infosec.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for info/cyber security-minded people.

Administered by:

Server stats:

11K
active users

infosec.exchange: AboutProfiles directoryPrivacy policyTerms of service

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.6.0-alpha.3+glitch

Pinned Posts

Post 1 / 5

I would like to announce that "ClearURLs for UBO" is officially - at least for the time being - no more.
I lack the time and resources to maintain the script responsible for updating it, and Imre (DandelionSpout) has disabled it due to several difficult to solve fatal errors.
Please disable or uninstall it.

#ClearURLs#ClearURLsForUBO#uBlockOrigin

@ittavern And re: why should you trust me.
Simple answer: you shouldn't
I have often given inaccurate information or unintentionally fear mongered (i.e. regarding trusted scriptlets)

I mix fact, analysis, speculation, and pure opinion, and fail to provide context or citations.

Lastly, while I have experience with content blocking, I am *far* from an expert, especially on complex issues like YouTube.

Israel is currently engaging in a genocide in Gaza.
The end goal of their current campaign is to kill or remove all Palestinians.
This is not a war; this is not about stopping HAMAS (who are just as evil).
There is no collateral damage: the civilians are the target.
As are aid vehicles and journalists.
This must end.

https://www.icj-cij[.]org/sites/default/files/case-related/192/192-20231228-app-01-00-en.pdf <-- warning; this website is behind Cloud Flare and blocks the Wayback Machine

web.archive.org/web/https://th
web.archive.org/web/2024010612
https://twitter[.]com/UNReliefChief/status/1740804242640904415
theguardian.com/world/2023/dec
web.archive.org/web/https://cp

The Intercept · State Department: Israel “Must Not” Pursue “Mass Displacement of Palestinians From Gaza”By Ryan Grim

Censorship is not safety.

“Safety has been so conflated with surveillance that we are forgetting about the things which make us safe.” - Tawana Petty (https://www.npr[.]org/2023/02/23/1159084476/know-it-all-ai-and-police-surveillance)

Wikipedia will remove all archive.today (and mirror domains') citation links, after the archive service captcha-DDoSed a blogger and altered archive snapshots. Unrelated to Archive.org (the wayback machine). arstechnica.com/tech-policy/20

Ars Technica · Wikipedia blacklists Archive.today, starts removing 695,000 archive linksBy Jon Brodkin

It’s time to stop using Blabber.im

The abandoned fork of has a critical security issue: attackers can bypass STARTTLS negotiation, resulting in an unencrypted connection to a fake server. This vulnerability is similar to the STARTLS attack discovered in various email clients¹

Fixed in Conversations 2.13.1 (Feb 2024)

Please migrate to Conversations immediately! It's free on Google Play until the end of the year and always free on

¹: archive.fosdem.org/2024/schedu

archive.fosdem.orgFOSDEM 2024 - [Protocols] Security of STARTTLS in the E-Mail Context

Mullvad was banned on British TV. And then? And then this underground ad got banned by the government body Transport For London.

The argument was clear: you cannot encourage people to engage with a banned TV commercial.

A photograph taken on the wall of a London tube station. A white advert with purple text that reads: "All this ad wanted was 15 seconds of fame on telly". The advert is followed by a QR code with the Mullvad VPN logo inside. Underneath it reads: "This TV ad was banned on British TV. Still want to watch it? Oh, you little anti-mass-surveillance activist".

Was just browsing the Internet in a VM with script-blockers turned off for a bit, and half the sites were like "IT PUTS THE DATA IN THE BASKET OR IT GETS THE HOSE AGAIN!" with multiple videos, dozens of ads and and 99 pieces of third-party Javascript loading in the background. The amount of advertiser profiling and data sharing that goes on when you visit these noisy sites with a mobile device is even higher and more invasive, which might explain why I do most of my web browsing inside a VM (but with script blockers turned on).

Do not comply.

