@bontchev@infosec.exchange avatar

bontchev

@[email protected]

Anti-virus, malware and infosec expert, crypto amateur, privacy advocate and general annoyance.

PGP keyID: 0x365697c632dd98d9

This profile is from a federated server and may be incomplete. View on remote instance

@bontchev@infosec.exchange avatar bontchev , to random

Economics in one lesson.

@Gargron@mastodon.social avatar Gargron , (edited ) to random

RE: https://mastodon.social/@verge/116041069446538092

We’ve moved our internal communications from Discord to Zulip at Mastodon, and I think there are plans to do the same for our Patreon community Discord. The harder part will be untangling my gaming communities from this…

bontchev ,
@bontchev@infosec.exchange avatar

@Gargron Discord is just the canary in the coal mine. Soon, all Internet communities will face a choice - either ID everyone or be banned in many countries. Internet anonymity is dead. All because of a couple of despotic regimes that want to be the parents of our children and want to have full control and surveillance over communities that might have "subversive" (i.e., antigovernmental) thoughts. Sometimes I'm glad that I won't live long enough to see it accomplished...

@bontchev@infosec.exchange avatar bontchev , to random

My MongoDB honeypot is now open source:

https://gitlab.com/bontchev/mongopot

Visualization (not included in the repo):

https://pandora.nlcv.bas.bg/grafana/d/EysKAV4Dz/mongopot

@malwaretech@infosec.exchange avatar malwaretech , to random

[Thread, post or comment was deleted by the author]

  • Loading...
  • bontchev ,
    @bontchev@infosec.exchange avatar

    @malwaretech Is it a fancy bear?

    @briankrebs@infosec.exchange avatar briankrebs , to random

    New, by me: Is your Android TV streaming box part of a botnet?

    "On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user’s network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers."

    The story looks closely at what Superbox is, how it operates, and what it appears to do on the sly. Spoiler: A Censys researcher found that installing the apps that allow these channels to stream enrolls the user's IP in a residential proxy service, and that these devices include powerful network discovery and remote access tools like Tcpdump and Netcat.

    Overall, the Superbox is just one brand in an ocean of no-name Android-based TV boxes that are widely available and that either come pre-infected with malware or require malicious apps to use.

    https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs I don't know which brand it is, but there is some brand of Android TV that exposes the adb interface directly to the Internet. In practice, this means that just by knowing the IP address of the device, you can log into it from anywhere in the world - and log in as root and no password!

    There is, of course, a worm/botnet that exploits this. I'm tracking these attacks with my ADB honeypot:

    https://pandora.nlcv.bas.bg/grafana/d/6Fh36QEmk/adbhoneypot?orgId=1

    @Daojoan@mastodon.social avatar Daojoan , to random

    The QWERTY keyboard was designed to reduce mechanical jamming in early typewriters.

    We kept it for computers. Which don't jam.

    How many of our systems are just preserved solutions to problems that no longer exist?

    And how would we even know?

    bontchev ,
    @bontchev@infosec.exchange avatar

    @Daojoan
    The U.S. standard railroad gauge (distance between the rails) is four feet, eight and a half inches.

    That’s an exceedingly odd number. Why was that gauge used? Because that’s the way they built them in England, and English expatriates built the U.S. railroads.

    Why did the English people build them like that? Because the first rail lines were built by the same people who built the prerailroad tramways, and that’s the gauge they used.

    Why did ‘they’ use that gauge then? Because the people who built the tramways used the same jigs and tools that they used for building wagons, which used that wheel spacing.

    Why did the wagons use that odd wheel spacing? Well, if they tried to use any other spacing the wagons would break on some of the old, long-distance roads, because that’s the spacing of the old wheel ruts.

