Notices by Tod Beardsley (todb@infosec.exchange)

Say, what's the first major-release film to mention either "the internet" or "the world wide web?"

(Or, alternatively, "DNS" or "SMTP" or "TCP/IP" or other uniquely internet technology, though that seems doubtful.)

And I mean mention as in, either in dialogue or printed and shown on screen in a newspaper or something.

There's a kind of annoying reddit thread about this that's not very helpful and is fixated on WarGames which definitely doesn't talk about the internet (all the comms in that movie are over dialup).

A timestamp reference would be just great if you have it.

@sj I mean there definitely were millions of "extra" deaths due to Covid, so it's strange that they're not reflected. Not enough to move the needle on long-term projections?

Source? How is this measured? (Life expectancy charts I've seen are usually in the context of the year a given population is born in, location and gender matters a lot, etc etc.)

@sj huh will you look at that.

Maybe the net benefits of widespread masking and handwashing? Less road travel in 2020 (and beyond thanks to WFH normalization?)

Covid-19 changed a lot of day-to-day life.

#CISA adds CVE-2025-47729 to the #KEV -- which is for the crazy hacked up version of Signal used by high-ranking US government officials.

Wowzo. That's something.

https://www.cve.org/CVERecord?id=CVE-2025-47729

#CISA ends RSS for #KEV. Sigh.

https://www.cisa.gov/news-events/alerts/2025/05/12/update-how-cisa-shares-cyber-related-alerts-and-notifications

so close #CISA.

Welp. Let’s see which way this room goes.

I’m always happy to take an opportunity to save an early-carreer netsec neophyte from the heartache of the totally fake and not real OSI model.

#BSidesSF

l feel like i’m going to be using this a lot

Greetings, Montrealers! I'll be talking about VibeSploitation at NorthSec, May 15 or 16th. More to come!

Salutations, Montréalais! Je parlerai de VibeSploitation à NorthSec, le 15 ou le 16 mai. Plus à venir !

https://nsec.io

There's going to be a lot of confused attackers and scanners over the next couple days.

More: https://www.runzero.com/blog/ingress-nightmare/

now, an \0x27 in this URL feels like a crime against polite society.

https://www.classy.org/event/creative-commons'-open-house-for-an-open-future/e663144

#sxsw2025

Neat

https://en.m.wikipedia.org/wiki/G0v_movement

at an open house with these folks right now at #sxsw2025

more: https://www.classy.org/event/creative-commons'-open-house-for-an-open-future/e663144

On March 12, join @wingz3ro and me as we expose the seedy underbelly of exploits, espionage, and crime on the internet at #SXSW

Also, there will be costumes - we’ve been in a noir mood lately.

https://schedule.sxsw.com/2025/events/PP153751

Archived version of the quoted The Atlantic article is here:

https://archive.ph/2025.02.07-140733/https://www.theatlantic.com/technology/archive/2025/02/elon-musk-doge-security/681600/

Unrelated: If you believe there has been an intrusion in a US government system, you are encouraged to report it at https://cisa.gov/report
https://journa.host/@w7voa/113963205109936094

So check it out. KEV data is now available on GitHub, in the proper cisagov organization. I know other people mirror KEV for their projects, but who can say if they're fiddling with it along the way? With https://github.com/cisagov/kev-data, you can rest assured that it's the Real and True mirror of KEV.

https://cisa.gov/kev is still the actual authoritative source, but this GitHub mirror is a pretty close second.

I posted about this on LinkedIn since that's what people do with work stuff, apparently.

98 KEVs to go until KEV #1337

Hopefully it'll be a good one.

@sjvn and even though nearly everyone believes archive.org is an unmitigated good, I have yet to see a single tech billionaire, of which there are several, step up and just peel off some millions to help out. Not one.

I’m not pirating movies, I’m just training my model.

So this is neat.

1) Some (all?) antispam/counterphishing email scanners are blind to #QRCode content.

2) You can draw working QRCodes with Unicode character sets, thus avoiding an image parser entirely, even if the scanner could process images in the first place.

3) By providing QRCode links, the attacker encourages the victim to use their personal device rather than the workstation, making defensive tracking more complicated.

I think it’s hilarious that a format designed SPECIFICALLY for machine vision is being used to evade machine interpretation.
https://infosec.exchange/@patrickcmiller/113067302631450126