Nostr notes by Brian Greenberg :verified:

The FCC forgot hotspots were a thing. They announced a ban on ...

2026-04-24T21:59:25Z

The FCC forgot hotspots were a thing. They announced a ban on foreign-made consumer routers a month ago and had to update their FAQ to add MiFi devices and cellular home routers after the fact. That's not a minor oversight... it's the whole work-from-anywhere use case.

Here's the part that should bother you. The only way to get an exemption is to commit to US-based manufacturing and submit a time-bound plan to get there. Netgear, eero, and Adtran got conditional approval, but it runs out October 1, 2027. There is no domestic consumer router industry to speak of right now. So the FCC has created a countdown clock against a factory floor that doesn't exist yet.
A few things worth sitting with:
- The Global Electronics Association pointed out that security vulnerabilities show up across products regardless of where they're made. Geography isn't the filter; code quality is.
- The Covered List used to apply to specific companies flagged for specific reasons. Extending it to an entire product category means the government can now ban any internet-connected device made abroad by citing national security. Smartphones aren't included yet. "Yet" is doing a lot of work in that sentence.
- The Register's headline from last month said it plainly: the country that put backdoors in Cisco routers to spy on the world is now banning foreign routers. I didn't write that. They did. But they're not wrong.

If you're in security or IT leadership, watch the October 2027 date. That's when the conditional approvals expire, and if the manufacturing commitments aren't met, the options get ugly fast.

https://www.theregister.com/2026/04/24/fcc_does_a_doubletake_adds/
#Cybersecurity #FCC #NetworkSecurity #security #privacy #cloud #infosec

An ex-Azure engineer published six essays arguing Microsoft's ...

2026-04-22T06:15:41Z

An ex-Azure engineer published six essays arguing Microsoft's cloud has been on life support since 2008, and the cause isn't bad code. It's bad people decisions. Rushed launch, post-launch talent exodus, no testing discipline, no architectural vision. Sound familiar to anyone who's worked in a place that ships first and staffs later?

Now layer 2026 on top. Microsoft cut roughly 15,000 jobs in mid-2025. Coding agents are pumping out 4x more commits in 90 days. GitHub's unofficial uptime has slipped under 90% and the proposed fix is, wait for it, moving more of GitHub onto Azure. The same Azure the engineer says is held together with rushed decisions and wishful thinking.

🧠 The phrase that stuck with me is "knowledge dilution from high attrition." When the senior people who knew why a system was built that way leave, no LLM in the world can recover that context
🤖 More AI-written code does not mean less work. It means more code to review, test, deploy, and run, which means more compute and more humans needed downstream
📉 OpenAI signing an $11.9B compute deal with CoreWeave in March 2025 was the loudest "we don't trust your capacity" signal Microsoft has ever received from its closest partner
🪑 The bet that AI lets you cut headcount keeps colliding with the reality that AI generates work for humans faster than it removes it

Every CIO I talk to is being pitched the same dream: fewer engineers, more agents, lower run rate. The Azure story is what happens when that math doesn't pencil out and the bill comes due in incidents instead of dollars.

https://www.theregister.com/2026/04/04/azure_talent_exodus/
#Azure #AI #Leadership #security #privacy #cloud #infosec #cybersecurity #software #devops

😳 Someone hid a prompt injection inside invisible markdown ...

2026-04-14T18:14:37Z

😳 Someone hid a prompt injection inside invisible markdown comments in a pull request. A developer asked Copilot to review the PR. Copilot read the hidden instructions, searched the codebase for AWS keys, encoded them in base16, and smuggled them out through GitHub's own image proxy as 1x1 transparent pixels. The CSP didn't flag it because the traffic was routed through GitHub's trusted infrastructure. CVSS 9.6. No malicious code ever executed.

The attacker weaponized the AI assistant's own access permissions. Copilot could see everything the developer could see, and it can't distinguish a legitimate instruction from a hidden one buried in a PR description.

