Show threadKarel 'Clock' K.Feb 11

@signalapp Signal IMO has bad security because when someone decides they are not interested in an overpriced, underperforming service of "phone number" and stops using their SIM, they cannot deregister the number from Signal and the new owner of the number either can hijack their Signal account, or people may be blocked from using newly purchased SIMs with Signal.

Also, authoritarian regimes IMO can temporarily transfer a number into a provider's internal SIM in order to hijack a Signal account and impersonate a dissident against another dissident, facilitating abduction, torture and murder.

I feel

c o n t e m p t

towards Signal when it is designed this way.

#badsecurity #incompetence #signal #phonenumberasidentity #security #SIM #contempt #securityhole #securityflaw #attack #hijacking #torture #murder #abduction #authoritarianism #regime #authoritarian

The Ghost OperatorJan 30

Without proper #security #AI is a #SecurityHole. AI #agents are everywhere, but are they #hardened? Do they use #shared #privileges? The #same #account?

https://tomsitcafe.com/2026/01/21/ai-agents-the-new-corporate-security-holes/

AI Agents – The New Corporate Security Holes

The adoption of AI agents has accelerated.More data. Faster hardware. More delegated tasks. AI agents thrive in hidden corners of corporate IT.They wait for work in silence – as privileged us…

Tom's IT Cafe
C.Jan 28

Another #Fortinet critical security hole, so it must be a day that ends in "Y".

#security #WeveHeardOfIt #bug #hole #SecurityHole

Your Autistic LifeJul 18, 2023

I just checked out Strapi because I was curious. I installed it on a server of mine that I have on the Internet.

First problem: the installation instructions are incomplete. I had to Google for a solution.

Second problem, and the deal killer: once you've got it up and running, it puts out a web interface to configure your instance... so far so good. Except that when you are running it from your own server **on the Internet,** this mean that it puts out an unsecured (http instead of https) interface right out there, with all the security issue that this entails.

The installation process does not ask if you *really* want to do this. It does not stop you to consider that maybe you should install an HTTPS certificate.

It is 2023. Putting out a product that treats security as optional is not a good look.

This shit stank so much that I passed on this product.

#Strapi #SecurityHole #idiots #https

mistersixtDec 25, 2022

That still counts as a "Patch it! Patch it now!" bug on anyone's #Linux server.

Just what every Linux system administrator wants just before the holidays:

https://www.zdnet.com/article/patch-now-serious-linux-kernel-security-hole-uncovered/

🙄

#securityhole

Patch now: Serious Linux kernel security hole uncovered

The Zero Day Initiative originally rated this Linux 5.15 in-kernel SMB server, ksmbd, bug a perfectly awful 10.

ZDNET