Oneironaut

@Oneironaut@infosec.exchange
13 Followers
95 Following
1.4K Posts
GRC advocate. Cyber adjacent. Celine Dion fan
Oneironaut2h ago
Jeremy KahnJun 18

Seeing usually smart folks getting rope-a-doped into arguing for LLM utility like there's a moral justice zero-sum trolley-problem slider between "useful" and "ethical" and we're just arguing about the best setting

But the real problem is even dumber

-is its mere use a climate disaster? Yes
-is its data provenance founded on theft? Also yes
-will it be used to ruin ordinary workers' lives? Yup
-will it ruin countless organizations who think they're buying their way to cheap labor? That too

Oneironaut4h ago
Dissent Doe  4h ago

In August 2020, @SchizoDuckie and I published what was to become the first of a series of articles or posts called "No Need to Hack When It's Leaking."

In today's installment, I bring you "No Need to Hack When It's Leaking: Brandt Kettwick Defense Edition." It chronicles efforts by @JayeLTee, @masek, and I to alert a Minnesota law firm to lock down their exposed files, some of which were quite sensitive.

Read the post and see how even the state's Bureau of Criminal Apprehension had trouble getting this law firm to respond appropriately.

https://databreaches.net/2025/07/04/no-need-to-hack-when-its-leaking-brandt-kettwick-defense-edition/

Great thanks to the Minnesota Bureau of Criminal Apprehension for their help on this one, and to @TonyYarusso and @bkoehn for their efforts.

#dataleak #misconfiguration #incidentresponse #incidentmanagement #responsibledisclosure #securityalert #infosec

Oneironaut8h ago
Kevin Beaumont8h ago
Ingram Micro have been experiencing some kind of ’technical issue’, including of their corporate and orders website.
Oneironaut1d ago
Tuta1d ago

⚠️ In four days Gemini wants to scan your phone ⚠️

Stop #Google now: 👉 https://tuta.com/blog/how-to-disable-gemini-on-android

#GeminiAI #Google #Android #PrivacyMatters

Oneironaut2d ago
cR0w 2d ago

Unit42 published a pretty decent write-up on malicious lnk files. It includes IOCs for the specific lnk files referenced in the post, but the concepts themselves are more important than the IOCs.

https://unit42.paloaltonetworks.com/lnk-malware/

Windows Shortcut (LNK) Malware Strategies

Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery. Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery.

Unit 42
Oneironaut3d ago
JWcph, Radicalized By Decency3d ago

"These are terrible numbers, but also, these are some genuinely impressive accounting gimmicks...." - you can say that again, @pluralistic; I think anyone with an iota of common sense would agree that this bullshit should be illegal.

We cannot allow "By the authority vested in me by being rich I declare that I am now even richer!" randos to control the common, even global #economy.

It's fucking bonkers.

https://mamot.fr/@pluralistic/114776534107792989

#AI #tech #business #resist

Oneironaut3d ago
BrianKrebs3d ago

We say "fucking" to keep Google's AI from fscking up search results with AI. And now we can say "gravy" to throw off the AI scrapers?

Fucking gravy.

Thank you @aj for cluing me in.

https://bsky.app/profile/did:plc:n2okvbdq33c32ekbv6hfzdg2/post/3lsvh7cupqk2z

AJ Sadauskas (@ajsadauskas.bsky.social)

For anyone wondering why #gravy has been trending: AI hucksters are trawling through your social media posts for training data and trends. And you know what can gum up the gears of an automated sentence generator? Posts that use the word gravy out of context. #auspol #ChatGPT #AI #LLM

Bluesky Social
Oneironaut4d ago
Show threadDr. Cat Hicks5d ago

If I have to see this goddamn "spatial ability" argument one more time. Get more specific. What type of spatial ability you absolute clowns. Exactly what task, and explain how you address the spatial ability conflation with gender problems. Explain why and how these diffs vanish when you include all the spatial tasks THAT RESEARCHERS REMOVED BECAUSE GIRLS WERE GOOD AT THEM

https://link.springer.com/article/10.1007/s10648-023-09728-2

Gender Differences in Spatial Ability: a Critical Review - Educational Psychology Review