Do not share your ID or biometric data with abusive platforms requesting it. You have a choice to say no, complain, and leave.

This is an important act of resistance for the future of humanity.

This isn't just about privacy, this is also about safety, diversity, democracy, and human rights.

#Privacy#MassSurveillance#HumanRights
Ben Royce 🇺🇦 🇸🇩<p>My real name is Ben Royce. I frequently shoot my mouth off on Mastodon. I don't fucking care</p><p>That's a luxury many people don't have</p><p>Some are trans and live in the USA</p><p>Some are in sensitive domestic or work situations</p><p>Some are exploring themselves and don't want humiliation or regret following them if they fuck up</p><p>Lots of valid reasons for <a href="https://mastodon.social/tags/anonymity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anonymity</span></a></p><p>So no Mr. <a href="https://mastodon.social/tags/Merz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Merz</span></a>, that's a stupid idea, fuck off</p><p>"#Germany's Merz calls for real names on the Internet"</p><p><a href="https://www.yahoo.com/news/articles/germanys-merz-calls-real-names-211340863.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">yahoo.com/news/articles/german</span><span class="invisible">ys-merz-calls-real-names-211340863.html</span></a></p><p><a href="https://mastodon.social/tags/Deutschland" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Deutschland</span></a></p>
BrianKrebs<p>If you&#39;re on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn&#39;s privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.</p><p><a href="https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">thelocalstack.eu/posts/linkedi</span><span class="invisible">n-identity-verification-privacy/</span></a></p>
Peter Lowe<p>Weekly block list report: 3,515 entries; 3,501 valid / 14 invalid; 4 deleted <a href="https://infosec.exchange/tags/ads" class="mention hashtag" rel="tag">#<span>ads</span></a> <a href="https://infosec.exchange/tags/adblocking" class="mention hashtag" rel="tag">#<span>adblocking</span></a> <a href="https://infosec.exchange/tags/blocklist" class="mention hashtag" rel="tag">#<span>blocklist</span></a> <a href="https://infosec.exchange/tags/trackers" class="mention hashtag" rel="tag">#<span>trackers</span></a> <a href="https://infosec.exchange/tags/pglblocklistreport" class="mention hashtag" rel="tag">#<span>pglblocklistreport</span></a></p><p>List URL: <a href="https://pgl.yoyo.org/as/serverlist.php" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="">pgl.yoyo.org/as/serverlist.php</span><span class="invisible"></span></a></p>
mcc<p>Somebody linked me RFC 7565, which linked to RFC7564, and if that's the place to look this appears to be the list of disallowed characters in a Fediverse username, and I'm cracking up because it's *mostly* stuff you'd expect, except the very first category of banned characters, specially, is "pre-1700 Korean characters". </p><p>The fediverse is welcome to all. EXCEPT KOREAN TIME TRAVELERS. Did you just wake up from being frozen in ice during the Joseon dynasty? The IETF is targeting you PERSONALLY</p>
memes from outside fedi/atmosphere
depths of wikipedia
iam-py-test<p>This is my updated list of accounts: <a href="https://github.com/iam-py-test/iam-py-test.github.io/commit/86e7290695348f3fcacd842624c68789488d4915" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/iam-py-test/iam-py-</span><span class="invisible">test.github.io/commit/86e7290695348f3fcacd842624c68789488d4915</span></a></p><p>This commit is authentic and the accounts listed on this page are me.<br>Not that I'm important enough to impersonate, but I just wanted to make this clear.</p>
iam-py-test<p>Just to prove my identity:</p><p>This Wikipedia account is mine: <a href="https://en.wikipedia.org/wiki/User:Iam-py-test" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">en.wikipedia.org/wiki/User:Iam</span><span class="invisible">-py-test</span></a><br>It isn't listed on my website yet, but I will add it.<br>This account is inactive as I mainly edit WP while logged out.</p><p>My email is iam-py-test@protonmail.com</p><p>If you have any doubts about my identity, feel free to contact me via a different method.</p>
