On my way. #hackersummercamp #defcon #blackhat
Your only guarantee to see me is at the @…

Who is right with this sudo vulnerability? The CVSS reported or the VLAI severity model?
#sudo #vulnerability #vulnerabilitymanagement

Kitten loves its tiny teddy bear

Even if you're not #LDS #Mormon. Even if you're not #Utahn, if you or someone you know has been in or associated with this the

Deep Dive 2: The Boy Scouts of America
Podcast Episode · Architecture of Abuse · 06/20/2025 · 52m

#IPv6 bizarro world, courtesy of whmyip [dot] com. Just me or IPv6=IPv4 for everyone.

#Infosec2025: Good Cybersecurity Enabled Ukraine’s Surprise Attack on Russia, Says NCSC
https://www.infosecurity-magazine.com/news/infosec2025-ukraine-drone-atta…

#Infosec2025: Good Cybersecurity Enabled Ukraine’s Surprise Attack on Russia, Says NCSC
Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed

#WarNeverChanges #ShamelesslyStolenFromTheFacebook

Saw this at the Las Vegas Airport — #Steampunk #BobaFett

Obłoki srebrzyste (Noctilucent Clouds, NLC)
a przynajmniej według Perplexity
piękne zjawisko i podobno bardzo rzadkie
co ciekawe wystąpiło chwilę przed 23:00 (wczoraj) i to na północ od miejsca w której się znajdowałem

Finished initial rough floorplanning of the switch engine board. Definitely not final but I have the major subsystems spread out vaguely near where they're going to go.
The power inlet jack has to move since it's an in-chassis connection.

This is a nice write-up of some complex and careful decisions and collaboration to navigate hard tradeoffs that in the end got the job done
I wish we also had more open discussions about the opposite scenario: "when the right tool is the wrong choice"
https://tern.sh/blog/pagerduty-cassadr

When the Wrong Tool is the Right Choice: PagerDuty's Cassandra Queue | Tern Blog
In 2011, PagerDuty was using MySQL as a queue. If you just winced, you understand the problem.

Microsoft365: Exchange-Online-Zugriffe in Deutschland gestört
Seit Dienstag kommt es zu Zugriffsproblemen auf Exchange-Online-Konten von Deutschland aus. Microsoft bastelt an einer Lösung.
https://w…

Decided to blog what I learned about Ubuntu multipass MicroVMs. Enjoy.
#Ubuntu

Ubuntu Multipass MicroVMs
 Ubuntu Multipass MicroVMs Why? Well, I had read about Firecracker MicroVMs, their low overhead, and their fast start times. When I finally...

I have contributed a public statement in the currently open consultation on EU data retention plans: https://www.mayrhofer.eu.org/post/on-mass-data-retention/
You might want to do so as well.

On data retention laws: Why this is (still) not a good balance between mass surveillance and law enforcement | René Mayrhofer
The latest effort to legalize mass data retention of communication traffic metadata is still problematic. I try to make my most pressing argument why the balance between preventing harm and causing potential harm is not met.

It’s pride month, ya’ll. Spread kindness and compassion. #pridemonth

We just had one!!

"So, I climbed to the top of the pyramid of pain - now what?"
An interesting Human Layer Kill Chain framework.
#threatintel #threatintelligence
🔗

Again, learn from Turkey, because Trump sure is. Erdoğan did the same thing, cleaning out the ranks… and he’s managed to cling onto power for decades because of it. https://infosec.exchange/@Nonya_Bidniss/114797134888601938

Looking to install two LED strips at home. Desired features:
- Controlled via WiFi or #Zigbee
- #HomeAssistant integration
- RGBW strips, individually addressable
- Either comes with a diffusor or is compatible with standard diffusors (is "not being compatible with th…

L'open-source selon l'ANSSI : "on a eu quelques forks, mais ça, on s'en fiche un peu" 🤣 #sstic
(mais sinon, l'outil Eurydice a l'air sympa ; le fait que j'ai participé Š un ancêtre de lidi influence surement ma perception 😅 C'est juste dommage d'avoir une posture intégriste sur "faut une diode sinon c'est naze")

I really like this approach
https://infosec.exchange/@masek/114624183034377452

New prisoner EXCHANGE with Russia: Ukrainians are COMING HOME! #shorts: https://benborges.xyz/2025/07/04/new-prisoner-exchange-with-russia.html

I’m quoted here regarding the ethics in not disclosing to students and defense contractors that their information may have been leaked in an Indiana University data breach. Still no word of a third party investigator being engaged. Dear Internet, do your thing.
https://www.

Administrator says IU will never explain IT security breach publicly
For more than three weeks, Indiana University websites have been down, disrupting and frustrating the university community.

