Notices by Taggart :donor: (mttaggart@infosec.exchange)

This article is both validating and infuriating.

Validating because it speaks to the lie that generative models are "the worst they'll ever be."

One popular leaderboard...indicates some “reasoning” models – including the DeepSeek-R1 model from developer DeepSeek – saw double-digit rises in hallucination rates compared with previous models from their developers.

The myth of incessant improvement needs to die.

Infuriating because it concludes that "We may have to live with error-prone AI." We really, really don't. This technology has one primary purpose: driving the data and compute hoarding of the oligarchy. It should be considered a tool of the oppressor, and as such should be resisted, confounded, and broken.

We do not have to accept this.

https://www.newscientist.com/article/2479545-ai-hallucinations-are-getting-worse-and-theyre-here-to-stay/

How to win my instant support as a customer:

"We have decided not to focus on generative AI features, and instead reinvest heavily in quality assurance for our core products through hiring, training, and process development."

@wdormann @GossiTheDog Were you using Win 11 Enterprise? I also had to set up a "work account" in Entra—personal wouldn't do.

@wdormann @GossiTheDog Not over here. Now maybe this is because I'm using the Win11-Enterprise image, but for a clean build, you have to make sure you log in a second time with a non-Hello method (which is now basically enforced on first login).

And even then, I had to make sure enable "Use a Web account" in the RDP client settings.

@wdormann @GossiTheDog Okay well the first lesson I'm learning is that even setting up RDP for a Microsoft Account sucks

@wdormann @GossiTheDog Labbing this up now

@wdormann @GossiTheDog But at any rate, with this configuration, I've confirmed that when I change my account password through account.microsoft.com or whatever, the old creds immediately cease to work for RDP access.

Very cool new FediDB interface

But wow, only 1.17M MAU? That's even smaller than I thought.

For comparison, here's a solid breakdown of Bluesky's user stats

@hrbrmstr Oh 100% agreed. I understand the why; I just legit thought our MAU here was about double that for some reason.

Since @wdormann is quoted in this piece and I can't find Dan Wade's handle, I'm tagging him in.

Is this suggesting that the RDP cred cache never gets updated? Ever ever?

Also what's up with this?

Old credentials continue working for RDP—even from brand-new machines.

That makes no sense at all.

https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that

@wdormann Okay so this is testable! Do I understand the claim correctly:

The RDP cache, even when a machine is able to access a domain controller/Entra, will not update, thereby allowing old passwords to work for auth?

Reading books is apparently resistance.

Go to the library.

FWIW, 100% of #ClickFix attacks I've seen have added some kind of inline comment at the end of the command string like I am not a robot to sell the ruse. Definitely worth a threat hunt on command line history.

#ThreatHunting #ThreatIntel #ThreatIntelligence

@cR0w It's a standard EDR feature? But yes, it costs hella ducats. Sysmon is free, but oh lordy the self-hosted SIEM ain't.

Politics is the use of power. Replace "No talking about politics," with "No talking about the use of power," and the enforcement of status quo—and its attendant privileges—from this rule become all too clear.

Your discomfort with the reality of injustice does not oblige me to remain silent.

@ryanc It requires a free account, but I use [Streamelements](https;//streamelements.com) and a simple layout to get chat + on-screen events (subs, follows, etc.)

Bluesky going down the verifications rabbit hole in a hilariously hamfisted way. Actually, that's a bit too kind. They're doing it in a way that will makes brands and corpos happy, but fundamentally compromises their stated mission of decentralization. By centralizing verification power, you end up with the same godawful power dynamic of old Twitter.

https://bsky.app/profile/bsky.app/post/3lndjyjdtq22a

I don't think I've ever been as incredulous about a technique's efficacy as I am with ClickFix. Like you look at it through the lens of expertise and it seems preposterous—who would think Win+R for a CAPTCHA is legit?

But it works. Users believe it. It's shockingly effective.

I love users, but the degree to which most of them barely comprehend (and are kind of afraid of) what's going on in the thinking sand can't be overstated.

@ryanc @da_667 @Viss I'll try to whip that one into shape soon. Here are a few other toys I cobbled together, including SSH session spying and instakilling shells from service accounts. https://codeberg.org/mttaggart/bluebpf

@Viss I wasn't thinking about hardware, but maybe. I was more in the space of like, an aggressive software tripwire that fires off the fallback defense in the event that EDR is tampered with or some other condition.