Spatial ability has long been regarded as important in STEM, and mental rotation, a subcategory of spatial ability, is widely accepted as the cognitive ability with the largest gender difference in favor of men. Multiple meta-analyses of various tests of spatial ability have found large gender differences in outcomes of the mental rotation test (MRT). In this paper, we argue that more recent literature suggests that the MRT is not a valid measure of mental rotation ability. More importantly, we argue that the construct of “spatial ability” itself has been co-constructed with gender, and thus has not been devised in a neutral way, but in a manner that is influenced by gender beliefs. We discuss that though spatial thinking is also required in feminized fields, past research has cast spatial ability as only necessary in masculinized STEM fields. Due to a prevailing belief that spatial ability was an inherently male ability, researchers “selectively bred” some spatial assessment instruments to maximize gender differences, rather than to precisely measure a spatial construct. We argue that such instruments, of which the MRT is one, cannot validly assess between-group differences, and ideas about biological or evolutionary causes of sex differences in spatial ability lack empirical evidence. Instead, the co-construction of gender and spatial ability better explains observed patterns. We also provide recommendations for spatial researchers moving forward.

SpringerLink
Oneironaut4d ago
Catalin Cimpanu4d ago

Microsoft will launch next month a private preview of a new Windows technology that will allow antivirus and security tools to run without kernel access (because of the CrowdStrike incident)

Several EDR vendors are working with Microsoft to test the new technology

https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/

The Windows Resiliency Initiative: Building resilience for a future-ready enterprise

Resilience isn’t optional—it’s a strategic imperative. In today’s threat landscape, organizations can’t afford to treat resilience as a reactive measure. It must be built into the foundation of how systems are designed, secured and managed

Windows Experience Blog
Oneironaut5d ago
Show threadKevin BeaumontJun 27
Ultra spicy post claiming to be from UK retailer employee (M&S or Co-op) about their experience with TCS on their security incident. https://www.reddit.com/r/cybersecurity/comments/1ll1l6c/scattered_spider_tcs_blame_avoidance/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
×
Tuta1d ago

⚠️ In four days Gemini wants to scan your phone ⚠️

Stop #Google now: 👉 https://tuta.com/blog/how-to-disable-gemini-on-android

#GeminiAI #Google #Android #PrivacyMatters

Show threadOkuna1d ago
@Tutanota welcome to AI agents. Apple will go the same way, Microsoft in Windows as well. And the users will love the benefits, the simplicity.
Show threadan actual bus1d ago

@Okuna @Tutanota Idk, looks like the user's opinion is not even a concern from a PR standpoint now.

Notice how they're explicitly stating this is to make things easier for *gemini*, not you.

Show threadBluewave19h ago
@renardboy @Okuna @Tutanota
Reminds me of Google Circles all over again.
Show threadThe Psychotic Network Ferret1d ago

@Okuna @Tutanota Of course, most people find thinking hard enough to successfully wipe their ass as painful. Let alone reading an entire news article, or holding a real conversation.

AI may allow you to finish a higher quantity of tasks, but it fails miserably in the quality department.

Show threadOkuna1d ago
@nuintari @Tutanota Or as one of my students put it, why do I have to learn? We have Wikipedia.
Show threadThe Psychotic Network Ferret1d ago
@Okuna @Tutanota Lords of Kobol help us.
Show thread🇨🇦️Dracula🍁1d ago
@Tutanota Would anything happen if Gemini was not installed, like an automatic install of Gemini and auto-scanning after the possible installation?
Show threadMartin1d ago
@countdracula @Tutanota
As of now, you can still have Google Assistant instead of Gemini, but it won't last, and soon Gemini will most likely be a system app.
I guess it depends on the phone too, if you have the latest Google Pixel, it might already be forced on you.
If you have something like a Google Pixel 6 or 7, I know for a fact that until very recently you could still disable/uninstall Gemini and have Google assistant instead. (Which you can fully disable too)
Show thread🇨🇦️Dracula🍁1d ago
@martin @Tutanota I guess I'll wait to see if it's forced onto my Motorola.
Show threadMartin1d ago
@countdracula @Tutanota
To any European who wants to get away from the Google BS, I would recommend a Fairphone with e/OS/
You can get it shipped to the United States (and Canada most likely too), but you have to check because it might not work with your carrier.
Show thread🇨🇦️Dracula🍁16h ago
@martin @Tutanota I already have cellphones collecting dust. I'm not about to buy yet another one.
It's a good idea for those who might be switching from a "dumb" phone, though.
Show threadVashti1d ago
@countdracula @Tutanota Yeah, I don't have a Gemini app (possibly because I've been sulkily refusing to install updates, which may not be the best)
Show thread🇨🇦️Dracula🍁1d ago
@vashti @Tutanota I updated mine, and it wasn't part of the updates on my Motorola.
Show threadRupert Reynolds22h ago
@countdracula @vashti @Tutanota Moto G54 here. 'droid 13 has all I need (including 80% charge limit, only about 10 years after I first asked!) so I've also been sulkily refusing 'droid 14 :-)
Show threadStomata1d ago
@countdracula can happen if you have play srore installed/enabled. I suggest you to keep play store disabled and use aurura store in its place
Show threadTorf und Schnee23h ago
@countdracula @Tutanota I second this question, I have Google Assistant disabled in the system for approximately a year (was not able to remove completely), but it does not seem to install "Gemini" in this setup...or thoroughly hiding this fact...
Show thread🇨🇦️Dracula🍁16h ago
@torf @Tutanota My phone runs Android 14, and it was a voluntary installation, for now anyway.
Show threadCecilia | MeraOrd1d ago
@Tutanota I've read the post, but I'm not sure if it is enough to disable Gemini altogether? I've never used it.
Show threadKalle Kniivilä1d ago

