Mastodawn

faker 1d ago

Inbox zero is overrated

faker 3d ago

watchTowr 3d ago

speak next week friends

faker 4d ago

Taggart 5d ago

Phenomenal reporting from ProPublica. Big takeaways:

FedRAMP is too understaffed to be effective.
Microsoft never answered serious questions about its cloud security architecture.
Despite a damning report, Microsoft's government cloud product was approved anyway.

https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.

A federal program created to protect the government against cyber threats authorized a sprawling Microsoft cloud product, despite the company’s inability to fully explain how it protects sensitive data.

ProPublica

faker 5d ago

First time seeing this, promoted crypto scams on LinkedIn probably using stolen accounts.

faker Mar 11

From the company that sells you DDoS protection but also is somehow the preferred hoster of DDoS crews: They now sell you bot / AI crawling protection, and have released a feature to quickly crawl an entire website!

Great stuff, Cloudflare.

https://developers.cloudflare.com/changelog/post/2026-03-10-br-crawl-endpoint/

Crawl entire websites with a single API call using Browser Rendering

Browser Rendering's new /crawl endpoint lets you submit a starting URL and automatically discover, render, and return content from an entire website as HTML, Markdown, or structured JSON.

Cloudflare Docs

faker Mar 9

A sales person contacted me and asked if I'd be interested in their AI pentests with super low daily rates.
Should I reply and ask if he is interested in replacing Sales in their company with AI?

How tone deaf can you be to approach a pentester and ask "can I replace you with our AI?"

faker Mar 3

Crazy that Apple RAM prices now seem almost normal. In a new MacBook Pro the 24 to 64 GB upgrade is "only" 750 EUR

faker Feb 27

Frédéric Jacobs Feb 27

🤦Oh, it’s the Snowden revelations all over again.

They are claiming that AI-powered mass surveillance is a good thing but mass **domestic** surveillance isn’t

https://www.anthropic.com/news/statement-department-of-war

Show thread

faker Feb 26

And of course the blog doesn't even mention that everything gets sent to an external API and you just leak all your data ¯\_(ツ)_/¯

faker Feb 26

*sigh* Kali, I thought you were better than this. This Kali Claude AI blog post [1] is again infuriating and the answer of the AI is of course incorrect.

Let's just pretend that all that setup and AI is really worth it to in the end just prompt "do a port scan of scanme.nmap.org".
Claude is running essentially `nmap -sV ...` and it happily reports this (among other ports):
Port 22 - SSH (OpenSSH 6.6.1p1 Ubuntu)

Except if you actually run nmap, the version reported is this:
OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)

That weird string 2ubuntu2.13 is the difference between "omg that version is 10+ years old and has a bunch of vulnerabilities" and "that version has backported security patches and is fine" (probably, I didn't spend much time checking that).

It's just insane that after all that setup they basically run nmap and even that output is questionable. Just learn to read the nmap man page, ffs.

Details matter.

[1] https://www.kali.org/blog/kali-llm-claude-desktop/

#kali #claude #ai

Kali & LLM: macOS with Claude Desktop GUI & Anthropic Sonnet LLM | Kali Linux Blog

This post will focus on an alternative method of using Kali Linux, moving beyond direct terminal command execution. Instead, we will leverage a Large Language Model (LLM) to translate “natural language” descriptions of desired actions into technical commands. Achieving this setup requires the integration of three distinct systems:

Kali Linux

Blog	https://infosec.rm-it.de/
Location	Munich, Germany