CrowdStrike released its annual threat hunting report showing that we're in a new era of cyberattacks from sophisticated attackers who rely on clever social engineering, AI, and devices outside of IT's purview.
Check out my latest CSO piece for more details and tips on how defenders can better guard against these threats.
CrowdStrike: A new era of cyberthreats from sophisticated threat actors is here

CrowdStrike: A new era of cyberthreats from sophisticated threat actors is here
The company’s latest threat hunting report highlights the speed and AI sophistication of threat groups today, offering defenders strategies for keeping up.

Sorry I'm late. There was a CAT on my car.

In the extended version of @…'s The Internet Last Week, we spotted this #GitHub incident: https://www.

Disruption with some GitHub services
GitHub's Status Page - Disruption with some GitHub services.

As we say here in Massachusetts - "shockah"
https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Enjoying @… so far. Good talks, good venue.

Ethernet nerds: Does this section from 802.3-2022 actually require that you be able to read the currently negotiated speed and duplex state back from this register, or only write to force a specific speed?
Every PHY I've ever seen except the VSC8512 lets you read back the actual operating conditions, but reading the spec it seems that there's not actually a mandate that this capability be there.
The register is defined as readable but it's not well defined whether it …

Listening to a great #FiveFourPod patreon interview with #AlecKarakatsanis about his new book about #copaganda: "Copaganda: How Police and the Media Manipulate Our News".

The world is cruel
therefore I won't be

Check out today's Metacurity for a ton of critical infosec developments you might have missed over the weekend, including
--US Senate confirms Cairncross as National Cyber Director,
--Dutch Caribbean offices hit by cyberattacks,
--SharePoint was supported by Chinese engineers,
--Hackers stole crypto now worth $14.5b from LuBain in 2020,
--CISA and USCG found a bunch of OT misconfigs,
--CISA unveils malware analysis platform Thorium,
--DHS to give…

US Senate confirms Cairncross as National Cyber Director
Dutch Caribbean offices hit by cyberattacks, SharePoint was supported by Chinese engineers, Hackers stole crypto now worth $14.5b from LuBain in 2020, CISA and USCG found a bunch of OT misconfigs, CISA unveils malware analysis platform Thorium, DHS to give $100m for state and local cyber, much more

How does Carrie-Anne Moss keep getting hotter as she gets older?
I want what she's having

Mon commentaire après cette première participation Š la conférence : Pass the Salt, c'est vraiment le feu 🔥
#pts25
😇🤣

Monday jam: The San Pedro Allstars | Spoonful | #blues

Spoonful by The San Pedro Allstars, Reed Turchi, Austin White, Marlon Patton & Eric Burns
Listen now on your favorite streaming service. Powered by Songlink/Odesli, an on-demand, customizable smart link service to help you share songs, albums, podcasts and more.

Microsofts Exchange Server Subscription Edition ist da
Als Nachfolger für den letzten lokal installierbaren Exchange Server 2019 steht nun Microsofts Exchange Server Subscription Edition bereit.
https://ww…

"Stop that kitty!"
Kitty: *does it faster*

Perfect for Grandma
https://gizmodo.com/best-buy-is-basically-giving-away-a-14-inch-hp-chromebook-for-nothing-now-almost-60-off-2000610324

Best Buy Is Basically Giving Away a 14-Inch HP Chromebook for Nothing, Now Almost 60% Off
The tech giant's just dropped a huge sale on these highly rated Chromebooks that normally sell for $329.

Seriously, linkedin spammers?
You say you came across my REcon talk. About semiconductor reverse engineering.
And this somehow makes me a good candidate for a role involving cheating at online poker???

North Korea sent me abroad to be a secret IT worker. My wages funded the regime
https://www.bbc.com/news/articles/c15wk77zxngo

North Korea sent me abroad to be a secret IT worker. My wages funded the regime
In a rare interview, a former North Korean IT worker reveals the secret scheme raising funds for Kim Jong Un’s regime.

forg

I need a website that's like "Does the dog die?" but for whether a comedian is racist/homophobic

Beans!!

Finally got a chance to listen to this. It's important information to know without having to subject yourself to the hate and bigotry of the NYT.
Thank you, @… and #CancelMeDaddy for the episode.
Here:

Don't mind me, just over here escape-routing this BGA inside out

27 Behind the Scenes Polaroid Snapshots From the Making of the 1995 Cult Classic “Hackers”
https://www.vintag.es/2025/07/hackers-polaroids.html

27 Behind the Scenes Polaroid Snapshots From the Making of the 1995 Cult Classic “Hackers”
Hackers is a 1995 American crime thriller film directed by Iain Softley and starring Jonny Lee Miller, Angelina Jolie, Jesse Bradford, Matt...

