Confusion as a Service

@CaaS@infosec.exchange
81 Followers
148 Following
744 Posts
I am a security advisor working mostly in GRC, I also work as an auditor. My academic background is electronics and my experience in IT infrastructure. I hold the typical professional certifications that are sought as "lettre de noblesse" in this field. My interest resides in expanding my understanding of technology. My aim is to engage with people in the hope we gain mutually and to achieve a positive outcome about protecting information and preserving privacy. Je vis en français et travaille en anglais.
Quote of the dayThe price for indulgence letters is about to go up
Quote of the weekI had a rough month last week
Confusion as a Service8h ago
HD Moore18h ago
I'm excited to announce our "Out-of-Band" series; these articles focus on the security risks of management devices like BMCs, serial servers, and IP-enabled KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at:
https://www.runzero.com/blog/oob-p1-ip-kvm/
Confusion as a Service10h ago
Sander van Kasteel5d ago
In a private #Github organization, in a private repo filled with NDA code, Github decided that to automatically start reviewing that code using Copilot.

Mind you, Copilot is disabled for this organization.

Could we please just fucking not ?! Not even mentioning the fact that the Github organization didn't enabled this, there is no data policy to be found in sight. I have no clue what Copilot does with the data after it "reviewed" the code and I could potentially be breaking the signed NDA.

#AI #Github #Copilot
Confusion as a Service10h ago
Low Quality Facts1d ago

I bet my fiancée that this picture of our cats could get 10 billion boosts on Mastodon.

She said she doesn't believe me. She said there's only 13 million accounts on Mastodon. She said there aren't even 10 billion people on Earth. She said it concerns her that I struggle so hard to comprehend large numbers.

Let's prove her wrong everyone. Boost away and show her just how awesome the Mastodon community is.

Confusion as a Service3d ago
Jake Williams3d ago
It is frankly obnoxious that portal.office.com now redirects to a Copilot page with no direct link to Outlook, Word, etc. (you know, Office...).
Confusion as a Service5d ago
Zack6d ago
God, this bubble burst is going to be so brutal
Confusion as a ServiceJun 16
zipkid - Breaker of SystemsJun 15

Enormous long shot.
I lost my necklace today (Sunday June 15th 2025).
Probably somewhere in Brussels during the #IkTrekEenRodeLijn #RodeLijn manifestation.
It was a custom made present from my wife.
If anyone found this, or sees it posted as found somewhere, please contact me! 😢

#Brussels #Brussel #Bruxelles
#LostAndFound #HelpMeFind
#perdu #trouve
#verloren #gevonden

Confusion as a ServiceJun 14
/r/netsecJun 13
Giving an LLM Command Line Access to Nmap https://hackertarget.com/llm-command-line-nmap/
Giving an LLM Command Line Access to Nmap | HackerTarget.com

What would it look like giving LLM's command line access to Nmap. Explore the possibilities in the security tools space.

HackerTarget.com
Confusion as a ServiceJun 11
TrilobyterJun 10

#Girona steps.

#TravelTuesday #photography #Spain #travel #travelphotography #Catalunya #Catalonia

Confusion as a ServiceJun 7
Willow, Venus Pirate 🏳️‍⚧️Jun 6

Hey, cis dudes. I need you to show up as allies at trans #pride events this month. Don’t make a big deal out of it. Don’t expect to win awards for it. Don’t hit on people. Don’t make it about you. Just swell our numbers.

And stand between us and the cops and transphobes, please.

#boost welcome.

Confusion as a ServiceJun 7
XWiki SASJun 6

We’re proud to see CryptPad technology powering the new Online Vault in Murena Workspace, part of the /e/OS 3.0 release.

It brings end-to-end encrypted file storage and real-time collaboration right into your phone. A big step for privacy that stays easy to use.

Built in Europe. Open source.

Just the way we like it.

👏 Thanks to the Murena team for making strong encryption accessible.

#CryptPad #eOS #Murena #DigitalSovereignty #FOSS #PrivacyTools #OpenSource #Europe

×
HD Moore18h ago
I'm excited to announce our "Out-of-Band" series; these articles focus on the security risks of management devices like BMCs, serial servers, and IP-enabled KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at:
https://www.runzero.com/blog/oob-p1-ip-kvm/
Show threadRick Altherr17h ago
@hdm last time I reported vulns in BMCs, I was told it was unsporting. Glad to see you're picking up the flashlight to shine on how terrible these devices often are.
Show threadHD Moore12h ago
@mxshift thank you! it's a mess out there - glad to see all of this stuff finally going into open source, but the horrors!
Show threadsntx17h ago
@hdm Great write-up!
Show threadHD Moore12h ago
@sntx thanks!
Show threadVlad3h ago
@hdm (part 1) a few small corrections about NanoKVM. One of their problems - they do not close issues when the issue supposed to be fixed - so status of the ticket doesn't show the state of things and makes analysing it harder.
Therefore, you've mentioned, that they are leaking device id to download sketchy library - that is no longer true (see NanoKVM/kvmapp/system
/update-nanokvm.py in their github repo), they've changed it about 3 months ago and now they just download sketchy binary. tbc
Show threadHD Moore2h ago
@civiloid thank you! we’ll update the post soon
Show threadVlad3h ago

@hdm (part 2) ... and for those who don't like sketchy binaries, there is unfortunately non-official firmware https://github.com/scpcom/LicheeSG-Nano-Build that reimplements all the sketchy blobs.

Same for updating the password - that was supposedly fixed about 4 months ago, but they've never closed the issue for reasons I have a hard time understanding.

For PiKVM firmware port - they've canceled that for NanoKVM (it seems so) and says they will release their better device with PiKVM firmware available from day 1.

GitHub - scpcom/LicheeSG-Nano-Build: LicheeRV-Nano-Build with submodules

LicheeRV-Nano-Build with submodules. Contribute to scpcom/LicheeSG-Nano-Build development by creating an account on GitHub.

GitHub
Show threadVlad3h ago
@hdm (part 3) and about update - it was completely broken until late 2024 (late 2.1 or early 2.2) as they were trying to download files from CDN in China with very hard deadlines and without a single retry - so you have a chance but like 1 in 1000 that it would succeed in time. It got better since then (retries are in place, timeouts are more realistic) but I think problem is still there and will be there until they start using CDN that have presence outside of China.