    So who built these old rutted roads? The first long-distance roads in Europe were built by Imperial Rome for the benefit of its legions. The roads have been used ever since. And the ruts? Roman war chariots made the initial ruts, which everyone else had to match for fear of destroying their wagons. Since the chariots were made for or by Imperial Rome, they were all alike in the matter of wheel spacing. Thus, the standard U.S. railroad gauge of four feet, eight and a half inches derives from the specification for an Imperial Roman army war chariot. Specs and bureaucracies live forever.

    So the next time you are handed a specification and wonder what horse’s ass came up with it, you may be exactly right. Because the Imperial Roman chariots were made to be just wide enough to accommodate the back ends of two warhorses.

    @briankrebs@infosec.exchange avatar briankrebs , (edited ) to random

    Watched the Kubrick classic 2001: A Space Odyssey on an international flight recently, and can confirm this movie is still the best way to fall asleep on a plane.

    Except the part where (SPOILER ALERT!) Hal (AI) goes rogue and starts killing the crew. I'm not proud of this, but I have frequent fantasies of being Dave, where I'm floating around inside AI's mind, disconnecting critical circuits while the machine gurgles "Daisy."

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Siri actually had funny responses to the command "Open the pod bay doors" but Apple later removed them.

    https://www.youtube.com/watch?v=YAjhDx4yoAA

    @briankrebs@infosec.exchange avatar briankrebs , to random

    After reading some of the Epstein emails, I was compelled to look in Constella Intelligence and Spycloud for exposed passwords tied to Epstein's email address: Would you believe he reused the password "Ghislaine"? If he didn't tell all his secrets, he probably leaked them inadvertently through shitty passwords.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Well, can you blame him? He was an expert in collecting underage girls - not in cybersecurity...

    @malwaretech@infosec.exchange avatar malwaretech , to random

    [Thread, post or comment was deleted by the author]

  • Loading...
  • bontchev ,
    @bontchev@infosec.exchange avatar

    @malwaretech Meh. No blockchain, no quantum computing... Not interested.

    @georgetakei@universeodon.com avatar georgetakei , to random

    Put a quack in charge, expect to be royally ducked.

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @georgetakei While this year's number of measles cases in the USA is unusually high, there has been a raising trend with spikes roughly every 5 years, starting as early as 2011:

    https://www.cdc.gov/measles/data-research/#cdc_data_surveillance_section_5-yearly-measles-cases

    @briankrebs@infosec.exchange avatar briankrebs , to random

    So the Smart Chicken people apparently think I'm dumb and won't notice that there are now just three bone-in chicken thighs in each package, down from four and costing even more.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs
    Q: Why is inflation low but the prices keep going up?
    A: Because nobody checks the CPI at the grocery store.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    Was searching my Signal contacts for something something "N" and found a contact I'd not noticed before: Note to Self. One of these days I will just RTFM.

    "Who is Note to Self?

    This contact entry is a chat to send messages to yourself.
    Use this feature to jot down a note for yourself to review later or to share messages and files with your linked devices.
    All messages in Note to Self are end-to-end encrypted Signal messages.
    Yes, you can send disappearing messages to yourself. The timer starts immediately."

    https://support.signal.org/hc/en-us/articles/360043272451-Note-to-Self

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Sending information to yourself that will disappear after a while? I already have that; it's called "memory".

    @georgetakei@universeodon.com avatar georgetakei , to random

    Let’s call it what it is: murder

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @georgetakei I wish we had seen the same outrage when Dubya and Obama were dronning weddings in Afghanistan...

    @briankrebs@infosec.exchange avatar briankrebs , (edited ) to random

    I'm only just getting my feet wet after vacay, but I've gathered that there's a big Amazon today? IDK if that's a word, but if not it is now :) Is it DNS? I haven't caught up yet.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs There was. It lasted only a few hours. But a bunch of companies, web sites, games, and other services got screwed up while it lasted.

    It's always DNS.

    @briankrebs@infosec.exchange avatar briankrebs , (edited ) to random

    New, by me: A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.