iam-py-test<p>Credit to PiQuark6046 for discovering this (or at least being the person to share about this).</p><p>Samsung Internet is a Chromium-based browser by Samsung. There is a beta version for Windows, which is only available for "South Korea and the United States" (PiQuark6046 <a href="https://github.com/piquark6046" target="_blank" rel="nofollow noopener">lives in South Korea</a> and I live in the US).</p><p>Samsung Internet for Windows comes with a rebranded version of AdBlock Plus, which they rebranded as "SI Adblocker".<br>It comes with three filterlists; EasyList, "SIAllowlist", and ABP's Acceptable Ads.</p><p>So what is SIAllowlist?<br>Firstly, its bundled with the extension itself - it isn't loaded from an external URL. If you look at the extension, its right there in the root directory.<br>The last updated date is "01 Jul 2024 09:45 UTC".<br>As for the actual content?<br>It disables ABP on samsung.net, allows some trackers, and weirdly allowlists some elements on ndtv.com.</p><p>For those curious, here's a copy: <a href="https://github.com/iam-py-test/my_filters_001/blob/main/archive/allowlisting.txt" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/iam-py-test/my_filt</span><span class="invisible">ers_001/blob/main/archive/allowlisting.txt</span></a></p><p>There is something interesting about SI Adblocker; its presence is largely hidden. When installing the browser, the user is given the choice of if they want an adblocker or not, but that screen doesn't mention what adblocker it is. Instead, it directs users to the list of open source licenses. Their list of open source licenses (internet://credits/) does mention EasyList, and "EasyList, EasyPrivacy, EasyList Locale specific" (EasyPrivacy isn't enabled). I don't see any credit to Eyeo or the ABP contributors anywhere in the browser at all.</p><p>In the browser itself, there is a setting to disable the adblocker: internet://settings/adBlockers<br>Beyond that, I see no way to configure it. It doesn't show up in the list of installed extensions, and there is no easy way to get to the options page. The popup and context menu are disabled.</p><p>The only way to get to the actual settings of ABP/SI is to directly type in the URL in the address bar: chrome-extension://kmamepaocfjpbfkkciloamaejpcilkld/desktop-options.html<br>However, its clear end users were never intended to go here. Most of the external links are completely broken, just leading back to the options page. For example, "Learn how to write filters (English only)" should go to ABP's documentation, but it just goes back to the options page.<br>The copyright date in the "about" popup is also malformed, resulting in this:</p><blockquote><p>Copyright © 2026 Samsung Electronics/a0&gt;.</p></blockquote><p>Custom filters do indeed work.<br>As do custom filterlists. The list of available optional filterlists seems to be the same as ABP, but I haven't actually checked.<br>It still automatically enables region-specific filterlists. If I change the browser to "norsk bokmål", Dandelion Sprout's Nordic Filters turns on.</p><p>As an aside, Samsung Internet's norsk bokmål language pack is missing most of the translations, so a good portion of the browser just stays in English. I haven't tried other languages yet, so maybe this is specific to norsk bokmål. Hey, Samsung, I know a guy...</p><p>Of note, this is the MV3 ABP.</p>
Natasha :mastodon: 🇪🇺<p>Someday this cat will manage to show off his true talent to the world -</p><p>by Chylik (@chiliktol)</p>
Miguel Afonso Caetano<p>"When it comes to generated or artistic content, the decisive question is simple: does it exploit and harm a real, non-consenting person? If it does — as in the case of deepfakes of real children — it is a form of abuse and demands a firm, targeted response. If it does not, then however offensive it may be, it does not belong in the same criminal category.