Search: [security] - ervin's web review

Ramblings from Jessie: Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs

A bit of a rant, but since it looks like people are still trying to consider all those technologies are equivalent... I think it's good to have an explanation on what makes containers different.

tech · containers · linux · virtualization · security

April 13, 2025 at 4:43:35 PM GMT+2 * · permalink

·

https://blog.jessfraz.com/post/containers-zones-jails-vms/

·

Hardened File Backup Routine

Personal backups don't have to be fancy... And probably shouldn't.

tech · backup · security · complexity

April 9, 2025 at 9:15:03 PM GMT+2 * · permalink

·

https://wrongthink.link/posts/hardened-backup-routine/

·

A new security fund opens up to help protect the fediverse

This is clearly needed. This should increase the maturity of the security practice around Fediverse software.

tech · fediverse · security

April 7, 2025 at 8:26:06 AM GMT+2 * · permalink

·

https://techcrunch.com/2025/04/02/a-new-security-fund-opens-up-to-help-protect-the-fediverse/

·

The Slow Collapse of Critical Thinking in OSINT due to AI

The "asleep at the wheel" effect is real with such tools. The consequences can be dire in quite a few fields. Here is a good illustration with OSINT.

tech · ai · machine-learning · gpt · security · cognition

April 5, 2025 at 10:54:13 AM GMT+2 * · permalink

·

https://www.dutchosintguy.com/post/the-slow-collapse-of-critical-thinking-in-osint-due-to-ai

·

How to report a security issue in an open source project - Jacob Kaplan-Moss

This is considered standard practice at this point. The article does a good job explaining it and the reasoning behind it.

tech · foss · security

March 29, 2025 at 9:44:22 PM GMT+1 * · permalink

·

https://jacobian.org/2025/mar/27/reporting-security-issues-in-oss/

·

Sun Tzu wouldn't like the cybersecurity industry

It's better if you prepare your security policies properly...

tech · security

March 24, 2025 at 9:00:12 AM GMT+1 * · permalink

·

https://kellyshortridge.com/blog/posts/sun-tzu-wouldnt-like-the-cybersecurity-industry/

·

Proof of work reverse proxy to protect against scrapers

And yet another reverse proxy to use as a scraper deterrent... It looks like several are popping every week lately.

tech · ai · machine-learning · gpt · copilot · security

March 23, 2025 at 8:25:12 AM GMT+1 * · permalink

·

https://git.sr.ht/~runxiyu/powxy

·

Trapping misbehaving bots in an AI Labyrinth

When a big player has to prepare a labyrinth of AI generated content to trap bots used to feed generative AI learning pipelines... something feels wrong.

tech · ai · machine-learning · gpt · security

March 22, 2025 at 10:43:13 PM GMT+1 * · permalink

·

https://blog.cloudflare.com/ai-labyrinth/

·

My Scammer Girlfriend: Baiting A Romance Fraudster | www.bentasker.co.uk

Fascinating exploration of the techniques scammers are using to hook their victims

tech · security · scam

March 16, 2025 at 8:05:19 AM GMT+1 · permalink

·

https://www.bentasker.co.uk/posts/blog/security/seducing-a-romance-scammer.html

·

Zen and the Art of Microcode Hacking

Nice exploration of the microcode patching flaw which was disclosed recently. This gives a glimpse at the high level of complexity the x86 family brings on the table.

tech · cpu · amd · security · complexity

March 6, 2025 at 8:09:52 AM GMT+1 * · permalink

·

https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking

·

A new Android feature is scanning your photos for 'sensitive content' - how to stop it

Another example that on such ecosystems you're not really owning your device. Seek alternatives!

tech · google · android · smartphone · security · criticism

February 28, 2025 at 11:24:07 AM GMT+1 · permalink

·

https://www.zdnet.com/article/a-new-android-feature-is-scanning-your-photos-for-sensitive-content-how-to-stop-it/

·

Open letter to browser and OS makers | by @boblord | Feb, 2025 | Medium

We're indeed close to universal HTTPS adoption. One last push please?

tech · web · http · security

February 22, 2025 at 8:49:49 AM GMT+1 * · permalink

·

https://medium.com/@boblord/open-letter-to-browser-and-os-makers-12d65aa314f7

·

Stalkerware apps Cocospy and Spyic are exposing phone data of millions of people

That's a lot of stalkerware in the wild. And this exploit is only about two such apps. What's wrong with people that they install this kind of crap on their loved ones smarphones?

tech · privacy · security

February 21, 2025 at 8:23:31 AM GMT+1 * · permalink

·

https://techcrunch.com/2025/02/20/stalkerware-apps-cocospy-spyic-exposing-phone-data-of-millions-of-people/

·

How to Backdoor Large Language Models

The security implications of using LLMs are real. With the high complexity and low explainability of such models it opens the door to hiding attacks in plain sight.

tech · ai · machine-learning · gpt · copilot · security

February 16, 2025 at 9:06:44 AM GMT+1 * · permalink

·

https://blog.sshh.io/p/how-to-backdoor-large-language-models

·

Build It Yourself

This is a worthy questioning... We try to reuse, but maybe we do it too much? For sure some ecosystems quickly lead to hundreds of dependencies even for small features.