Vibed account verification.

(via LinkedIn https://www.linkedin.com/posts/lukehinds_sign-of-the-vibe-times-share-7438895731354066944-K7ox)

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

Five years ago I pointed out nearly all NFT's were going to break when the startup who minted them goes bust, causing people to get *extremely* mad at me until everyone concluded that I was correct.

Thought I'd check in on the two examples I used and well

security advice, 1996: writing your passwords down in a notebook is a very bad idea and nobody should do it

security advice, 2026: writing your passwords down in a notebook is one of the most secure storage methods for most users

(fun how threat models change over time, eh?)

Here's our 25-min video news-documentary version of the story of Red Bull, the whistleblower who leaked me the secrets of a crypto scam compound while trapped as a forced laborer inside it.

https://www.youtube.com/watch?v=zOcNaWmmn0A&t=1s

Hope you'll watch and consider the immense scale of this global crisis.

lol https://seclists.org/oss-sec/2026/q1/89

telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.

If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes

In telnetd for a decade 💀