</p><p>Edge cases like AI-generated deepfakes have led some to argue for collapsing all depictions of minors, real or imagined, into the definition of CSAM. But conflating fiction with victimization weakens both enforcement and principle. Criminal law loses clarity. Resources are misdirected. And the moral gravity of the term “child sexual abuse material” is diluted. </p><p>The case of Lauren Matrosa illustrates where this path leads: criminal liability imposed not for harm, but for offense. A free society does not protect only inoffensive art. It protects art and literature precisely because criminal penalties must be necessary and proportionate, imposed only to prevent or punish conduct that causes real and identifiable harm. This is not a radical proposition; it is a cornerstone of international human rights law. Offensive art shouldn’t be distributed without safeguards, but it should be allowed to exist.</p><p>Real CSAM on the other hand — including deepfakes of real children — is not merely offensive. It is abusive. Our response to it demands precision, enforcement, and support for victims. Therefore the solution is to target the harm directly, through measures such as preventative education, data privacy frameworks, and targeted image abuse laws – not to expand the existing criminal category of CSAM until it loses its meaning."</p><p><a href="https://c4osl.org/deepfakes-fiction-csam-law/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">c4osl.org/deepfakes-fiction-cs</span><span class="invisible">am-law/</span></a></p><p><a href="https://tldr.nettime.org/tags/Censorship" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Censorship</span></a> <a href="https://tldr.nettime.org/tags/CSAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSAM</span></a> <a href="https://tldr.nettime.org/tags/Deepfakes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Deepfakes</span></a> <a href="https://tldr.nettime.org/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://tldr.nettime.org/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://tldr.nettime.org/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://tldr.nettime.org/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a></p>
🅰🅻🅸🅲🅴 (🌈🦄)<p>I though I'd died and gone to lock heaven 🥹</p><p>They also had a whole bin of vintage and antique mortise cylinders, many of which had keys. The goth/punk lady that worked there said, since I teach lockpicking (and gave her some practice tips), I could have 'em for $5/per 🫠</p><p>I left with 4 awesome new (old) locks 💝</p>
Kevin Beaumont<p>Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.</p><p>For some reason it hasn’t put out a security advisory - but instead buried it in a service alert which isn’t publicly visible. </p><p><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/</span></a></p>
Dio9sys<p>Side note: Husband and I have considered getting some kind of Cat Cam we can put in the room with them, but we refuse to use any of the internet-connected cameras (I have written way too many tags for hikvision and wyze cameras, thomas has seen too many news reports about ring cameras). I know there at least used to be an open source bit of firmware to convert cheap cameras to sending logs locally, but does anyone know of like....idk a cheap cctv camera that only operates locally?</p>
Robin Hawkes ⚡️<p>Any recommendations for a hands-off newsletter service that doesn't cost a fortune? Ideally one that also deals with UK data protection for me.</p><p>Context: I'll soon be starting a newsletter to keep up to date with my visuals and analysis work but don't want this to become a chore</p>
iam-py-test<p>Two days ago, a proposal to add "unsafe-webtransport-hashes" to the Content Security Policy specification was merged.</p><p><a href="https://github.com/w3c/webappsec-csp/issues/683" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/w3c/webappsec-csp/i</span><span class="invisible">ssues/683</span></a><br><a href="https://github.com/w3c/webappsec-csp/pull/791" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/w3c/webappsec-csp/p</span><span class="invisible">ull/791</span></a></p><p>Here is how I understand the proposal, based on reading it and the documentation for WebTransport. I'm by no means an expert on WebTransport - I had never heard of it before today.</p><p>WebTransport is intended to replace Web Sockets; it allows a website to connect to a server over HTTP/3.</p><p>One feature of WebTransport is serverCertificateHashes, which is passed as an argument when creating a new socket.<br>serverCertificateHashes allows a website to bypass the normal public key infrastructure, instead telling the browser what certificates to trust.