    As I was reporting this story, this happened:

    On Monday evening, KrebsOnSecurity received a malware-laced message from a reader that threatened physical violence unless their unstated demands were met. The missive, titled “Shiny hunters,” contained the hashtag $LAPSU$$SCATEREDHUNTER, and urged me to visit a page on limewire[.]com to view their demands.

    KrebsOnSecurity did not visit this link, but instead forwarded it to Mandiant, which confirmed that similar menacing missives were sent to employees at Mandiant and other security firms around the same time.

    The link in the message fetches a malicious trojan disguised as a Windows screensaver file (Virustotal’s analysis on this malware is here). Simply viewing the booby-trapped screensaver on a Windows PC is enough to cause the bundled trojan to launch in the background.

    Mandiant’s Austin Larsen said the trojan is a commercially available backdoor known as ASYNCRAT, which is a .NET-based backdoor that communicates using a custom binary protocol over TCP, and can execute shell commands and download plugins to extend its features.

    https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs SCR? Ah, yes, this is an old attack. Those are EXE files internally. They are supposed to be the programs that are run when the screen saver function is activated - but in practice, you can run one at any time just by double-clicking on it. It's a perfectly normal executable; it's just that many people wouldn't expect one to reside in a file that doesn't have an EXE extension.

    (Well, in fact many people wouldn't see the extension at all, because by default Windows doesn't display them.)

    @GossiTheDog@cyberplace.social avatar GossiTheDog , to random

    Cl0p ransomware extortion gang have a zero day in Oracle E-Business Suite (component: BI Publisher Integration) - which they’ve been exploiting since last month to steal data.

    https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs @GossiTheDog Ah, what is a Windows screenshot file?

    @briankrebs@infosec.exchange avatar briankrebs , (edited ) to random

    All the feckless scheming by the Democrats isn't going to unseat the Orange Tyrant in the White House. It's going to take mass public demonstrations, extended work stoppages/strikes, govt shutdowns, and sustained and viral boycotts of companies that bent the knee for profit or because they have spineless leaders.

    Not saying it's going to be easy, but violent resistance is not the answer, as the Cheetoh-in-Chief would like nothing more than that. Nonviolent resistance works, and has a long history of unseating despotic leaders.

    From today's NYT:

    "President Trump demanded on Saturday that his attorney general move quickly to prosecute figures he considers his enemies, the latest blow to the Justice Department’s tradition of independence."

    “We can’t delay any longer, it’s killing our reputation and credibility,” Mr. Trump wrote in a social media post addressed to “Pam,” meaning Attorney General Pam Bondi. “They impeached me twice, and indicted me (5 times!), OVER NOTHING. JUSTICE MUST BE SERVED, NOW!!!”

    Mr. Trump named James B. Comey, the former F.B.I. director; Senator Adam B. Schiff, Democrat of California; and Letitia James, the New York attorney general, saying he was reading about how they were “all guilty as hell, but nothing is going to be done.”

    "Asked later by reporters about his message for Ms. Bondi, Mr. Trump said, “They have to act. They have to act fast.”

    https://www.nytimes.com/2025/09/20/us/politics/trump-justice-department-us-attorneys.html

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs It will be very hard to keep it non-violent. Don't forget that nearly half the country voted for him and is very happy with what he's doing. There are likely to be counter-protests and the two sides are likely to clash, resulting in violence.

    As an aside, remember that a revolution has never succeeded if at least part of the armed forces (police, military) haven't joined the revolutionaries. There doesn't have to be an armed clash - but at least the silent support of the armed forces is needed.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    We all know that many news sites have paywalls. It is, after all, some or a big part of how they've chosen to fund their news gathering. There are lots of ways around paywalls or to access individual stories behind one: e.g., archive.is or archive.today lets you search a news article link to see if it's already been saved, and frequently you can read the full story that way.