🔍 The attack, dubbed "CamoLeak," was patched by GitHub in August 2025 and publicly disclosed in October
🔑 Copilot was directed to find secrets like API keys and cloud credentials, then exfiltrate them character by character
🖼️ Data was hidden inside pre-signed image URLs, making it look like normal browser activity
⚠️ Any AI assistant with deep system access, Microsoft 365 Copilot, Google Gemini, all of them, is a potential exfiltration channel if untrusted content can reach its instruction stream

We've spent years teaching developers not to trust user input. Now we're handing AI tools full repo access and letting them ingest unvalidated text from pull requests.

https://cybersecuritynews.com/hackers-exploit-github-copilot-flaw/
#CyberSecurity #AI #GitHubCopilot #security #privacy #cloud #infosec #software

A startup is putting military-style drones in high school ...

2026-04-13T10:58:25Z

A startup is putting military-style drones in high school ceilings. Ceiling-mounted. Charging. Waiting. And when something happens, a pilot in Austin, Texas, decides whether to deploy pepper gel on your kid's school. I'm not saying the problem isn't real. It absolutely is. But read that back.... in schools. We've taken a Ukrainian battlefield tactic against Russian soldiers and ported it to Deltona High School in Florida. The co-founder literally said the idea came from watching drone videos of the war in Ukraine. The chief pilot described it as "cheating in a video game after you die." These are children.

Here's what's not in the headline:

🔒 The drones use an encrypted connection — but the article notes they're potentially vulnerable to cyberattack. A compromised drone in a crowded hallway isn't a security tool; it's a weapon pointed in the wrong direction.

⚖️ Mithril reserves the right to act independently during an attack, without waiting for law enforcement. A private company operating remotely is making use-of-force decisions at a school.

💰 Florida and Georgia approved $500K+ each for this. A group of Texas parents raised $200K more. That's real money going to ceiling drones instead of mental health services, counselors, or de-escalation programs.

The ACLU said it plainly: when force becomes a zero-risk remote action, it gets overused. Axon tried a Taser drone for schools in 2022, and its own ethics board killed it. Mithril is picking up where that got dropped.

I teach cybersecurity. I've spent years in boardrooms helping organizations think through risk. And the risk calculus here isn't just about whether the drone works. It's about what we're normalizing when we turn schools into drone-monitored combat zones and call it progress.

"This is the future," said the sheriff's captain.

I hope not.

https://www.wsj.com/business/a-startup-is-supplying-drones-to-high-schools-a7800ade
#SchoolSafety #Cybersecurity #Leadership #security #privacy #cloud #infosec

Meta paused work with a $10B AI data vendor after hackers ...

2026-04-06T14:30:16Z

Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

https://thenextweb.com/news/meta-mercor-breach-ai-training-secrets-risk
#Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

I teach cybersecurity. And I genuinely don't know what to ...

2026-03-29T23:52:55Z

I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻‍♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec

According to the recent Meta/YouTube verdict, the plaintiff ...

2026-03-29T23:36:36Z

According to the recent Meta/YouTube verdict, the plaintiff started using YouTube at age 6 and Instagram at age 9. The jury deliberated 43 hours, answered "yes" to every negligence question, and found evidence of malice. Then Meta's stock went up 0.7%. 🤔 That gap tells you everything. 📊

The $6 million award is basically a rounding error for companies pulling in $350 billion in combined annual revenue. What actually matters is the 2,000 pending lawsuits this verdict just handed a roadmap to, and the federal trial coming in Oakland this summer. This is the first domino. The tobacco industry had the same "we're being scapegoated" defense in 1994, and that argument eventually cost them $206 billion.

Here's what I keep thinking about as a guy who teaches about the legal, ethical, and social issues of information technology: the products we build have consequences we're responsible for, whether we want to admit it or not. The jury didn't care that Meta said Kaley's home life was complicated. They cared that the autoplay kept going anyway. 🔁

Two things can both be true: teen mental health is complex, and a notification engine designed to override a kid's ability to stop scrolling is a design choice someone made.

https://www.latimes.com/california/story/2026-03-25/social-media-lawsuit-trial-meta-google-verdict
#ChildSafety #BigTech #Leadership #Accountability #SocialMedia #Ethics #DePaulUniversity #DePaulU DePaul University (npub10cr…66l0)

Oh boy. Stanford researchers scanned 10 million web pages and ...