<br>It does this, as the name suggests, by providing the hashes of the certificates.</p><p>There is, of course, an inherent risk which comes with replacing the existing PKI with DIY. Allowing websites to restrict usage of this feature helps mitigate some of this risk.</p><p>This proposal builds on the existing connect-src CSP policy, which controls technologies like XHR, Fetch, etc.</p><p>If a website does <em>not</em> set connect-src in its Content Security Policy or doesn't have a CSP, then it can use serverCertificateHashes as it wishes.</p><p>However, if it sets connect-src, then serverCertificateHashes is disallowed.</p><p>That is where unsafe-webtransport-hashes comes into play. A website can allow specific certificates to be used with serverCertificateHashes by specifying the hashes of those certificates in unsafe-webtransport-hashes, which is part of the CSP and falls under connect-src.</p><p>So, as I understand it:</p><ul><li>no CSP or no connect-src: can use any certificates in serverCertificateHashes</li><li>connect-scr set but no unsafe-webtransport-hashes: can not use any certificate in serverCertificateHashes</li><li>connect-scr is set and contains unsafe-webtransport-hashes: only certificates allowlisted in the CSP are allowed for serverCertificateHashes, all others denied</li></ul><p>All of this is based on reading the issue thread and doing a little background research. I probably got some of it, or all of it, wrong.<br>Point being; it is an interesting but very niche proposal.</p><p><a href="https://infosec.exchange/tags/WebTransport" class="mention hashtag" rel="tag">#<span>WebTransport</span></a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="tag">#<span>WebSecurity</span></a> <a href="https://infosec.exchange/tags/ContentSecurityPolicy" class="mention hashtag" rel="tag">#<span>ContentSecurityPolicy</span></a> <a href="https://infosec.exchange/tags/CSP" class="mention hashtag" rel="tag">#<span>CSP</span></a></p>
evacide<p>If you're a journalist who covers law enforcement, don't let their claims about slick and effective technology go unchallenged.</p><p><a href="https://www.eff.org/document/selling-safety-journalists-guide-covering-police-technology" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eff.org/document/selling-safet</span><span class="invisible">y-journalists-guide-covering-police-technology</span></a></p>
Adam Shostack :donor: :rebelverified:<p>Goddamn "private mention" is hard to use safely.</p>
Anon Opin<p>My kid can't choose which shoes to wear during the day without consulting ChatGPT. In a decade or two, the world is going to be pretty screwed. Never before has so much rested on the shoulders of teachers to output functioning human beings. Let's double their fucking salaries.</p>
iam-py-test<p>Pi-hole version 6.4 has been released</p><p><a href="https://github.com/pi-hole/pi-hole/releases/tag/v6.4" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/pi-hole/pi-hole/rel</span><span class="invisible">eases/tag/v6.4</span></a></p><p><a href="https://infosec.exchange/tags/PiHole" class="mention hashtag" rel="tag">#<span>PiHole</span></a></p>
Nathalie Lawhead (alienmelon)<p>new video game genre just dropped:<br>“arts and crafts games”<br>let’s go!! 😎💃💅🎨🖌️✂️🤘</p>
Christine Lemmer-Webber<p>AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach <a href="https://socket.dev/blog/ai-agent-lands-prs-in-major-oss-projects-targets-maintainers-via-cold-outreach" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/ai-agent-lands</span><span class="invisible">-prs-in-major-oss-projects-targets-maintainers-via-cold-outreach</span></a></p><p>oof</p>
Catalin Cimpanu<p>The median ransom demand last year was $414,000, per Arctic Wolf</p><p><a href="https://arcticwolf.com/resources/press-releases/arctic-wolf-threat-report-highlights-11x-growth-in-data-extortion-incidents-and-continued-dominance-of-ransomware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arcticwolf.com/resources/press</span><span class="invisible">-releases/arctic-wolf-threat-report-highlights-11x-growth-in-data-extortion-incidents-and-continued-dominance-of-ransomware/</span></a></p>
