@[email protected]
35 Followers
141 Following
4 Posts
pretty experienced software developer with a strong interest in #infosec. EU. Realist.
Jul 7, 2023
thanks for everyone who actually writes informative posts on this thing ❤️
Jun 1, 2023

@lirantal As dev, I can confidently say this #vscode popup is unacceptable and has already done it's damage by causing widespread alarm fatigue.

They made this to show up on EVERY SINGLE FOLDER I open with vscode. It has so clearly been bogus from day 1 that i never even looked into what triggers it, because the criteria is clearly wrong.

It SHOULD have been designed to only show up when a .vscode directory exists in folder, or maybe if extensions with fancy auto-exec capabilities get loaded. Maybe vscode comes preloaded with those, but that's not my problem, I just used it as a dumb text editor on an empty repo and got this message.  

Context, I created this rant after thinking about this vscode exploit :https://infosec.exchange/@lirantal/110468310055535868 and how to protect developers from code exec via a repo they clone. This is not it.

Liran Tal :verified: (@[email protected])

Undocumented settings in VS Code lead to command execution and may be abused. Microsoft did end up fixing it. Here's the read on the security issue: https://blog.ammaraskar.com/vscode-rce/ Remember devs - open-source supply chain security is mostly about being able to target *YOU*.

Infosec Exchange
Apr 5, 2023
Wolfie ChristlApr 5, 2023
T-Mobile US, a data broker partly owned by Deutsche Telekom and by the German government, now boasts to commercially exploit "billions of data signals" on 50m households, 110m customers and 230m devices about how they use apps, "what they do, where they go, and what they buy".
Show threadMar 30, 2023

So it is my perspective as an left-party EU person that #tiktok being such a huge company everywhere is not a good thing, which implies the need for some sort of clever regulation.

That's it. I'm no expert.

Show threadMar 30, 2023

#Orwell1984 was never about the privacy. It is about how a dictatorship controls people by giving them only the information that supports a pro-dictatorship world view.

Its super effective and frankly, super scary, if you think it through from the perspective of an individual worker in a society that will not think twice to throw you into the meat-grinder for the greater good.

Mar 30, 2023

@riskydotbiz had a take on the #tiktokban that I find interesting.

First off, let's completely ignore the privacy aspect please.

Now, the power aspect. Do we actually want a huge chinese media empire to exist worldwide? Because #tiktok is certainly that.

Now if tiktok actually enabled cultural exchange and friction between China and the rest of the world, that would be a different thing. But China has fully implemented information control. 🧵

Mar 29, 2023
Effin' BirdsMar 29, 2023
Mar 28, 2023
Avoid The Hack!Mar 27, 2023

#ChatGPT gets “eyes and ears” with plugins that can interface #AI with the world

Can't wait for ChatGPT to engage in some benign penetration testing...

Wait a minute...

#machinelearning #pentesting

https://arstechnica.com/information-technology/2023/03/chatgpt-gets-eyes-and-ears-with-plugins-that-can-interface-ai-with-the-world/

ChatGPT gets “eyes and ears” with plugins that can interface AI with the world

Plugins allow ChatGPT to book a flight, order food, send email, execute Python (and more).

Ars Technica
Mar 24, 2023
Chris TrottierMar 24, 2023

Yes, I think TikTok should be banned.

I also think Facebook, Instagram, Twitter, LinkedIn, Snapchat, Pinterest, YouTube, and Reddit should be banned.

Anything that requires surveillance capitalism should be banned.

Mar 19, 2023
Show threadCube DroneMar 18, 2023
as a dumpy ADHD man who wears a robe for most of the day and who has built a tremendous amount of real actual software I feel like if I had to operate in a traditional corporate environment, having a productive looking actor representing me would actually be a real career boon