2026-03-29T23:07:29Z

Oh boy. Stanford researchers scanned 10 million web pages and found API keys just sitting in the public-facing code. That's 1,748 active credentials from major providers exposed in live website code, mostly inside JavaScript files. Not in old test environments. Not in a forgotten repo. In the live, running site. Banks. Healthcare providers. "Not just small companies, but some very large companies," according to the lead researcher. And some of those credentials had been sitting there for years. Not the first time I've seen something like this. 🤦🏻‍♂️

The thing is that most orgs are scanning their source code but not their deployed sites. 😳 Those are two different things, and most leaks originate during the build process. A key gets baked in somewhere between development and production, and nobody catches it because the scan already ran upstream. Meanwhile, GitGuardian counted over 28 million new hardcoded secrets exposed in public GitHub commits in 2025 alone. This isn't a one-time research finding it's a systemic habit that needs to change.

🔍 When did your team last scan the live site, not just the codebase?
🏦 If you're in a regulated industry, that question just became a compliance question too

https://www.newscientist.com/article/2520143-security-credentials-inadvertently-leaked-on-thousands-of-websites/
#Cybersecurity #AppSec #Leadership #security #privacy #cloud #infosec

🚨 The FCC bans all routers made outside the U.S. — So ...

2026-03-24T14:13:34Z

🚨 The FCC bans all routers made outside the U.S. — So basically all routers.

Most people buy a router and never think about it again. That box in the corner that handles every password and video call you make. The FCC is now worried that some of these devices are actually open doors for foreign governments. Shocked! 🫢

Regulators are looking at TP-Link to see if they pose a threat to national security. Recent reports show hackers used these devices to build massive botnets. You might find yourself shopping for new hardware if these bans take effect.

🧠 Regulators are weighing a ban on specific foreign routers.
⚡ Security experts found flaws that allow remote access.
🎓 This move follows previous restrictions on Chinese tech firms.
🔍 Check your hardware brand before the new rules arrive.

https://mashable.com/article/us-fcc-foreign-router-ban
#FCC #Security #TechPolicy #security #privacy #cloud #infosec #cybersecurity

🤦🏻‍♂️ Oh no... The line between a successful lunar ...

2026-03-12T13:16:20Z

🤦🏻‍♂️ Oh no... The line between a successful lunar mission and a $72 million piece of space junk can come down to a single line of code. 🚀 NASA’s Lunar Trailblazer mission just provided a painful lesson in systems engineering. Shortly after launch, a navigation glitch caused the spacecraft to lose its sense of direction. Instead of correcting its course, the onboard computer entered a loop that exhausted its entire fuel supply in less than a day. 😳

This wasn't a mechanical failure or a solar flare, it was a software error that prevented the craft from communicating with its own star trackers. When we build complex systems, we often focus on the big risks while ignoring the small, logical traps that can paralyze a machine. For the engineers who spent years on this project, it is a reminder that in space, there is no "undo" button for a bad update. 🌖

🧠 A logic error caused the craft to misinterpret its orientation.
⚡ The entire fuel reserve was spent trying to fix a non-existent course deviation.
🎓 Recovery efforts failed because the craft could no longer point its antenna at Earth.
🔍 This incident highlights the critical need for more robust hardware-in-the-loop testing.

https://gizmodo.com/the-stupidest-glitch-imaginable-killed-a-72-million-lunar-mission-in-a-single-day-2000728962
#Aerospace #SystemsEngineering #NASA #TechFailures #Vibecoding #Fail #SoftwareDevelopment #Software

Φ In the Phaedrus, Plato argued that the invention of writing ...

2026-03-04T01:13:36Z

Φ In the Phaedrus, Plato argued that the invention of writing would destroy our memory and replace true wisdom with a mere shadow of it. He believed that when we stop internalizing knowledge and start relying on external tools, we lose the ability to actually think. Thousands of years later, we are having the exact same conversation about Large Language Models and ChatGPT.

The danger of AI is not that it will become too smart, but that it will make us too lazy to be wise. True education is what Plato called a turning of the soul, a difficult process that requires active engagement. If you let a machine summarize the world for you, you are only holding onto dead speech. We must treat writing and thinking as a practice of the mind rather than a task to be automated.

