Profile

It's good to see at least some challenges to the Anthropic claims that "AI-assisted attack was 90% autonomous".

Ars Technica

Researchers question Anthropic claim that AI-assisted attack was 90% autonomous

The results of AI-assisted hacking aren't as impressive as many might have us believe.

- Unfortunately majority of media outlets are parroting these #cyberslop claims unchallenged. The report by Anthropic makes some fantastical claims and conclusions based on those claims. In the end while the threats are there, they’re mostly unrelated to AI or LLM use. Pouring more money into AI companies isn't a magic solution. There's better use for this budget: Invest it in doing what you have been doing all along - Maintain good visibility and understanding of your environments and associated software solutions, patch your systems in a timely manner, perform periodic security assessments (internal or external), detect and respond to threats. AI or LLM are not magic and can't exploit vulnerabilities that are not there.

This is a reminder to everyone that security is more than just memory safety.

sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10 - Phoronix

The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky

#rust #vulnerability #sudo_rs

If you have ever wondered why #Facebook seems either to ignore or fail to remove obvious scammers when you report them - well, there's a reason for it: They make a huge profit for Facebook. If you believe Facebook has now stopped or will in future stop this practice now that they've been exposed, you're way too trusting.

Ars Technica

Bombshell report exposes how Meta relied on scam ad profits to fund AI

Meta goosed its revenue by targeting users likely to click on scam ads, docs show.

"Bombshell report exposes how Meta relied on scam ad profits to fund AI" #scams #fraud #scammers

Humans make mistakes all the time, yet nuclear power is extremely safe. A wide range of precautions and protocols are in place to ensure nuclear safety, starting from the work culture. This interesting video by Smarter Every Day shows the refueling process of a nuclear reactor: While seeing insides of a nuclear reactors and how they're refueled is interesting, I find the safety&security processes and practices around the process even more interesting. This video gives you some idea why nuclear power-related accidents are so rare. People do make mistakes, but the overlapping and multilayered safety&security processes catch the mistakes before they can lead to bigger problems. There are things to learn here for even the world outside of the nuclear industry: - Having a work culture that encourages reporting mistakes without reprisal and reprimand helps catch issues early, as they are more likely to be reported. - Identifying the critical systems and having layered safety&security is important. Not everything needs to be super tight. Applying the super tight rules everywhere would likely just make people ignore the rules, at least in part. - Training is important. Understanding the reason why tight safety/security is in place in a system is crucial. With this understanding, it is more likely that the rules are obeyed. #security #safety #nuclearsafety #nuclearpower

#Microsoft is clearly becoming desperate due to low adoption rates of #Copilot. Apparently, Microsoft is now pushing Copilot to all #Microsoft365 personal subscribers and calling it a "subscription price increase". Only when you decide to cancel your subscription are you presented with the option to switch to "Microsoft 365 Personal Classic" without Copilot (and nearly the old price). The classic plan is not presented as an option unless you try to cancel your subscription. This is a classic scammy trick: Modify the existing plan and add the feature no one wants and hide the old plan from view. Presto, now you have an insane adoption rate you can present to investors as a great success. I personally don't use Microsoft subscription services, so I don't know if they tried this bullshit in the EU, but if they did, they're asking for trouble. They got sued in Australia over this already:

Australian Competition and Consumer Commission

Microsoft in court for allegedly misleading millions of Australians over Microsoft 365 subscriptions

The ACCC has commenced proceedings in the Federal Court against Microsoft Australia and its US-based parent company Microsoft Corporation for alleg...

"Microsoft in court for allegedly misleading millions of Australians over Microsoft 365 subscriptions"