Tootfinder

when the dark web threat monitoring service gets pwnd and lists itself as a breach because it aggregated sensitive personal data as a service and therefore drew a bullseye on its own ass

We are pleased to announce the release of CTI-Transmute.org, a new free and open-source service designed to facilitate conversions between MISP and STIX 2.x formats.
The service is available both through a web interface and an API, allowing users to convert CTI data easily. The web UI also gives users the option to share or keep private their conversions for further review or collaboration.
You can view an example conversion here: 🔗

.co TLD registry web sites returning 503s at the moment. They apparently;y had some name registration service outage a couple of days ago, possibly related?
https://web.archive.org/web/20251102204006/https://www.cointernet.com.co/

🧑🏻‍💻 .NET 10 Preview Now Available on #Azure App Service! :azure: https://azure.github.io/AppService/2025/08/26/dotnet-10-preview-on-App-Service.html…

Throttling Web Agents Using Reasoning Gates
Abhinav Kumar, Jaechul Roh, Ali Naseh, Amir Houmansadr, Eugene Bagdasarian
https://arxiv.org/abs/2509.01619 https://

Throttling Web Agents Using Reasoning Gates
AI web agents use Internet resources at far greater speed, scale, and complexity -- changing how users and services interact. Deployed maliciously or erroneously, these agents could overload content providers. At the same time, web agents can bypass CAPTCHAs and other defenses by mimicking user behavior or flood authentication systems with fake accounts. Yet providers must protect their services and content from denial-of-service attacks and scraping by web agents. In this paper, we design a fr…

»Amazon Web #Service's — DNS-Problem legte zahlreiche #Online-Dienste lahm:
Wenn es einmal bei einem der großen #Cloud Service #Provider

Amazon Web Services: DNS-Problem legte zahlreiche Online-Dienste lahm
Aufgrund eines Problems bei der DNS-Auflösung bei AWS fielen einige Dienste temporär aus. Davon betroffen waren auch Snapchat und Fortnite.

https://blog.joinmastodon.org/2025/09/service-offerings-from-mastodon/

Service offerings from Mastodon
We're offering hosting, support and moderation services, to establish a more sustainable financial base while we continue to build a better social web.

This afternoon I will start a project that I postponed all summer: Figuring out how to move my club collective's web stuff to a new provider. (*shakes fist at Hosteurope which should burn in hell for switching their mail service to bloody Microsoft 365 model with a monthly fee per every single email adress*) Last time I did this was 15 years ago and I can't wait to relearn / see what has changed and is more complicated today! 😅

Check out today's Metacurty for the most crucial infosec developments you should know, including
--Scattered LAPSUS$ Hunters claims dossiers on US officials including NSA employees
--EU cops bust up illegal SIM-box service,
--Russia's COLDRIVER uses two new backdoors,
--Korea preps financial consumer data protection bill,
--76K WatchGuard Firebox network security appliances are exposed on the web,
--Attackers target OpenVSX and Microsoft Visual Studi…

Scattered LAPSUS$ Hunters claims dossiers on US officials including NSA employees
EU cops bust up illegal SIM-box service, Russia's COLDRIVER uses two new backdoors, Korea preps financial consumer data protection bill, 76K WatchGuard Firebox network security appliances are exposed on the web, Attackers target OpenVSX and Microsoft Visual Studio with GlassWorm malware, much more

La pšguina web de la Casa Blanca tiene una sección tróspida hasta la nausea.
https://www.whitehouse.gov/about-the-white-house/the-white-house/
En la sección Major Events viene información sobre la construcción de las diferentes fases del edificio, vas pasan…

I don't disagree with suggestions that the UK public sector should have less reliance on the big-three (American) cloud providers. But this has been a concern for more than a decade, and people should at least be aware of both the "GOV.UK PaaS" and UKCloud.