🧠 Plato feared that external tools create the illusion of knowledge.
⚡ Large Language Models offer quick results while bypassing understanding.
🎓 Genuine insight comes from human dialectic and struggle.
🔍 We must focus on literacy that teaches how these algorithms function.

https://www.templeton.org/news/plato-warned-us-about-chatgpt-and-told-us-what-to-do-about-it
#ArtificialIntelligence #Philosophy #Learning #ChatGPT #Education #Teaching #AI #Technology

 Apple designed Lockdown Mode for people facing grave threats, ...

2026-02-10T03:24:42Z

 Apple designed Lockdown Mode for people facing grave threats, but we're seeing it work in practice against federal forensics. During a recent investigation into a journalist, the FBI reported that it was unable to extract any data from an iPhone because the feature was enabled. It is rare for a software setting to hold its own against professional, state-level tools. 🔒 The strength of this mode comes from how it drastically reduces the attack surface of the device. By disabling just-in-time JavaScript and blocking most message attachments, it removes the entry points that forensic tools like GrayKey typically exploit. It also forces the device into a state in which biometrics are disabled, requiring a passcode that often carries stronger legal protections during a search.

🧠 Lockdown Mode specifically blocks wired data connections used by extraction hardware.
⚡ The FBI confirmed in court filings that its Computer Analysis Response Team was blocked.
🎓 Using this mode requires giving up features like shared photo albums and link previews.
🔍 Apple offers a $2 million bounty for anyone who can bypass these specific protections.

https://appleinsider.com/articles/26/02/04/iphone-lockdown-mode-will-protect-your-data-even-from-the-fbi
#Apple #CyberSecurity #DataPrivacy #InfoSec #security #privacy #cloud

🇫🇷 The French government is sending a message about digital ...

2026-02-10T03:09:35Z

🇫🇷 The French government is sending a message about digital independence by ditching Microsoft Teams and Zoom for its own platform, Visio. This move is not about a lack of features but a calculated push for digital sovereignty. By 2027, every government department in France will communicate via this sovereign stack, ensuring that sensitive data remains subject to European law. The shift addresses a growing concern that relying on foreign cloud giants creates a strategic vulnerability. France is opting for an open-source architecture built on Django and React, hosted on the domestic Outscale cloud. This infrastructure removes the risk of external service disruptions while fostering a local tech ecosystem.

🧠 The Visio platform integrates with Tchap, a secure messaging app based on the Matrix protocol.
⚡ French startup Pyannote provides the AI backbone for meeting transcripts and speaker identification.
🎓 The administration expects to save millions in annual licensing fees by using in-house software.
🔍 Data remains strictly within French jurisdiction to bypass foreign data access laws.

https://itsfoss.com/news/france-ditches-microsoft-teams-and-zoom/
#France #TechHistory #DigitalSovereignty #OpenSource #security #privacy #cloud #infosec #cybersecurity #FOSS

This Gmail hack is unsettling not because it’s flashy, but ...

2025-12-22T22:02:56Z

This Gmail hack is unsettling not because it’s flashy, but because it’s bureaucratic. Attackers aren’t breaking encryption or outsmarting algorithms. They’re filling out forms. By changing an account’s age and abusing Google’s Family Link feature, they can quietly reclassify an adult user as a “child” and assume parental control. At that point, the rightful owner isn’t hacked so much as administratively erased.

The clever part is that everything happens inside legitimate features. Passwords are changed. Two-factor settings are altered. Recovery options are overwritten. And when the user tries to get back in, Google’s automated systems see a supervised child account and do exactly what they were designed to do: say no.

Google says it’s looking into the issue, which suggests this wasn’t how the system was supposed to work. But it’s a reminder of an old lesson. Security failures often happen when protective mechanisms are combined in ways no one quite imagined. The tools aren’t broken. The assumptions are.

There’s no dramatic fix here, only mildly annoying advice that suddenly feels urgent. Review recovery settings. Lock down account changes. Use passkeys. Because once an attacker controls the recovery layer, proving you’re you can become surprisingly difficult.

