rx13  

@[email protected]
120 Followers
130 Following
883 Posts
Security Engineer || Possibly a robot.
Cybersecurity. Code. Sarcasm. Not in that order.
GitHubhttps://github.com/rx13
Signal@intrct.01
Blueskyhttps://bsky.app/profile/rx13.bsky.social
Show threadrx13  1d ago
@neurovagrant
Hey, and we aren't technically lying at all, so even better
Show threadrx13  5d ago
@daedalus
Yeah, been having recurring conversations with leadership about why we still need to define more metrics than volume of output, because that's literally the only guarantee models provide: they will give you a shit ton of output consistently, with no way to evaluate quality beyond hours and days of human analysis.
Show threadrx13  Mar 27

@k3ym0
@da_667

* Cries in DoH-allowed-networks *

Show threadrx13  Mar 26

@Viss
This is pretty similar to what they actually do. They're a little more sneaky about it to make reverting difficult for victims.

The actor gets admin on a victim cloud account, then spin up an account they control. They set up cross account sharing from the victim account (AWS RAM), and then deploy the cryptomining on the account they control using victim compute.

The only thing victim sees is the RAM enablement logs, if they're monitoring at all, and compute charges, but none of the actual compute instances.

Show threadrx13  Mar 26

@ftg
@f4grx @wdormann maybe that's all it does and they just don't document it 🤷

For $5 they probably just bundling FOSS

Show threadrx13  Mar 25

@da_667
It's not great to do late night ones, but better than doing none!

Well done

Show threadrx13  Mar 24
@GossiTheDog
They're trying not to upset their 450 target price
rx13  Mar 24

@lcamtuf
There's a service you can run to intentionally trap them (nepenthes) or a AI blocker/anti-scraper (Anubis)

https://zadzmo.org/code/nepenthes/

https://github.com/TecharoHQ/anubis

Nepenthes - ZADZMO.org

Making web crawlers eat shit since 2023

rx13  Mar 23
The Tennessee Holler Mar 23
The real story… under any other president this would be jail time…
rx13  Mar 21
@lcamtuf
The most ridiculous aspect of this, is that we know teleportation services require explicit consent, there's no way they'd let you use them unintentionally, it's far too expensive