simplenomad, 7 months ago to ai

I’ve said it before and I’ll say it again. Remember that AI like ChatGPT is meant to EVOKE the essence of the right answer, not DEPICT the actual right answer. Yes there are definitely areas of concern. But making ChatGPT “respond inaccurately” is not Skynet coming to wipe you out.

The weird side conversations you end up having at a baby shower with normals…

#OddWeekendEvent #AI #JustAnotherSecurityProblem #infosec

simplenomad, 11 months ago (edited 11 months ago) to homelab

If you’re wanting to run something in, let’s say a #homelab then #Ubuntu #Debian or what? Curious, especially from the #infosec crowd.

simplenomad, 8 months ago to infosec

Genuinely curious as most of my followers are #infosec and somewhat logically minded (just somewhat) - how many of you have #solar panels, batteries, an #EV, or even gas/diesel generators at home? Or more than one? Curious.

simplenomad, 10 months ago to python

#Python geeks, any preference for an editor / environment? Eyeing #pycharm but if that's too much or there's something better great. Any IDE advice appreciated. Other than the work will be mainly in python, I have no other constraints. Oh, one other constraint - Linux is my daily driver. I'm not an animal.

simplenomad, 3 months ago to fediverse

Hmmm, every server I'm getting spam from has a new user in their public directory named yqqwe, and each one of these users is following mastodon_admin_yggwe on a single-user instance mastodon.tinynews.org. One can look at the 924 followers of this admin and they all are named yqqwe and they are all on servers I've been getting #spam from. #fediverse #moderation #administration

simplenomad, 10 months ago to infosec

A note to the roughly 5 other people on the planet who run their own mail server - do you reject the spam/scam/malware source of the email (returning a reject automagically) or do you let the process quietly discard it? I do the latter.

It made sense when a lot of people ran their own mail servers (mainly businesses) as it could delay and maybe prevent some from recently the bad email before the source got added to a block list, but now with everyone using something like gmail (BTW a huge source of spam in recent years) it doesn't seem worth it.

#infosec #email #OldManYellsAtGmail

simplenomad, 10 months ago to internet

I find it interesting people posting a screenshot of Threads’ access to your data and talk about how awful it is, but then these same people have Instagram and Facebook accounts, which is ever-so-slightly worse. #Meta #Threads #privacy

simplenomad, 7 months ago to iOS

Curious. Any fave #iOS apps for #InfoSec and #hackers? Getting a new #iPhone 15 soon and thought I’d refresh my existing apps list.

And yes I’ll take #Android recommendations too, as I have both.

Blog post coming that’s related, but appreciate any interesting ideas/recommendations to help spice things up.

simplenomad, 8 months ago to infosec

Genuinely curious about this. I have heard from a few people that Summer Camp 2023 wasn't that good. Like, at all. Many people are talking about going next year, skipping the cons, and just having dinner with friends, or skipping Vegas entirely. Do others feel this way? Is this bitterness over a lack of an electronic badge, long lines, and overcrowded events in general? Or is this just old school hackers bitching? Inquiring minds want to know.

#infosec #hacker #summercamp #defcon

simplenomad, 8 months ago to random

Getting my new vax tomorrow afternoon, outside of improved 5G reception anything I should plan for? Most people are reporting tired/achy for 24 hours or so.

#Covid

simplenomad, 7 months ago to infosec

@joshbressers @kurtseifried I just listened to the latest episode of the Open Source Security podcast. Rather entertaining listening to you two go back and forth. I was rather intrigued with the notion that it really isn't "supply chain" in the traditional sense - particularly in this cut-and-paste-from-stackoverflow world. Also interesting since a library or package might be listed as a component but either the vuln part of that component is never called or even never used. Interesting to think about (and we're still just talking about security, skipping the whole privacy elements aka "features" in this altogether).

#infosec #opensource

https://opensourcesecurity.io/2023/10/22/episode-398-is-only-11-of-open-source-mainted/

simplenomad, 1 month ago to infosec

This xz backdoor thing reminds me of a story I heard from friends that worked at a tech company that made cell phones. They had a great coder that worked on the project, he had put in work as a contractor for a few months, and due to the quality of his work he was hired in full time. After two months he simply stopped showing up to the office.

An investigation turned up the following interesting items. His account had accessed all files including source code to all cellular projects - in that he had apparently downloaded a copy of everything. He had committed a large amount of contributions to the project he was assigned to. None of his paychecks were ever cashed. A wellness check to the house he had rented was performed and the house was completely empty. Per the landlord he'd paid for 6 months rent in advance in cash. Apparently he never physically moved in. No record for him nor his social security number seemed to check out. The guy was a ghost.