    I mention this because I post a lot of links to stories that are behind paywalls, and a common reply is "paywall," as if a) that wasn't obvious and b) the link was somehow discovered to be serving malware or something. Sometimes I will post an archive.today link to a story if it's urgent and paywalled, but it's definitely not my job to do that and I've started muting the "paywall" whiners.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Sometimes it is not obvious that an article is paywalled. E.g., if you click on it from Google News, you get to read it - but if you pass the URL to somebody else and they click that, they'll hit a paywall. Or the site will let you read a couple of articles for free but then you'll hit a paywall (even if you try to read the articles you've read before).

    There are browser add-ons that warn you about paywalled links but, more importantly, this extension:

    https://chromewebstore.google.com/detail/remove-paywalls/ghkdkllgoehcklnpajjjmfoaokabfdfm

    lets you bypass the paywall (if possible) by going to an archived copy of the page you're looking at. There's probably an equivalent add-on for Firefox.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    No, we're not going to limit COVID vaccines. We're just going to continue to sow fear, uncertainty and doubt in the minds of the public about whether it's safe or even available.

    From NYT: "The federal vaccine committee appointed by Health Secretary Robert F. Kennedy Jr. voted unanimously on Friday to further limit access to Covid vaccines, recommending that adults 65 and older receive the shots only after discussing the potential benefits and risks with a health care provider."

    "The panel also said that everyone from 6 months to 64 years old could get the vaccine after consulting with a provider. But it was unclear whether that contradicted the Food and Drug Administration’s authorization of the shots only for adults over 65 and younger people with certain health conditions."

    "Together, the decisions raise questions about whether Americans can continue to walk into their neighborhood pharmacies for routine vaccinations or whether in some states they will first need a doctor’s permission."

    https://www.nytimes.com/2025/09/19/health/cdc-vaccines-mmrv-hepatitis-b.html

    It's a long time between now and November 2026. How many people will get sick and die unnecessarily before then because of this administration's utter disregard for and hostility toward science, hard data and smart people?

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs You got off easy. They were planning to make these vaccines available only with prescription - but that proposal got voted down.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    Breaking, new, by me:

    Self-replicating "Shai-Hulud" worm hits 180+ Software Packages

    At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

    https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/

    a picture from the movie "Dune" showing a giant sandworm emerging out of the desert and towering down on two humans below.

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Fortunately, virtually nobody uses CrowdStrike, right? Right?

    @briankrebs@infosec.exchange avatar briankrebs , to random

    Every time I board an airplane, I somehow relearn everything I needed to know about human nature, kindness and the lack thereof.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs That's generally the case every time there is a large congregation of people competing for a limited resource.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    Here's what I want to know: Is there any gap between narcissists of the nth degree and sociopaths? Because I can't see any difference.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs A narcissist is someone loves himself. A sociopath is someone who hates society. While a narcissist is so much occupied with himself that he's often indifferent or even hostile to society, that's not necessarily the case. Similarly, a sociopath who hates society does not necessarily love himself; he might be hating himself too.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    Makes that TWO pitches I've received in the last 24h that included the delightful phrase "new AI-powered cloud security and compliance software."

    There's so much to unpack here it's hard to know where to start (or stop), but it seems to suggest that some new AI-based technology has been devised to help close security compliance gaps. #1: Checking boxes is not where most organizations are failing. #2 Where are the basic standards of care for AI-based software that would give this untested technology the right to claim the ability to audit anything? Let alone itself.

    The golden rule for physicians is "First, do no harm." Somehow, we've grown accustomed to security products and software that violate this basic idea six ways from Sunday.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs I think you should accept and write a review along the lines of "Not on the blockchain, 1 out of 10 stars".

    @briankrebs@infosec.exchange avatar briankrebs , to random

    This is so fucked up. Thanks to the heads up from @osma (do we have quote posts yet??).

    https://yle.fi/a/74-20182048

    As I've said after each time the hapless Finnish justice system lets the notorious criminal hacker Julius Kivimaki off with a slap on the wrist, he'll just keep harming people. Because this guy still has zero remorse for his crimes, whether we're talking about his extortion of thousands of people over their psychotherapy patient notes, or any of his other many exploits.

