Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)A

abacabadabacaba

@ abacabadabacaba @infosec.pub

Posts
7
Comments
26
Joined
2 yr. ago

  • YouTube, WhatsApp blocked in Russia

    Jump

  • European government officials and institutions (on all levels) should at least stop using Twitter to communicate with people.

  • Credit cards cancelled, Google accounts closed: ICC judges on life under Trump sanctions

    Jump

  • Not if an app uses Play Integrity. The entire purpose of Play Integrity is to not work on anything that is not a Google-certified OS.

  • Credit cards cancelled, Google accounts closed: ICC judges on life under Trump sanctions

    Jump

  • It's not just cards. Many banks today require using a mobile app for online banking, and those apps require an Apple- or Google-certified device and an Apple or Google account. While it is possible to open those accounts under a false name (the apps are free so you don't need to enter payment info), this is still an absurd amount of leverage the US has on everyday people's activities in other countries.

  • Log of my transition to EU software so far

    Jump

  • Log of my transition to EU software so far

    Jump

  • Can anyone recommend an app for finding routes using public transport? I am currently using Google Maps, but I'd like to find an alternative, preferably not US/big tech. Tried mapy.com, it didn't work.

  • Not The Onion @lemmy.world
    abacabadabacaba @infosec.pub

    South Koreans hunt for old LG air-conditioners after logos turn out to be pure gold

    www.straitstimes.com /asia/east-asia/south-koreans-hunt-for-old-lg-air-conditioners-after-logos-turn-out-to-be-pure-gold

  • Fear of desynchronization: Why doesn’t Europe abolish daylight saving time?

    Jump

  • Spain restarts push to kill daylight saving time in EU

    Jump

  • Spain restarts push to kill daylight saving time in EU

    Jump

  • It's about time.

  • Good Mastodon instances outside of US?

    Jump

  • Is there someplace I can get a VPS that I can seed from without issues?

    Jump

  • There are multiple VPS providers that allow seeding, for example, ihostart.com.

  • What things that are legal today could become illegal in 50 years?

    Jump

  • Slaughtering animals for food.

  • demicrosoft @programming.dev
    abacabadabacaba @infosec.pub

    Microsoft suddenly bans LibreOffice developer's email account, blocks appeal

    www.techspot.com /news/108878-microsoft-suddenly-bans-libreoffice-developer-email-account-blocks.html

  • Old Testament shit. Sinners BEWARE!

    Jump

  • It's a Dutch Flag! 🇳🇱

    French flag 🇫🇷 has a blue stripe on the left side, not on the right.

  • Deleted

    Permanently Deleted

    Jump

  • Don't threaten me with good time!

  • Meta to ban political ads in EU due to bloc's 'unworkable' rules

    Jump

  • The article doesn't say what the rules are, so I did some searching and found this:

    According to the rules:

    • Political advertisements must be made available with a transparency label and an easily retrievable transparency notice. These must clearly identify political advertisements as such and provide some key information about them, including their sponsor, the election or referendum to which they are linked, the amounts paid, and any use of targeting techniques.
    • Targeting political advertising online will be permitted only under strict conditions. The data has to be collected from the data subject and it can be used only after the data subject have given explicit and separate consent for its use for political advertising. Special categories of personal data, such as data revealing racial or ethnic origin or political opinions, cannot be used for profiling.
    • To prevent foreign interference, there will be a ban on the provision of advertising services to third country sponsors three months before an election or referendum.

    The second point seems to be the most painful. Meta is all about nonconsensual data collection and targeting.

  • I Tried Proton's Lumo AI, a Private Alternative to ChatGPT

    Jump

  • Why do all of them fail this question?

  • Please fix this site - Pay so the site gets fixed

    Jump

  • Plot twist: the author fixed it themselves to make it appear that someone would pay for it.

  • Please fix this site - Pay so the site gets fixed

    Jump

  • Someone definitely took this XKCD too literally.

  • Discussions related to Infosec.pub @infosec.pub
    abacabadabacaba @infosec.pub

    Some images are broken

  • Not The Onion @lemmy.world
    abacabadabacaba @infosec.pub

    Bees attack French town, leaving 24 injured

    apnews.com /article/france-bees-attack-8c24d5919db13eac5b817c91daf1e7ab
  • Not The Onion @lemmy.world
    abacabadabacaba @infosec.pub

    Front door to UK House of Lords does not work despite hefty £9.6 million price tag

    www.euronews.com /my-europe/2025/07/03/front-door-to-uk-house-of-lords-does-not-work-despite-hefty-96-million-price-tag
  • Deleted

    Permanently Deleted

    Jump

  • https://infosec.exchange/@harrysintonen/114455549143577092

    Why does the #AISlop problem exist at #hackerone (and likely other bug bounty platforms)?

    Because apparently it works: https://hackerone.com/evilginx/hacktivity?type=user

    It seems that some projects pay bounties for such AI Slop reports.

    This thing works by generating fake vulnerability reports. Here are some of the qualities of the HackerOne report 3125832 sent to #curl:

    • It looks convincing at a glance, especially if you're not a subject matter expert.
    • It's vague about actual repro steps. It makes it impossible for the victim project to reproduce the issue. For example, it makes up fake patches against non-existent, imaginary code.
    • It refers to functions and methods that do not exist (in case someone tries to look for them). When confronted, the attacker refer to some old or new versions of components, using non-existent commit hashes.
    • The report makes up some convincing functionality or names that are novel, but don't really exist.

    An expert’s look at the report shows the number of discrepancies, but finding them takes time and effort. It requires attention from a subject matter expert, with limited resources.

    The real exploit here is that the attacker (evilginx) exploits the fact that the victims (the orgs who paid the attacker money) don't have the capacity to perform thorough analysis and rather just pay up. TL;DR: It's cheaper to pay the bug bounty than hire an expert to perform true analysis.

    Why didn't it work against the curl project? The attacker miscalculated badly. Curl project is not a company and has far greater capability in security response than your average org. Also they can smell #aislop miles away.

    It's only going to get worse from here. This could easily kill the whole concept of #bugbounties. Why?

    • Genuine researches quit in frustration as they don't get proper reward for their hard work, and see #aislop scoop the money.
    • Orgs/projects abandon bug bounty programs since they get mostly AI Slop reports.
    • Financial backing (as donations or investment) for bug bounty programs disappears as the money is paid to scammers.

  • What are some Mastodon accounts you follow and recommend?

    Jump

  • I just like what they post. If I find an interesting post (usually because someone I follow boosted it), I look at the author's other posts, and if I find them interesting, I follow them.

    There is also a list of accounts with the most followers: https://fedidb.com/accounts.

  • Cryptography @ Infosec.pub @infosec.pub
    abacabadabacaba @infosec.pub

    A bit more on Twitter/X’s new encrypted messaging

    blog.cryptographyengineering.com /2025/06/09/a-bit-more-on-twitter-xs-new-encrypted-messaging/
  • Not The Onion @lemmy.world
    abacabadabacaba @infosec.pub

    Eight US states seek to outlaw chemtrails – even though they aren’t real

    www.theguardian.com /us-news/2025/jun/08/chemtrails-us-states-legislation