Notices by cR0w (cr0w@infosec.exchange), page 2

RE: https://flipboard.com/@themirror/the-mirror-sl5qf4b2z/-/a-B5jPPrhfQF65kR0D0kTx_g%3Aa%3A1643597903-%2F0

hashtag team elephant

OH from my partner in the other room, who is not in IT: Teams is not a document repository!

It's not just nerds fighting that shit. 😆

@Sempf Yeah, that's a no for me. My risk models remain unchanged.

He is right that AI gives us the catalyst and the tools.

@darkuncle @Sempf Easier for attackers means a potentially higher likelihood of occurrence, but it does not change the severity of impact. And while the likelihood does theoretically impact the risk score, for at least some orgs, it's minimal to no change when your adversaries are at the top of the field already. The rising tide of AI may be lifting all attackers' boats, but the high water mark remains the same, despite the industry continuously claiming a tsunami is coming. I just don't see it.

@Sempf @darkuncle

Computers are fucking stupid.

Happy International Birds Day :brdKnife:

Cisco listed by Shinyhunters.

3 breaches (UNC6040, Salesforce Aura, and AWS accounts). Total over 3M Salesforce records containing PII, Github repositories, AWS buckets and other internal corporate data have been compromised.

#ransomware

You know what would be cool? If people would acknowledge that Microsoft has no fucking idea how their own shit works and stop giving them the benefit of the doubt, especially with things like consent and AI.

allowing html emails is still the largest risk that pretty much every org is intentionally accepting send toot

@InsiderTreat @catsalad What do you mean? Isn't that how ops usually work?

@InsiderTreat @catsalad

stares into mirror

Am I CatSalad?

@InsiderTreat @catsalad

@scottwilson @da_667 There is but I can't find it right now. That means we need moar. :catte:

Agentic. Access. Management.

@huronbikes @neurovagrant

sigh

https://infosec.exchange/@cR0w/116223247207362577

RE: https://mastodon.art/@guilhernunes_/116251428680398756

fedi dot png

I understand not being an absolutist against all things AI. It's wrong, but I understand. What I don't understand is people who think that those of us avoiding shit with AI or created by AI are irrational or some other offensive term. I don't see how it's different than avoiding code written by a literal honey badger. Neither the honey badger nor the AI know how to code and having them do so shows a lack of fucks given for the quality of the output. That's ( part of ) why we avoid it.

@patrickcmiller Bad luck. A curse. Alternative

"AI is giving attackers a huge advantage!"

"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."