Ian Campbell

I’m not gonna say hackers are aging, or feral, or both, but when I looked up the Black Hat app today the first sponsored result was for a $60 posture app.

@unknown.garden psst, go check mastodon if you get a sec

Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives Perplexity is repeatedly modifying their user agent and changing IPs and ASNs to hide their crawling activity, in direct conflict with explicit no-crawl preferences expressed by websites.

Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives

blog.cloudflare.com/perplexity-i...

Elaine Chao, former labor secretary under GWB and transportation secretary under Trump 1, as well as wife of Mitch McConnell, defending the integrity of the jobs numbers and process on CNBC.

#uspol

Stoked to be able to announce that I'll be co-speaking at DEF CON Malware Village about hiding malware in DNS!

\o/

hackertracker.app/event/?conf=...

The Dam Seems to be Breaking This month's article at all.net - now online

"The Dam Seems To Be Breaking" - and not in good ways.

This was a grim but good read from Fred Cohen.

#cybersecurity #GenAI #RiskManagement

managementanalytics.substack.com/p/the-dam-se...

PDF Link: all.net/Analyst/2025...

Oh this looks like some really neat data-crunching from GreyNoise, excited to dive into it later.

#infosec #cybersecurity

From Laptops to Laundromats: How DPRK IT Workers Infiltrated the Global Remote Economy - DomainTools Investigations | DTI This report maps the entire ecosystem of a DPRK IT worker infiltration scheme: key actors, GitHub aliases, laundering flows, shell companies, fake domains, platform infiltration, wallet infrastructure...

Morning! New research out from us today leaning on some deep natsec experience as well as available tools and data to lay out the DPRK fake IT worker scheme - the people, the infrastructure, and the behaviors involved.

#infosec #cybersecurity #espionage #fraud

dti.domaintools.com/from-laptops...

More than 90 state, local governments targeted using Microsoft SharePoint vulnerability, group says More than 90 state and local governments have been targeted using the recently revealed vulnerability in Microsoft server software, according to a U.S. group devoted to helping local authorities collaborate against hacking threats.

New: More than 90 U.S. state and local governments have been targeted by hackers leveraging Microsoft’s recently disclosed SharePoint vulnerability, the group behind the MS-ISAC tells me.

They say no “confirmed security incidents” yet.
www.reuters.com/technology/m...

Time for an update to RFC 1149, the one about IP-over-avian-carriers

this is important for @thepacketrat.net

slurpee machine with one crashed screen

I'm drinking the Bios Crash slurpee I hope it crashes my bios I hope I blue screen

Cybersecurity Reading List - Week of 2025-07-28 - DomainTools Investigations | DTI Commentary followed by links to cybersecurity articles that caught our interest internally.

It is a lovely day in information security,

and you are a horrible goose.

Here's my usual reading list for you - as always, not a roundup, but what caught attention internally.

Plus a few quick thoughts on community.

#infosec #cybersecurity

dti.domaintools.com/cybersecurit...

Inspired by conversation on Mastodon with a bunch of folks: masto.deoan.org/@neurovagran...

All the ones I know of utilize tokenization to economize things, which means it's pretty easily gamed, especially by generative adversarial networks, which are pretty well-honed, optimized, and efficient by now.

The way LLM tokenization works, you burn a ton more tokens if the query *evolves* as in most LLM contexts every new input has to include *the entirety of the conversation prior* to maintain the context window.

Just realized:

we're going to see a new brand of DoS/DDoS in which attackers take a service down through extravagant token expense.

Already seen in the wild: single devs using up the org's entire Cursor token pool, breaking workflows for everyone else in the org.

#genai #cybersecurity #infosec

In Neuromancer, Case asks his computer to generate a 5 minute precis about the Panther Moderns, and it gives him a short multimedia introduction to them.

…now I’m wondering, what if the Hosaka hallucinated it?

1430hrs ET: T-Mobile announces its T-Satellite service is now live.

1500hrs ET: Starlink outage.

Least convincing newly registered domain so far this year:

fixpassword[.]ru

(DON'T. GO. HERE.)

#infosec #threatintel

On the heels of this Trump-Obama drama, BetOnline.ag has released odds for the possibility of Obama being indicted for anything at any point this year. The odds of that happening are 25/1, which equates to an implied probability of 3.8 percent. Here's the full list of candidates to be indicted in 2025 and each's respective odds: Who will be indicted in 2025? James Comey 12/1 Bruce Ohr 16/1 Elon Musk 16/1 John Brennan (CIA) 16/1 Mark Milley 20/1 Barack Obama 25/1 Adam Schiff 33/1 Hillary Clinton 33/1 Merrick Garland 33/1 Peter Strzok 33/1 Jack Smith 40/1 Jamie Raskin 50/1 Michael McFaul 50/1 Michelle Obama 65/1 Robert Mueller 100/1

lotta dystopian shit floats through the ol’ inbox these days, but “betting odds on specific retaliatory political prosecutions” landed with a “holy shit” for me

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to to divorce lawyers and other industries.

New from 404 Media: a startup is selling data hacked from peoples' computers to debt collectors, divorce lawyers, more. People already hacked, now being re-vicitmized by startup. I used the tool, found peoples' personal addresses.

“This is so gross and predatory.”

www.404media.co/a-startup-is...

Usually it does vocals too but its throat was feeling scratchy that day, so it was a little horse.

Can already tell the Monday cyber news cycle is gonna be spicy so to save time during the week I left the whiskey bottle right next to the coffeemaker.

Watching a TV program on engineering disasters that included this gem:

"One test is worth a thousand expert opinions."

In my defense, brainrot-level memes are a valid coping mechanism in this timeline.

Coldplay couple with horrified looks that they are exposed on the jumbotron, captioned with “bad actors when the firewall checks for newly observed domains.”

Coldplay couple with horrified looks that they are exposed on the jumbotron, captioned with “the same bad actors when the firewall is also enriched by historical passive DNS.”

Sorry, sorry, blatant work reference and I know it’s a brainrot-level reference but I couldn’t resist.

Context windows - Anthropic

When working with an LLM you get to a point where the past text becomes too large for the LLM to consider, moving outside the model's "context window" and degrading generation with respect to the whole conversation.

docs.anthropic.com/en/docs/buil...

Knostic sponsored a "Prompt Pit" this morning - a gaggle of infosec folks got together to share quick GenAI-related findings, tips, or use cases.

Dragos Ruiu introduced a term I haven't heard before that could've come straight from Bruce Sterling:

"context rot."

( across the top dozen TLDs )