On my way to Hacker Summer Camp! @… #BlackHat and @…

Dinner time is 30 minutes away. I hope he survives... :neocat_cry:

"Customs and Border Protection is asking companies to pitch tools for performing deep analysis on the contents of devices seized at the US border."
https://www.wired.com/story/cbp-wants-new-tech-to-search-for-hidden-data-on-seized-phones/…

CBP Wants New Tech to Search for Hidden Data on Seized Phones
Customs and Border Protection is asking companies to pitch tools for performing deep analysis on the contents of devices seized at the US border.

OMG. I love #Multipass for Infrastructure as Code. I tried creating my own Multipass YAML and it actually worked!
========
package_update: true
package_upgrade: true
runcmd:
- sudo add-apt-repository ppa:fish-shell/release-4
- sudo apt update -y
- sudo apt install fish -y
- usermod -s /usr/bin/fish ubuntu
=========
$ multipass launch 24.04 \

Time to turn up the heat.
I'm told raccoons don't like spicy. well, i like a bit of kick in my yard...

Browsing reporting structures…
45 employees, 3 managers
70 employees, 6 managers
46 employees, 2 managers
😳😱 WTAF is happening to management in tech
We have clear research and experience and common sense understanding that high manager-report ratios are ineffective, and yet…???

["Overture" for Cats (2019) plays in the background]

Poking @…

Holy cow!
Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs
https://hackread.com/hackers-leak-86m-att-records-with-decrypted-ssns/

Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

ICANN Security and Stability Advisory Committee (SSAC) Comments on Draft Governance Document for the
Recognition, Maintenance, and Derecognition of RIRs
https://itp.cdn.icann.org/en/files/security-and-stability-advisory…

This should improve my thermal margins a bunch.

Oh nice! Account notes carry over when someone migrates. @…

"our engineers are bottoming out on this work"
"current state of DP work"
are things I wouldn't say in a work environment, but you do you

"Apple provided governments around the world with data related to thousands of push notifications sent to its devices, which can identify a target’s specific device or in some cases include unencrypted content."
https://www.404media.co/apple-gave-governm

Apple Gave Governments Data on Thousands of Push Notifications
Push notification data can sometimes include the unencrypted content of notifications. Requests include from the U.S., U.K., Germany, and Israel.

Wow, how did you get those scars?

Morning raccoon update: of the two traps i deployed yesterday, one (in a new location) got tripped.

It is fascinating (maybe not the word everyone would use) to watch, what once was viewed as an init replacement, systemd evolve. Terminal emulation:
https://mastodon.social/@pid_eins/114618473677694301

Well well well...

BidenCash carding market domains seized in international operation
https://www.bleepingcomputer.com/news/security/bidencash-carding-market-domains-seized-in-international-operation/

BidenCash carding market domains seized in international operation
Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access.

Best claw machine prizes ever! 🐈

Does anyone have suggested spacing guidelines for Molex PicoBlade connectors oriented in a row so that the cables run over each other?
Obviously the three shown here are too close.
But how far apart is far enough?

Cybersec information overload got you down? Then don't miss today's Metacurity for a concise run-down of the most critical infosec developments you should know, including
--1,000 CISA employees have decamped from the agency since January
--Victoria's Secret postpones earnings release after cyberattack,
--New security fixes for Qualcomm chips,
--AFP nabs nearly two dozen in sextortion sting,
--Marriott can't be sued for breach,
--Trump dumps …

1,000 CISA employees have left the agency since January
Victoria's Secret postpones earnings release after cyberattack, New security fixes for Qualcomm chips, AFP nabs nearly two dozen in sextortion sting, Marriott can't be sued for breach, Trump dumps AI Safety Institute, Indian grocery delivery startup wiped out by hack, so much more

Um... Excuse me, that's my view.

China issues warrants for alleged Taiwanese hackers and bans a business for pro-independence links
https://apnews.com/article/chian-taiwan-hacking-wanted-kuma-f937096e3163470b21597b4ec809d799

China issues warrants for alleged Taiwanese hackers and bans a business for pro-independence links
China has issued warrants Thursday for 20 Taiwanese people it said carried out hacking missions in the Chinese mainland on behalf of Taiwan’s ruling party, while separately banning dealings with a Taiwanese company whose owners mainland authorities called “hardcore Taiwan independence supporters.” Police in the southern manufacturing hub of Guangzhou said they were led by a man named Ning Enwei on behalf of Taiwan’s independence-leaning Democratic Progressive Party but did not identify …

‘I do not have confidence’ that US infrastructure is cyber-secure, former NSC official says
https://www.nextgov.com/cybersecurity/2025/06/i-do-not-have-confidence-us-infrastructure-cyber-secure-former-nsc-o…

‘I do not have confidence’ that US infrastructure is cyber-secure, former NSC official says
At the AI Expo for National Competitiveness, Anne Neuberger told audiences that artificial intelligence tools are an enhancement opportunity for U.S. cyber defenses and intelligence collection.

