Nostr notes by Danny Palmer

Happy Cyberman day, everyone. ...

2025-12-01T13:28:36Z

Happy Cyberman day, everyone.

"Which? surveyed more than 4,000 UK adults about their use of ...

2025-11-18T10:11:36Z

"Which? surveyed more than 4,000 UK adults about their use of AI and also put 40 questions around consumer issues such as health, finance, and travel to six bots – ChatGPT, Google Gemini, Gemini AI Overview, Copilot, Meta AI, and Perplexity. Things did not go well...

"While different questions might yield different results, the conclusion is clear: AI tools don't always come up with the correct answer.

"The problem is that consumers trust the output..."

Oh. 🥲

https://www.theregister.com/2025/11/18/which_ai_consumer_advice/

his cat just stood on what turns out to be a poorly placed power ...

2025-10-07T15:00:05Z

his cat just stood on what turns out to be a poorly placed power button on top of my PC, turning the machine off... and deleting a whole bunch of interview quotes I'd spent the last two hours transcribing in the process.

No, I don't know why I hadn't clicked save in that time either.

Regularly backup your data, kids!

Thinking of this classic* @npub1yyn…757u during Cybersecurity ...

2025-10-02T10:04:35Z

Thinking of this classic* SMBC Comics (npub1yyn…757u) during Cybersecurity Awareness Month

*From 2012 (!?)

https://www.smbc-comics.com/?id=2526

#cybersecurity

Schools are swotting up on security yet still flunk recovery when ...

2025-10-01T09:32:57Z

Schools are swotting up on security yet still flunk recovery when cyberattacks strike

Schools and colleges hit by cyberattacks are taking longer to restore their networks — and the consequences are severe, with students' coursework being permanently lost in some cases.

New figures from the Office of Qualifications and Examinations Regulation (Ofqual), which regulates school qualifications, examinations, and assessments in England, reveal a troubling trend: more teachers are receiving cybersecurity training, yet institutions struck by attacks are increasingly struggling to recover.

Me, for The Reg

https://www.theregister.com/2025/10/01/school_cyberattack_recovery/

#cybersecurity

Cyber criminals have gone too far now. ...

2025-09-29T22:36:13Z

Cyber criminals have gone too far now.

https://www.theregister.com/2025/09/29/asahi_hacking_outage/

#cybersecurity

Security researchers from Palo Alto Networks' Unit 42 have ...

2025-08-27T10:04:06Z

Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple.

You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out.

https://www.theregister.com/2025/08/26/breaking_llms_for_fun/

#cybersecurity #AI

Maybe it's because I come from a 'creative' field, ...

2025-08-01T10:23:35Z

In reply to nevent1q…hyng
_________________________

Maybe it's because I come from a 'creative' field, but man, the amount of people who are all relying on LLMs for basic tasks is depressing man.

Very interesting... via The Reg UK to ban ransomware payments by ...

2025-07-22T15:50:15Z

Very interesting... via The Reg

UK to ban ransomware payments by public sector organizations

"The UK government is proposing to "ban" public sector organizations and critical national infrastructure from paying criminal operators behind ransomware attacks, under new measures outlined today.

"This means the NHS, local councils and schools – all of which have been in the crosshairs of various miscreants in recent years – will no longer be able to negotiate with the scumbags that lock up their systems and extort them. Almost three quarters of respondents to a government consultation backed this, we're told."

https://www.theregister.com/2025/07/22/uk_to_ban_ransomware_payments/

M&S calls for mandatory ransomware reporting The government ...

2025-07-08T19:28:11Z

M&S calls for mandatory ransomware reporting

The government should extend ransomware reporting mandates to businesses to help gather more intelligence and better support victims, says M&S chairman Archie Norman.

https://www.computerweekly.com/news/366627274/MS-calls-for-mandatory-ransomware-reporting

A financially motivated group of hackers is having a roaring ...

2025-06-05T15:25:12Z

A financially motivated group of hackers is having a roaring success targeting Salesforce instances for “large-scale data theft and subsequent extortion” using social engineering techniques, warned Google this week.

The group has “demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements” including within what it described as “English-speaking branches of multinational corporations.”

https://www.thestack.technology/vicious-vishers-villainise-ventures-via-salesforce/

Lots of interesting points in NCSC CEO Richard Horne's ...

2025-05-07T09:02:50Z

Lots of interesting points in NCSC CEO Richard Horne's CYBERUK speech, but I thought it was particularly interesting...

"We also know that being fit for the contest requires diversity. Historically, our industry has not been a beacon of diversity and inclusion. Thankfully, that is beginning to change.

"I’m proud of the 85,000 girls who have participated in CyberFirst...taking the first step in their cyber security career.
And I’m proud to have the first female director of GCHQ, Anne Keast-Butler, as my boss.

