Effort gives you a chance; but it is a calculated risk that gives you a win most of the times.
Winners make a well-prepared effort, take risks, and learn from losses.
#quotestoliveby
> Peter Stokes
> Scattered Spider guy
> Arrested
> Microsoft helps FBI
> Read court documents
> Page 12
> Microsoft tracks Stokes from GDID
> Microsoft Global Device Identifier (GDID)
> Stokes used Windows
> Page 34
> GDID assigned to each OS install
> GDID unique to each device
> GDID only change if OS wiped
> Stokes GDID 6755467234350028
> GDID reported internet activity to Microsoft
> GDID showed Stokes using Ngrok
> GDID reported Stokes IP address
> GDID showed Stokes web activity
> GDID showed timestamps of web activity
> GDID mapped with video game activity
> GDID showed games played
> GDID undocumented
> GDID only mentioned in one MSDN document
> Azure UCDOStatus
> Azure Monitor Logging
Arch Linux is still having supply-chain attacks and other misc. security issues.
This is devastating to the over 25 people who use Arch as a daily driver.
So-called age verification for social media is spreading across the world, framed as an effort to create a safer internet for children. In reality, age verification lays the foundation for a fully controlled internet.
The age verification rush must be slowed down, and politicians need to recognize the consequences of different types of legislation and systems.
Age verification is the wrong approach to fix “the social media problem”
The big tech social media companies are bad. Their business model is bad; it is based on mass surveillance and manipulation, and they cooperate with governments in mapping entire populations. But age verification is fundamentally the wrong approach to preventing children from using big tech social media platforms. Introducing age verification is based on coercion; the state forces social media companies to verify their users’ identities. But the big tech social media platforms already know which of their users are children. Their business model depends on knowing this. They know how old users are, and they know exactly what type of person they are. As age verification is based on coercion, politicians could instead force platforms to stop doing the things politicians consider harmful to children, or force them to block children (again, they know who they are) from using their services. But instead, politicians seek to massively invade everyone’s privacy and undermine democratic rights on a global scale. In other words, the latter is the real objective – they do not want to protect children; they want to impose control.
Slippery slope of age verification
It is undeniable that age verification threatens freedom of expression, risks increasing mass surveillance, and is likely to lead to censorship. It will not only shrink the online world and reduce young people’s right to privacy (for example, if VPN services were to be restricted); but also risks becoming a significant step toward a controlled internet for everyone.
Most age verification is identity verification
Most countries are now considering introducing age verification systems, meaning that everyone would have to identify themselves either to the service/website they want to use or to a third party capable of linking them to their activity on that service or website. This is not age verification but identity verification, and the consequence is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media. This is a major problem in countries like the UK and Germany where the police conduct raids on people’s homes for posting content on social media that the authorities dislike. Or in the United States, where authorities are trying to pressure tech companies into revealing the identities behind accounts protesting ICE. Social media identity verification removes important tools for activists in countries where criticizing those in power is dangerous.
Restrictions on app store or operating system level
Some countries are looking to impose identity verification at the app store level or even within the operating system itself. This is an exciting experiment, since this is possible to circumvent using open-source operating systems. Some countries are already looking to include open-source systems. Since open-source systems cannot be controlled, politicians would ultimately need to ban devices that are not controlled by the state. The end point: telescreens like those in Orwell’s 1984, devices that both monitor you and broadcast only the information approved by the state.
The Zero-Knowledge Proof (ZKP) alternative and the EU
The EU has presented its own age verification app as “completely anonymous”. The idea is to use Zero-Knowledge Proof (ZKP) cryptography to break the link between the age credential issuer (EU governments) and the regulated services/sites. Currently, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is currently designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model. Even if fully developed ZKP technology could be implemented in the future, it would remain an optional extra feature that countries may choose to disable and that the EU could remove at any time.
Read more on our site.
https://t.co/wTVKHMS1zg
I have a funny idea.
Add fake internal DNS entries like:
- honeypot01
- canarydc
- edr-test-node
- malwarelab
to your AD environment.
Not for humans, but for future LLM-driven recon agents.