I was asked about recommendations on future prevention by friends who worked there - no idea how far they got in their investigation, if backdoors were ever found or even existed, or if the Feds were ever involved. The punch line? This was probably a couple of decades ago.

This shit is real, and it has been going on for a long time.

#infosec

simplenomad, 5 months ago to infosec

Since I have grey hair, when I hear the word "cyber" used by itself my 12 year old inner self has a giggle. You see, it has a bit of history...

#infosec #HackerLife #hacker #OldManLaughsAtCyber

https://www.markloveless.net/blog/2023/12/1/the-history-of-the-word-cyber

simplenomad, 4 months ago to infosec

ICYMI my employer released an important patch, for all of you (including me) running self-managed GitLab instances. #infosec #security

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

simplenomad, 10 months ago (edited 10 months ago) to mastodon

For those of you still maintaining a birdsite account, just understand that when you state something like “here’s a link to an important thread on Twitter” and post that link, those of us that no longer have an account there cannot see it. It’s like posting a link to a news site article that’s behind a paywall.

Screenshots or even a tl;dr are fine, just keep this in mind. You have to have an account there to see content, it’s no longer publicly accessible.

#FediTips #Mastodon #Twitter

simplenomad, 1 month ago to random

A sad day yes. Not because it is #Monday but because it is #taxday here in the USA.

simplenomad, 10 months ago to random

BTW if you’re concerned about having too many followers, simply post about green initiatives and climate change. Every post like that I’ve made has seen a few leave, less now than before, but still interesting.

simplenomad, 11 months ago to mastodon

I know this will apply to maybe 5 people on the planet (none of whom are probably on #mastodon) but has anyone upgraded from #Debian 11 to 12 while it is running #homeassistant and did it still work? Tips? Unless someone speaks up I'll probably do it anyway when I have some time to do so.

simplenomad, 11 months ago to ubuntu

Being in mind that I am first and foremost a security person, it makes sense for me to consider Ubuntu Pro since I have #Ubuntu servers up and running (including the Mastodon instance I'm on). They currently offer it for free for personal use for up to five systems. Yes there is a danger that Canonical will #redhat this (pity that's becoming a verb) but by then maybe I'll have my next #Linux platform (community driven) chosen. So this is a stopgap step. But I'd like some opinions on it - mainly technical ones on usage and practicality.

#infosec

simplenomad, 6 months ago to infosec

A non-techy friend asked for my best “hacker advice” on securing their laptop and online accounts. When I said turn on patching, decent password manager, use MFA, etc (you know, the basics) they acted like I had punched them.

Them: “But that’s what everyone says!”

Me: “So have you?”

Them: “…”

#infosec

simplenomad, 6 months ago to infosec

No amount of Earl Grey can properly motive me on this rainy and overcast day.

I wonder if coding while feeling lackluster is a good idea? Anyone ever experimented with the idea? Anyone ever compared coder commit times with the local weather conditions of the coder on a chart to see if weather impacts security bugs? Is this level of questioning influenced by Earl Grey and rain?

#infosec #weather #EarlGrey

simplenomad, 4 months ago to infosec

Explaining security conferences to non-tech friends and new #infosec people:

RSA Conference == LinkedIn. All about business, people looking to jump ship, or promote their new venture.
Black Hat == Facebook. A lot less formal, however there is this underlying corporate theme.
DEF CON == Mastodon. MUCH more inclusive regardless of skill level, sexual preferences and orientation, used to be wilder but with some better guardrails in recent years fairly decent.

When asked where Twitter fits in - I couldn't think of one as I don't attend flat earth/MAGA/antivax/NeoNazi/homophobic cons.

simplenomad, 4 months ago to infosec

I know I am in the minority of this, and the only people that will reply are the ones that agree with me, but the term "zeroday" aka "0day" applies to an exploitable bug that has been publicly known about for exactly zero days. If there is a known flaw in that the attack has been reversed engineered and the info has been made public, not a 0day. If a patch exists, not a 0day. No this isn't major, but I find it irritating when I hear it. I guess as an old schooler, I remember when 0days had value particularly if you were trading them with your hacker friends in some dark corner of the Internet, and if admins or the vendor knew about it, it had diminished value, and that influences my thinking.

One other point, that's a number at the beginning of the term 0day, not a letter, so don't pronounce it "oh day", show some respect and call it "zero day".

#infosec #rant #0day

simplenomad, 6 months ago to random

It's been two years, it certainly doesn't seem that long.

https://www.markloveless.net/blog/2023/11/1/two-years

simplenomad, 10 months ago to infosec

You know you're #OldSchool when you see a phone number on a CV and immediately go "oh 317, they're from Indiana". #phreak #geek #infosec