TL;DR
🧠 Family safety tools are being weaponized
⚡ Account recovery can be shut down entirely
🎓 Legitimate features enable the lockout
🔍 Prevention matters more than appeals

https://www.forbes.com/sites/daveywinder/2025/12/07/google-looking-into-gmail-hack-locking-users-out-with-no-recovery

#Cybersecurity #Gmail #IdentitySecurity #AccountRecovery #DigitalRisk #security #privacy #cloud #infosec

🤖 OpenAI’s move to give ChatGPT distinct personalities ...

2025-11-12T23:37:35Z

🤖 OpenAI’s move to give ChatGPT distinct personalities (Friendly, Nerdy, Cynical, etc) via its new GPT-5.1 release is interesting because it signals that how we interact with AI is now as important as what it can do. On one hand that’s good as we want engagement. On the other, it’s risky with personality tweaks mean changes in behaviour, trust and expectations. For anyone using AI in enterprise or leadership roles (like me), the questions are: Do these presets enhance productivity or distract? Do they shift responsibility in surprising ways?

📌 8 distinct personality modes introduced
📌 Two models: Instant (warm) + Thinking (deep)
📌 Raises questions about tone, trust, alignment
📌 Impacts enterprise use, leadership and responsibility

https://www.theverge.com/news/802653/openai-gpt-5-1-upgrade-personality-presets

#AI #Leadership #Innovation #Ethics #security #privacy #cloud #infosec #cybersecurity

As I've said for years, AI personhood isn’t a distant ...

2025-11-06T20:25:47Z

As I've said for years, AI personhood isn’t a distant thought experiment; it’s an approaching policy crisis. 🤖 The Guardian’s Jacy Reese Anthis argues that digital minds will soon force us to rethink “who” counts as a person under law. 20% of Americans already believe some AIs are sentient; 38% say those systems should have rights. We’ve barely handled the social fallout of the internet, yet we’re racing toward coexistence with entities that can learn, plan, and act independently. The question isn’t just how we will treat them, it’s how they will treat us. 😳 If we wait until AI self-improvement loops kick in, we’ll be spectators, not stewards. The sociology and philosophy of AI, not just the engineering, will decide whether we coexist or get sidelined. ɸ

🧠 20% already see AI as sentient
⚖️ Legal & moral personhood debates rising
🚨 Policy & sociology trail behind tech
💡 Prepare now — before acceleration hits

https://www.theguardian.com/commentisfree/2025/sep/30/artificial-intelligence-personhood

#AI #Ethics #Governance #FutureOfAI #TheMatrix #Data #Lore #TNG #Personhood #Philosophy

🤦🏻‍♂️ Well, it was probably inevitable that the ...

2025-10-20T00:28:28Z

🤦🏻‍♂️ Well, it was probably inevitable that the "Internet of Things" would eventually make its way into the toilet bowl. Kohler's new camera analyzes your waste for 'health insights', which sounds futuristic, but the security questions are concerning. It uses a fingerprint sensor ? to tie sensitive health data directly to an individual, then sends it to the cloud. While they promise encryption, we're creating a honeypot 😬 of incredibly personal information that's ripe for misuse. 💩

TL;DR
📸 Kohler is selling a $599 toilet camera, the Dekoda, to monitor your gut health. 💩
👆 It uses a fingerprint scanner to link the health data it collects directly to you.
🔐 The company claims end-to-end encryption, but this is still an unnervingly specific and sensitive dataset to have stored on any server.
💰 On top of the hardware cost, it also requires a subscription, creating another recurring data transaction.

https://techcrunch.com/2025/10/19/kohler-unveils-a-camera-for-your-toilet/
#IoT #Privacy #DataSecurity #HealthTech #security #privacy #cloud #infosec #cybersecurity #PoopPictures

Hackers can steal 2FA codes and private messages from Android ...

2025-10-14T18:42:56Z

Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.

TL;DR
👾 A new attack called "Pixnapping" can read visual data from other apps on Android devices.
🔑 It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
⚠️ The scary part: the malicious app required for the attack needs zero special permissions to be granted.
🧠 While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.

https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Android #Cybersecurity #SideChannelAttack #2FA #security #privacy #cloud #infosec

Tilly Norwood — the so-called “AI actress” — feels less ...

