Sergey Shkundaleu @archit3ct@social.ssbx.dev

Physical security is as important as cybersecurity for safety of your data, read this article and remember to stay aware when you enter your passwords into your devices, with that many cameras around you don't know who can see you typing it. #security #datasafety https://www.theguardian.com/money/article/2024/jun/25/criminal-gangs-who-shoulder-surf-pin-numbers-steal-20-smartphones-a-day

Let me share an interesting story from Fintech, a story where dependency on a middleman can ruin business and sometimes lives. In that particular case people's life savings has been tied in that debacle. Read that story and think about what is your weak link in cybersecurity and what you can do about it. Can you trust your vendors and entire supply chain of cybersecurity tools that you use today. What is your business continuity plan when one vendor fails. #cybersecuity https://fintechbusinessweekly.substack.com/p/is-synapses-meltdown-fintechs-ftx

Today Texans gained right to delete personal data, and bunch of other benefits that impose restrictions on controllers and processors. Most notable ability to opt out of targeted advertisement and profiling. Though caveat that it's primarily focused on use of personal data for targeted advertisement and profiling, but it's great starting point, way more than other states have done. One day we would see those privacy protections going beyond personal data. #privacy https://www.goodwinlaw.com/en/insights/publications/2024/06/alerts-practices-dpc-texas-new-privacy-law-goes-into-effect-enforcement

What are your thougts on Windows Recall feature, it seems like a total surveilance to me and don't get me started on security implications. #privacy
https://arstechnica.com/ai/2024/06/windows-recall-demands-an-extraordinary-level-of-trust-that-microsoft-hasnt-earned/

Here is another privacy related news that came up recently, on the surface it may seem like an improvement to your privacy, but think about it for the moment today there is no ad revenue in their pipeline so what are they trully cooking up over there?
#privacy
https://www.adexchanger.com/privacy/mozilla-acquires-anonym-a-privacy-tech-startup-founded-by-two-top-former-meta-execs/

Looks like multiple WordPress plugins has been compromised, you need to verify your accounts and update plugins if you are using one, and if you don't just get some popcorn https://thehackernews.com/2024/06/multiple-wordpress-plugins-compromised.html?m=1

Interesting story, it became public because the company whose account got deleted had some weight behind them. Now imagine something like that happening to a regular person, someone who just had been using free service. So don't rely on 3rd parties, just take responsibility and do what will help you to keep your data. https://www.theguardian.com/australia-news/article/2024/may/09/unisuper-google-cloud-issue-account-access

This looks like test of our legal system, and it's good that Scarlett Johansson not planning to stop. She should drive this case all the way in to create precedent. Otherwise words would turn into a #privacy nightmare. https://www.npr.org/2024/05/20/1252495087/openai-pulls-ai-voice-that-was-compared-to-scarlett-johansson-in-the-movie-her

Ransomware is a very tricky subject, here is another big company that has been hit with ransomware. https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/

Interesting connection between water supply and AI, who had ever thought that AI would depend on availability of water. https://www.techtimes.com/articles/303669/20240417/ai-data-centers-strain-chinas-water-supply-claims-new-study.htm #ai

That's great to see, FTC is taking notice of car manufacturers collecting data, hopefully it'll turn into something good. https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/05/cars-consumer-data-unlawful-collection-use #privacy #car

Interesting article about targeting AI researches, but whole schema looks very sloppy based on an article. It looks more like industrial espionage where threat actor trying to bring their things up to speed with the rest of the world, rather than serious player trying to exfiltrate something. Check this report out: https://www.proofpoint.com/us/blog/threat-insight/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american

Have you ever thought that next battleground for privacy is going to be your own car. Effectively car that you bought with your own money is spying on you and car manufacturers ripping profits off of your information, while you are not getting any discounts. Looks quite upside down, isn't it? Here is the article:
https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/

People often ask me why do you trash devs? Weren't you dev yourself? Yes, but I don't trash them and here is why: I've lived in dev through a shortage of devs and every young person dreamed of building stuff, so I taught them that they have to be diligent in their deeds and think out of the box, instead of repeating other ppl mistakes. Now it was time to move to cybersecurity with the same purpose - I want to make profession better and as a result things to become more secure for our own sake.

Profit is a sole driver for any for profit corporation, so when you see some companies claim that they are solving your problem, improving your quality of life, making something convenient for you and all of that for free, beware they might be misleading you. Some might be playing long game, using that feature as bait, but the ultimate goal is to sell your attention to advertisers. This feature won't see daylight unless it can show ROI. Now, think about smart cars and other smart devices.

My friends in cybersecurity community, here is interesting challenge for you. I grabbed swag data blocker from one of the vendors at cybersecurity conference, tested at home using OMG malicious cable detector, by plugging security key into data blocker and then into OMG tool. OMG light up, as seen in the picture, I popped data blocker open and data pins are not soldered on one side. How? Any ideas. Here is the image, vendor name blocked, it's not their fault.

Did that occur to you that girl who talks to a bunch of other people in marketing materials for Apples Vision Pro(probably other VR headset as well) the only one wearing a headset, so that she can clearly see other people's faces. But what about other people? Didn't they want to see her face too? It's all the same when they portray people taking calls and the caller on the other side never wears a headset. So what's the point of face to face call when face is actually obstructed by VR headset.