Ethan Black @golemwire@librem.one

Windows 7 - classic theme

This might have slipped under the radar these past few days, but a 9.8 RCE in Exim (on many, many mail servers) that does not require authentication is bad bad bad.

https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

Today I learned that the #WebP exploit found recently is the worst of the worst. Like log4j bad, if not worse.

Patch your stuff, everyone, it's in everything.

#infosec

𝖔𝖗 𝖊𝖑𝖘𝖊...

LinkedIn's AI version of Clippy is getting annoying. You have to admire the casual familiarity of their user interface. Just "Enable." No "WTF is this?" button or anything useful.

Sort of reminds me of the reason behind this toot.

https://infosec.exchange/@briankrebs/109880177018417627

Go ahead. Click okay. Share every number and email anyone has ever entrusted to you. It's NBD. Everyone is doing it.

@malwaretech I'm not sure... on one hand, allowing deleting allows getting rid of troll comments etc., but it also encourages echo-chambers and trolls deleting good comments.
Maybe hiding posts instead of deleting them? Maybe they should go into a bad section like on Twitter. #justMusing

I don't want to be the parent that crushes my child's dreams, but there needs to be some understanding that "Gamer" isn't a viable long term career for the VAST majority of people.

I always get a little skeptical when someone tells me they literally died.

Maybe instead of setting up a page listing them, prominently flag their business listing as engaging in fraud and lower their star count to near zero?

https://arstechnica.com/tech-policy/2023/09/yelp-names-and-shames-businesses-paying-for-5-star-reviews/

So some of you might remember this post (and the subsequent demonstration on national news) of using a voice cloning tool (AI, Audio Deep Fake) by @racheltobac

Link to post: https://infosec.exchange/@racheltobac/110963070495263373

(If you haven't seen it, go watch it. Rachel is amazing.)

I'd never needed to do a similar attack before, but! I was just tasked yesterday with researching it.

Asked some friends for a turn-key solution to clone voices. Got pointed to a website. Signed up for $1 a month (first month... then it goes to $5 a month thereafter).

Pulled some audio of my mark down from a youtube interview (a podcast works great too).

Only needed a minute's worth of audio.

Uploaded it to the website for cloning.

Typed out a quick script for the voice to read.

30 seconds later, I had my cloned audio.

It was so good, that it even included natural voice inflections AND!!! verbal pauses like umm's and uhh's that matched the mark's original presentation. I can't tell the difference between the cloned voice and the original person.

Y'all... voice cloning and audio deep fakes are well past the ease of "script-kiddy" level. Anyone can do it.

#infosec #hacking #socialEngineering #scams #deepfake #AI #phishing #vishing