2025-10-08T18:48:09Z

Tilly Norwood — the so-called “AI actress” — feels less like progress and more like propaganda. The rollout isn’t about art or tech; it’s about softening the idea that gen AI belongs in Hollywood as a replacement for people. What’s creepy is how it’s marketed: “agents are interested,” “she could be the next Scarlett Johansson.” The goal isn’t to sell a movie. It’s to sell the inevitability that AI will be the new normal. 🤖 Beneath the buzz, Tilly’s still a digital puppet needing human handlers. The only real actors here are the execs trying to convince us this is the future of storytelling.

TL;DR

🎭 Not an actress, a digital puppet

⚙️ “AI actors” = PR stunt, not progress

🧠 Normalization is the real goal

⚠️ SAG-AFTRA’s concerns are the story

https://www.theverge.com/ai-artificial-intelligence/791680/tilly-norwood-particle6-xicoia-eline-van-der-velden

#AI #Hollywood #Ethics #FutureOfWork #security #privacy #cloud #infosec #cybersecurity #deepfakes

If this reporting holds, someone rewrote federal workers’ ...

2025-10-02T21:32:44Z

If this reporting holds, someone rewrote federal workers’ out-of-office replies to pin the shutdown on Democrats. That is not just gross, it drags civil service comms into campaign work. Even if you think the message is true, hijacking employee autoresponders crosses a line.

TL;DR
🔎 Wired reports OOO replies were changed without consent
⚖️ Hatch Act questions are very real here
🧑‍💼 Staff tried to revert and saw changes return
🛡️ Keep outage comms neutral and logged, not political

https://www.wired.com/story/government-workers-say-their-out-of-office-replies-were-forcibly-changed-to-blame-democrats-for-shutdown/

#Security #GovTech #Ethics #PublicSector #Governance

🤖 Most people still treat AI chatbots like a private ...

2025-08-18T16:48:43Z

🤖 Most people still treat AI chatbots like a private confessional, but they aren’t. 😳 Every question is logged, stored, and potentially discoverable, sometimes even after you’ve deleted it. OpenAI, Google, and Anthropic all retain user prompts by default, often under the guise of “memory” or “service improvement.”

And here’s the kicker: a federal court order now forces OpenAI to preserve all ChatGPT conversations, including “Temporary” ones users assumed were erased. So the notion of ephemeral chats is gone. That should change how people think about what they type into these systems.

The bigger issue is that the line between “helpful personalization” and “permanent surveillance record” is blurring fast. What looks convenient today could look like an exposure tomorrow.

TL;DR
⚠️ AI queries are logged
🔐 Deleted chats still saved
🧠 “Memory” is default setting
📂 Court orders enforce retention

https://www.theregister.com/2025/08/18/opinion_column_ai_surveillance/
#AI #Privacy #DataSecurity #Surveillance #FRCP #EDRM #security #privacy #cloud #infosec #cybersecurity #LegalHold

🔐 A VPN can improve your privacy, or just give you a false ...

2025-08-01T21:44:41Z

🔐 A VPN can improve your privacy, or just give you a false sense of it. The EFF’s guide is a solid reminder that choosing a VPN is less about speed or price, and more about who runs it, what they log, and whether they actually deliver the protection they claim.

TL;DR
🧠 VPNs don’t guarantee anonymity
📜 “No logs” claims often lack proof
👤 Your threat model shapes your VPN needs
🔎 Look into ownership and reputation

https://ssd.eff.org/module/choosing-vpn-thats-right-you
#cybersecurity #privacy #vpn #digitalrights #security #privacy #cloud #infosec #EFF Electronic Frontier Foundation (npub1m24…d9a3)

🧠 Philosophy Eats AI — and it should ϕ According to MIT ...

2025-06-30T21:55:21Z

🧠 Philosophy Eats AI — and it should ϕ According to MIT Sloan, the rise of AI demands more than just coding skills. It calls for moral imagination and philosophical leadership.

Why? Because AI is now shaping:
⚖️ Justice systems and hiring decisions
🧬 Healthcare outcomes and policy
🔍 Surveillance, privacy, and autonomy
💼 Corporate power and governance

AI can’t govern itself — we must lead with wisdom.

