Paranoia Agent is the best Kon imo

Illustrative example of using Asana AI Studio to improve security *and* productivity.

I reporting a phishing attack from gmail - this resulted in a task being created in Asana.

AI automatically triaged the nature of the attack and escalated it based on specifics (like targeting the CEO). 1/2

Deafening Silence From The Cybersecurity Industry Chris Krebs affirmed the 2020 election was secure. Now he's the target of an Executive Order—and the cybersecurity industry’s silence is enabling a dangerous precedent.

Deafening Silence From The Cybersecurity Industry by Forbes senior contributor Tony Bradley; links to Luta Security CEO's recent blog post @k8em0.bsky.social @lutasecurity.bsky.social
www.forbes.com/sites/tonybr...

I am speaking up in support of Chris Krebs We all need to

Here's my blogpost in support of Krebs. It's different enough from those by @stamos.org or @k8em0.bsky.social that it's worth writing, though the conclusion is much the same.
cybersect.substack.com/p/i-am-speak...

Exclusive | Former Trump Official Targeted With Government Probe Vows to… | Alex Stamos *The following is a message from Alex and Katie Stamos and does not represent any company or organization* Working with Chris Krebs and getting to know his wife Emily and their five children has been...

Working with Chris Krebs and getting to know his wife Emily and their family has been one of the great honors of my life. The attack against their family should be condemned by all.

I have written a post about what is happening to them here: www.linkedin.com/posts/alexst...

one of my favorite parts of vibe coding is that it brings one of the core parts of programming - randomly changing things until it's fixed - to everyone

preferably not self hosted

an ulterior motive i had for this post was hoping someone would read it and offer a recommendation!

the huge collection of blogs and substacks i read once, really enjoy, and then forget about instantly

if someone wrote a really high quality rss reader right now it would do so well

at least we have bashforever.com as a backup

sad that bash.org is gone

“ThErE Is nO EvIdEnCe oF AnY ThReAt aCtOr aCtIvItY” said the clowns at @lastpass.bsky.social in their many, many updates trying to downplay the severity of this breach.

If you’re using LastPass in 2025, you’re being grossly negligent.

how was the burger?

ever pull a scsi drive out while it was running? that was a fun feeling

Jasmine Sun on Substack for the first time— and it brings me no joy to admit this— an LLM has produced writing I think is actually good DeepSeek’s new r1 model was able to take some extremely rough bullet points and generat...

This example of writing from DeepSeek's r1 model is incredible. It actually persuaded me that the chat interface is more than just a rough first draft of a UI.

Also, "the demon stirs"? I could read this all day.

substack.com/@jasmine/not...

Getting silly with C, part (void*)2 They won't be able to find bugs in your code if they can't figure out how it works.

TIL that C function definitions have an implicit semicolon after them, which enables you to put a function declaration in the for loop control block.

lcamtuf.substack.com/p/getting-si...

Find yourself fixing the family printer today?🎄
We get hit with tech requests & our folks don’t realize they are most at risk bc they reuse their password everywhere!
Thanks @techcrunch.com @zackwhittaker.bsky.social for chatting about how to help our fam at home 💻
techcrunch.com/2024/12/25/h...

The Quiet HTTPS Revolution In a recent post, I explained that the websites I visit on my Chromebook are almost all delivered over HTTPS. Better still, 100% of the…

Reporters, this is a story worth covering. It might not be as glamorous as high-profile hacks, and it might not attract as many clicks, but it’s important. The quiet adoption of HTTPS has improved online security for billions of people, and it deserves attention.

medium.com/@boblord/the...

i saw a drone show last night and it was so good i never want to see fireworks ever again. 10/10 no notes

For anyone interested in detection and prevention methods against Salt Typhoon intrusions targeting communication providers, here is a comprehensive guide:

media.defense.gov/2024/Dec/03/...

And plural gTLDs make this even worse: www.seancassidy.me/plural-gtlds...

The problem here is that humans want human-readable and unique names to disambiguate entities, but there are too many entities to do that all in one TLD. Having all of these gTLDs makes that easier, but identifying the correct website much harder.

A few days ago I almost got bit by a .shop fake website impersonating a website I wanted to use.

krebsonsecurity.com/2024/12/why-...

why do onions tell you to wash them before use. who is eating the onion skins

yeah it will be more like a rotation than a diminishing, but there are categories of jobs that will be closer to non-existent in 2026 like tier 1 SOC analysts

LLMs are going to take a lot of security industry jobs. We're already starting to see it, and in 2025, and especially 2026, it'll be all we're talking about.

If you're using Telegram? Don't.

At the moment, Signal (signal.org) is the most secure fully mature messaging app that's out there. It's what CULT OF THE DEAD COW uses for our intra-herd conversations, as well as being pretty much the Gold Standard in the information security community right now.

CISO starter pack? Yes please. go.bsky.app/D3emUbj

i will never forget the time, i, a newly minted freshman in college, was in the supermarket and asked if a guy was on line (for checkout). and he said, "you mean, like, on the internet? oh here in rochester we actually say in line rather than on line."