domi (networking witch)<p>tomorrow (2026-02-18) will *most likely* mark the last TLS renewal for The ARPA Zone, as CA/B has explicitly prohibited cert issuance for *.arpa domains, effective 1st of March (see <a href="https://github.com/cabforum/servercert/issues/153#issuecomment-2625717318" rel="nofollow noopener" target="_blank">https://github.com/cabforum/servercert/issues/153#issuecomment-2625717318</a> for context). I'm writing "most likely" because for all I know the cert may fail to renew tomorrow already - who knows!<br><br>Pessimistic instance EOL: tomorrow :neocat_googly_woozy:<br>Optimistic instance EOL: ~2026-05-19<br><br>preparing for the pessimistic scenario, i'd like to thank everyone for all the jokes and fun times here. o/</p>
maia arson crimew<p><a href="https://soc.tuxpaintadventures.com/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>introduction</span></a> im maia</p>
iam-py-testRant
iam-py-test<p class="quote-inline">RE: <a href="https://techhub.social/@nic221/116075568282356142" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">techhub.social/@nic221/1160755</span><span class="invisible">68282356142</span></a></p><p>And how many invalid vulnerabilities did it find?<br>500 out of what?</p><p>I find myself very skeptical of claims like this.</p>
Cassandra is only carbon now<p>GOD FUCKING DAMN IT</p><p>I misclicked slightly while browsing GitHub and hit the Copilot button by accident. Now apparently I'm on the free plan for it, am already getting spam e-mail about Copilot, and who knows what in the fuck else.</p><p>Fucking dark patterns.</p>
Carmen Torrecillas<p>Hi <span class="h-card" translate="no"><a href="https://publicgood.social/@TechSoup" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>TechSoup</span></a></span> . I’ve been trying to contact TechSoup Spain for 26 days through forms, emails and chat with zero response. This is unacceptable for an organization supporting <a href="https://vis.social/tags/nonprofits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nonprofits</span></a>. It's blocking our work. Can someone escalate this urgently?</p>
iam-py-test<p>The latest version of the Malicious Website Blocklist includes a version of ThioJoe's YouTube spam blocklist, converted to uBlock Origin format.</p><p><a href="https://github.com/iam-py-test/my_filters_001/commit/9c54dc717c772107faf9948dd8a2ad827bb7583f" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/iam-py-test/my_filt</span><span class="invisible">ers_001/commit/9c54dc717c772107faf9948dd8a2ad827bb7583f</span></a></p><p>All credit goes to the original creators of the source data: <a href="https://github.com/ThioJoe/YT-Spam-Lists" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/ThioJoe/YT-Spam-Lis</span><span class="invisible">ts</span></a></p><p>This should not be taken as an endorsement of their political views.<br>I stopped watching their videos months ago because I disagreed with a claim they made (old drama), though I am still subscribed to them, so maybe they have changed.</p>
Kevin Beaumont<p>Today in InfoSec Job Security News:</p><p>I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically. </p><p>So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month. </p><p><a href="https://github.com/search?q=author%3Aclaude&amp;type=commits&amp;s=author-date&amp;o=desc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/search?q=author%3Ac</span><span class="invisible">laude&amp;type=commits&amp;s=author-date&amp;o=desc</span></a></p><p>As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.</p>
Jackie<p>I don't "identify as"<br>I am</p>
❄️SnowyIn🇨🇦❄️<p>💫 "The fabric of democracy is always fragile everywhere because it depends on the will of citizens to protect it, and when they become scared, when it becomes dangerous for them to defend it, it can go very quickly."</p><p>Margaret Atwood</p>
John Timaeus<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@iampytest1" class="u-url mention">@<span>iampytest1</span></a></span> </p><p>For squishy things like ethics, group conversations are one of the best training methods. </p><p>The rules are simple (largely: don&#39;t be a dick). But balancing conflicting principles and priorities makes it something that&#39;s good to discuss, and make students think about. </p><p>It&#39;s not something that can be memorized .</p>
TrendingLive feed
About