"But we have a long way to go.
Genuine diversity is not yet part of the DNA of our industry... and that must change."

https://www.ncsc.gov.uk/speech/cyberuk-2025-ncsc-ceo-keynote-speech

A press mailing list quote on behalf of a cybersecurity CEO I ...

2025-04-10T21:18:11Z

A press mailing list quote on behalf of a cybersecurity CEO I just recieved in my inbox 'regarding the revocation of Chris Krebs’ security clearance' is, uh, something...

"There is a lot to this story that has not seen the light of day yet.

"This is an example of a security professional getting involved in politics and paying the price of picking sides rather than staying on mission.

"It's a message to the rest of the IC community to stay out of politics."

O_o

Okay, definitely need this now.

2025-03-28T13:27:33Z

In reply to nevent1q…jhkt
_________________________

Okay, definitely need this now.

Good morning this Monday to everyone except the job advert for an ...

2025-03-24T10:26:48Z

Good morning this Monday to everyone except the job advert for an editorial content position which says the applicant must be a "complete crypto degen!" 🚩🚩🚩

Finding this whole looking for work thing to be pretty ...

2025-03-17T11:29:42Z

Finding this whole looking for work thing to be pretty demoralising right now. 15 years of experience working in journalism and editorial, a decade with a focus on cybersecurity and it feels like that while I've carved myself a niche in this space by being good at writing about it (i guess?), the fact it is niche means there's very little opportunity out there right now.

A background in journalism and writing means I don't have a technical background, so moving into actual cybersecurity seems like a no go, while it feels like there's also very little demand for journalism/editorial in the space I focus on. (As evident two roles I had in cybersecurity editorial being eliminated in the last two years)

15 years of experience, 15 years of fighting tooth and nail to be in this space and now we're right back to the beginning.

Maybe it's because it's a Monday morning and I feel like I'm lacking purpose at the moment, but just... feels bad man.

After almost two years in the role, I recently received the ...

2025-02-18T20:35:48Z

After almost two years in the role, I recently received the unfortunate news that my job as Head of Editorial for [well-known cybersecurity] company is being eliminated because of corporate realignment.

I'm really sad and still in shock tbh. And I also need to find another job now in order to pay to keep a roof over my head, I guess?

Not really sure what the future holds but before I was in the job I'm now no longer have, I was a cybersecurity journalist for many, many years at ZDNet ( a role which was also taken out from under me when the whole senior editorial team was eliminated by new owners... who went onto sell the site at a big loss) so hopefully I'm still remembered from that.

(Google doesn't remember me though, my knowledge panel isn't a thing anymore)

I know I'm rambling now, but yeah - editorial, content, writing, journalism, that's my thing. Hopefully someone out there in the tech/cyber space needs that? Please. 🥺

Seems not ideal... “The loss of skilled cyber professionals to ...

2025-02-07T09:52:37Z

Seems not ideal...

“The loss of skilled cyber professionals to the private sector is leaving critical roles unfilled, weakening national defences against cyber attacks”, the report stated.

https://www.cityam.com/public-sector-pay-gap-threatens-uk-cyber-resilience/

You know what, I'm going to take that advice and not click.

2025-02-03T15:23:45Z

In reply to nevent1q…nmu8
_________________________

You know what, I'm going to take that advice and not click.

Just the President calling the people who prosecuted a dark web ...

2025-01-22T08:51:40Z

Just the President calling the people who prosecuted a dark web kingpin 'scum'. Cool, cool, everything's normal, cool, cool...

https://www.bbc.co.uk/news/articles/cz7e0jve875o

In one of the most "on brand" things I could write, ...

2025-01-10T12:35:46Z

In one of the most "on brand" things I could write, here's an interview with Dan Keyworth, Director of Business Technology at McLaren Racing on how how the 2024 F1 World Constructor's Champions keep vast amounts of data and tech secured against cyber threats.

“We’ve got 200 people travelling around the world at any one time to 24 different races who, when they try to do something genuine, may look like they’re a threat to our organization,” says Keyworth.

“We’ve got to learn the different network behaviors they’re using when they’re on the road, for our business to recognize it as normal behavior when typically for other businesses, that’s abnormal behavior."

#cybersecurity #F1

https://darktrace.com/the-inference/in-conversation-with-dan-keyworth-mclaren-racing

Utterly wild few paragraphs here in this BBC report into a ...

2024-11-20T12:26:39Z

Utterly wild few paragraphs here in this BBC report into a "misleading" cryptocurrency scheme by Logan Paul.

"For several months, Paul refused to talk to the BBC about our investigation. Then he appeared to relent, inviting us to interview him at his gym in Puerto Rico.

However, when our crew arrived, a Logan Paul lookalike turned up in the YouTuber’s place, shortly followed by a crowd shouting abuse about the BBC.