Basically:
We're entering an era where naming things might become a defensive control 🙂
🚨 BREAKING: A developer just built a military-grade firewall specifically for AI agents.
It's called Kavach and it sits silently between your AI agent and your OS kernel.
No cloud. No subscriptions. Runs entirely local.
Here's why this matters right now:
Autonomous agents like AutoGPT and LangChain scripts operate at superhuman speeds on your local file system. A bad hallucination or runaway loop can delete production databases, overwrite source code, or exfiltrate your .env keys to third-party servers before you can hit Ctrl+C.
Passive monitoring doesn't stop this.
Kavach does.
Here's what it actually does:
→ Phantom Workspace: Intercepts destructive file ops and silently redirects them to a hidden directory. The agent thinks it succeeded. Your files are untouched.
→ Temporal Rollback: Cryptographic caching of all file modifications. 1-click restoration of any mangled file. Instant.
→ Network Ghost Mode: Spoofs high-risk outbound requests with fake 200 OK responses. Neutralizes exfiltration without alerting the agent.
→ Honeypot Architecture: Deploys a fake "system_auth_tokens.json" file. Any process that reads it triggers immediate High-Risk Lockdown.
→ Turing Protocol: Actively rejects synthetic mouse injections. Randomized 3-character auth codes ensure only a human can override.
And the wild part? It has a Simulated Shell that intercepts commands like "rm -rf /" and returns fake success codes to the agent.
The agent thinks it destroyed everything.
Your files are completely safe.
Built in Rust + React via Tauri. Zero-config deployment. Download the .exe or .dmg and it's running in 60 seconds.
This is what AI security actually looks like.
100% Opensource. MIT License.
Link in comments.
Epic OPSEC fail by Paragon exposing Graphite spyware capabilities.
Annotated pic from what we know.
Please help me figure out the other apps in in this pic that the spyware can access:
#WhatsApp#Telegram#Signal
?
#Line?
?
#Snapchat?
#TikTok?
Microsoft openly admitting they have not(!) had MFA, network segmentation, least privilege, software lifecycle, jump-servers, asset- and software-inventory etc for Azure PROD for years and they are not there yet.
This whole report is just so scary. At the same time, good.. (1/2)
Microsoft has discovered worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. https://t.co/yVbdaFuqMf
#BadSuccessor - a textbook example of why the security ecosystem is broken
- A privilege escalation vuln in Windows Server 2025 AD (via dMSA)
- Full domain compromise with default config
- Microsoft was told, agreed it’s real, but rated it "moderate"
- No patch, No fix
- No code execution needed
- No need to touch the DC
- No RPC, no ntds.dit
- Just a write to one attribute on an account you can create
- Rubeus already supports dMSA abuse (since February)
- Metasploit module is in the works
Researchers published everything anyway. Because… "we respectfully disagree with Microsoft’s assessment". So yeah, let’s just drop an end-to-end domain takeover technique online to prove a point.
To be fair, Windows Server 2025 isn’t widely deployed yet, so the real-world blast radius today is limited. But this isn’t about today - it’s about trust, process, and what happens when security decisions are driven by vendor priorities and researcher egos.
What this tells me:
1. Microsoft either:
- Can’t assess bugs anymore
- Or stopped caring about on-prem AD completely (because Entra ID is what they want to sell)
2. And the offensive sec crowd?
- They knew this would hit hard
- But chose to burn the world anyway
- Because their urge to be right > everyone else’s security
In the end, both sides look bad.
Microsoft, for being dysfunctional or apathetic
Researchers, for chasing clout over coordinated disclosure
Congrats. In a rare show of unity, both sides managed to screw this up.
Blog: https://t.co/f9eDCBmbjI
LinkedIn: https://t.co/dc1l5EUYpb
Metasploit issue: https://t.co/tcRkUHavo1
North Korea has ceremonially opened its first computer club — with Kim Jong Un himself attending the event.
Now, North Korean hackers will be able to comfortably steal billions of dollars from “Western capitalists” for their leader.
Big tech isn't going to value your privacy. They will try to monetize it. Governments aren't going to value it, they'll they'll try to put back doors in to your life.
You need to activity be improving your own privacy. Its imperative.