    Just this week, Hulu debuted a 4-part documentary on Kivimaki's ignominious career. I offered some perspectives on Julius in that series as well:

    https://www.hulu.com/series/most-wanted-teen-hacker-9c894205-bcde-413c-9b53-1e3bbe99112e

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs @osma I think I watched a couple of episodes of this thing. (I guess it is the same series because it was about him and you were in it.)

    What a very strange person... Most other former criminals that I've seen express remorse (real or fake) about what they did, or at least about themselves for doing something stupid and getting caught. This one was like "yeah, I did that thing, no big shit". As if he was saying that some people have pet dogs, he swats people, that sort of stuff.

    I wouldn't even call him "evil". For me, an evil person is someone who knows that they're doing bad things and enjoys it. This guy seems utterly incapable of realizing what is bad. A psychopath, I guess? Severe lack of empathy and understanding of social norms - not even enough to reject them because he disagrees with them.

    The society needs to be protected from people like him. That doesn't necessarily mean keeping him in jail - it means keeping him doing stuff he would find enjoyable while being physically incapable of harming others.

    He needs medical help - but I doubt that he can be helped and am pretty sure that he wouldn't seek such help anyway.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    Yes, Windows (ab)users, it's that time of the month again! Oh, and if you've not done so yet, it's also time to rethink what you're going to do with that trusty old Windows 10 PC in a couple of months when Microsoft stops shipping free security updates for it.

    Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

    https://krebsonsecurity.com/2025/09/microsoft-patch-tuesday-september-2025-edition/

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs There's always 0patch.com and massgrave.dev.

    @dangillmor@mastodon.social avatar dangillmor , (edited ) to random

    Update: AP is still up with video: https://www.youtube.com/watch?v=0FIMnPfFHHw

    Reuters bends knee to China dictatorship and removes video of Xi and Putin talking about changing out body parts.

    Presumably lots of people have copies, so it's important for them to post them promiscuously -- and if possible anonymously -- to boost Streisand effect.

    https://www.reuters.com/business/media-telecom/reuters-withdraws-xi-putin-longevity-video-after-china-state-tv-pulls-legal-2025-09-06/

    bontchev ,
    @bontchev@infosec.exchange avatar

    @dangillmor China enforcing copyright laws? Who would have thunk it...

    @briankrebs@infosec.exchange avatar briankrebs , to random

    just wow. read this, from Techdirt:

    Wired, Business Insider Editors Duped By Completely Bogus ‘AI’ Using ‘Journalist’ Who Made Up Towns, People That Don’t Exist

    https://www.techdirt.com/2025/09/02/wired-business-insider-editors-duped-by-completely-bogus-ai-using-journalist-who-made-up-towns-people-that-dont-exist/

    Here's Wired's mea culpa:

    https://www.wired.com/story/how-wired-got-rolled-by-an-ai-freelancer/

    Techdirt's Karl Bode correctly concludes: "This country has taken an absolute hatchet to quality journalism, which in turn has done irreparable harm to any effort to reach reality-based consensus or have an informed electorate. The rushed integration of “AI,” usually by media owners who largely only see it as a way to cut corners and undermine labor, certainly isn’t helping. Add in the twisted financial incentives of an ad-based engagement infotainment economy, and you get exactly the sort of journalistic outcomes academics long predicted."

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Well, it's hardly surprising, given that even DEFCON was duped by AI slop.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    And just like that, the largest known DDoS has nearly doubled in size over the past couple of months. Cloudflare promises more details, and says the largest attack (11.5 terabits per second) came from Google Cloud.

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs It lasted only 35 seconds?! Uhm, that's shorter than the time the user needs to decide "hmm, the page isn't loading for some reason; let me click the Refresh button".

    @briankrebs@infosec.exchange avatar briankrebs , to random

    This is an unwelcome development: New research shows Android-based malware droppers aren't just delivering banking trojans anymore: They're also being loaded with SMS stealers and spyware.