Reddit sues AI company Anthropic for allegedly ‘scraping’ user comments to train chatbot Claude
https://apnews.com/article/reddit-sues-ai-company-anthropic-claude-chatbot-f5ea042beb253a3f05a091e70531692d

Reddit sues Anthropic, accusing the AI company of illegally scraping data from its site
Social media platform Reddit has sued the artificial intelligence company Anthropic, alleging that it is illegally “scraping” the comments of Reddit users to train its chatbot Claude. Reddit claims that Anthropic has used automated bots to access Reddit’s content despite being asked not to do so. Anthropic didn’t immediately return a request for comment Wednesday.

Exclusive: One-third of top U.S. cyber force has left since Trump took office
https://www.axios.com/2025/06/03/cisa-staff-layoffs-resignations-trump-cuts

Exclusive: One-third of top U.S. cyber force has left since Trump took office
Trump wanted to cut 1,000 people. They're already gone.

No such thing as a slow cybersecurity news day anymore, so don't miss today's Metacurity for the critical infosec developments you should know, including
--Top cyber vendors hope to clean up crazy threat group naming practices,
--Coinbase knew of data leak in January,
--Prolific swatter pleads guilty,
--Cartier confirms data breach,
--Abilene gropes for recovery after rejecting ransom payment,
--North Face customers' data stolen in credential s…

Top cyber vendors hope to clean up crazy threat group naming practices
Coinbase knew of data leak in January, Prolific swatter pleads guilty, Cartier confirms data breach, Abilene gropes for recovery after rejecting ransom payment, North Face customers' data stolen in credential stuffing attacks, $11.5m stolen from BitoPro hot wallets, much more

Top FBI cyber official Cynthia Kaiser exits for Halcyon
https://cyberscoop.com/cynthia-kaiser-fbi-halcyon-ransomware/

Top FBI cyber official Cynthia Kaiser exits for Halcyon
The 20-year bureau pro wants to see what it’s like to fight ransomware from the private sector.

⚠️ You have read your last free article

Is that a threat? 😰

Be careful not to buy too many art supplies. You could have an excess stencil crisis.

Business LARP

My thoughts go out to all the terrorized pets every holiday people set off fireworks.

People that change their pfp often mess with my brain. (Looking at you @…⁠)

Mike Burgees, the Director-General of Security of the Australian Security Intelligence Organisation (ASIO), warns employees of defense contractors that they're targets of foreign intelligence services on LinkedIn.
https://www.asio.gov.au/26th-annual-hawke-

Codeberg as a music repo 🤔

Chinese Hacked US Telecom a Year Before Known Wireless Breaches
https://www.bloomberg.com/news/articles/2025-06-04/chinese-hacked-us-telecom-a-year-before-known-wireless-breaches

south 🇦🇶

The Com strikes again.
Google Warns Hackers Stealing Salesforce Data From Companies
https://www.bloomberg.com/news/articles/20

Electrified surface: do not touch!
⠠⠑⠇⠑⠉⠞⠗⠊⠋⠊⠫⠀⠎⠥⠗⠋⠁⠉⠑⠒⠀
⠙⠀⠝⠀⠞⠳⠡⠖

CrowdStrike Cooperating With Federal Probes Into July Software Outage
https://www.wsj.com/business/telecom/crowdstrike-cooperating-with-federal-probes-into-july-software-outage-…

The crypto community's reaction to Musk's claim that he is using "Bitcoin-style encryption" (which isn't a thing) in his new messaging service XChats is so much fun.
Elon Musk says X’s DM feature XChat to have ‘Bitcoin-style encryption’
https://cointelegraph.com/news/elo…

https://www.reuters.com/legal/legalindustry/marriott-wins-us-appeals-order-striking-down-data-breach-class-action-2025-06-03/
Marriott wins US appeals order striking down data breach class action

Spam calls 🙄

Fear not, orange cat is on the case! 🪴⁠🐈

Sometimes a women needs a hobby
🎨by techranova

That is one round squirrel.

When you realize you can't pet every single cat in the world :c

Ever get the feeling you're being watched?
Me: I have cats. I'm always being watched.

Undercover agent

Orange Cat Transport Unit

🥐