Ethan Black @golemwire@librem.one

@lispi314 @jeffzugale @NanoRaptor there’s always this: https://www.usb.org/sites/default/files/documents/usb_type-c_locking_connector_specification_rev_1_0_20160309_0.pdf

We already had something that turned text prompts into art, it was called paying an artist.

So now "Skype Today" is spamming me w/ news? It's like everyone has their own AI version of Clippy. I guess it's expected from Microsoft, but each time I think Skype can't get worse..

The wave-like nature of Asperitas clouds becomes apparent when viewed in time-lapse.

Video credit: Alex Schueth

Full 4K version: https://www.youtube.com/watch?v=Jz7BgxrVmiQ
Further reading: https://en.wikipedia.org/wiki/Asperitas_(cloud)

Ukrainian hackers claim to have to have stolen passenger information on 664 million flights going back 16 years from a Russian travel booking system. The hackers aren't leaking the whole thing yet, and say they'll share access with verified journalists (I've asked and am still waiting).

https://news.yahoo.com/hackers-break-russian-database-data-033358337.html?guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAADEoP-QEKybC2IMRBT0S1i5d5OWKip7pkw7UmoH7uGhfXj1d5AFK5hZrz3Ul2V_zZGfkNw_W849wV-lnVnHohjtmKuz6vlbOrdn6l9fo46PJfqZ0Et0k6WX-XP20KAv3RCZD1hxudSInWCpB6FDjRAqXnSyyhs6Sn7mgwCLIttoA&guccounter=2

So far, coverage of this claim is almost nil, except for this story over at Yahoo News, which is actually sourced from Ukrainska Pravda. h/t to the Risky Business show this week, which also pointed to the Yahoo story.

But if it turns out to be legit, this could be a very significant boon to investigations into cybercrime networks, money laundering, and even espionage and influence operations.

Updated @allanday's Disks mockups to a split view layout. Always surprising how much of a difference this small change makes visually :)

The 2022 Annual Report is now available for download! 2022 was an interesting year for #Mastodon to say the least.

https://blog.joinmastodon.org/2023/10/annual-report-2022/

Windows 7 - classic theme

This might have slipped under the radar these past few days, but a 9.8 RCE in Exim (on many, many mail servers) that does not require authentication is bad bad bad.

https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

Today I learned that the #WebP exploit found recently is the worst of the worst. Like log4j bad, if not worse.

Patch your stuff, everyone, it's in everything.

#infosec

𝖔𝖗 𝖊𝖑𝖘𝖊...

LinkedIn's AI version of Clippy is getting annoying. You have to admire the casual familiarity of their user interface. Just "Enable." No "WTF is this?" button or anything useful.

Sort of reminds me of the reason behind this toot.

https://infosec.exchange/@briankrebs/109880177018417627

Go ahead. Click okay. Share every number and email anyone has ever entrusted to you. It's NBD. Everyone is doing it.

@malwaretech I'm not sure... on one hand, allowing deleting allows getting rid of troll comments etc., but it also encourages echo-chambers and trolls deleting good comments.
Maybe hiding posts instead of deleting them? Maybe they should go into a bad section like on Twitter. #justMusing

I don't want to be the parent that crushes my child's dreams, but there needs to be some understanding that "Gamer" isn't a viable long term career for the VAST majority of people.

I always get a little skeptical when someone tells me they literally died.

Maybe instead of setting up a page listing them, prominently flag their business listing as engaging in fraud and lower their star count to near zero?

https://arstechnica.com/tech-policy/2023/09/yelp-names-and-shames-businesses-paying-for-5-star-reviews/

So some of you might remember this post (and the subsequent demonstration on national news) of using a voice cloning tool (AI, Audio Deep Fake) by @racheltobac

Link to post: https://infosec.exchange/@racheltobac/110963070495263373

(If you haven't seen it, go watch it. Rachel is amazing.)

I'd never needed to do a similar attack before, but! I was just tasked yesterday with researching it.

Asked some friends for a turn-key solution to clone voices. Got pointed to a website. Signed up for $1 a month (first month... then it goes to $5 a month thereafter).

Pulled some audio of my mark down from a youtube interview (a podcast works great too).

Only needed a minute's worth of audio.

Uploaded it to the website for cloning.

Typed out a quick script for the voice to read.

30 seconds later, I had my cloned audio.

It was so good, that it even included natural voice inflections AND!!! verbal pauses like umm's and uhh's that matched the mark's original presentation. I can't tell the difference between the cloned voice and the original person.

Y'all... voice cloning and audio deep fakes are well past the ease of "script-kiddy" level. Anyone can do it.

#infosec #hacking #socialEngineering #scams #deepfake #AI #phishing #vishing