Default deny
I'll open by saying that I'm not anti-AI. I think it can be a net positive. Take my own profession, information security: the world is worse off because most code out there hasn't been looked at by a security engineer. LLMs can automate finding security bugs, so we can get better software for less.
But then, I have to square this with the fact that one of the first casualties of AI were “bug bounty” programs that paid people to report security flaws. LLMs could produce plausibly-sounding reports long before they could find real bugs. Unscrupulous “researchers” figured out they could extract money from the 5-10% of vendors who were not paying attention by slop-bombing us all and wasting everyone’s time.
When it comes to social media, there’s a similar dynamic at play. Human writing, good or bad, was inherently rate-limited; LLM output is not. If someone spent hours or days writing an article, it clearly mattered to them and I could spare minutes of my time to read and engage. For LLM output, this no longer holds. There’s an infinite supply of content entirely disconnected from the human condition that still demands your attention and time.
In contrast to infosec, social media engagement isn’t utilitarian: you gain nothing if you read 1,000 machine-generated opinion pieces a day. Promoters say that it shouldn’t matter who or what is doing the writing — you should only ask if the output is good. To me, quality is secondary. I come here to talk to humans, not to yell into the probabilistic token-void.
Yes, there are rare exceptions, there are people who use LLMs as an assistive technology, and so on. But in 99% of the cases, if you couldn’t be bothered to write it, I won’t bother to read it. Default deny.
Micropatches released for Desktop Window Manager Elevation of Privilege Vulnerability (CVE-2026-20871)
https://0patch.com/blog/micropatches-released-for-desktop-window-manager-elevation-of-privilege-vulnerabi
In response to a #FOIA request from me the #FBI have released records relating to late 90s #hacker group milw0rm. Additional records not included in this Vault release were located by the FBI and I have requested these be processed for potential release as well.
https://vault.fbi.gov/milw0rm/milw0rm-final/view
RSS is a secret trick to making the internet more usable. https://www.eff.org/deeplinks/2026/06/hate-algorithm-rss-one-tools-youve-been-looking
RE: https://infosec.exchange/@CrackMeIfYouCan/116904210214745592
I will be joining as an internet random... no real hope of cracking much.. If anyone wants to form an infosec.exchange or infosex.eccgang team, I am open!
CMIYC registration is now open! https://contest-2026.korelogic.com/howto_register/
#defcon #DEFCON34
Look what I found on archive: Beavis & Butthead Doom Add-On GAM-098
New video: App Execution Aliases.
Type notepad, get the Store one, not the System32 one. Why? App Execution Aliases.
https://trainsec.net/library/windows-internals/how-windows-app-execution-aliases-work-and-how-to-read-them-in-c/
RE: https://mastodon.social/@d_olex/116902388645366483
Many people have drawn entirely wrong conclusions from this post. Meanwhile, an actual solution for preventing this kind of tracking lays in a different ballpark:
1) Get a burner laptop for your hacktivism or organized crime activities, never use it for anything else;
2) Get some dedicated hardware to run your VPN or Tor client, for example -- a portable battery powered router with OpenWrt;
3) Configure and use this setup in a way that prevents the laptop from accessing the internet directly;