GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Taggart :ifin: (mttaggart@infosec.exchange), page 4

  1. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Tuesday, 31-Mar-2026 10:15:14 JST Taggart :ifin: Taggart :ifin:

    When we fight, we win

    https://www.theregister.com/2026/03/30/github_copilot_ads_pull_requests

    In conversation about 4 months ago from infosec.exchange permalink
  2. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Saturday, 28-Mar-2026 00:22:35 JST Taggart :ifin: Taggart :ifin:

    Feeling good about the security posture of the federal government during a war.

    https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/

    In conversation about 4 months ago from infosec.exchange permalink
  3. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Thursday, 26-Mar-2026 01:46:42 JST Taggart :ifin: Taggart :ifin:

    Aww yiss another critical Citrix vuln under active exploitation:

    https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-netscaler-flaws-as-soon-as-possible/

    Detection/remediation details here: https://docs.netscaler.com/en-us/netscaler-console-service/instance-advisory/remediate-vulnerabilities-cve-2026-3055

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: docs.netscaler.com
      Identify and remediate vulnerabilities for CVE-2026-3055
      In the NetScaler Console® security advisory dashboard, click CVE Detection. On the Impacted Instances tab, search for CVE-2026-3055. The list of NetScaler instances that are impacted by CVE-2026-3055 is displayed.
  4. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Wednesday, 18-Mar-2026 23:53:58 JST Taggart :ifin: Taggart :ifin:

    Phenomenal reporting from ProPublica. Big takeaways:

    • FedRAMP is too understaffed to be effective.
    • Microsoft never answered serious questions about its cloud security architecture.
    • Despite a damning report, Microsoft's government cloud product was approved anyway.

    https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

    In conversation about 4 months ago from infosec.exchange permalink
  5. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Tuesday, 17-Mar-2026 02:29:19 JST Taggart :ifin: Taggart :ifin:

    Office 365 and Copilot are down.

    Run. Now's your chance. Don't look back; just GO

    In conversation about 4 months ago from infosec.exchange permalink
  6. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Thursday, 12-Mar-2026 22:57:15 JST Taggart :ifin: Taggart :ifin:

    "If you want to improve the model's output, you can write skill files with more specific instructions!"

    "Oh wow so like a file that tells the computer to do exactly what you want?"

    "Yep!"

    "You're never gonna believe this."

    In conversation about 4 months ago from infosec.exchange permalink
  7. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Thursday, 12-Mar-2026 09:12:47 JST Taggart :ifin: Taggart :ifin:

    Holy crap this story knocked me over. It is everything I'm feeling about the machines right now.

    https://sightlessscribbles.com/the-colonization-of-confidence/

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      The Colonization of Confidence., Sightless Scribbles
      A fabulously gay blind author.
  8. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Monday, 09-Mar-2026 10:41:22 JST Taggart :ifin: Taggart :ifin:

    What a nightmare. If you can read this and still think autonomous agents like OpenClaw are worth the risk, you're beyond help.

    Web version: https://agentsofchaos.baulab.info/

    https://www.researchgate.net/publication/401123335_Agents_of_Chaos

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments


  9. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Monday, 09-Mar-2026 04:21:29 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • Bill

    @Sempf Also, do not mistake the imperfect for evil, which keeps happening and it's extremely not helpful

    In conversation about 4 months ago from infosec.exchange permalink
  10. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Monday, 09-Mar-2026 04:21:29 JST Taggart :ifin: Taggart :ifin:

    Listen,

    It is possible to criticize something without abjectly despising it. 404 can have bad takes; I'm still paying for their journalism because it's usually very good.

    Proton's marketing and social team are kind of yutzes, but the service is very good for what it is, and much better than the normative choice.

    Seeking infallibility will eat all your time and get you nowhere.

    In conversation about 4 months ago from infosec.exchange permalink
  11. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Friday, 06-Mar-2026 03:49:32 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • mcc
    • Christine Lemmer-Webber

    @mcc @cwebber I concur with the assessment, and have been sharing similar warnings. In fact, we are beginning to see a pivot in stealer activity to install OpenClaw, etc. for exactly these purposes. It's a botnet, compute miner, and worm all in one.