@meraord @Tutanota Good thing I just switched to eOS.

https://e.foundation/

e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data

your data is YOUR data

Show threadpanoptikontraband1d ago
@kallekn does bankid work in it? @meraord @Tutanota
Show threadKalle Kniivilä1d ago
@panoptikontraband @meraord @Tutanota Swedish Bank-id works fine, Sparbanken works fine, Freja, Kivra, Swish, Skånetrafiken also work. I wasn't expecting it to be so smooth, thought I'd just give it a try, but everything works so I don't need my old phone any more.
One thing that doesn't work is Chromecast, of course, because it is Google. But I can cast from my tablet when I need to.
Show threadpanoptikontraband1d ago
@kallekn oooh, time to start experimenting then. Thanks. @meraord @Tutanota
Show threadKalle Kniivilä1d ago
@panoptikontraband @meraord Berätta hur det går. Jag bytte ut launchern till Lawnchair, det som följer med är lite begränsat, men det behöver man strikt taget inte göra. Var lite pill med sms-inställningarna av någon anledning, men det funkar också nu.
Show threadPhilip Johansson 🏴‍☠️💜1d ago
@kallekn Oooh, utvecklas Lawnchair fortfarande? Kanske får ta en titt. Själv kör jag Neo Launcher på min antika CalyxOS-drivna Xiaomi Mi A2. Vad har du för telefon?
Show threadKalle Kniivilä1d ago

@philip Köpte en begagnad Pixel 7 för typ 2 000 kr. Mycket lur för pengarna. Lawnchair är väl typ Googles vanliga launcher, fast utan Google?

Senaste versionen är typ ett år gammal, men funkar bra.

https://lawnchair.app/

Lawnchair

The official website of Lawnchair Launcher, the customizable Pixel Launcher.

Show threadpanoptikontraband1d ago
@kallekn stora problem med mina sms redan nu, så det kan ju inte blir värre tänker jag. vad gjorde du det på för telefon? @meraord
Show threadKalle Kniivilä1d ago

@panoptikontraband @meraord Jag köpte en begagnad Pixel 7 för ett par tusen kronor. Man får ju välja en hyfsat modern lur som det finns officiell eOS-version för.

När det gäller sms så funkade vanliga meddelanden fint när jag hade kopplat bort Googles RCS-grej, men MMS funkade inte innan jag pillade med nätverksinställningarna.

Show threadpanoptikontraband1d ago
@kallekn jag har en fp4 och där ska det ju funka rätt bra om jag fattat allt rätt@meraord@mastodonsweden.se
Show threadKalle Kniivilä1d ago
@panoptikontraband Det tror jag säkert, de har väl något samarbete med Fairphone till och med. Blev lite sugen på den senaste modellen, men det blir ju en logisk motsägelse, en begagnad vadsomhelst är ju bättre för miljön.
Show threadpanoptikontraband1d ago
@kallekn jo, det.är knepigt det där.
Show threadVeronica Olsen 🏳️‍🌈🇳🇴🌻1d ago

@meraord @Tutanota On my phone, Samsung S21 with Android 15, I was allowed to disable the Gemini app in Settings > Apps.

Later, I uninstalled it using the dev tools, but that's less straightforward.

Edit: Since this is being boosted, if you want to uninstall it with dev tools, the app ID to do so is com.google.android.apps.bard

Show threadCecilia | MeraOrd1d ago
@veronica ah, thanks! @Tutanota
Show threadStomata1d ago
@veronica @meraord @Tutanota i would say try canta+shizuku if any of you find adb too complex
Show threadAirikr 1d ago

@meraord @Tutanota Install RethinkDNS and block all connections that goes to and from Google. Allow the connections you have to use like for Google Play Store.

