NEW: David Vincenzetti, the founder of spyware maker Hacking Team, has been arrested.

Vincenzetti is accused of attempted murder. He allegedly stabbed a relative at his home. A judge has ordered him to stay in prison as a precautionary measure, and has ordered a psychological evaluation, according to Italian media reports.

I'm honestly in shock. Hacking Team's story is still getting crazier, eight years after it got spectacularly hacked.

https://techcrunch.com/2023/11/29/founder-of-spyware-maker-hacking-team-arrested-for-attempted-murder-local-media/

Terry Pratchett was wise

Whenever I explain my #research at Google into mobile text editing, I'm usually met with blank stares or a slightly hostile "Everyone can edit text on their phones, right? What's the problem?"

Text editing on mobile isn't ok. It's actually much worse than you think, an invisible problem no one appreciates. I wrote this post so you can understand why it's so important.
https://jenson.org/text
#UXDesign #UX

Microsoft paid money for this. A lot of money.

Dear Microsoft. Here is a list of things I want the Start Menu to do:

* Show my installed programs
* Search my local files
* Provide access to system settings

Here is a list of things I do *not* want the Start Menu to do:

* Show the weather for a randomly-selected town near my network's public IP infrastructure
* Show tabloid headlines
* Show programs I *don't* have installed
* Search the web via Bing
* Show adverts(!)
* Attempt to engage me in conversation with a hallucinating LLM

Thanks.

Check it out, it's tmp.0ut Volume 3!

https://tmpout.sh/3/

Turing test.

When we warn the real threat of AI is how it’s used against people in the present, not the fantasies that some day computers might think for themselves, this is exactly the kind of thing we’re talking about: health insurers using AI to deny care.

https://arstechnica.com/health/2023/11/ai-with-90-error-rate-forces-elderly-out-of-rehab-nursing-homes-suit-claims/

#tech #ai #health #healthcare

the eu is fucking wild man
“hey, we just passed landmark privacy regulations!”
“oh by the way we’re trying to mandate backdoors into every encryption scheme”
“we are forcing google, apple, and microsoft to stop locking down their ecosystems!”
“oh yeah we’re also trying to mandate backdoors in all browsers’ certificate stacks”
“anti-adblock is spyware ^_^ we’re suing youtube”

if it walks like malware and talks like malware, license it to game publishers and call it an anti-cheat solution

Anyone gonna switch to Mozilla Firefox?

In what may be a first: AlphV filed an SEC complaint against one of its victims for not disclosing the breach to the SEC:

https://www.databreaches.net/alphv-files-an-sec-complaint-against-meridianlink-for-not-disclosing-a-breach-to-the-sec/

#databreach #SEC #compliance #infosec #cybersecurity #hacking

@brett @campuscodi @briankrebs @euroinfosec @BleepingComputer

I spent this year talking to the 3 young hackers behind Mirai, the malware that once broke the internet.

This is WIRED's resulting cover story—an epic, untold, 22,000-word tale of cybercrime, friendship, chaos, betrayal, paranoia, and redemption.

Read: https://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/

The FBI reportedly has known the identities of at least a dozen hackers tied to the notorious Scattered Spider gang (which hacked MGM and Caesars in September) for more than six months, but has failed to make any arrests, according to this new @Reuters investigation.

The unusual part: Many of the hackers are seemingly based in the U.S. and other Western nations, making arrests actually possible!

https://www.reuters.com/technology/cybersecurity/fbi-struggled-disrupt-dangerous-casino-hacking-gang-cyber-responders-say-2023-11-14/

✨ It’s true. I’ve been working on this blog post for ten years.

You see, I’ve been slowly buying up nearly 70 super rare issues of a 80s/90s gadget catalog that meant the world to me growing up. And in the process, I’ve uncovered the secret history of this lost copywriting art.

PLUS, as a bonus, I’ve scanned every single issue — so you can read them all.

I hope you enjoy: https://cabel.com/2023/11/06/dak-and-the-golden-age-of-gadget-catalogs/

Didn't believe this was a thing until I actually saw it myself.

I bank at a small, local credit union. I recently cleared my autocomplete settings so plugged their name into #Google to get back to their homepage.

The Sponsored result IS NOT my bank's website. But is skinned the same. 100% a #phishing site served as a Google ad above the legitimate business website.

This is a major problem, my friends.

Some people claim that they can use dark magics to force Linux to do what they want.

But that's just sudoscience

Important news for all nerds: The Unix timestamp will begin with 17 this Tuesday.

REMINDER: ChatGPT, Stable Diffusion, and other large trained neural models are NOT "artificial intelligence", they're just stochastic parrots, remixing and regurgitating what they've been fed. There's no theory-of-mind involved, so no understanding: there's no "there" there. (A real live parrot exhibits more intelligence than this.)

Don't call it AI; call it parrot-tech. That way you'll have a better perspective on what it can (and can't) do.

We have started scanning & reporting Roundcube Webmail servers vulnerable to CVE-2023-5631. While rated "only" CVSS 5.4, it has been used by at least one APT actor to execute JavaScript code in the browser of the victim in context of their Roundcube session.

42K found vulnerable!

Data shared in Vulnerable HTTP report: https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/

NVD entry:
https://nvd.nist.gov/vuln/detail/CVE-2023-5631

Patch info: https://roundcube.net/news/2023/10/16/security-update-1.6.4-released

https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15

Dashboard stats: https://dashboard.shadowserver.org/statistics/combined/tree/?day=2023-10-27&source=http_vulnerable&source=http_vulnerable6&tag=cve-2023-5631%2B&geo=all&data_set=count&scale=log

Discovery & background details by ESET:

https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/