When I started in security, one of the prevailing attitudes was "The weakest link in the chain will always be the human."

I would like to thank every LLM provider and startup for changing this paradigm by introducing a much weaker link in the chain.

If you have ever wondered why #Facebook seems either to ignore or fail to remove obvious scammers when you report them - well, there's a reason for it: They make a huge profit for Facebook.

If you believe Facebook has now stopped or will in future stop this practice now that they've been exposed, you're way too trusting.

https://arstechnica.com/tech-policy/2025/11/bombshell-report-exposes-how-meta-relied-on-scam-ad-profits-to-fund-ai/ "Bombshell report exposes how Meta relied on scam ad profits to fund AI"

#scams #fraud #scammers

AlphaPhoenix's video about the home-built 2 billion fps camera is one of the coolest videos for a long time. The premise is so simple that anyone (even people without degrees) can follow and understand it. Educational and cool as heck!

https://www.youtube.com/watch?v=o4TdHrMi6do

#alphaphoenix #science #physics

*New CNN Live Zoom Call Deepfake Video*
An engineering org sent $25 Million to scammers who deepfaked the finance team in a live video call. Are your colleagues, family & friends ready to catch this AI attack?
I demo'd a live Zoom deepfake to CNN's Clare Duffy to help you spot the signs.

These live video call or audio call deepfakes are increasing in the business world. Most often, an exec is deepfaked to the team that supports them asking for money, passwords, MFA codes, etc:
- $25M sent to scammers in Arup video call deepfake attack https://cnn.com/2024/05/16/tech/arup-deepfake-scam-loss-hong-kong-intl-hnk
- Fraudsters Cloned Company Director's Voice In $35 M Heist: https://forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/
- Wiz CEO says company was targeted with deepfake attack that used his voice: https://techcrunch.com/2024/10/28/wiz-ceo-says-company-was-targeted-with-deepfake-attack-that-used-his-voice/

We're also seeing a large increase in attackers using AI to voice clone an exec and target their team to steal money, data, or access, like in this example I did for 60 Minutes: https://x.com/RachelTobac/status/1976308961684189576

Many recommend using a verbal "passphrase" with colleagues, family and friends to verify that person you're talking to is who they say they are.
A verbal passphrase could work in some scenarios, especially the ones that aren't super dire or extreme. But, in the scenarios tricking families, where a child is deepfaked to a grandparent/parent/sibling etc and is in extreme distress, screaming, and crying -- remembering passphrases will be hard to do in the moment.
That is because we know from neuroscience that the amygdala in the brain takes over during times of crisis, making it challenging to remember anything at all except the present moment.
If you've ever been through a true crisis at home then you may know that it's hard to even remember your own ADDRESS to report to 911 during an actual emergency. The brain goes blank.
What I recommend instead is: if your family, friends, or colleagues get a terrified phone call from "you" asking for money (for example), stay on the line and use another method of communication to verify authenticity of the request while offering words of support.
Even a quick text, chat, or DM (even while the call is ongoing!) can verify that the call is a scam (and your loved one is actually safe) before sending money.

Share this example with family, friends & your team to ensure everyone is on the same page about Being Politely Paranoid and using another method of communication to verify people are who they say they are:
CNN: https://edition.cnn.com/2025/10/07/business/video/deepfake-scam-ai-zoom-call-digvid

Right now, AI voice clone scam calls are increasing for orgs.
I give it 1 year before criminals increase use of live video call deepfakes in their scams. Get your team and folks prepared now.

Despite the recent media reporting, #Windows installation with local accounts is working just fine. Create a regular Windows installation media and drop autounattend.xml to the root of the USB device and install it.

You can craft the autounattend.xml yourself or use a service like https://schneegans.de/windows/unattend-generator/ to generate it.

If the installation demands you to connect to the internet, you can bypass this part by pressing Shift+F10 and then entering oobe\bypassnro + <return>. After the installer restart, you'll have the "I don't have internet" option, and the installation will proceed. If the bypassnro is missing you can:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f
shutdown /r /t 0

EDIT: To clarify: While I did not test the latest insider build I believe this method will continue to work, even with it. I'll be sure to edit the post if this turns out to be incorrect.

Broadcom has stopped delivering automated updates to #VMware Fusion and Workstation. All updates have to be downloaded and installed manually from the Broadcom Support Portal (as a side note: This portal is one of the worst corporate "support" websites I've seen in the last decade).

This is terrible. It will lead to tens of thousands of VMware installations remaining vulnerable to trivially exploitable flaws, for example, local privilege escalation via CVE-2025-41244 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

BTW, Please note that to fix CVE-2025-41244 you must now manually download the correct VMware Tools package from the support portal, unpack the zip, mount the ISO image, and then execute the setup.exe from the mounted ISO image. There is currently no VMware releases that include the fixed VMware Tools, so if you create any new VMs you MUST install the update manually to each new VM. Did I already mention this is terrible?

#enshittification #infosec #cybersecurity

Apparently #macOS 26 has a bug that leads to massive CPU usage and lagginess in apps until you terminate and restart them. The lagginess creeps in over time, until the affected app is restarted again.

https://github.com/zed-industries/zed/issues/33182#issuecomment-3289846957

I ran into this with #iTerm2 but the issue has been reported already months ago in macOS betas with various apps.

Workaround is to: defaults write -g NSAutoFillHeuristicControllerEnabled -bool false

You will lose some autofill functionality by doing this, but apps slowing down over time is quite annoying, too.

#Apple quality control leaves things to be desired yet again.

Yay! Or maybe AIEEE! Seems like I'm giving a talk at #EuroBSDCon again this year!

Anyone who has been following me here for a while will know I'm a hopeless #retrocomputing nerd, and I will make no attempt at hiding it during my talk:

Dirty Tricks: Using nginx and Lua to thwart bots and skript kiddies

I'll (try to) show how you can protect your #BBS from drive-by portscans and your production systems from #DDoS attacks using all the wrong tools.

Dietary warning: may contain traces of floppies.

https://events.eurobsdcon.org/2025/talk/review/RHDFBQWZEVC833T3WDLDEXYFQVRWJKMN #FreeBSD #BSD #Unix #DOS #RunBSD

Insecure defaults can lead to surprises. When creating FIFO sockets with systemd, be sure to note that SocketMode defaults to 0666 - that is world readable and writable. That is: any local user can communicate with the FIFO. If your FIFO is used to perform privileged operations you must ensure that either the FIFO file itself is located in secured location or set SocketMode to stricter value.

I spotted one such insecure use in cloud-init: the hotplug FIFO was world writable. This is CVE-2024-11584 and fixed in cloud-init 25.1.3.

The commit fixing this is in https://github.com/canonical/cloud-init/pull/6265

#CVE_2024_11584 #ubuntu #systemd #infosec #cybersecurity

New episode! Ep 159: Vastaamo

This is the cruelest, nastiest, darkest cyber attack in history. Joe Tidy tells us the story.

https://darknetdiaries.com/episode/159