By doing this, it will be impossible for Google Gemini to connect to the internet, hipefully making it useless.

Either that or install a custom ROM. If you have a Pixel phone, GrapheneOS is highly recommended. Very easy to install too.

Show threadRejZoR1d ago
@Tutanota They store data for 72 hours because that's how long it takes for them to train models on your data. Then they can delete it because they don't need it anymore.
Show threadSolomon1d ago
@Tutanota No such app on my android!? 🤔
Show threadAndy H1d ago
@ojelabii @Tutanota me too, Android 15 on Pixel 8.
Show threadsunny Ske-lil-ton ☀️1d ago
@ToshInMacc @ojelabii @Tutanota same, no Gemini App on Android 16. Maybe because of EU data protection/privacy laws?
Show threadSolomon1d ago
@Larymir Dunno. 🙂
@ToshInMacc @Tutanota
Show threadGene Shackman1d ago

@ToshInMacc @ojelabii @Tutanota

I have the same. Android 15, pixel 8. But if I type "Gem" in searching app settings, then it looks like it shows up.

Show threadSolomon23h ago
@geneshackman Still nothing here. 🙂
@ToshInMacc @Tutanota
Show threadAnnelies Kamran, Ph.D.1d ago
@ojelabii @Tutanota same here - I have a Samsung Galaxy S9, which I think is too old for Gemini? Would like someone to confirm this!
Show threadStomata1d ago
@akamran @ojelabii @Tutanota its old to them
Show threadAnnelies Kamran, Ph.D.1d ago
@Stomata @ojelabii @Tutanota thanks
Show threadDavid Hembrow1d ago
@ojelabii I also don't have it. Android 10. Is that the reason,
@Tutanota ? Is my phone helpfully too old to support this latest round of spying crap?
Show threadTuta1d ago
@hembrow @ojelabii That's possible.
Show threadDavid Hembrow1d ago
@Tutanota Seems like a great reason not to "upgrade". Thanks, Google! /s @ojelabii
Show threadSolomon23h ago
@hembrow Had no opportunity to lay hand on my smartphone before now, sorry. Android version 13 here.
@Tutanota
Show threadPetra van Cronenburg1d ago

@Tutanota Easy to use description. Layperson-question: I don't have this Gemini app on my phone (Galaxy A21s, EU law) and remember that I had already deactivated the search assistant. Does this app appears automatically in 4 days? Or is it hidden somewhere?

(BTW; I even don't believe that Google doesn't collect data if deactivated.)

Show threadUkeleleEric1d ago
@Tutanota As far as I can tell, there is no Gemini on my phone, due probably to the fact that I only install and update via a third-party website, have no Google account on it, and have as much dialled-down and disabled as possible.
Show threadLaserdisc Turtle (Ewan)1d ago
@Tutanota I currently have both Assistant and Gemini disabled on my Google Pixel Fold (original). No Gemini app to select and change the settings of. Will keep an eye on it and see what happens after the 7th.
Show threadTuta1d ago
@LaserdiscTurtle Great, do keep us in the loop when you spot anything.
Show threadaritrasaha1d ago
@LaserdiscTurtle @Tutanota just use @GrapheneOS why you are on google android. Solve with a single chop
Show threadChaz61d ago
@Tutanota billionaires will not be satisfied even when they have complete access to our personal lives.
Show threadLazarou Monkey Terror 🚀💙🌈1d ago
@chaz6 @Tutanota they want access to our minds, to rip us off and sell us back our own thoughts. They truly are the enemy of everything human
Show threadMad A. Argon 1d ago
@Lazarou @chaz6 @Tutanota why I imagined anime-like scene where protagonist, attacked by powerful mind-reading villain, exposes own pain and traumas, causing villain's brain short-circuit and meltdown?
Show threadLazarou Monkey Terror 🚀💙🌈1d ago
@madargon @chaz6 @Tutanota lol, that does sound like an anime!
Show threadan actual bus1d ago
@chaz6 @Tutanota They will never be satisfied. These are people who want more itself.
Show threadfabriziob1d ago
@Tutanota Genuine question: if I completely disable Gemini on my Pixel I am sent "back" to Google Assistant.
Is my data actually safer in that case?
I see it reads the screen anyway if I activate it (mostly by mistake) and it absolutely does not have the same settings as Gemini.
Show threadTim Ward ⭐🇪🇺🔶 #FBPE1d ago
@Tutanota WTF is Gemini? Do I need to care about it?