    Dutch mobile security firm ThreatFabric finds the shift comes amid changes Google is piloting in certain markets like Thailand, Singapore, Brazil and India to block sideloading of suspicious apps requesting dangerous permissions.

    The report says the other factor driving this trend is that threat actors want to future-proof their operations. "By encapsulating even basic payloads inside a dropper, they gain a protective shell that can evade today’s checks while staying flexible enough to swap payloads and pivot campaigns tomorrow."

    https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs "Block apps with dangerous permissions"? This will fail, according to some research a colleague of mine did more than a decade ago.

    Basically, Permission1+Permission2 might be considered a dangerous combination and an app requesting them might be blocked - but you just release 2 apps, each using only one of the permissions, and when both apps are installed on the same device, they cooperate to do the malicious thing. Don't have a paper to point to (it was a lecture at an anti-virus workshop) but you get the idea. Works against iOS, too.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    NBC News: A hacker used AI to automate an 'unprecedented' cybercrime spree, Anthropic says

    The company behind the Claude chatbot said it caught a hacker using its chatbot to identify, hack and extort at least 17 companies.

    https://www.nbcnews.com/tech/security/hacker-used-ai-automate-unprecedented-cybercrime-spree-anthropic-says-rcna227309

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Yay! Somebody has finally found a way to use a chatbot for something profitable.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    You know how AI is going to achieve the singularity? Humans are going to feed it all their data, secrets, API keys, OAuth tokens and then go "oh shit" too late when they realize they all got taken in the most elaborate social engineering attack ever.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs There are two ways AI can surpass humanity:

    1. AI's intelligence increases exponentially.

    2. Humanity's intelligence decreases exponentially.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    It's long past time for RDP to go die in a dumpster fire.

    A Sudden Surge in RDP Probing
    On August 21, GreyNoise observed a sharp surge in scanning against Microsoft Remote Desktop (RDP) services. Nearly 2,000 IPs — the vast majority previously observed and tagged as malicious — simultaneously probed both Microsoft RD Web Access and Microsoft RDP Web Client authentication portals. The wave’s aim was clear: test for timing flaws that reveal valid usernames, laying the groundwork for credential-based intrusions.

    https://www.greynoise.io/blog/surge-malicious-ips-probe-microsoft-remote-desktop

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs I have a single RDP honeypot and for the past 24 hours it has experienced 3k+ attacks, albeit coming only from 45 unique IP addresses.

    https://pandora.nlcv.bas.bg/grafana/d/z7a8kaCWk/rdphoneypot?orgId=1&refresh=30m

    (The honeypot sucks, BTW. It isn't capturing login credentials and if you connect to it manually, it becomes immediately obvious that something is wrong - you get disconnected before you start entering anything. But the attackers are automated and don't care.)

    @arstechnica@mastodon.social avatar arstechnica , to random

    Why wind farms attract so much misinformation and conspiracy theory
    If you think climate change is a hoax, you might believe wind turbines poison groundwater.
    https://arstechnica.com/science/2025/08/why-wind-farms-attract-so-much-misinformation-and-conspiracy-theory/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

    bontchev ,
    @bontchev@infosec.exchange avatar

    @arstechnica If you live close to one, you won't be doubting the "noise pollution" and "bird killing" claims.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    Drop into any conversation online about securing your cryptocurrency and you will find a great number of people who clearly need help and an almost equal number of people who talk down their noses at people who don't have a clue (and who in their minds maybe even deserve to get robbed).

    The truth is, securing your cryptocurrency against theft is not a simple matter, requires a fair bit of preparation and foreknowledge. and is remarkably easy to fuck up, with unseen, massive consequences either immediately or down the road.

    My theory is that anyone who has been in the cryptocurrency space for any length of time has been through one or more experiences where they lost some or all of their coin to some scam, rug-pull, phishing scheme or outright physical theft. That's a really expensive way to learn about security, but it has its adherents.

