Kow

@[email protected]
5 Followers
111 Following
95 Posts

Interested in OSINT and Infosec. Would love to have a job doing both

"The dildo of consequence rarely arrives lubed"

Kow6d ago
BrianKrebs6d ago

New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

Kow6d ago
OpWereldMay 17
KowMay 16
I was telling my wife about the newly discovered backdoor in bitlocker and she absolutely floored me with this one:
"Its not a backdoor, its a window" 🀣
KowMay 15
Zack WhittakerMay 15

I wrote back in November about how easy it was to find leaked passport photos and driver's licenses online. The spills have only gotten worse in the months that age verification laws rolled out. We're reaching a point (if not already) where our government IDs aren't worth shit in the digital world.

https://this.weekinsecurity.com/it-is-far-too-easy-to-find-leaked-passports-and-drivers-licenses-online/

It's far too easy to find leaked passports and driver's licenses online

Passports and driver's licenses are easy to find online, thanks to a dizzying array of websites and apps that require a copy but aren't keeping the data safe.

~this week in security~
KowMay 15
Loop FarmerMay 15

Without control of your food, you have no leverage. Period.

You can't strike if you can't feed your family.

You can't protest if you're spending all your waking hours finding enough to eat.

You can't build an alternative economy if you're dependent on the existing one for the most basic requirement of biological existence.

#activism #activists #solarpunk #climatecrisis #capitalism

KowMay 5
McMartinMay 5

I've said this before, but I may as well say it again: more people should be doing 8- and 16-bit homebrewing, Even in assembly language, these have dozens of the friendliest tutorials ever, and the hardest part is just getting a toolchain together that will turn your source code into binaries that *run* on the consoles or in emulators.

I've been putting together quick build-and-run tutorials to close that gap, for a great many systems. Check it out.

https://bumbershootsoft.wordpress.com/platform-guides/

#retrocomputing

Platform Guides

Most of what I do at Bumbershoot Software involves writing software in unusual ways, or for very old machines. In most cases, if I’m targeting a retro platform, the programs that I end up wri…

Bumbershoot Software
KowMay 3
Em Oct 17, 2024

In many ways these widespread new "AI" features and products are a direct threat to privacy.

In many, if not most, of those systems (which often just branch out from OpenAI in the end) the data goes both ways. Meaning all input is collected, uploaded, then reused by the system.

This is disastrous for data privacy,
and for proprietary data as well.

The antithesis of this practice is end-to-end encryption. In which the data is accessible only by its sender and intended recipient(s).

If you care about data protection at all, for yourself and for others, be very wary about any so-called AI feature. And seek end-to-end encryption everywhere it is possible to use it.

Privacy is a human right πŸ”’

#Privacy #NoAI #Encryption #E2EE #RootForE2EE

KowApr 19
Show threadAndrew (Television Executive)Apr 17

So, again, these age verification laws aren't about children.

They aren't about protecting children.

They aren't about children on social media.

They are about surveillance, control, and abuse.

If we wanted to make social media safer for children, we would pass legislation that actually addressed the way commercial social media is harmful to everyone: limiting notification frequency, mandating interop and data export-ability, preventing surveillance driven advertising models, mandating algorithmic transparency, and enforcing anti-trust against companies like Meta who buy up all their competitors and unify them.

KowApr 16
George Takei  πŸ³οΈβ€πŸŒˆπŸ––πŸ½Apr 16
We won't forget how you were very anti-Trump before selling that smug soul for access and power, JD.
KowApr 16
Show threadπŸ…°πŸ…»πŸ…ΈπŸ…²πŸ…΄ (πŸŒˆπŸ¦„)Mar 20

The goal is to make corporate data less profitable.

Even stuff as simple as setting your birthdate to 1970-01-01 everywhere, adding [TEST] or [DELETED] as your name or account notes anywhere you don't need them to know your name.

Using plugins like AdNauseam to poison ad trackers (and cost them marketing dollars).

Using VPNs set to different locations.

Signing into data broker sites to "correct" outdated info (they'll often let you do that with little-to-no proof of identity, but will require your passport or state ID in order to delete your info). Bonus points if you correct it to someone else's info on their site that's similar to yours.

Only fill in required fields when you sign up for anything, but only provide correct info if it matters for you to use the service, otherwise provide plausible, but incorrect, data.

If you use LLMs anywhere, use the free tier and always vote thumbs up for bad answers and down for good ones. It wastes their resources and drives up their costs while making their training data worse.