GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by VessOnSecurity (bontchev@infosec.exchange)

  1. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Monday, 13-Jul-2026 22:40:21 JST VessOnSecurity VessOnSecurity

    OH:

    - What does "EBITDA" mean?

    - "Earnings Before Iran, Tariffs, and Donald Announcements".

    In conversation about 7 hours ago from infosec.exchange permalink
  2. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Wednesday, 01-Jul-2026 21:25:46 JST VessOnSecurity VessOnSecurity

    Kaspersky has found quarter a million potential security issues in popular GitHub Actions that could lead to supply-chain attacks.

    "Potential Threat: misconfigurations in GitHub Actions":

    https://www.kaspersky.com/blog/github-actions-security-research/56019/

    In conversation about 12 days ago from infosec.exchange permalink
  3. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Friday, 19-Jun-2026 04:34:50 JST VessOnSecurity VessOnSecurity
    in reply to
    • BrianKrebs

    @briankrebs
    Tired: The Chinese are spying on everybody via their TVs.
    Wired: The Israelis are spying on everybody via the Chinese TVs.

    In conversation about a month ago from infosec.exchange permalink
  4. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Friday, 05-Jun-2026 01:14:16 JST VessOnSecurity VessOnSecurity
    in reply to
    • Ryan Castellucci (they/them) :nonbinary_flag:

    @ryanc Put that later in the thread.

    In conversation about a month ago from infosec.exchange permalink
  5. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Friday, 05-Jun-2026 01:08:59 JST VessOnSecurity VessOnSecurity

    Some perspective:

    In conversation about a month ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/690/736/257/925/323/original/9ce60bd859311e37.png
  6. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 05-May-2026 07:47:17 JST VessOnSecurity VessOnSecurity

    "Questions for the Jedi Vice-Chair of Graduate Studies":

    https://www.mcsweeneys.net/articles/questions-for-the-jedi-vice-chair-of-graduate-studies

    In conversation about 2 months ago from infosec.exchange permalink
  7. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Thursday, 30-Apr-2026 23:31:50 JST VessOnSecurity VessOnSecurity

    Not sure if this is real but it sure is funny.

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/493/794/064/433/898/original/10fff1555f91931b.png
  8. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Wednesday, 25-Mar-2026 05:58:22 JST VessOnSecurity VessOnSecurity
    • Kevin Beaumont

    @GossiTheDog I have the impression that you needed some kind of permission/acknowledgement before starting to record a Teams meeting?

    In conversation about 4 months ago from infosec.exchange permalink
  9. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Sunday, 22-Mar-2026 23:45:18 JST VessOnSecurity VessOnSecurity

    This is a hilarious commentary on the US/Israeli war with Iran:

    "God is a comedian":

    https://no01.substack.com/p/march-19-21-god-is-a-comedian

    In conversation about 4 months ago from infosec.exchange permalink
  10. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Thursday, 12-Mar-2026 07:01:52 JST VessOnSecurity VessOnSecurity
    in reply to
    • Aral Balkan

    @aral Your screenshot is from mobile, mine is from desktop. That's why I supposed that the two may be offering different kinds of access.

    In conversation about 4 months ago from infosec.exchange permalink
  11. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Thursday, 12-Mar-2026 01:54:57 JST VessOnSecurity VessOnSecurity
    in reply to
    • Aral Balkan

    @aral At least for Twitter, this is not true. Yeah, the page exhorts you to create an account - but it *does* show the post. At least on desktop; maybe it's different on mobile.

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/211/216/029/601/971/original/5b89e45d206b31e5.png
  12. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Wednesday, 11-Mar-2026 00:53:03 JST VessOnSecurity VessOnSecurity

    Trump's efficiency.

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/203/397/730/989/747/original/9401cef57ca01368.png
  13. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Thursday, 05-Mar-2026 18:51:11 JST VessOnSecurity VessOnSecurity
    • Kevin Beaumont

    @GossiTheDog Do we really know who hit the school? Was it the USA because the AI hallucinated a target, or was it Israel because they don't give a fuck?

