Email or username:

Password:

Forgot your password?
25 posts total
Kevin Beaumont

Okay I knew Opera browser was bad but I had no idea how crazy the situation was until reading this.

spacebar.news/stop-using-opera

Show previous comments
JKN

@GossiTheDog Wait till you learn about Brave!

PublicLewdness

@GossiTheDog

I would have never used Opera due to it not being FOSS but it's always nice to have more reasons.

Nihl L'Amas

@GossiTheDog Opera Mini for java phones will randomly redirect you to full-screen ads instead of whatever link you clicked on.

Kevin Beaumont

Google search thinks you should use glue to stick together a pizza as its AI is trained on Reddit, where 11 years ago a user called “fucksmith” posted suggesting it was a good idea.

Show previous comments
IanMoore3000

@GossiTheDog I am unable to replicate this result.

Tallawk

@GossiTheDog Google Search is now a gullible 6-year old my how far we've come

Kevin Beaumont

For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

Show previous comments
David Plisken 🏳️‍⚧️ BLM!

@GossiTheDog gotta train the AI. Nothing is now important to MS than AI. Gotta create that corpus of data to sell to other AI companies. The products are no longer for us, we and its behaviors are just data to save and sell.

Andreas Bulling

@GossiTheDog The solution is simple and has been around for decades: Use Linux.

I don't understand why people bother with Microsoft and Windows at all anymore.

Positive side effect (out of many more): I don't even remember the last time that I've installed/used an "anti virus" software.

Kevin Beaumont

I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCs

I think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.

doublepulsar.com/how-the-new-m

Kevin Beaumont

Slack have decided to start training AI on enterprise customer data, including DMs, private workspaces and files. You have to have admin opt out via email. HT @Quinnypig

slack.com/intl/en-gb/trust/dat

Show previous comments
Räucherkäse

@GossiTheDog And of course they're not explaining *how* they're going to implement those "controls".

Jigme Datse

@GossiTheDog @Quinnypig or as I've been doing for years, opt out of Slack. I'd say go with something like Jitsi/Matrix but that's not for everyone.

Show previous comments
pinkdrunkenelephants

@GossiTheDog *sigh* So now I need to put Linux on the one computer I had set up for casual use. More work for me, yay 😞

Paradigma

@GossiTheDog The absurdity of this manufactured society never stop to amusing me. Thankfully we have great minds and open source.

Kevin Beaumont

HT to @wdormann here - somebody has backdoored the open source project XZ which has downstream impacts.

For example, although OpenSSH doesn’t use XZ, Debian patch OpenSSH and introduced a dependency which translates as the XZ changes introducing a sshd authentication bypass backdoor it appears.

One dude bothered to investigate in his free time about why ssh was running slow, so it was caught fairly early - i.e. hopefully before distros started bundling it.

openwall.com/lists/oss-securit

HT to @wdormann here - somebody has backdoored the open source project XZ which has downstream impacts.

For example, although OpenSSH doesn’t use XZ, Debian patch OpenSSH and introduced a dependency which translates as the XZ changes introducing a sshd authentication bypass backdoor it appears.

One dude bothered to investigate in his free time about why ssh was running slow, so it was caught fairly early - i.e. hopefully before distros started bundling it.

Show previous comments
Binary Large Octopus

@GossiTheDog @wdormann Several linux distros have already investigated how they're impacted by this (thanks @mgorny and @VoidLinux). Any takes on this from @almalinux and @alpinelinux?

alys

@GossiTheDog Debian Sid's and testing's liblzma has the backdoor, although it looks like it was reverted already. I don't think any official releases of Debian or Ubuntu had the compromised packaging. metadata.ftp-master.debian.org

Andrew Cook

@GossiTheDog that's an amazing piece of research there.

Kevin Beaumont

Tabletop scenario: you lay off lots of IT staff to pivot to AI and automation with a goal to cost cut, and then your remaining IT staff, who don’t understand what they are doing due to lack of institutional knowledge, deploy an automation that breaks a critical business process and plunges the business into chaos.

Show previous comments
pasta la vida

@GossiTheDog @hacks4pancakes the "onion is no longer satire it's prediction"

but for "tabletops I don't want to be real but are going to become real"

PointlessSpike

@GossiTheDog Taking shortcuts and conning people is capitalism 101. With technology that doesn't really work, or doors start falling off airplanes mid-flight. This is what happens when all you have is a degree in business with no knowledge of what your business actually does.

Show previous comments
Kevin Karhan

@GossiTheDog Also adding "Taiwanese" as Language or "Taiwan" as favorite cuisine / tourism destination may also work... ^^

fool

@GossiTheDog
And what if you don't want be phished via people in India?
"Modi"?

Kevin Beaumont

Queer.af mastodon instance has been shut down by the Taliban (not a joke, they seized the domain name).

akko.erincandescent.net/notice

Show previous comments
propapanda :verified:

@GossiTheDog

Welcome to Taliban IT services.

If you're part of a minority, press 1. Otherwise press 0.

A customer representative will be available shortly.

Matthew Skelton

@GossiTheDog "who owns or controls the registry for the TLD" seems a fairly important consideration for domain names, tbf

Jeena

@GossiTheDog i mean it's a cool tld but come on, once the Taliban took over the country the writing was on the wall.

Kevin Beaumont

2025 spoiler: middle managers at large corporations sucking up the water supply of Finland to use Copilot AI to generate PowerPoint pressos about their fake green initiatives.

Show previous comments
midka

@GossiTheDog we ain't got that much water :blob_smile_sweat:

It's super odd that I never see in the news how much natural resources and electricity all AI stuff actually use. Most people I've talked to have no idea.

