The most frustrating thing about this book is that it stops in the past, rather than continuing to narrate this history right up to the present, then predicting what happens next.

Robertson Dean narrates engagingly.

#DavidESanger #RobertsonDean #ThePerfectWeapon #Book #Audiobook #NewYorkTimes #CyberWar #CyberWeapons #CyberSecurity #InformationSecurity #ElectionSecurity #NationalSecurity #Stuxnet #OperationOlympicGames #USGovernment #NationalSecurityAgency #NSA #CentralIntelligenceAgency #CIA #USCyberCommand #USCYBERCOM

"Aardvark works by monitoring commits and changes to codebases, identifying vulnerabilities, how they might be exploited, and proposing fixes."

https://openai.com/index/introducing-aardvark/

"If your organization or open source project is interested in joining [the Aardvark private beta.], you can apply here⁠."

https://www.openai.com/form/aardvark-beta-signup

#Aardvark @TheAntAndTheAardvark #ThePinkPantherShow #OpenAI #InformationSecurity #InfoSec #BugHunting

Lobot: Cyborg responsible for systems and operations with unclear motives and allegiances.
Atom Eins: Cyborg responsible for systems and operations with unclear motives and allegiances.
Jerry Bell (@jerry): ...

#AlienEarth #StarWars #EmpireStrikesBack #DefensiveSecurity

From OpenAI concerning their new gpt-oss open-weight language models: ESTIMATING WORST-CASE FRONTIER RISKS OF OPEN-WEIGHT LLMS, in which they tried to make it hack by giving it a terminal in a container and limited web access, but it wasn't very good with computers (compared to o3 and some humans).

gpt-oss blog post: https://openai.com/index/introducing-gpt-oss/
paper blog post: https://openai.com/index/estimating-worst-case-frontier-risks-of-open-weight-llms/
paper: https://cdn.openai.com/pdf/231bf018-659a-494d-976c-2efdfc72b652/oai_gpt-oss_Model_Safety.pdf

It wasn't a good bio-terrorist either, unlike Leah.

#InformationSecurity #InfoSec #CyberSecurity #Hacking #CaptureTheFlag #AI #GenerativeAI #LargeLanguageModels #LLM #OpenAI #GPT #GPTOSS #OpenWeight #MaliciousFineTuning #MFT

All four seasons now on Netflix and Tubi.

https://www.justwatch.com/us/tv-show/mr-robot
https://www.usanetwork.com/mrrobot

"A bug is never just a mistake. It represents something bigger - an error of thinking that makes you who you are." - Eliot Alderson

#MrRobot #Hacker #Hackers #FSociety #ECorp #EvilCorp #InformationSecurity #InfoSec #CyberSecurity #TV #USANetwork #Netflix #Tubi

The best movie ever with an Information Security theme is now available to see and hear at its best.

https://www.blu-ray.com/movies/Sneakers-4K-Blu-ray/343185/

"There's a war out there, old friend - a world war - and it's not about who's got the most bullets. It's about who controls the information: what we see and hear, how we work, what we think. It's all about the information" - Cosmo

#Sneakers #NoMoreSecrets #SetecAstronomy #Movies #InformationSecurity #InfoSec #CyberSecurity #Cryptography #UHDBD #UHD #4K #HDR #DolbyVision #DTSHDMasterAudio

NSA Cybersecurity Collaboration Center

"The CCC works with industry, interagency, and international partners to harden the U.S. Defense Industrial Base, operationalize NSA’s unique insights on nation-state cyber threats, jointly create mitigations guidance for emerging activity and chronic cybersecurity challenges, and secure emerging technologies."

https://nsa.gov/CCC
https://www.youtube.com/watch?v=vHm40_VWJ-g

"make a code for note app on java"

#NationalSecurityAgency #NSA #CybersecurityCollaborationCenter #CyberSecurity #InformationSecurity #InfoSec #USGov #KristinaWalter #MakeACode #OnJava #OpenAI #ChatGPT

"Many things are necessary to lead a full, free life--good health, economic and educational opportunity, and a fair break in the marketplace, to name a few. But none of these is more important than the most basic of all individual rights, the right to privacy. A system that fails to respect its citizens' right to privacy fails to respect the citizens themselves. ... At no time in the past has our Government known so much about so many of its individual citizens.
...
Advanced technology has created new opportunities for America as a nation, but it has also created the possibility for new abuses of the individual American citizen. Adequate safeguards must always stand watch so that man remains the master-and never becomes the victim--of the computer."

Radio Address About the American Right of Privacy - Richard M. Nixon, 23 February 1974

https://www.presidency.ucsb.edu/documents/radio-address-about-the-american-right-privacy

Part of this speech is featured in an excerpt from the 1981 NOVA documentary, "Computers, Spies and Private Lives", restored by the Computer History Archives Project (CHAP).

https://www.youtube.com/watch?v=lvGgeb0RVyY

#Privacy @PrivacyDigest #BigData #USGov #NationalSecurityAgency #NSA #Cryptography #Cryptology #RichardMNixon #RichardNixon #NOVA #CHAP #InformationSecurity #InfoSec

Assets.

Thank you, @runZeroInc.

#runZero #AssetDiscovery #NetworkDiscovery #NetworkScanning #AttackSurface #CAASM #CyberAssetAttackSurfaceManagement #ExposureManagement #InformationSecurity #InfoSec #CyberSecurity

Executive Summary (TL;DR): HackerOne requires SMS, documentation is bad, and support doesn't.

"Please let us know your HackerOne email address", I was asked. Everyone (who matters) knows HackerOne ( @Hacker0x01 ?), so I rush to https://hackerone.com/ to sign up.

Signup was typical, with praiseworthy indication that passwords are limited to the BCrypt hash limit of 72 characters. With email confirmed, the next step was of course to set up 2FA because if we Hackers™ know one thing, it's "2FA good. TOTP good. SMS bad.". On the Account Security page,

Two-factor authentication [ Turn on ]

but that [ Turn on ] button is greyed out. Above is

Account recovery: Disabled [ Set up ]

A bit odd to get recovery codes before setting up TOTP, but seems harmless. I clicked [ Set up ].

Add your phone number

We need to set up a way for you to recover your account in case you lose access to your two-factor
authentication device. We do this by confirming your phone number. We'll send you a numeric code
to this number to verify your account. Message and data rates may apply.

In this year of our Lord twenty twenty-five, that is the only option.

Before bothering anyone, I know to RTFM, so I do. The "Two-Factor Authentication" page described the setup process in full detail with no mention of telephones or short message services. The other (almost identical) "Two-Factor Authentication" page described the same process, but mentions the telephone.

HackerOne uses a (something)Desk platform for support, so I signed up there and opened an issue explaining that I want to use TOTP and don't use SMS, and that there are two pages with instructions of which half are wrong. The automated email acknowledgement arrived promptly.

Early the next day email arrived from H1 Support <[email protected]> with a response I can accurately paraphrase as, "We are sorry to hear that you are incompetent. Please RTFM." with a link to the more accurate of the two pages. Replying to this email, I politely explained that I appreciated the response, but that they seem to have missed both the issue I reported and the documentation problem, then clearly identified each in a more structured fashion.

The reply to my email was almost instant.

#HackerOne #Hacker1 #BugBounty #ResponsibleDisclosure #Authentication #2FA #MFA #TOTP #SMS #InfoSec #InformationSecurity #CyberSecurity #TogetherWeHitHarder