Sergey Shkundaleu @archit3ct@social.ssbx.dev

I am excited to announce that I am going to be speaking at HOU.SEC.CON - THE Houston-area information security conference. October 12-13 2023, right before solar eclipse. If you are in town, come see me and learn a thing or two about "Privacy in the age of AI". If you are not in town, take a trip to Houston and see what you've been missing all of these years. Stay tuned for exact day and time of my session. #infosec https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary

If it is not censorship then what that is? This week youtube published new guideline on medical information that they will remove content that contradicts health authority(bureaucrats that has nothing to do with science), essentially censoring content that cast shadow of a doubt on official position. Now here is puzzle for you: aspartame deemed dangerous by WHO yet some how safe by FDA. What they'll do? https://blog.youtube/inside-youtube/a-long-term-vision-for-medical-misinformation-policies/

Stumbled upon this article. Today people "own" lot's of things in electronic form, now think how much could you trust company that you purchase it from. Even giant are not protected from a market forces or bad management. So ask yourself do you really own that e-book, or song from iTunes or you just leasing it for free. https://slate.com/technology/2009/07/how-amazon-s-remote-deletion-of-e-books-from-the-kindle-paves-the-way-for-book-banning-s-digital-future.html

Old news, but even SEC is trying to influence openly traded companies to do more when it come to #cybersecurity and incidents in particular. https://blog.isc2.org/isc2_blog/2023/08/sec-votes-to-adopt-rules-expanding-cybersecurity-reach-and-disclosure.html

Not everything about AI or LLM/GLLM is great, people often focus on positive side, improvements those models can bring to our lives. However there is also dark side of it. Advances in AI has always been used by APT actors, with GLLM it just another piece of the puzzle that corporations have to think about when deploying those tools into their ecosystems. https://securityintelligence.com/posts/unmasking-hypnotized-ai-hidden-risks-large-language-models/ #cybersecurity

Many people misunderstood what privacy protection should be implemented in order for them to keep their free will. At the end of the day [social media company name here] does not care about you drunk photos or your most guarded secret as those have no monetary value for legal business. However your attention and your intentions do have a value. So when you are protecting your privacy avoid disclosing your intentions at all costs. #privacy

Interesting article, main point in my opinion everyone has to decide by themselves how much privacy do they want. https://tracks.ranea.org/post/722507935765397504/youre-so-vain-you-probably-think-this-app-is

TIP: Never store passwords on your mobile, or for that matter use built in password manager which does not have additional master password. Imagine situation when your phone gets stolen, and thief already learned your pin code by shoulder surfing. Their next move is to change your AppleID password and from there they'll have access to every single piece of information connected to your AppleID. Use stand alone 3-rd party password managers. #punkprivacy

Quite interesting vulnerability recently discovered within MS Teams. https://www.hackread.com/microsoft-teams-flaw-malware-employees-inbox/ #cybersecurity

I've read white-paper about data that iOS and Android devices send when NOT IN USE, so that you don't have to. Situation is really bad, even when user opted out of telemetry devices continue to send data to A and G respectively. Aside from everything else, one area that I'd like to highlight is MAC addresses of nearby devices, along with gateway that iOS devices send, if exposed 3-rd parties may learn a lot about devices in your household. https://www.scss.tcd.ie/doug.leith/apple_google.pdf

There is huge difference between privacy and anonymity: Privacy is when people know who you are, but they can't see what you are doing. In case of anonymity all of your actions are in open, but people don't know who you are. Thus when you are using VPN provider you need to know what you are trying to protect from by choosing VPN connection, is it your privacy or anonymity? #punkprivacy

Vulnerability recently poped up in KeepPassXC, if you are using it just be aware. However attacker would have to gain access to your machine first, so employing tools that prevent some one exploiting your device is a still effective line of defense. https://securityonline.info/keepassxc-vulnerability-cve-2023-35866-allows-attackers-to-change-the-master-password-and-second-factor-authentication-settings/?utm_content=buffer3fd75&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer

For those who playing with RaspberryPi CM4 if you got it with eMMC storage onboard, please note that it's mounted to the same physical mount points as your SD card, so inserting SD card into IO board won't do anything. You actually have to use rpiboot to flash system onto eMMC directly. Here is official GitHub repo to use: https://github.com/raspberrypi/usbboot in case some one need it. #raspberrypi4

Know your suppliers, looks like some network equipment companies neglect this important rule. https://www.securityweek.com/details-disclosed-for-exploit-chain-that-allows-hacking-of-netgear-routers/?utm_source=dlvr.it&utm_medium=linkedin

By entering cyber incident space insurance industry gave a rise of new beast, it's called ransomware, as in many cases it's cheaper for companies to pay ransom that to maintain resilient recovery processes. But here is the twist, not everyone get's their data back. Insurance is not replacement for recovery. Here is new initiative by CISA. https://www.forbes.com/sites/forbestechcouncil/2023/05/01/cisa-launches-new-ransomware-vulnerability-warning-pilot-for-critical-infrastructure-entities/