator, tab grouper, and...writing assistant?!

blog.google/products/chrome/google-chrome-generative-ai-features-january-2024/

Chrome AI Text generation tool, showing a "Help Me Write" popover.

mttaggart, to random

This puts into perspective how small but vocal the minority adamantly opposed to Meta/Threads joining the Fediverse really is. 2.56% of servers and 6.44% of active users.

RE: mastodon.social/users/dansup/statuses/111629079440933145

mttaggart, to random

The fact that Mastodon users can follow Threads users but Threads users can't follow them back means that Meta gave Mastodon a huge advantage without taking anything back. They're walking into this space in good faith.

www.threads.net/

mttaggart, to random

Actually deranged that WordPress, in 2024, only supports MySQL/Maria officially.

mttaggart, to random

Had to deploy a single page static site and just wrote straight HTML/CSS in the year 2023.

Went fine; AMA.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • cubers
  • DreamBathrooms
  • ngwrru68w68
  • Durango
  • osvaldo12
  • magazineikmin
  • mdbf
  • Youngstown
  • slotface
  • rosin
  • everett
  • kavyap
  • anitta
  • normalnudes
  • thenastyranch
  • khanakhh
  • cisconetworking
  • modclub
  • GTA5RPClips
  • InstantRegret
  • tacticalgear
  • provamag3
  • ethstaker
  • tester
  • Leos
  • megavids
  • lostlight
  • All magazines
    •