sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Server stats:

599
active users

#itsec

3 posts3 participants0 posts today

»Weak password allowed hackers to sink a 158-year-old company:
One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work.«

When do superiors in companies take care of implementing IT safely in real terms? This seems to be too expensive. Structured password managers are a hassle but worth it.

🔓 bbc.co.uk/news/articles/cx2gx2

A person wearing a hooded jacket and gloves is sitting at a laptop, typing. The screen of the laptop displays a password field filled with red asterisks. The background shows a digital map of Europe and various lines of code, suggesting themes of hacking or cybersecurity.
BBC NewsWeak password allowed hackers to sink a 158-year-old companyTransport company KNP forced to shut down after international hacker gangs target thousands of UK businesses.
Continued thread

🧵 …und wieder ein weiteren Punkt um M$ Produkte zu "vermeiden". Wie viele Warnungen müssen noch von den "Nerds" raus gehen?!

»Weltweiter Hackerangriff auf Behörden und Firmen über Microsoft-Leck:
"Dutzende" Organisationen sind laut "Washington Post" betroffen, das FBI wurde eingeschaltet. Der Fehler dürfte auf lokalen Servern für das Programm Sharepoint liegen«

🫤 derstandard.at/story/300000028

DER STANDARD · Weltweiter Hacker-Angriff über Microsoft-Leck auf Behörden und Firmen"Dutzende" Organisationen sind laut "Washington Post" betroffen. Der Fehler dürfte auf lokalen Servern für das Programm Sharepoint liegen
Replied in thread

@reverseics Just do it like #Google #ProjectZero and tell them straight up in their face:

youtube.com/watch?v=F_XCDu6GQt4

I was nice once, now I won't! IDGAF what you need to do to fix it. Details will be public in 90 days. Go fuck yourselves!

And basically prepare everything to be ready in precisely to the second 90 days from the moment mail was sent to them.

»Softwareentwicklung – Wie ist die Arbeit bei OpenAI?
Kaum E-Mails, viel Code und ein umstrittener Ruf: Ein ehemaliger OpenAI-Forscher berichtet von seiner Zeit im Unternehmen.«

Und ergibt dies nun gute Qualität so wie sichere Software von KI?

🤖 golem.de/news/softwareentwickl

Golem.de · Softwareentwicklung: Wie ist die Arbeit bei OpenAI? - Golem.deBy Oliver Nickel
#ki#openai#software

This is nothing new what @doingfedtime shows here.

Obviously they need to fix that and work towards better security, including to enshure #Tor #Browser doesn't reset it's #SecuritySettings on reboot, because if people made the concious decision to block all #JavaScript then they that should be at least respected!

@GossiTheDog okay, so the #ITsec is run by criminally incompetent #MAGA|ts that have no clue that they're ruining #NatSec by refusing to patch shit as long as they can shitpost stale memes and speculate with shitcoins on taxpayers' time.

Even if I wanted to fix it (and I have no reason to do so given the #Trump-Regime basically displaced everyone I hold dear), I could be glad if they just decided to sue the shit out of me for "hacking", not try to put a bullet in my head or not forcibly disappear me into a black site like Diego Garcia.

»Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub:
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEY's to be weaponized to gain remote code execution capabilities on hundreds of applications.«

Never store your access keys in Git, especially not in the code – do programmers need to be taught this?!??

🔓 thehackernews.com/2025/07/over

TIL all your #2FA's can hit at once.

"Hello, Browser, I'd like to log in."

🤖 "Great! Check your email. Also, you have 35 seconds to respond to this before I lock you out."

"Hi Email! Can I see my last message?"

🤖 "Um, you've been ignoring me lately so go get your tablet. Also, I have a decade of your email inside me so you better respond within 10 seconds before I nuke it all."

"Hey Tablet, I need to open you up now."

🤖 "Who dat? I'm going to need you to grab your phone..."

#itsec #humor?

»Googles KI darf spionieren – Gemini erhält umfangreichen App-Zugriff:
Googles Gemini kann neuerdings auf Android-Geräten Whatsapp-Chats mitlesen. Wer das nicht möchte, muss viel tun.«

Wenn dies nicht noch eine Risikofaktor mehr in Unternehmen ergibt und die IT-Sicherheit Dienstleister evt. profitieren? Aber auch priv. ist die meines Erachtens bedänklich.

📱 golem.de/news/googles-ki-darf-

Golem.de · Googles KI darf spionieren: Gemini erhält umfangreichen App-Zugriff - Golem.deBy Ingo Pakalski

»Security-Bericht – On-Premises-Angebote erleben Renaissance:
Unternehmen sorgen sich um Bedrohungen durch KI und den Verlust von Daten - On-premises wird wieder beliebter. Das geht aus einer Umfrage hervor«

IT-Sicherheit ist sehr wohl wichtig und das verschlüsseln der Daten ein Teil davon. Die KI braucht unmengen an Daten und ist das Gegenteil davon. Zu viele nutzen dies leichtsinnig aber auch Paranoia für ITSec wird gefördert.

🔐 heise.de/news/Security-Bericht

heise online · Security-Bericht: On-Premises-Angebote erleben RenaissanceBy Marie-Claire Koch
Replied in thread

@cryptadamist @panigrc @finalstaticfox @dansup

Obviously that's another evidence of why #KYC IS THE ILLICIT ACTIVITY!...

  • That problem doesn't exist with #Monero as one cannot determine #transactions, #balances or link wallets by observing the #blockchain. Unlike with all those Shitcoins like #Bitcoin or #Ethereum!

  • So even if I had a Monero Wallet and even if you knew the wallet address, you cannot see what's on it or what transactions go in and out.

  • It's even more secure than #SEPA because thanks to #SWIFT & #FATCA the #IRS and #TreasuryDept. have bulk access to these systems and can basically see account balances in real time (when it comes to #US citizens! The rest they can approximate with bulk access to payment providers and intelligence).

So yeah, blame lack of #privacy, #secrecy, and #custody as well as #doxxing in the form of KYC under the false pretense of #AML for the rampant rise of #kidnappings and armed robberies of #shitcoin HODL'ers.

  • Obviously I do condemn such acts of violence as a matter of principle.

The fact that there are automated, idiot-proof tools like #chainalysis that enable statistical tracking and linking of transactions for everything except Monero is the problem.

  • Don't believe that such "AML compliance" tools are unique to the clients of said providers, because it's just connecting dots from public records. No warrant nor insiders nor MLAT needed.

IOW: OFC I'd have to expect getting robbed by organized crime if I were to post evidence of me sleeping on genuine gold bars.

Universeodon Social Media⚯ Michel de Cryptadamus ⚯ (@cryptadamist@universeodon.com)@kkarhan@infosec.space @panigrc@mastodon.social @finalstaticfox@pounced-on.me @dansup@mastodon.social the people i know who got home invasioned for their bitcoins got home invasioned way before there were any regulations involved