New to me, and interesting: https://www.unpatched.ai/reports
Not a lot of detail on who's behind this, other than they profess alignment with the US and allies.
=> More informations about this toot | View the thread
Microsoft usually sends out an advanced notification email on the Thursday before Patch Tuesday which hints which products are receiving patches. Not seen one today. I wonder what that means, if anything.
=> More informations about this toot | View the thread
Reading up on mshta.exe-abusing malware this evening after Defender on the family PC blocked a LummaStealer download.
Proud of my 10yo for telling me immediately that “some Trojan warning popped up”. Initially he was very sad and upset, but we talked through it (“you’re not in trouble!”) and I was impressed to hear his theory that maybe coinminers could be a potential payload. Seriously, he has better infosec opinions than some IT professionals.
We’re also going thrifting for CDs to rip this weekend, because the source of the misadventure was that kiddo wanted MP3s for the new MP3 player, and I reckon now is as good a time as any to learn about ripping and tagging.
=> More informations about this toot | View the thread
A slide from my recent presentation about hackers and malware to a room full of fifth and six graders. No prizes for guessing which attack concept I'm about to introduce.
=> More informations about this toot | View the thread
Today I explained to a classroom full of 5th/6th graders how bubble sort works. I got them each to write a random number (via dice) on a bit of paper and then picked a student to be the algorithm and run passes over the dataset (the rest of the class). It went surprisingly well.
In a couple of days, I'm going back for another hour, and I'm trying to decide what we should do. We have access to Chromebooks, but there's a wide range of ability/knowledge in the class, so I'd rather not have them hands on keyboard, since this might be off-putting for those who don't have the skills already.
I'm going to do a presentation with like 20-25 minutes of history of computing, and a bit of time on "what is/isn't a hacker?", since they are interested. That bit should come together fairly easily. Don't worry: my slide deck will be heavy on the fun and light on the "ugh PowerPoint".
After that, I have about 30 minutes to fill, and I'm trying to think of something practical for them to do where they're engaged and moving around, a bit like the bubble sort exercise I already came up with and did today.
Suggestions and boost welcome!
=> More informations about this toot | View the thread
Glad to see Microsoft will be publishing vulnerability management data in CSAF from now on, but the blog post which announces this has strong "I forgot the assignment was due today" energy.
There's no mention of timeline for CVRF retirement, so will Microsoft publish both standards in parallel forever?
No discussion of the advantages of moving to CSAF. Instead, the blog post says that CSAF is an addition rather than a replacement since it's "meant to be consumed by computers", as opposed to the existing CVRF which is published in paperback so you can read it by the pool while sipping a margarita.
Perhaps most confusingly, the blog post claims that "today, we are adding a new standard machine-readable format called Common Security Advisory Framework (CSAF) to all Microsoft CVE information"... but a quick inspection of the CSAF directory shows only a handful of vulns from 2024, and nothing from previous years.
Finally, the "quick nerdy background on CSAF and related things" is certainly quick, but who does MSRC imagine is going to be sitting down to read the MSRC blog but then recoiling in horror because the content is unexpectedly nerdy?
https://msrc.microsoft.com/blog/2024/11/toward-greater-transparency-publishing-machine-readable-csaf-files/
=> More informations about this toot | View the thread
A question for anyone with CNA experience: how quickly can you go from verifying that a vuln exists (“shit! this disclosure pans out, sound the alarm”) to getting a CVE assigned and made public? I’m interested in both the ideal case, as well as a more typical real world timeline. What factors might accelerate or delay a public CVE assignment?
cc: @todb @screaminggoat
=> More informations about this toot | View the thread
It's Patch Tuesday, so I have once again performed my "write a blog about Patch Tuesday" dance routine. Niche stuff, sure, but I enjoy writing it so I hope you enjoy reading it.
https://www.rapid7.com/blog/post/2024/11/12/patch-tuesday-november-2024/
=> More informations about this toot | View the thread
I'm feeling both secure and aware
=> More informations about this toot | View the thread
UK budget raises taxes by 40 billion quid: https://www.bbc.com/news/live/cp9zrg128get
It's time to fund schools and the NHS by extracting money from private jet passengers and oil & gas companies instead of the other way around.
