Notices by Klaus Frank (agowa338@chaos.social)

@GossiTheDog well wouldn't be surprised if someone is just calling them pretending to be from their IT department and instructing them to grant them access.

@GossiTheDog Ehm, they're doing both things. The easiest way to get physical access to most companies is to pretend being an employee of their it service contractor. They often just open all of the doors and show you the way right into the server room or ask you if they should log out before you take over (followed by if you'd like tea or coffee). At most what you as an attacker risk is getting also tasked with fixing the printer or copy machine "now that you're already here"...

@GreenSkyOverMe schick das mal dem Lauterbach, der hat doch so sehr von KI im Gesundheitswesen geschwärmt.

@GossiTheDog So ummm responsible disclosure in the US is dead then, right? I mean if criminals are now in CISA and would get informed about zerodays months before they're patched why not just disclose them publicly immediately then?

@bunni @EpicKitty

Need to steal this for @easterhegg2025, hope I'll remember and find it again next month.
#easterhegg #easterhegg2025

@GossiTheDog What exactly do you mean with "you can do it over the internet if you have access to any VM".

Do you mean there needs to be an attacker service running on the VM or that just having a service like a webserver running inside such a VM is enough? (As long as said webserver is accessible from external).

Also to what extend would such a service have to be compromised first?

@malwaretech That may be a copyright violation in certain countries. So including the preview data may not be a great idea...

@nixCraft The debian one needs to still be a toddler. Because of stability reasons the updates (growing up) was not yet introduced.