Migrating our data from GOV.UK Platform as a Service (PaaS) to Amazon Web Services (AWS) – MHCLG Digital
After learning that GOV.UK’s hosting platform PaaS is being decommissioned, the Energy Performance of Buildings Register team decided to migrate all their hosting to AWS. In this post, Barry, Developer, explains what they did.

https://www.navidrome.org/

https://git.sixfoisneuf.fr/termsonic/about/
=
💕

Mastodon erhält neue Hosting- und Support-Angebote, die auf größere Organisationen und öffentliche Einrichtungen zugeschnitten sind. Diese ermöglichen es ihnen, ihre eigene soziale Identität auf ihrer eigenen Infrastruktur zu besitzen.
Ideal für Unis, Institute, Stiftungen oder NGOs um eine resiliente und kontrollierbare Kommunikation aufzubauen, unabhängig von BigTech.
Auch Schulen können eigene Instanzen für souveränes social media aufbauen.

Service offerings from Mastodon
We're offering hosting, support and moderation services, to establish a more sustainable financial base while we continue to build a better social web.

LLUAD: Low-Latency User-Anonymized DNS
Philip Sj\"osv\"ard, Hongyu Jin, Panos Papadimitratos
https://arxiv.org/abs/2509.24174 https://arxiv.org/p…

LLUAD: Low-Latency User-Anonymized DNS
The Domain Name System (DNS) is involved in practically all web activity, translating easy-to-remember domain names into Internet Protocol (IP) addresses. Due to its central role on the Internet, DNS exposes user web activity in detail. The privacy challenge is honest-but-curious DNS servers/resolvers providing the translation/lookup service. In particular, with the majority of DNS queries handled by public DNS resolvers, the organizations running them can track, collect, and analyze massive us…

@… Whose Transfer screen is shown in that image? Probably not Qobuz or Spotify. A third party app? A web service?

Amazon Web Services announces AWS RTB Fabric, a real-time bidding service for ad buyers and sellers, aiming to cut integration hours between ad tech partners (Seb Joseph/Digiday)
https://digiday.com/marketing/amazons-next-frontier-in-ad…

Amazon’s next frontier in advertising: the cloud infrastructure it runs on
The ad dollars are nice but the real prize for Amazon is the infrastructure itself -- the rails on which the entire system runs.

Starting the fourth chapter "The Rise of the Web" of #ThisIsForEveryone, I am pleasently surprised to find out a librarian — Louise Addis of the Stanford Linear Accelerator Center (SLAC) — played an important, supportive role in the very first days of the web.

“Additionally, Cursor’s Amazon Web Services bills more than doubled from $6.2 million in May 2025 to $12.6 million in June 2025, exacerbating a cash crunch that began when Anthropic introduced Priority Service Tiers, an aggressive rent-seeking measure that begun what I call the Subprime AI Crisis, where model providers begin jacking up the prices on their previously subsidized rates.”
#SubprimeAI
https://www.wheresyoured.at/costs/?ref=ed-zitrons-wheres-your-ed-at-newsletter

★ Do you get excited or upset about AWS SCPs, or GCP Org Policies?
★ Do you have experience developing software to solve cloud security challenges?
★ Do you downplay your cloud security knowledge but actually you know a lot of niche oddities of cloud IAM?
★ Do you like working in diverse security teams that care about your wellbeing?
★ Do you want to get paid to work on cloud security for one of the most sophisticated AWS environments in the world?
I'm hiring a…

Security Software Engineer (L5), Cloud Infrastructure Security | USA - Remote | Netflix
Netflix is one of the world's leading entertainment services, with over 300 million paid memberships in over 190 countries enjoying TV series, films and games across a wide variety of genres and languages. Members can play, pause and resume watching as much as they want, anytime, anywhere, and can change their plans at any time. Netflix operates our streaming service control plane on Amazon Web Services, which has led to one of the largest and most sophisticated AWS environments in the world. C…

Source: Nvidia is scaling back DGX Cloud to primarily internal R&D use; DGX Cloud was initially envisioned to compete with major cloud providers like AWS (Anissa Gardizy/The Information)
https://www.theinformation.com/articles/nvidia-steps-back-cloud-ef…

Nvidia Steps Back From Cloud Effort to Compete with AWS
Nvidia is stepping back from its nascent cloud computing business, which had put it in quasi-competition with Amazon Web Services. It has lessened its efforts to attract businesses to the cloud service, dubbed DGX Cloud, said a person with direct knowledge of the situation. Instead, Nvidia plans ...