    In conversation about 4 months ago from infosec.exchange permalink
  14. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Wednesday, 04-Mar-2026 02:25:22 JST VessOnSecurity VessOnSecurity

    I hear the US military lost 3 jets to friendly fire over Kuwait. I also hear the US military is using AI. I can just see the interaction:

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/166/107/760/419/241/original/a612d938f8dd4f8a.png
  15. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 03-Mar-2026 20:17:04 JST VessOnSecurity VessOnSecurity

    Slots machine vs vibe colding.

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/163/941/607/849/863/original/bc4039be753b9f80.png
  16. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Saturday, 21-Feb-2026 00:50:53 JST VessOnSecurity VessOnSecurity
    in reply to
    • Graham Cluley

    @gcluley Santa Claus is referenced several times there. What a pervert, eh?

    In conversation about 5 months ago from infosec.exchange permalink
  17. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Monday, 09-Feb-2026 22:18:16 JST VessOnSecurity VessOnSecurity

    "British Army paratrooper regiment face being sent into battle without parachutes as part of latest cost-cutting measures":

    https://www.gbnews.com/news/british-army-paratroopers-no-parachutes-defence-cuts

    In conversation about 5 months ago from infosec.exchange permalink
  18. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Monday, 05-Jan-2026 01:51:59 JST VessOnSecurity VessOnSecurity
    • Kevin Beaumont

    @GossiTheDog I don't see how threatening his wife gives the US any leverage against Venezuela. Most Venezuelans are probably happy to be rid of both Maduro and his wife (although just probably would rather that this didn't involve a military invasion).

    In conversation about 6 months ago from infosec.exchange permalink
  19. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Wednesday, 31-Dec-2025 06:24:17 JST VessOnSecurity VessOnSecurity
    • Marcus Hutchins :verified:

    @malwaretech Ah, not quite.

    The thing is, in order to do what it needs to do, AV *needs* to have kernel access. It's just that the way Windows is designed, there is no other way. (Maybe something can be done with eBPF technology but I'm not sufficiently familiar with it to tell for sure and it didn't exist back then anyway.)

    Microsoft had a point - it was better if third parties didn't have this kind of access, because they could mess up things for the OS very badly. So, they tried to kick us out - not to eliminate the competition but because it make the OS more stable.

    Of course, we didn't want to be driven out of business. But we knew from experience that reasoning with Microsoft was pointless, so we used lawyering.

    By chance, at that time Microsoft had their own AV. Which, of course, used all kinds of undocumented APIs to do what it needed to do - APIs that we didn't have access to. So, we used the argument that Microsoft is trying to be anti-competitive. They weren't but it didn't matter. They couldn't be reasoned with, there was no other way for us to do our job, they were already scared by the anti-trust lawsuit in the USA, so they gave up and let us do what we wanted.

    In conversation about 6 months ago from infosec.exchange permalink

    Attachments


  20. Embed this notice
    VessOnSecurity (bontchev@infosec.exchange)'s status on Sunday, 28-Dec-2025 06:58:11 JST VessOnSecurity VessOnSecurity
    in reply to
    • Kevin Beaumont

    @GossiTheDog None here. (If I understand correctly, using the exploit would generate many connections and nothing else.) Not even authentication attempts. Just a few IPs running commands (buildinfo, listDatabases, ismaster, etc.) without prior authentication.

    They seem to be looking for databases exposed to the Internet and not protected in any way? Unless something's wrong with the honeypot...

    In conversation about 7 months ago from infosec.exchange permalink
  • Before

User actions

    VessOnSecurity

    VessOnSecurity

    Anti-virus, malware and infosec expert, crypto amateur, privacy advocate and general annoyance.PGP keyID: 0x365697c632dd98d9

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          202699
          Member since
          20 Oct 2023
          Notices
          115
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.