Infosec.Pub

Looks like it could be cool! But I can't find any reviews on this. It seems to be flying under the radar.

An exhilarating action-adventure game set in a vibrant retro-futuristic universe. Embark on daring interstellar journeys, uncovering new worlds, and battling formidable alien adversaries. Upgrade your ship and abilities as you explore the vastness of space to save the Galaxy from a hidden threat.

🎮 Steam

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been used to carry out large-scale DDoS-for-hire attacks targeting

cross-posted from: https://lemmy.sdf.org/post/40764285

Archived

[...]

Anxiety is growing among Chief Information Security Officers (CISOs) in security operation centres, particularly around Chinese AI giant DeepSeek.

AI was heralded as a new dawn for business efficiency and innovation, but for the people on the front lines of corporate defence, it’s casting some very long and dark shadows.

Four in five (81%) UK CISOs believe the Chinese AI chatbot requires urgent regulation from the government. They fear that without swift intervention, the tool could become the catalyst for a full-scale national cyber crisis.

This isn’t speculative unease; it’s a direct response to a technology whose data handling practices and potential for misuse are raising alarm bells at the highest levels of enterprise security.

The findings, commissioned by Absolute Security for its UK Resilience Risk Index Report, are based on a poll of 250 CISOs at large UK organisations. The data suggests that the theoretical threat of AI has now landed firmly on the CISO’s desk, and their reactions have been decisive.

In what would have been almost unthinkable a couple of years ago, over a third (34%) of these security leaders have already implemented outright bans on AI tools due to cybersecurity concerns. A similar number, 30 percent, have already pulled the plug on specific AI deployments within their organisations.

[...]

Three out of five (60%) CISOs predict a direct increase in cyberattacks as a result of DeepSeek’s proliferation. An identical proportion reports that the technology is already tangling their privacy and governance frameworks, making an already difficult job almost impossible.

[...]

Businesses recognise the immense potential of AI and are actively investing to adopt it safely. In fact, 84 percent of organisations are making the hiring of AI specialists a priority for 2025.

This investment extends to the very top of the corporate ladder. 80 percent of companies have committed to AI training at the C-suite level. The strategy appears to be a dual-pronged approach: upskill the workforce to understand and manage the technology, and bring in the specialised talent needed to navigate its complexities.

The hope – and it is a hope, if not a prayer – is that building a strong internal foundation of AI expertise can act as a counterbalance to the escalating external threats.

The message from the UK’s security leadership is clear: they do not want to block AI innovation, but to enable it to proceed safely. To do that, they require a stronger partnership with the government.

The path forward involves establishing clear rules of engagement, government oversight, a pipeline of skilled AI professionals, and a coherent national strategy for managing the potential security risks posed by DeepSeek and the next generation of powerful AI tools that will inevitably follow.

[...]

cross-posted from: https://lemmy.sdf.org/post/40763938

Archived

A new research paper published by the Citizen Lab - “Hidden Links: Analyzing Secret Families of VPN Apps” (opens pdf) - has exposed how some popular Virtual Private Network (VPN) providers intentionally hide their true ownership and share security flaws.

The paper was co-authored by Benjamin Mixon-Baca, Jeffrey Knockel, and Jedidiah Crandall and published by Citizen Lab. Their study involved a deep analysis of apps from the Google Play Store, looking at everything from code similarities and network communications to business filings.

The companies distribute apps such as Turbo VPN, VPN Monster, and Snap VPN, and are linked to a Chinese national security firm, Qihoo 360 and have gone to great lengths to hide this fact from their 700+ million combined user bases.

Turbo VPN and Snap VPN were also named in the Tech Transparency Project’s June 2025 report, which cited national security concerns related to the possibility of these VPNs transferring data to China.

[...]

cross-posted from: https://lemmy.sdf.org/post/40711081

Most Lemmy users are vulnerable to data loss arising out of an admin spontaneously pulling the plug on their Lemmy instance. I have lost data several times by this cause (both on Lemmy and on Mastodon). Infosec includes availability (thus backup copies), but this has been neglected by developers of clients for fedi platforms.

Mastdon has /something/, at least

We have a crutch for Mastodon: mastodon-archive by Kensenada. It only works on some¹ Mastodon instances, but when it works it’s a quite useful tool. It uses the API to grab all posts you author as well as posts by others who mention you. It would be even more useful if it would grab whole threads for which you participate or bookmark regardless of mentions, but last time I checked there is no plan to implement that. You don’t even have a copy of the parent messages you reply to. And (IIRC) you also don’t get a copy of mentions in situations where fedi barriers prevent responses from reaching the instance you are on.

¹ Some instances are simply incompatible for unkown reasons

What Lemmy needs

A gnu linux tool to fetch whole threads that the user starts as well as whole threads for which they comment. Ideal features:

• produce a searchable local SQL database.
• optionally, grab threads or posts the user upvotes.
• optionally, detect cross-posts and grab those threads too.
• periodically revisit the thread to record new activity, including moderator actions. The period between re-visits should get increasingly longer as the thread ages.
• when an author deletes their post, it should be marked as deleted in the local DB. And users should have the option to have those records purged automatically or selectively purged upon review.
• (science fiction?) get the current host to digitally sign something certifying that the user’s profile/content is the genuine original artifict for the purpose of migrating to another host. The current Mastodon migration mechanism is dysfunctional for cases of a host going down before migrating, and I assume Lemmy might have the same issue.
• fedi politics circumvention: give users the option to grab copies of the same thread from other instances so a browsing tool can compare the various thread versions, suppress dupes, and show the most complete aggregated version.
• for extra credit: integrate the DB with @theblawsybogsy@lemmy.ml’s emacs “Lem” app as a front-end for offline browsing

It’s important for user retention

When a user puts a lot of effort into producing content only to lose it all on the whim of an admin deciding out of the blue to kill the server, it’s demoralising. The user might opt to abandon the fedi or start over from a giant centralised walled-garden like LW. In both cases the decentralised free world shrinks.

It’s important for digital sovereignty and fedi-balance

There are already users who conciously decide to pile onto the biggest instances for the perception of stability. Nervous Bob might have a specific passion for a small mission-focused instance like lemmy.radio, lemmybefree.net, mander.xyz or linkage.ds8.zone, but is risk-averse. He cannot stomach the thought of losing all content and believes that if an instance is large, the admins will be more careful.

Having an archive settles the nerves of Nervous Bob enough to be able to follow his passion. It disables the cognitive dissonance of licking the boots of an oppressor (such as a Cloudflare instance).

Why this is (or will be) posted in !spreadfediverse@flamewar.social

Some would say information security is essential -- a precondition to transitioning into the fedi. Reguardless, such an app would serve to encourage people to contribute to the threadiverse and ultimately the proportionate growth and spread of it.