Not new exactly, but an important conversation.
If you consider DLL hijacking to be a concern, so is this—except worse in some ways, because I guarantee your EDR isn't watching JavaScript applications like it watches DLLs.
I assure you: You cannot destroy this machine
If you are building anything that assumes these services will be around and/or price-stable, you are recklessly adding liability to your organization.
Tech has always had a problem with viable business models, and this is the final form of that monster.
Nobody can actually afford what's going on right now. Just like in 2008, it's sleight-of-hand that will eventually be revealed, and that's when gravity takes over.
I don't usually link Zitron, but this one is *important*. It isn't the tech that will derail this hypetrain; it's the money.
www.wheresyoured.at/the-subprime...
CPUID downloads were temporarily compromised earlier today. We have a thread compiling analysis and IoCs for you to investigate:
discourse.ifin.netwo...
#ThreatIntel #IFIN #ThreatIntelligence
When AI pops, I'm looking forward to watching LinkedIn eat itself alive searching for a take.
A demo/production Ringspace server is finally live!
ringspace.taggartinstitute.org
I'm actively looking for infosec blogs who'd like to join. I have a feeling I know some folks...
These are indeed excellent and shockingly creamsicle-like
What kind of scanner are you thinking of?
Oh, and yes: EVERY SINGLE LINE OF CODE IS MINE. No generative code has entered this repo.
What's Ringspace? It's a proposal for a human web protocol that combines mutual trust and reputation.
https://ringspace.net
Believe it or not, I am still working on #Ringspace. And here's a new release!
This version of the protocol employs JWKS format for key exchange, and uses Base64URL formats for all encoded data. Plus.env support and resources for Docker deployment!
codeberg.org/mttagga...
Citizen Lab continues to be one of the more important institutions in our current age, I think, doing some of the most important work.
Near as I can tell, this is all very good news. More things should take advantage of secure enclaves, and this **open standard** protects against one of the hardest current defense surfaces.
Minor programming note: I'm going to probably push most of the threat intelligence material I usually post through @ifin-intel.org , so it's a clear channel for actionable information.
This right here?
This is a huge part of why we exist. It's time to trust in each other for our mutual protection, because nobody is coming to save us.
But the core truth remains. You cannot have what works without the attending toxins. They are inextricable. As ever, my primary contention is that the technology is destructive to the fabric of human society, and on those grounds should we make our stand.
And look: I've spent time exploring the capabilities of these tools because I seek understanding through experience. I've been called spineless, fascist, racist, and just plain stupid for doing so. What I learned was important to my opposition to these tools, but also to my empathy for its users.
Yeah so let's refocus on the real perspective here. It doesn't matter *at all* how good these models are at code or finding vulnerabilities if we destroy our ability to seek and share knowledge.
Looks like we have a live one here. Weird Rust maintainer phishing campaign using `crates[.]ws`:
discourse.ifin.network/t/bizarre-cr...
Hello world!
We are IFIN, the Independent Federated Intelligence Network, and we want to change how threat intelligence is done.
We believe we're all safer when we share what we know. Come learn more and join us!
ifin-intel.org/blog/hello/
#ThreatIntel #ThreatIntelligence #Cybersecurity #Infosec
Hey for what it's worth, I've been writing my own Rust for the past three days getting Ringspace ready for production use. I don't want a sticker or anything, but, y'know.
I can still do it.
This is a project for my own business. I'm the only employee. This would either have simply not existed, a value loss for my students, or it would have taken me a lot longer with a lot more stress, lost sleep, mental health taxes, etc. to do at this level.
Sign the petition telling @propublica.org President Robin Sparkman and Editor in Chief Stephen Engelberg to Negotiate a Fair Contract Now for @propublicaguild.org :