    In conversation about 4 months ago from infosec.exchange permalink
  12. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Thursday, 05-Mar-2026 04:08:55 JST Taggart :ifin: Taggart :ifin:

    RE: https://infosec.exchange/@mttaggart/116168638948762892

    Yeah so add PCWorld to the list of outlets you can't trust anymore. This report was bogus.

    https://www.windowscentral.com/microsoft/windows-11/no-an-ai-focused-windows-12-is-not-coming-this-year-false-report-gets-the-facts-completely-wrong

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Taggart (@mttaggart@infosec.exchange)
      from Taggart
      Sounds like we're about to get a lot more Linux users! https://www.pcworld.com/article/3068331/windows-12-rumors-features-pricing-everything-we-know-so-far.html **UPDATE: This is false. See below**
  13. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Wednesday, 04-Mar-2026 15:55:50 JST Taggart :ifin: Taggart :ifin:

    As of 2026-03-02, the state of the art in quantum decryption has cracked a:

    • 22-bit RSA key
    • 6-bit elliptic curve key

    https://forklog.com/en/quantum-computer-cracks-tiny-cryptographic-key

    The IBM QC that cracked the 6-bit key uses 133 qubits.

    Some new research suggests that RSA-2048 could be cracked with as "few" as 100,000 qubits.

    https://www.newscientist.com/article/2516404-breaking-encryption-with-a-quantum-computer-just-got-10-times-easier/

    (Paywall-free)

    Such a machine...is not feasible to build any time soon.

    So when your CISO or a vendor starts going off about "post-quantum" security, feel free to use this to remind them that we still have SMB1 in some places and Telnet in others. Plenty of work to do around the house.

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: soon.so
      home
      from M3ugE7nlxj
  14. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Wednesday, 04-Mar-2026 15:21:27 JST Taggart :ifin: Taggart :ifin:

    Sounds like we're about to get a lot more Linux users!

    https://www.pcworld.com/article/3068331/windows-12-rumors-features-pricing-everything-we-know-so-far.html

    In conversation about 4 months ago from infosec.exchange permalink
  15. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Tuesday, 03-Mar-2026 22:16:12 JST Taggart :ifin: Taggart :ifin:

    Claude is down again and I am seeing people basically go through withdrawal.

    If you are feeling it, recognize it for what it is.

    In conversation about 5 months ago from infosec.exchange permalink
  16. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Saturday, 28-Feb-2026 02:09:08 JST Taggart :ifin: Taggart :ifin:
    in reply to
    • Soatok Dreamseeker

    @soatok I remember this post, and I remember bumping on this line:

    We would need existing identity verification services (e.g., ID.me in the USA) to vend PrivacyPass tokens that can be redeemed on third party websites.

    This is where I think a lot of privacy advocates are gonna get off the bus.

    In conversation about 5 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: idme-design.s3.amazonaws.com
      Simple, Secure Identity Verification | ID.me
      ID.me simplifies how individuals share and prove their identity online. ID.me's next generation platform facilitates identity proofing, authentication, and group affiliation verification for over 500 organizations.
  17. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Saturday, 28-Feb-2026 02:00:22 JST Taggart :ifin: Taggart :ifin:
    in reply to

    I'm asking because I honestly can't imagine a solution to this particular problem that is both:

    • User friendly
    • Acceptable to privacy advocates
    In conversation about 5 months ago from infosec.exchange permalink
  18. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Saturday, 28-Feb-2026 01:59:17 JST Taggart :ifin: Taggart :ifin:

    Okay, obviously Persona is terribad. There is a real problem to address here though: how are organizations supposed to perform reasonable identity verification at a distance? Sophisticated impersonation attacks hit customer support lines every day. We need a reasonable defense against this.

    In conversation about 5 months ago from infosec.exchange permalink
  19. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Friday, 27-Feb-2026 03:45:31 JST Taggart :ifin: Taggart :ifin:

    Anthropic has addressed some of the concerns raised here, but the fact remains that Claude Code will run code in configuration files with minimal visibility to the end user. In this way, it presents similar dangers to VS Code and Cursor.

    https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/

    In conversation about 5 months ago from infosec.exchange permalink
  20. Embed this notice
    Taggart :ifin: (mttaggart@infosec.exchange)'s status on Thursday, 26-Feb-2026 14:28:22 JST Taggart :ifin: Taggart :ifin:
    in reply to

    Remember kids, any promise from corpos to stop doing a thing that is making money is a bald-faced lie.

    In conversation about 5 months ago from infosec.exchange permalink
  • After
  • Before

User actions

    Taggart :ifin:

    Taggart :ifin:

    Displaced Philly boy. Threat hunter. Educator. :ifin: Executive Director. #infosec, #programming #rust :rust:, #python :python: #haskell :haskell:, and #javascript :javascript:. #opensource advocate. General in the AI Resistance. Runs @thetaggartinstitute. Made https://wtfbins.wtf. Not your bro. All opinions my own. Dad. #fedi22 #searchablePronouns: He/him.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          117593
          Member since
          8 May 2023
          Notices
          325
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.