Sass, David

@sassdawe@infosec.exchange
336 Followers
362 Following
4.4K Posts

Black Lives Matter

Dreamer | Speaker | Legend | SRE | MCT | Shadow Architect

He/him/his/Skills

VB better than PowerShell

Have we met?

GitHubhttps://github.com/sassdawe
Bloghttps://kolislab.com
Sessionizehttps://sessionize.com/david-sass/
Linkshttps://davidsass.io
Sass, David5h ago
PSConfEU14h ago
We're thrilled to announce that the 10th anniversary edition will be in Wiesbaden, Germany, from 1–4 June 2026. 🎟️ Early Bird tickets (€1750) include 3 nights at Dorint Pallas (from Monday to Thursday) More info: psconf.eu #PSConfEU #PowerShell #IT #Germany #Automation
Sass, David5h ago
PSConfEU12h ago
Master secure #PowerShell scripting with Friedrich Weinmann. Gain insights into best practices for script security, including Azure Key Vault and PowerShell's Secret Management module. #PSConfEU

Secure Code Design Practices -...
Secure Code Design Practices - Friedrich Weinmann - PSConfEU 2024

YouTube
Sass, David17h ago
I wrote a short #PowerShell script to check if a modules needs to be updating or not last year, and this week I wrote another one for #PSConfEU for the same purpose.
And today I realized I wrote the exact same thing twice - down to the last letter. I guess this means my original idea can't be improved - not by me at least. :D
Sass, David1d ago
Picard Tips1d ago
Picard management tip: Take your leisure time seriously. A relaxed captain is a sane captain.
Sass, David1d ago
Obsidian1d ago

Obsidian 1.9.3 (early access) is now available for desktop and mobile, with more improvements to Bases:

- New Cards view lets you display files in a grid layout
- "New item" button creates a file that matches filters of the current view
- Sort menu lets you easily sort items

Sass, David3d ago
πŸ…°πŸ…»πŸ…ΈπŸ…²πŸ…΄ (πŸŒˆπŸ¦„)3d ago

Hey all y'all need to stop using "guys" in mixed company.

- My trans girlfriend is not a guy.
- My cis girlfriend is not a guy.
- I'm not a guy (or a girl, but that's not relevant here).

Misgendering is misgenderingβ€”even if "everyone's doing it".

Patriarchy shouldn't be the default.

#FuckThePatriarchy #Feminist #LGBTQ+ #Rant

Sass, David3d ago
nixCraft 🐧3d ago

Ask a developer to estimate a 2-day task, he'll tell you it'll take 2 weeks.

Ask him to estimate a 6-month project, he'll say "Yeah, I can probably knock that out in a weekend." 🀣

Sass, David6d ago
Martin Seeger6d ago

PostMortem: Assumed DOJ Montana Leak of Phone Dumps

Type of leak

Highly confidential information on a public SMB share without authentication

Threats from the leak

I see the following threats:

  • Integrity and Confidentiality of investigations into serious crimes compromised
  • Privacy of U.S. citizens compromised (very likely to contain most intimate data)
  • Providing 3rd parties hostile to the U.S. with blackmail material

1/4

Sass, David6d ago
Show threadMartin Seeger6d ago

Analysis

This is not a complete failure analysis. This are only my observations. A full detailed analysis is most likely to be even more shocking.

Failures:

  • The PC with that kind information should never have been "internet facing" (architecture mistake)
  • The informations do not belong on any file share (organisational mistake)
  • Shares should never allow unauthenticated access (configuration mistake)
  • The information should never have been stored unencrypted (lack of data security)
  • Incoming SMB traffic should never be allowed to such a network (firewall policy mistake).
  • Any such network should include a monitoring of the external attack surface that could easily identify such a leak (lack of posture management, lack of attack surface management).
  • It was out of scope for our involvement, but is very likely that the systems could have been used to compromise any attached network
  • SUMMARY: A complete and utter failure of IT-Security on the technical and organisational level for that lab

Impact

It can be safely assumed (due to duration and easiness to discover) that all data on those shares is now in the hands of inttelligence services with non-friendly attitude towards the United States of America (e.g. Russia, China)

3/4

Sass, David6d ago
Dr.NickDec 8, 2023

We are almost there folks hang in there

2020 β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–‘ 547%

Γ—
VissJun 20

so ai is going great

https://m.slashdot.org/story/443463

Show threadKilokuJun 20

@Viss this simulation is flawed by the fact that they prompted the "AI" that it should pick between blackmailing or letting itself be shutdown. They gave it no room for attempting non-hostile solutions.

Anthropic keeps making these headline grabbing sham "studies"

Show threadPxl PhileJun 20

@Kiloku @Viss i thought something similar.

Anyhow I am surprised that all jump on the Bad-AI-is-gonna-kill-us bandwagon instead of realizing it is reality disturbing Omni Consumer Products from RoboCop that we are witnessing

Show threadVissJun 20

@ppxl @Kiloku i figure the question becomes real simple:

even if you think anthropic is goosing the tests, shouldnt the llm ... not do blackmail? i mean even if you told it to? that seems like the obvious expectation here.

Show threadKilokuJun 20
@Viss @ppxl It's not an intelligent being, despite the name. It does whatever matches the content in its training data + the prompts it is given. There's no "should", it's a result of statistical calculations on frequency of chunks of text. Nothing about LLMs is obvious or expected, they are unpredictable.
Just like they often output wrong information about factual topics, it's not surprising that they do "wrong" behaviors in simulations.
Show threadVissJun 20
@Kiloku @ppxl have you trained an llm before?
Show threadPxl Phile6d ago

@Viss @Kiloku yeah biases AND implementation details kick AI responses. Underlying racism, insufficient and flat false training data etc.

Ugh that reminds me that I wrote my own Markov AI from scratch and trained it on my (back then) tweets. Results were catastrophic πŸ˜…

Show threadViss6d ago
@ppxl @Kiloku heh, i did that ebooks bot thing too. was pretty hilarious :D
Show threadPxl Phile6d ago
@Viss @Kiloku at times true... but the training data was really insufficient. And my implementation was flawed (naturally, to prove my point). I just stumbled over the code base recently and thought of a Golang re-implementation with some buff-up