Readit News logoReadit News
s4mw1se commented on eBPF Offensive Capabilities – Get Ready for Next-Gen Malware (2023)   sysdig.com/blog/ebpf-offe... · Posted by u/password4321
red_admiral · 2 years ago
Am I reading this wrong, or is it a variant of "If you have kernel access you can mess with userland"?
s4mw1se · 2 years ago
not a ebpf expert, just been on my radar lately because i’m going through a sysdig poc.

To me It feels more like a reverse proxy for intercepting traffic going between user land and kernel space.

As we move to k8s and classic EDR isn’t feasible i 100% understand the need. It still feels like a dumb thing humanity has done and will blow up in our face after having the kernel / user space security boundary beat into our heads for so long.

s4mw1se commented on The CrowdStrike Failure Was a Warning   theatlantic.com/ideas/arc... · Posted by u/Kaibeezy
0xBDB · 2 years ago
The Microsoft competitor to CrowdStrike is Microsoft Defender XDR (specifically Defender for Endpoint), an enterprise product that is pretty good (in my opinion) but not one that Microsoft just throws in as a sweetener with Office 365 or whatever. You will pay specifically for it. It also runs in the kernel, as most effective EDR does, so until eBPF for Windows is done you are taking the same chance with it as with CrowdStrike. It's just a matter of which company you trust more not to BSOD you.
s4mw1se · 2 years ago
The price is no joke. Microsoft has a lot of really good security products locked behind a paywall that security vendors know they can beat. We were looking the price for sentinel the other day and holy shit it’s costly.
s4mw1se commented on Can men live without war? (1956)   theatlantic.com/past/docs... · Posted by u/lermontov
s4mw1se · 2 years ago
Three billion human lives ended on August 29, 1997. The survivors of the nuclear fire called the war Judgment Day. They lived only to face a new nightmare: the war against the Machines
s4mw1se commented on Dark Software   notes.mtb.xyz/p/dark-soft... · Posted by u/superzamp
stratigos · 2 years ago
Ive been working in AI for about a year, and Ive been working as a web developer for about 20 years. It appears to me that everyone that thinks AI is going to handle development for companies (in the reasonably near future) are also folks who have never had high level engineering responsibilities for a single project for a multi-year period. That is, theyve never been exposed to the realities of how nuanced managing a software product is at a technical level. The bots can barely write code-bootcamp level scripts. Im not confident that we will see AI solving the kinds of (coding) problems that engineering leaders are handling over multi-quarter projects.
s4mw1se · 2 years ago
I’m an AppSec engineer, and work with 300+ devs and Software Engineers. I’ve worked through start phase and two acquisitions. You spot on at this point in time. I’m on the team responsible for testing m365 copilot before it rolls out to our org. A month ago I would have agreed with you 100% but now i’m leaning more to theirs a 50% chance of large scale automation happening within 5 years.

What AI was missing is the larger business context. I doesn’t know the politics behind why things are the way they are and why fixing and issue might cost the company 50k every minute or if library is updated it would break 15 business critical products without proper coordination.

M365 Copilot is bridging that gap. Right now it’s dumb and only access what you can see on OneDrive and sharepoint. With plugins and connectors it’s going to integrate into every development platform sooner or later.

I still think it’s some years out and will require a lot of human interaction before these generalized agents can be onboarded.

It’s a security nightmare for me. We basically just automated the recon for any attacker that has compromised a 365 Account. In my opinion it’s moving to fast even when it’s dumb as bricks and has the context of a 2 year old.

I’ve been using it to compare static analysis findings and m365 copilot returns a lot of the same findings with mitigation suggestion. It’s still not 100% though, but either is any secuirty testing.

I give it two years before the grunt work is fully automated

s4mw1se commented on The Backbone of Cybersecurity: Hardware Security Modules   join.tech/blog/2024-0x10-... · Posted by u/5n00py
s4mw1se · 2 years ago
security starts at the shipping port

Just seeing a flood of comments of everyones cheap $10 dollar devices got me thinking…

How do you actually check the integrity of the HSM, both at the software level and hardware level?

The companies hosted open source repo is only worth a shit if you can verify the integrity of the software on the device.

Do any vendors ship with verifiable Hardware Bill of Materials and Software Bill of materials? How do you know the device you got 2 years ago didn’t have a zero day in a common library disclosed a year after?