Minutes after abandoning the interview, we received a lawyer’s letter on behalf of Paul, warning us of the possible consequences if we published our findings."

https://www.bbc.co.uk/news/articles/cze386d3enpo

What the Bluesky v Mastodon discourse feels like. ...

2024-11-20T12:02:42Z

What the Bluesky v Mastodon discourse feels like.

So, apparently Thames Water is still using IT systems from the ...

2024-11-18T17:21:59Z

So, apparently Thames Water is still using IT systems from the 1980s, which doesn't seem very ideal or secure for a critical infrastructure operator in 2024.

“The software we use is older than me, and some of the hardware is older than my dad,” says Siddharth*. He is one of a team fighting a daily battle to sustain ancient IT infrastructure at Thames Water."

Then later...

"The use of Lotus Notes is a signal of how starved of investment technology at the company has been since it was privatised in the late 1980s. Other examples of obsolete or near obsolete technology include wide reliance on 2G technologies, arrays of meters that remain analogue and require manual checks, and hardware that is often more than 30 years old." #infosec

https://www.theguardian.com/business/2024/nov/18/thames-waters-it-falling-apart-and-is-hit-by-cyber-attacks-sources-claim

Gosh, i hope this is Abe Simpson levels of rambling... O2 has ...

2024-11-14T10:49:37Z

Gosh, i hope this is Abe Simpson levels of rambling...

O2 has today unveiled the newest member of its fraud prevention team, ‘Daisy’. As ‘Head of Scammer Relations’, this state-of-the-art #AI Granny’s mission is to talk with fraudsters and waste as much of their time as possible with human-like rambling chat to keep them away from real people, while highlighting the need for consumers to stay vigilant as the UK faces a fraud epidemic.

https://news.virginmediao2.co.uk/o2-unveils-daisy-the-ai-granny-wasting-scammers-time/

Can we all take a moment to appreciate this picture which came up ...

2024-11-07T14:43:32Z

Can we all take a moment to appreciate this picture which came up right at the top when I was looking at stock images for 'email' for a piece on BEC attacks, please?

Over on cybersecurity Reddit, the mods are removing any ...

2024-11-04T15:37:40Z

Over on cybersecurity Reddit, the mods are removing any 'political discussion'

"This subreddit is dedicated to technical topics, and we intend to keep it that way."

Because tech is never ever political in any way, right? 🤷‍♂️

https://www.reddit.com/r/cybersecurity/comments/1gj1l9g/zero_tolerance_for_political_discussions/

I'm very, very tempted to get in on The Dragon Age: The ...

2024-11-01T15:13:25Z

I'm very, very tempted to get in on The Dragon Age: The Veilguard action this weekend. I've loved the series since origins, but I'm a bit worried about the change indirection, seemingly towards action orientated combat?

I've played all the previous entries on PC* and ideally I'd do the same here, but I'm thinking the action element means i'd be better off playing on the PS5? Which feels like blasphemy to me.

I am unsure what to do here.

*I remember playing the final boss battle of Dragon Age: Origins for the first time in summer 2010. The heat, plus the way my PC was a few years out of date by then meant the PC kept overheating and crashing during the fight. Whoops.

"We've heard from more and more developers recently that ...

2024-10-31T09:29:15Z

"We've heard from more and more developers recently that they're looking for the right way to share anti-cheat information about their game with players," Valve wrote.

"At the same time, players have been requesting more transparency around the anti-cheat services used in games, as well as the existence of any additional software that will be installed within the game."

https://www.pcgamer.com/games/steam-now-requires-developers-to-tell-people-when-their-games-have-kernel-mode-anticheat/

"A profile on the VK platform’s dating site — *which ...

2024-10-29T15:29:56Z

"A profile on the VK platform’s dating site — *which states Rudometov had liked 89 other users and received no likes in return* — contains his cybercrime moniker “ghacking” in his main username. Pictures from his dating profile and other online accounts were also included in the criminal complaint."

oof, brutal. 👀

https://therecord.media/redline-infostealer-malware-criminal-complaint-maxim-rudometov

Pokémon video game developer confirms its systems were breached ...

2024-10-15T09:36:53Z

Pokémon video game developer confirms its systems were breached by hackers

"Japanese video game developer Game Freak confirmed last week that it suffered a cyberattack earlier this year, resulting in a data leak.

"The statement from the Tokyo-based co-owner of the popular Pokémon series followed reports that hackers breached the company’s systems and allegedly stole a large amount of data."

https://therecord.media/pokemon-video-game-developer-game-freak-confirms-data-breach

Props to them for being somewhat open about this! Other councils ...

2024-09-06T10:11:33Z

In reply to nevent1q…vvyp
_________________________

Props to them for being somewhat open about this! Other councils have previously tried to just.. not talk about anything.