    Here's the core truth about owning a lot of cryptocurrency wealth; it makes YOU the bank. The minute anyone knows or suspects you have sizeable amounts of crypto holdings, you become a walking target for phishers, sim-swatters, kidnappers and extortionists, or worse. And ultimately, what gets stolen stays that way, and it is rare that victims ever seen their stolen coin again.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Cryptocurrencies: be your own bank - get robbed.

    @dangillmor@mastodon.social avatar dangillmor , to random

    Big maker of electronic locks that go in safes is amazingly bad at its job, and so are a lot of the safe-manufacturing companies that use the locks.

    https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/

    bontchev ,
    @bontchev@infosec.exchange avatar

    @dangillmor Let me tell you a secret - it's not just this problem that they have found with these locks. No electronic lock is safe enough. If you care about security, go for a safe with a mechanical lock.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    “Instead of politicians, let the monkeys govern the countries; at least they will steal only the bananas!”
    ― Mehmet Murat ildan

    JD Vance’s team had the army corps of engineers take the unusual step of changing the outflow of a lake in Ohio to accommodate a recent boating excursion on a family holiday, the Guardian has learned.

    The request from the US Secret Service was made to “support safe navigation” of the US vice-president’s security detail for an August outing on the Little Miami River, according to a statement by the US army corps of engineers (USACE).

    Vance was spotted in the south-western Ohio area on 2 August, his 41st birthday, according to social media posts that noted he was seen canoeing on the river, a tributary that Caesar Creek Lake feeds into.

    https://www.theguardian.com/us-news/2025/aug/06/jd-vance-ohio-lake-water-levels

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Did the security detail use dreadnaughts to escort the boat? Anyway, troll level - master. Trump is probably jealous he didn't think of doing it first.

    @tante@tldr.nettime.org avatar tante , to random

    One thing that the current exorbitant investments in "AI" show is that the investor class and big tech corporations do not pay enough taxes: If you have billions to set on fire for spicy autocomplete we should take some or all of those to do something useful with.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @tante It's their money, not yours. If they want it to set it on fire, it's their goddamn right. Still better than stealing it from them and then wasting it on bombs to drop on other people's heads. They already pay the majority of taxes your country collects, don't be too greedy.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    WaPo reports Edward "Big Balls" Coristine was injured in a carjacking. Trump and Musk are using the incident to float the idea of taking federal control over Washington, D.C.

    https://www.washingtonpost.com/dc-md-va/2025/08/05/trump-doge-worker-washington-dc-crime/

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Forgive my ignorance, but how exactly taking federal control over Washington, D.C. is supposed to stop carjackings?

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs If crime is high, what prevents the police there from having a more forceful presence now?

    @malwaretech@infosec.exchange avatar malwaretech , (edited ) to random

    [Thread, post or comment was deleted by the author]

  • Loading...
  • bontchev ,
    @bontchev@infosec.exchange avatar

    @malwaretech I agree with your arguments but "hate" is probably too strong a word.

    I tend to look at the hype with amusement and make fun of it when I can. I don't hate generative AI, and have used it myself, albeit very rarely (about half a dozen times so far). In those cases when I've used it, I found it more useful than the alternative. It just needs to be used with caution.

    What I do hate is GAI being stuffed down our throats at every turn. ChatGPT alone is occasionally useful. GAI in Windows, every browser, every web site with "tech support", every mobile device is simply annoying.

    Will it cause more harm than good? I don't know. The general dumbing down of students and flooding the Internet with bullshit are causes for concern. I don't buy the "it burns the planet" argument. If it weren't using the energy, that energy would be used for something else. Better a flawed advisor than mining Bitcoin, I guess.

    The hype is certainly unwarranted but it will eventually collapse, leaving only the useful stuff, just like what happened with the DotCom bubble. I don't know if what remains would be economical enough to warrant the costs - but I'll leave it to the free market to decide.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    Japan, huh? Smells like Norks to me.

    I came across your profile on Github and was impressed by your experience in software development.