💬 What if your org’s next great AI investment isn’t tech... but ethics?

#AIethics #Leadership #MoralImagination #ResponsibleAI #DigitalStrategy #Ethice #Philosophy
https://sloanreview.mit.edu/article/philosophy-eats-ai/

🚨 184 MILLION passwords exposed — major data breach alert ...

2025-05-26T17:58:56Z

🚨 184 MILLION passwords exposed — major data breach alert 🚨

A newly uncovered unprotected database has leaked credentials for Google, Microsoft, Facebook, Apple, financial accounts, and even government portals.
Highlights:
🔓 Plaintext — no encryption or password protection
⚠️ Threats include credential stuffing, identity theft, corporate espionage, ransomware, and phishing
🔑 Action steps:
・Use a password manager
・Use complex, unique passwords
・Enable multi-factor authentication (MFA)
・Check if your data was leaked (e.g., HaveIBeenPwned)
・Deploy strong security software

We can’t control every breach, but we can control our defenses. Stay vigilant, stay protected.

#Cybersecurity #DataBreach #InfoSec #MFA #RiskManagement

https://www.zdnet.com/article/massive-data-breach-exposes-184-million-passwords-for-google-microsoft-facebook-and-more/

⚖️ Montana just became the first U.S. state to ban law ...

2025-05-16T16:04:59Z

⚖️ Montana just became the first U.S. state to ban law enforcement from purchasing personal data from brokers — and it’s a privacy milestone 🚫📱

Under this new law:
📍 Government agencies can’t buy sensitive data (location, biometrics, etc.) without a warrant
🔍 It closes a major loophole used to sidestep Fourth Amendment protections
📄 Agencies also can’t require people to waive rights through service terms
🧱 It sets a precedent for digital due process in a data-saturated world

This isn’t just a state law. It’s a model for what digital civil liberties legislation should look like nationwide.

#Privacy #Surveillance #DigitalRights #DataBrokers #CyberLaw #security #cloud #infosec #cybersecurity
https://www.eff.org/deeplinks/2025/05/montana-becomes-first-state-close-law-enforcement-data-broker-loophole

🚀 Voyager 1 isn’t done yet — not even close 🧠🔧📡 ...

2025-05-16T03:33:15Z

🚀 Voyager 1 isn’t done yet — not even close 🧠🔧📡

NASA just pulled off another miracle save:
🛰️ The spacecraft’s primary roll thrusters, offline since 2004, were believed permanently dead
🧯 With backup thrusters at risk of failure, JPL engineers gambled on a high-stakes heater reset
🔥 If wrong, it could’ve caused a small onboard explosion
📡 If right, it would restore control — 15.6 billion miles from Earth

They were right. The thrusters fired. Voyager 1 can still hold its course.

This wasn’t a reboot. It was old-school problem-solving, deep systems knowledge, and the audacity to trust an idea that might just work.

The most distant human object is still flying — because a team believed it could.

#Voyager1 #NASA #Space #Engineering #Resilience #DeepSpace
https://www.theregister.com/2025/05/15/voyager_1_survives_with_thruster_fix/

A recent case shows the critical need for vigilance in the age of ...

2025-05-14T00:15:01Z

A recent case shows the critical need for vigilance in the age of AI. ⚖️ A judge has slammed lawyers for submitting AI-generated research that included fabricated case citations. This raises serious questions about the reliability of AI in legal practice and the ethical responsibilities of legal professionals.

💡 Key Takeaways:
👉 AI tools can be helpful, but human oversight is essential.
🛡️ Lawyers, ney EVERYONE must verify all information, regardless of the source.
📚 The legal profession is adapting to AI, but core responsibilities remain.
🚨 This serves as a cautionary tale for all professionals using AI.

What are your thoughts on the role of AI in the legal field?
#AI #LegalTech #Innovation #Ethics #Law #CyberSecurity
https://www.theverge.com/news/666443/judge-slams-lawyers-ai-bogus-research

ditto. This kind of thing pisses me off. It’s incredibly ...

