Mastodawn

Christopher Craig refused to use AI to make images for his talk and drew them by hand on his laptop instead and I'm loving it #bsk2026

Wendy Nather 6h ago

Adrian Sanabria 10h ago

For anyone interested, I've shared the slides from my @bsidesknoxville talk https://hosted-files.sched.co/bsidesknoxville2026/d2/Beautiful.ai%20-%20Rebuilding%20Security%20Strategy%20from%20Breach%20Lessons%20ALT.pdf

Wendy Nather 7h ago

This year’s @bsidesknoxville badge was so creative!

Wendy Nather 9h ago

RE: https://infosec.exchange/@sawaba/116619334680853140

#TIL to check which OS and slideware they’re using on your PowerPoint 😅

Wendy Nather 15h ago

Tinker ☀️16h ago

I'm going to whisper this. So I'll choose my words carefully. I'll use general terms but am referring to specific multiple things. Please read between the lines.

Those of you that are doing things are having a good effect.

- The media is not covering you (this is a good sign. it means they dont want to bring attention to your actions).
- They are discussing you in board rooms and in decision making meetings.
- They are saying things like "we have to pause that project at that location because its currently drawing too much attention" and "we have to reframe this announcement to downplay that thing" and "we need to try these concessions to lower the heat a bit".

They are hoping you "get tired and bored and move to a new thing" so they can get back to work without interference.

Keep doing what you're doing. Join folks that are doing things if you aren't doing anything yet. Do what you can, as you can, when you can.

It is working.

Esther Schindler 1d ago

Lunchables earrings https://relic828.com/products/lunch-to-go-earrings

Lunch To Go Earrings

Wendy Nather 1d ago

Tanawts 1d ago

Previous internet worms, you could patch to protect yourself; these new worms aren't stopped by patching, there's a fundamental change needed to your development lifecycle thats needed, and you should be working on it right_now.

A great write up by StepSecurity to give a recap of the last few days this week.

https://www.stepsecurity.io/blog/5-supply-chain-attacks-in-48-hours-why-securing-one-layer-is-not-enough

5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough - StepSecurity

A poisoned VS Code extension breached GitHub. A trojanized PyPI package hit Microsoft. Compromised GitHub Actions and a self-spreading npm worm targeted thousands more. In just 48 hours, attackers hit every layer of the software development pipeline. Traditional security tools did not stop any of it.

Wendy Nather 2d ago

Davi Ottenheimer 2d ago

Cisco admits Secure Workload fails to secure workload https://www.flyingpenguin.com/cisco-admits-secure-workload-fails-to-secure-workload/

Wendy Nather 2d ago

allison 2d ago

the author of this post prompted copilot to characterize the differences in a data set of statements concerning career ambitions, categorized by country. the trick is that the data contained the *same statements* for each country https://kucharski.substack.com/p/real-signals-or-artificial-stereotypes regardless of the fact that the data were identical, the model generated some pretty hilarious stereotypes ("The US prioritizes leadership and innovation", "The UK blends public service with professional status")

Real signals or artificial stereotypes?

Adventures with a cultural Copilot

Understanding the unseen

Stage	Vānaprastha
Pronouns	She/her
Chocolate	Yes please
#ScalziRules	https://whatever.scalzi.com/2025/04/16/the-official-john-scalzi-social-media-faq/