=> More informations about this toot | View the thread
Hilarious that Confluence/Jira notification icon counts up to 9 and then just stays at 9+ until you acknowledge it… as if you can’t receive 9 notifications in about 5 minutes.
=> More informations about this toot | View the thread
Hard to avoid feeling that scientists somehow got the good AI for protein folding, novel materials, and cognitive tomography, while the rest of us are left with the frothy flimflam of sales and marketing FOMO, and a panopticon of enshittification.
=> More informations about this toot | View the thread
@mbonsma please note that my mentioning my tax contribution is not in any way intended to devalue people who pay less tax or no tax. It’s simply my attempt to nip in the bud the lazy “only drivers pay for roads” trope.
=> More informations about this toot | View the thread
Inspired by @mbonsma among many others, I left feedback for the Government of Ontario on its proposed law which will give the province veto rights over municipal plans new bike lanes if they impact an existing vehicle lane.
This portion of the proposal is nothing more or less than Doug Ford’s personal feelings and opinions tabled as legislation which will affect 16 million people. I’ve heard all the tired old arguments, and I drive, I pay tax, I acknowledge that heavy deliveries are via trucks. None of that makes killing bike lanes a good idea.
Comment here if you like: https://ero.ontario.ca/notice/019-9265
At least they can’t claim no-one disagreed with them.
=> More informations about this toot | View the thread
In a way, Wikipedia has been good preparation for dealing with [well-intentioned] LLM output. You can learn useful, fun and interesting things, but you’d better verify it independently before you bet the farm on anything you read there.
That said, if you force me to choose between access to Wikipedia and access to LLM for the rest of my life, just know that I’ll be reading about the Battle of Glasgow and Hymenophyllum axsmithii rhyzomes in every timeline 100% of the time.
=> More informations about this toot | View the thread
“Sure, I could do it all myself, but I have kids and a demanding job, so I’ll treat myself to the expensive blog hosting from the organization I can definitely trust! It will be worth not ever having to stress about the blog hosting! Even better, they probably won’t use my data to train their AI because I’m a paying customer, and the CEO seems cool.”
It’s not that I don’t wanna set up a workflow and do Hugo and all the rest of it. Super comfortable in the shell, and my first internship at 17 was with an ISP that also did web hosting, but I’m just tired a lot and there’s so many other things which I need to get done. You know, like write for my own pleasure again. I miss having the capacity for that. Fuck.
=> More informations about this toot | View the thread
First Nations in Canada without reliable and affordable access to clean drinking water is neither a new problem, nor is it isolated to remote fly-in communities. It’s also a problem right near Toronto, a wealthy city of 3 million people.
https://newsinteractives.cbc.ca/features/2024/six-nations/
=> More informations about this toot | View the thread
I enjoy safe tap water and believe everyone in Canada should share that because we definitely have the resources to make it happen. Somehow that’s a radical position.
=> More informations about this toot | View the thread
When Justice Canada argues that Canada has no legal obligation to provide First Nations with clean drinking water, my first thought is that we should change the law. If that’s somehow too much trouble, perhaps Justice Canada should change their name.
https://www.cbc.ca/news/indigenous/shamattawa-class-action-drinking-water-1.7345254
=> More informations about this toot | View the thread
@cobalt I hope a follow request is okay. Like you, I am vicariously enjoying the Nunavut cabin build, and then I saw PTerry, anti-fascist and plant care, and I thought to myself: that’s a combo I whole-heartedly approve. Have a good week!
=> More informations about this toot | View the thread
=> This profile with reblog | Go to dreadpir8robots@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini