Notices by Taggart :donor: (mttaggart@infosec.exchange)

@GossiTheDog You're saying the access is not scoped to data circa 2019?

@GossiTheDog Because of intel briefs I have received about it.

@GossiTheDog Ah not vapor I guess, but the rose actor claiming they had much more than they did.

I want to clarify that this is a real, confirmed incident and not the vapor breach reported on earlier this week. PHI has been confirmed to have been exfiltrated.

https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/

Anubis, from the legendary @cadey, looks really promising for confounding scrapers/bots.

https://github.com/TecharoHQ/anubis

You need to understand at the molecular level that every corporate service you use is a leopard and that you too, gentle user, have a delicious-looking face.

The Terms of Service: We won't train AI on your data.

Also the Terms: We can change these at any time.

If all that stands between your data and monetization is a pinkie promise, why do you think companies will ultimately choose their "commitment" to your privacy over their fiduciary duty?

Uhhhh

https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/

Super interesting article by inversecos on how China approaches threat intel and incident response. https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html

Hey Fedi friends! Given the uncertainty around the future of the US federal government's ability to provide accurate, timely, and impartial cyber threat intelligence, a bunch of us have started talking about strategies to build/expand some of these capabilities independent of the government. Very early days—shaping the problem, discussing options, etc. But if you'd be interested in the conversation and willing to help organizations build CTI capability, please DM me.

I'm going to sound alarmist to my colleagues when I contend that: the US government has been compromised; the threat intelligence from them can't be trusted; and we (industries) are going to have to build our own intel apparatus to compensate.

But I'm pulling the alarm because I see the fire.

For everyone who's like "alternatives exist," you need to think hard about what it takes to give tools of resistance to the general public. Not the tech nerds here, but your family that you help remove adware from their computers at Thanksgiving.

I think about this image every day. Turkish protesters used graffiti to spread word about alternative DNS (Google) to bypass state censorship.

What will we do when Google collaborates with the regime? This is not theoretical. We must build and improve tools to communicate without corpo assistance.

Every day, it's getting harder and harder for me to think of this coup as internal politics and not a foreign-backed op.

https://therecord.media/hegseth-orders-cyber-command-stand-down-russia-planning

I ain't gonna tell you what browser to use. I like what I like. It's changed before; it probably will again. You might care a lot about the openness of the code. You might have must-have features. Figure out what works for you. But get this straight:

A web browser is not a high-stakes moral choice. Don't be a jerk to people who choose differently from you.

@copiesofcopies If I upload my artwork to anywhere via Firefox, have I just granted a royalty-free license to that intellectual property to Firefox, if they deem use of it is in my best interest in "interacting with online content?"

Mozilla has updated their press release with the following clarification:

UPDATE: We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information type into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.

https://blog.mozilla.org/en/products/firefox/firefox-news/firefox-terms-of-use/

That is good to hear, but their reasoning makes no sense given that no other browser uses that language.

I have spent my night reading browser Terms and Privacy Policies. Why? Because I love you and hate myself, apparently.

So here's the deal: that "non-exclusive, royalty-free, worldwide license" you're granting to Firefox/Moz when you upload data through it? It is boilerplate language. Pretty common actually!

But not in browsers. In fact, not a single browser ToS has anything resembling this provision.

Know what does?

Facebook
X
Instagram

I wonder why Mozilla would want to use the same language those platforms do.

This is your hojillionth reminder that non-profits are corpos that figured out how to avoid taxes. When the chips are down, most will readjust the "mission" toward revenue.

Hey FWIW, Vivaldi does not have anything like this language: https://vivaldi.com/privacy/vivaldi-end-user-license-agreement/