Frank Bajak

@GossiTheDog how did I know that PowerPoint would eventually destroy the planet?

patrislav

@GossiTheDog and the UN climate conference will be hosted by an oil corporation ...oh wait that was already 2023

Kevin Beaumont

Pretty incredible report here about what is likely lawful interception of TLS encrypted communications (used by basically every web service) targeted at an instant messaging service popular in Russia..

the TLS communications were being recertificated in the middle (similar to how enterprise firewalls do TLS decryption) for six months to snoop on communications.. it only got rumbled as somebody (drum roll) let the interception certificate expire by mistake.

notes.valdikss.org.ru/jabber.r

Pretty incredible report here about what is likely lawful interception of TLS encrypted communications (used by basically every web service) targeted at an instant messaging service popular in Russia..

the TLS communications were being recertificated in the middle (similar to how enterprise firewalls do TLS decryption) for six months to snoop on communications.. it only got rumbled as somebody (drum roll) let the interception certificate expire by mistake.

Kevin Beaumont

Back in the 90s, when I was 11, I had a conversation on Usenet with this dude called Todd Howard, who said he wanted to make a space RPG. I am 41. Today, it arrived.

Show previous comments
Tony Hoyle

@GossiTheDog I don't think there has been a game this hyped ever. Even cyberpunk seemed less (and that literally had fanboys saying 'this will change gaming forever' until it was released and they actually saw it..).

Kevin Beaumont

Random bit of Microsoft telemetry dropped in this WSJ piece, good to know they’re tracking key presses.

Show previous comments
Josh Carlson

@GossiTheDog
Depending on your job, keyboard activity and productivity aren't necessarily the same thing. I spend a lot of keystrokes when I am responding to ridiculous inter-departmental emails, and that usually has no productive value at all.

What is the benefit of knowing when people are typing a lot?

Chase :unverified: :verified: :loading:

@GossiTheDog i wonder how they are using this data internally other than for marketing.

Kevin Beaumont

Mastodon has hit 2 million active users today. 🎉

Kevin Beaumont

I’ve found a way of tracking the number of Threads users. It is explosive. threads.net/t/CuWxvwXNZzV

Kevin Beaumont

, there’s a pretty serious security vulnerability due to be announced this week. Make sure you apply patches when released on Thursday.

If you’ve never patched, get the process down beforehand.

Kevin Beaumont

Mastodon has a few structural weakness when it comes to security vulnerabilities:

- if you can get RCE, you can suspend every federated instance. That forces remote unfollow of all users. Restoring your server from backup doesn’t fix that.

- there’s no auto update feature and/or one click upgrade for admins

- admins have bolted on patches galore - eg search patches, UI changes etc - which makes upgrading more complex

Kevin Beaumont

Can’t wait for Twitter to get fixed on Monday and for all the journalists to return to write how Mastodon is doomed.

Show previous comments
Driftini

@GossiTheDog@cyberplace.social I have trouble imagining twitter getting "fixed" anymore:
- Artificially boosting twitter blue subs' popularity at the price of smaller accounts that don't already get hundreds of thousands of likes on any word they whisper;
- The downright insulting temporary doge logo switch that says a lot about how Elon sees the website;
- Needing an account to SEE anything;
- Breaking embeds in links to tweets;
- Destroying nearly every 3rd party app;
- Allegedly horrible accessibility (idk about this personally but I've heard several people say that, take it with a grain of salt ig);
- Limiting how many posts one can see per day (while the limits are in reality even stricter than advertised because of ridiculously rushed and untested changes)

I feel like all of this put together has set a point of no return for Twitter, at the very least it did for me

@GossiTheDog@cyberplace.social I have trouble imagining twitter getting "fixed" anymore:
- Artificially boosting twitter blue subs' popularity at the price of smaller accounts that don't already get hundreds of thousands of likes on any word they whisper;
- The downright insulting temporary doge logo switch that says a lot about how Elon sees the website;
- Needing an account to SEE anything;
- Breaking embeds in links to tweets;
- Destroying nearly every 3rd party app;
- Allegedly horrible accessibility...

Helgi Crookehorne

@GossiTheDog I can't see anything fixed, still 'try again' stuff, and besides that a bunch of Blue got flagged as bots by a bot, and they can't contact support and they whine in API development forum

Kevin Beaumont

Microsoft, one of the world’s most profitable companies - a story in two parts.

Show previous comments
remote procedure chris

@GossiTheDog "it's the engineer making $250k, that's where all our money's going" -a guy who's making $55m

jfml ✨ Jonas Laugs

@GossiTheDog Just like in every other company including the German publich railway!

Kevin Beaumont

lol, Parler has shut down. Calls itself "uncancelable" while being cancelled. parler.com/

Show previous comments
Shannon

@GossiTheDog YEAH!! I know some want Twitter to stay, but I hope it's next.

John Francis

@GossiTheDog it sounds like...they were better at selling time on their cloud resources to other people instead of running their own product on it?

Third spruce tree on the left

@GossiTheDog Is it just me or can I not find ANYTHING about starboard.co formerly olympicmedia.com or their respective business entities?

Like they have a few business index entries (Olympic does) but they're listed as a few dozen employees, a few hundred $k to a few million in revenue.

Doesn't seem like a "huge conglomerate" to me. Seems more like someone bought a legit but unknown, lowkey existing corporation to fold a social media company *into*.

Kevin Beaumont

Did you know Tesla has cameras both on the outside of vehicles and the inside, and everything is uploaded to Tesla? Anyhoo they’ve been exporting the videos, making memes of customers and then posting them on chat rooms. reuters.com/technology/tesla-w

Go Up