Notices by Charl van der Walt (charlvdwalt@infosec.exchange)

Thanks everyone for your comments on this. I like this excerpt from doesmysiteneedhttps.com:

"this discussion isn't about PKI. It's the best system we've got for right now. Deal with it and secure your site. Use CAA records to restrict which CAs can issue certificates for your site, then cross your fingers and hope transparency and oversight works (it does, so far)".

Do you all feel that there is enough integrity in browser trusted root certificate stores to still provide robust defence against the content / malware injection threat?

Also - have these kinds of injection attacks ceased now, and is SSL the reason for this?

Thanks!

@malwaretech side note (and maybe I gave flu and it’s making me more stupid) but what are the arguments for having SSL on brochureware websites that don’t collect private information?

@patrickcmiller innovation in cybercrime is always in the “crime”, hardly ever in the “cyber”.

@patrickcmiller I generated this set of predictions using an AI we configured for this purpose during the US elections. Interesting to check in on it from time to time…

https://www.linkedin.com/pulse/modelling-security-elections-future-charl-van-der-walt-kh59f?utm_source=share&utm_medium=member_ios&utm_campaign=share_via

@patrickcmiller this is how “AI” is “revolutionising” our world. We have tools that write shit and tools that check what shit shit was written. What happened to all the poor African farmers whose lives it was supposed to transform. Or wait, was that blockchain…?

@patrickcmiller I wonder if Iran exclusively targeted GOP assets, or if they’re targeting political players generally? If they’d hit a Democrat inbox, would they have kept it to themselves or leaked it also? The Russian playbook seems to be to sow discord generally. Are the Iranians exclusively interested in hurting Trump, or the USA in general ?

@patrickcmiller does anyone have any evidence, or even anecdotes, of these actors significantly “levelling up” using AI? I’ve seen examples of fake video and voice being used in social engineering , but all other evidence seems to suggest the contrary?

@patrickcmiller 😂

@patrickcmiller This is so awesome, but I couldn’t help LOLing at “revolutionary “wind assisted propulsion” concept”…

@patrickcmiller Can someone fill in the blanks for me: I don’t get the connection between this “botnet” and national critical infrastructure. How are the two connected? How do they know there is a connection? What real benefit would such a botnet have to a state-level actor?