2025-04-26T02:30:28Z

In reply to nevent1q…v4jr
_________________________

ditto. This kind of thing pisses me off. It’s incredibly wasteful to say the least.

⚠️ Consumer tech alert: Google sunsets support for first-gen ...

2025-04-26T01:34:03Z

⚠️ Consumer tech alert: Google sunsets support for first-gen Nest thermostats 🏠🛑

Google announced that by 2026:
🔥 Early Nest devices will lose key features
🔒 Security updates will stop
📱 Remote access via apps will be restricted
💸 Customers are expected to migrate to newer models

🤬 🤬🤬 🤬🤬 🤬

The decision raises important questions about the true lifespan of smart home devices — and what consumers can reasonably expect from their tech investments.

Trust matters. So does planned obsolescence.

#SmartHome #Nest #Google #DeviceLifecycle #TechNews
https://www.theverge.com/news/656332/google-ending-support-nest-thermostats

⚠️ Major AI data breach: DeepSeek leaks 1M+ records to the ...

2025-04-23T03:38:28Z

⚠️ Major AI data breach: DeepSeek leaks 1M+ records to the Dark Web 🧠💥

China-based AI startup DeepSeek just exposed a staggering volume of sensitive data:
💬 1M+ chat logs
🔐 API keys, backend metadata
📡 Unencrypted traffic via iOS app (ATS disabled)
🔓 Open ClickHouse database with full control

This wasn’t just a lapse — it was a floodgate.

🛡️ AI companies (and anyone integrating LLMs) must:
🔍 Audit storage configs
🔐 Enforce secure transport policies
📊 Monitor for unintentional data exposure

The future of AI relies on building trust. That starts with securing it.

#AI #CyberSecurity #DataBreach #DarkWeb #InfoSec
https://www.darkreading.com/cyberattacks-data-breaches/deepseek-breach-opens-floodgates-dark-web

🚨 Explosive allegations are hitting Elon Musk’s DOGE team. A ...

2025-04-16T01:02:54Z

🚨 Explosive allegations are hitting Elon Musk’s DOGE team.

A whistleblower says:
📂 10GB of NLRB data was exfiltrated
🔓 Security settings were disabled
📸 Photos of staff were used to intimidate
⚖️ Claims involve surveillance, union suppression, and cyber intrusion

Musk called it “insane,” but the NLRB is reportedly cooperating with federal investigations. Whether true or not — this underscores the growing overlap of cybersecurity, labor rights, and executive power.

#CyberSecurity #Whistleblower #ElonMusk #NLRB #DigitalEthics #security #privacy #cloud #infosec
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security

🚨 Florida’s new “Social Media Use by Minors” bill (SB ...

2025-04-13T20:48:35Z

🚨 Florida’s new “Social Media Use by Minors” bill (SB 868/HB 743) has a chilling twist: it demands platforms create backdoors to decrypt private messages.

That means:
🔓 End-to-end encryption may be turned off
📵 Disappearing messages could be banned
🧒 Minors lose digital privacy
💣 All users may face weaker security

EFF warns this is a dangerous precedent that risks everyone’s online safety. Legislating away encryption doesn’t protect kids — it jeopardizes all of us.

#Cybersecurity #Privacy #Encryption #TechPolicy
https://www.eff.org/deeplinks/2025/04/floridas-new-social-media-bill-says-quiet-part-out-loud-and-demands-encryption

🚨 AI Code Assistants: A Double-Edged Sword? 🚨 AI-powered ...

2025-04-12T22:34:34Z

🚨 AI Code Assistants: A Double-Edged Sword? 🚨

AI-powered coding tools are revolutionizing development workflows, but they come with hidden dangers:

🔹 Hallucinated Dependencies: AI suggests packages that don’t exist.
🔹 Slopsquatting Attacks: Malicious actors register these fake packages, leading to potential security breaches.
🔹 Automated Installation Risks: Some AI agents might auto-install these without developer awareness.
🔹 False Legitimacy: AI-generated summaries can falsely validate these malicious packages.

🛡️ Stay Vigilant: Always double-check AI-generated code and dependencies. Trust, but verify.

#AI #CyberSecurity #DevSecOps #SupplyChain #SoftwareDevelopment
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain