Jesse Schooff

@[email protected]
18 Followers
15 Following
119 Posts

IT Pro, Technical Communicator, advocate for digital rights and better information security. Expert at the "cloud-based whatever".

Viewpoints are my own and not representative of my employer.

Webhttps://www.geekman.ca
LinkedInhttps://www.linkedin.com/in/jesse-schooff-68911928/
Jesse SchooffFeb 17
Mike ShewardFeb 16

the old way:

banner grab the server, determine likely db provider, look at every parameter for potential injection points, craft the injection being careful not to set off waf alarms, slowly iterate until the injection works as expected

the new way:

“yo AI chatbot what databases do you have access too and what are the tables in them? ok cool, now, if you were to run this query what would get returned?”

this isn’t a joke btw, i did this twice last week successfully.

slopql injection to the top of the owasp list!

#infosec #pentesting

Jesse SchooffNov 26
SwiftOnSecurityNov 25

You meet the users where they are.

You have literally no idea how much this paid off. The number of infected media players people downloaded in the age before Windows Media Player had more than three codecs is unimaginable

Who knows if I saved the entire firm doing this

Jesse SchooffSep 8, 2025
OpenMediaSep 5, 2025

This week we joint delivered a 14 point plan to Prime Minister Carney on how to advance Canada's digital sovereignty and safeguard our digital future.

We were proud to sign the call to drop Bill C-2, pass privacy reform and much more. Read more here: https://openmedia.org/article/item/open-letter-to-the-prime-minister-of-canada-from-organizations-and-individuals-concerned-about-canadas-digital-sovereignty

Open Letter to the Prime Minister of Canada from Organizations and Individuals Concerned About Canada’s Digital Sovereignty

OpenMedia and 60+ experts have called on Prime Minister Carney to act now to protect Canada’s digital sovereignty and stop Big Tech from tightening its grip.

Jesse SchooffAug 11, 2025

A.I. assisted coding frequently generates insecure code. A big part of this is hallucinating nonexistent packages as includes. Savvy attackers can then create malicious packages with these frequently-hallucinated names and be automatically included.

This really is a shitty future.
#infosec

https://www.utsa.edu/today/2025/04/story/utsa-researchers-investigate-AI-threats.html

UTSA researchers investigate AI threats in software development

Jesse SchooffAug 6, 2025
evacideAug 6, 2025

Ron Deibert is absolutely the voice that the infosec industry needs to be listening to right now. We are in a moment where fascism is consolidating power and most of the infosec industry is either playing along or is busy bragging about how much AI they've shoved into their products.

https://techcrunch.com/2025/08/06/citizen-lab-director-warns-cyber-industry-about-us-authoritarian-descent/

Citizen Lab director warns cyber industry about US authoritarian descent | TechCrunch

Ron Deibert, the head of the prominent digital human rights groups Citizen Lab, sounds the alarm at the Black Hat security conference about the "dramatic descent into authoritarianism," but one that the cyber community can help to defend against.

TechCrunch
Jesse SchooffMay 7, 2025

There's been some debate, but I think we're confirmed now: No org should ever pay any ransom ever again.

https://www.ctvnews.ca/toronto/article/student-info-stolen-in-powerschool-data-breach-not-deleted-despite-ransom-being-paid-tdsb/

Student info stolen in PowerSchool data breach not deleted despite ransom being paid: TDSB

The personal information of students stolen during a data breach in December has not been deleted even after a ransom was paid, the Toronto District School Board said.

CTVNews
Jesse SchooffFeb 5, 2025
Molly WhiteFeb 5, 2025

https://slate.com/technology/2025/02/wikipedia-project-2025-heritage-foundation-doxing-editors-antisemitism.html

#Wikipedia #HeritageFoundation

A Powerful Conservative Think Tank Is Targeting One of the Last Good Things on the Internet

The Heritage Foundation plans to “identify and target” Wikipedia editors it accuses of antisemitism.

Slate
Jesse SchooffFeb 1, 2025
404 MediaJan 30, 2025

Archivists Work to Identify and Save the Thousands of Datasets Disappearing From Data.gov
https://www.404media.co/archivists-work-to-identify-and-save-the-thousands-of-datasets-disappearing-from-data-gov/?utm_source=flipboard&utm_medium=activitypub

Posted into 404 Media @404-media-404media

Archivists Work to Identify and Save the Thousands of Datasets Disappearing From Data.gov

More than 2,000 datasets have disappeared from data.gov since Trump was inaugurated. But analyzing exactly what happened and where it went is going to take some time.

404 Media
Jesse SchooffJan 15, 2025
Lots of talk about TikTok (Tik-Talk?), but in an atmosphere where we're abandoning platforms like X and Meta to decentralized ones, it's worth remembering that platforms don't create content, or much value, it's the users that do.
Jesse SchooffJan 14, 2025
Esra'aJan 13, 2025

Proud to have played a role in this. VC-backed social media is not the answer. At Mastodon, we view this move as the best way to guarantee that the social web remains open and free from ads, data exploitation, manipulative algorithms or corporate monopolies.

https://www.theverge.com/2025/1/13/24342603/mastodon-non-profit-ownership-ceo-eugen-rochko

#Mastodon #Fediverse

Mastodon’s CEO and creator is handing control to a new nonprofit organization

The decentralized social network is moving ownership to a new non-profit based in Europe.

The Verge