Because if you can’t continuously check the integrity of your device… well you don’t know if it’s actually secure.

s4mw1se commented on Psychedelics are challenging the standard of randomized controlled trials   theatlantic.com/health/ar... · Posted by u/chapulin
yieldcrv · 2 years ago
So, I think that is too dismissive, while I think the psychedelic proponents are too exuberant

Basically, I don't think the categorization matters. Like are these entities things always here and perceived if we access a certain plane, or are these mere configurations and figments of our brain that can be repeated. To me, thats not important. Its important if the reconfiguration of the brain is useful, therapeutic, repeatable, what side effects are there, whats going on with people predisposed to schizophrenia that psychedelics seem to exacerbate permanently. What’s going on with floaters/HPPD.

Can LSD be refined for the parts that are useful for us, or do we simply slap fine print about potential side effects for those with a family history of schizophrenia on it like …. every other FDA approved drug.

I think fawning over something in the 1950s is juvenile, when there probably are advances possible since then to that substance.

But I would like it to at least reach parity with Big Pharma’s designer drugs with clinical trials and listed side effects, instead of just anecdotes percolating rave communities.

s4mw1se · 2 years ago
Rave communities? This is from research and patient panel interview that was hosted after the publication. Minus the hoffman stuff.

https://pubmed.ncbi.nlm.nih.gov/37897244/

https://www.youtube.com/live/Myq_Hc_39aI?si=qnJ8UhOztRjshEkf

s4mw1se commented on Psychedelics are challenging the standard of randomized controlled trials   theatlantic.com/health/ar... · Posted by u/chapulin
s4mw1se · 2 years ago
LSD was expected to be the holy grail of mental health treatment in the 40s and 50s before it was made illegal by the U.S. and the rest old the world following in the united states foot steps.

I’m very grateful that we are starting to see research really pick up steam and public companies like MindMed pushing for FDA approval with MM120.

It’s bittersweet though because it also is proof of how much progress we lost over those decades.

Not to discredit PTSD and Mental Health research, but just to expand on how much we don’t know about our mind and what these chemicals really are…

DMTx had its first round of clinical trials, where participants have extended experiences in DMT hyperspace and all share common hallucinations (i.e talking to other lifeforms).

What’s interesting is that these experiments are showing us how our brain models the world. Unlike freebase N,N-DMT which is a short lived rocky experince. These patient reported and the data showed that after the first few minutes on DMTx things started to normalize (the brain started modeling their world better)

One of Strassmans patients years ago said on DMT that these entities could share more with us if we learn to make extended contact.

Albert Hoffman the inventor of LSD also said he had contact with external entities on a trip (eyeball with wings) and said that it told him that they chose him to discover LSD for the sake of humanity.

The DMTx participants all reported that these entities knew about their life and their traumas and helped them process these all in different ways. They all reported that these were beings of a higher intelligence and felt that they were external.

Psychedelics are 100% challenging the gold standard. Whatever the that is lol.

s4mw1se commented on NSO vs. Citizen Lab: U.S. Court Battles over Pegasus Spyware Investigations   theintercept.com/2024/05/... · Posted by u/clwg
_mlbt · 2 years ago
I’m not a lawyer, but at least in the United States at the minimum probable cause and a warrant should be required prior to their use per the 4th Amendment…

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

s4mw1se · 2 years ago
The only time the U.S has cared about spying on their citizens is when snowden dropped the big leak and they were pissed they got caught with pants down.

https://en.m.wikipedia.org/wiki/2010s_global_surveillance_di...

s4mw1se commented on Cheap Stuff on Temu Opens a New Generational Divide   wsj.com/lifestyle/temu-vi... · Posted by u/lxm
mayli · 2 years ago
Most the items exported are not related to uyghurs. There are tons of educated population on the east coast willing to work at lower wages.
s4mw1se · 2 years ago
From the investigative reports i read temu makes that really hard to tell and offers little to no transparency into the supply chain for their vendors.

The point no one knows what products are made by forced labors, so you don’t know if your money is going to support those operations or not.

s4mw1se commented on Cheap Stuff on Temu Opens a New Generational Divide   wsj.com/lifestyle/temu-vi... · Posted by u/lxm
s4mw1se · 2 years ago
They rely on the vendors to report on the supply chain, so those who are using Uyghurs as forced labor just say they are not, so temu says they don’t.

Lots of money to be made in genocide and slavery.

s

u/s4mw1se

KarmaCake day37December 25, 2023View Original