FB I have a question. I don't have the app, I run it via the web browser so why do you have a service running? I don't remember being asked to enable that. Nuked the process!

An LLM-enabled semantic-centric framework to consume privacy policies
Rui Zhao, Vladyslav Melnychuk, Jun Zhao, Jesse Wright, Nigel Shadbolt
https://arxiv.org/abs/2509.01716 http…

An LLM-enabled semantic-centric framework to consume privacy policies
In modern times, people have numerous online accounts, but they rarely read the Terms of Service or Privacy Policy of those sites, despite claiming otherwise, due to the practical difficulty in comprehending them. The mist of data privacy practices forms a major barrier for user-centred Web approaches, and for data sharing and reusing in an agentic world. Existing research proposed methods for using formal languages and reasoning for verifying the compliance of a specified policy, as a potentia…

I have thought from time to time and with increasing frequency, that it's time to take back Web Content Search and that it should be Open.
That it should be federated; there isn't one owner of the crawler or indexer, fingerprints of crawling indicate when a page was last visited; a Service provides the next randomly distributed domain/sub-domain to crawl; post indexing has validation and verification steps (which have their own Steering and Metrics);relevance should be content,…

Amazon rarely publicly discusses take down or incident response actions, which I'd guess makes this noteworthy:
https://aws.amazon.com/blogs/security/amazon-disrupts-watering-hole-campaign-by-russias-apt29/

Fortifying the Agentic Web: A Unified Zero-Trust Architecture Against Logic-layer Threats
Ken Huang, Yasir Mehmood, Hammad Atta, Jerry Huang, Muhammad Zeeshan Baig, Sree Bhargavi Balija
https://arxiv.org/abs/2508.12259

Fortifying the Agentic Web: A Unified Zero-Trust Architecture Against Logic-layer Threats
This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework. This architecture is built on a foundation of rich, verifiable agent identities using Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), with discovery managed by a protocol-agnostic Agent Name Service (ANS). Security is operationalized through a multi-layered Trust Fabric which introduces significant innovations, including Trust-Adaptive Runtime Environments (T…

The Atacama Cosmology Telescope: Release of A databaSe of millimeTeR ObservatioNs of Asteroids Using acT (ASTRONAUT)
Ricco C. Venterea, John Orlowski-Scherer, Nicholas Battaglia, Sigurd Naess, Steve K. Choi, Allen Foster, Joseph Golec, Bruce Patridge, Crist\'obal Sif\'on
https://arxiv.org/abs/2508.18300

The Atacama Cosmology Telescope: Release of A databaSe of millimeTeR ObservatioNs of Asteroids Using acT (ASTRONAUT)
We present A databaSe of millimeTeR ObservatioNs of Asteroids Using acT (ASTRONAUT) hosted on Amazon Web Services, Inc. (AWS) in the form of a public Amazon Simple Storage Service (S3) bucket. This bucket is an Amazon cloud storage database containing flux measurements for a group of asteroids at millimeter (mm) wavelengths. These measurements were collected by the Atacama Cosmology Telescope (ACT) from 2017 to 2021 in frequency bands centered near 90, 150, and 220 GHz. The ASTRONAUT database c…

The right for companies to do this is in every web service Terms and Conditions you've ever ageed to.
https://www.theguardian.com/technology/2025/sep/20/parents-outraged-meta-uses-photos-schoolgirls-ads-man

chainScale: Secure Functionality-oriented Scalability for Decentralized Resource Markets
Mohamed E. Najd, Ghada Almashaqbeh
https://arxiv.org/abs/2509.20356 https://

chainScale: Secure Functionality-oriented Scalability for Decentralized Resource Markets
Decentralized resource markets are Web 3.0 applications that build open-access platforms for trading digital resources among users without any central management. They promise cost reduction, transparency, and flexible service provision. However, these markets usually have large workload that must be processed in a timely manner, leading to serious scalability problems. Despite the large amount of work on blockchain scalability, existing solutions are ineffective as they do not account for thes…

Got my first DNSSEC verified phishing email since I started logging on my personal email. So congratulations to [a foreign government's technology service] for securing DNS, and condemnation, I guess, for not securing web forms.