This. 👇
Anti-virus, malware and infosec expert, crypto amateur, privacy advocate and general annoyance.
PGP keyID: 0x365697c632dd98d9
VessOnSecurity
- 1.5K Followers
- 52 Following
- 9.3K Posts
Lulz. China has activated a law that explicitly forbids local entities from complying with US sanctions.
https://www.geopolitechs.org/p/china-uses-blocking-law-for-first
"Questions for the Jedi Vice-Chair of Graduate Studies":
https://www.mcsweeneys.net/articles/questions-for-the-jedi-vice-chair-of-graduate-studies
Man, ChatGPT is so useless for serious programming tasks... I normally use Claude for these and ChatGPT only for simple programming questions (basically, as a substitute for googling), but since this time it made an enticing offer, I decided to try it.
Right now, my RDP honeypot collects only the NTLM response blob from the attacker. I was wondering if these were crackable, e.g., with Hashcat, so I asked ChatGPT. Turns out, they aren't, because the server challenge isn't logged. "If you point me to the source of your honeypot," it said, "I can tell you exactly which lines to patch and how, so that the honeypot logs all the necessary info". Sounds good, so I pointed it at the repo. Its advice?
- Go to the directory rdpy/protocols/rdp/nla. (Doesn't exist; it's "protocol", not "protocols".)
- Edit the file ntlm.py (Okay.)
- Look for a function named "..." (Doesn't exist.)
- Find a line that says "..." (No such line in the entire file.)
- Change it to "..." (I gave up at this point.
"We don't know who struck first, us or them. But we do know it was us that scorched the sky."
GrickleMay the fourth be with you or whatever. #grickledoodle #millenials #milleniumfalcon #starwars #maythefourthbewithyou #cartoon #birds #art #funny #humor
da_667I'm going to say something that's been festering in my mind for a while now. In my two decades of practice in information security, I have yet to see responsible disclosure result in measurably better security posture.
Code quality hasn't improved, patch management hasn't improved, minimum viable product hasn't improved, automated security updates, especially for IoT devices... Jesus Fucking Christ haven't improved. The cost of failure for organizations losing your data due to gross negligence has in no way improved, why should responsibility be the domain of the security researcher when nobody else is willing to share in that responsibility?
I'm half-tempted to say if you have 0-days you might as well get paid for them than be responsible. Because even with a tilted playing field, nothing has measurably improved since I've been here and I would argue with "vibe coding" and the tech industry's view of "Let the AI handle it" that software quality is the worst it has been since the 90s. I lived through windows millennium edition. I've seen shit you wouldn't believe.
"Hardware's fucked because we can't buy any, software is fucked because the LLMs trained by reddit and stack overflow are in charge now. You might as well fucking guess at this point."
The switch of Bulgaria's national currency to the euro will not lead to inflation, they said. It will be fine, they said.
Meanwhile...
"Bulgaria Faces Inflation Spike Above 7%, Fiscal Council Chief Urges Rapid Measures":
"Bulgaria Tops Eurozone Inflation Rankings as Prices Rise 6.2% in April":
"Bulgaria: Food Prices Keep Climbing as Imports Dominate Market, Former Minister Warns":
Bulgaria Faces Inflation Spike Above 7%, Fiscal Council Chief Urges Rapid Measures - Novinite.com - Sofia News Agency
Simeon Dyankov, chairman of Bulgaria’s Fiscal Council and former finance minister, said inflation needs to be addressed immediately, pointing to a recent sharp monthly increase. Speaking on BNT he said: “First, they have to deal with one problem, which is inflation.
May the Fourth Be With You!
"Acoustic Keystroke Recovery - Reconstructing Typed Text from a Laptop Microphone":