    My name is Haruto Mizuno, and I’m a senior software engineer based in Japan with over 10 years of experience in web, DevOps, and blockchain development. Lately, I’ve been focusing primarily on backend solutions. Alongside a group of talented friends, I run a software agency startup specializing in Web, AI, and Blockchain projects.

    We’re currently seeking a business partner who is a U.S. citizen or green card holder with a background in software development. The goal is to form a strategic partnership that allows us to expand our reach within the U.S. market.

    This partnership is designed to be flexible and won’t interfere with your full-time job or personal commitments—you can participate according to your own schedule.

    The core idea is simple:

    You would represent us in job interviews and client meetings.
    My team and I would handle all coding and technical communications.
    For more details, please see the business overview below.

    https://github.com/crowncodeman/bpo-for-usa-developers

    If you have any questions, feel free to open an issue on my GitHub repository or hit me on Email, Telegram or Discord.

    I look forward to the possibility of working together and achieving great results.

    Best regards,

    Haruto Mizuno

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs 51 GitHub repositories, most haven't been updated in 2 years? A stolen account of a real developer, maybe?

    @NanoRaptor@bitbang.social avatar NanoRaptor , to random

    GenX kids will know the pain of needing just the right kind of pencil to rewind.

    ALT
    bontchev ,
    @bontchev@infosec.exchange avatar

    @NanoRaptor Ohh, you 3D-printed the Save icon?

    @bontchev@infosec.exchange avatar bontchev , to random

    "Four-year-old girl dies of hunger in Gaza as Israel throttles food supply":

    https://edition.cnn.com/2025/07/20/middleeast/gaza-girl-food-crisis-intl

    @nixCraft@mastodon.social avatar nixCraft , to random

    Back in my day, we bought things once and actually owned them. Imagine that! You'd get a CD, a movie, a game, or a piece of software, it was a tangible item with a set price that was all yours. No strings attached.

    Now? Everything's a fucking subscription. It's like renting your life, but somehow it ends up being way more expensive in the long run. Go figure.

    This is why open source matters a lot. It still gives you freedom and whenever possible please support your favourite FLOSS app 👍

    bontchev ,
    @bontchev@infosec.exchange avatar

    @nixCraft "You'll own nothing and be happy".

    Citizen, you don't sound happy. Report to the nearest re-education camp at once!

    @w7voa@journa.host avatar w7voa , to random

    Wired - DHS urging local law enforcement to consider a wide range of activities as violent tactics, including skateboarding, riding a bike or livestreaming a police encounter. https://www.wired.com/story/dhs-tells-police-that-common-protest-activities-are-violent-tactics/

    bontchev ,
    @bontchev@infosec.exchange avatar

    @w7voa I dunno; I've seen some people ride bikes pretty violently...

    @malwaretech@infosec.exchange avatar malwaretech , to random

    [Thread, post or comment was deleted by the author]

  • Loading...
  • bontchev ,
    @bontchev@infosec.exchange avatar

    @malwaretech I thought it was the British English spelling.

    @briankrebs@infosec.exchange avatar briankrebs , to random

    In other news, Microsoft is apparently rebranding its Blue Screen of Death (BSOD) to a Black Screen of Death. No more soothing colors for you while you fume at your oversized paperweight.

    https://www.nytimes.com/2025/06/27/technology/microsoft-blue-screen-death-windows.html

    bontchev ,
    @bontchev@infosec.exchange avatar

    @briankrebs Can we shorten the name to just Black Death, please?

    @georgetakei@universeodon.com avatar georgetakei , to random

    The budget bill contains tens of billions to fund an army of 10,000 more ICE agents. This is a red alert moment for our democracy.

    bontchev ,
    @bontchev@infosec.exchange avatar

    @georgetakei You mean, like Biden's $45 bil to hire 24,600 additional armed IRS agents? At least the ICE agents will be coming (mostly) after illegal immigrants, while the IRS agents - definitely after American citizens...