safecontrols.blog

I tested using Google's Gemini as a helping hand in Linux log based threat hunting - and it is actually helpful, although not ready to take the security analyst's job (yet).

safecontrols.blog

A blog post I made based on discussions at a conference last week - we need to teach smart things like self driving cars and ships to defend themselves against cyber attacks. This outlines how we should approach it.

cross-posted from: https://programming.dev/post/8121843 > [~n (@nblr@chaos.social) writes](https://chaos.social/@nblr/111698366167829445): > > >This is fine... > >>"We observed that participants who had access to the AI assistant were more likely to introduce security vulnerabilities for the majority of programming tasks, yet were also more likely to rate their insecure answers as secure compared to those in our control group." > > > >[Do Users Write More Insecure Code with AI Assistants?](https://arxiv.org/abs/2211.03622? > >

I am curious if anyone has advice on a good start to get into InfoSec. I just bought a car, used a separate phone number and somehow marketers found my actual number, so want to get a better handle on how to handle personal data.

Now ever since I got a label printer I made it a habit to... well... label everything. It's been the a gamechanger in organizing my stuff. This habit includes having a tiny label with my street address and mail address on most any item that I loan away or tend to regularly lug around with me as a general reminder of ownership. I forget about and lose stuff all the time, so this gives me some piece of mind with most of my medium-value little gadgets. I believe (and have experienced) that people are generally decent and will return lost stuff to me if it's easy for them to find out to whom it belongs. Now it has occurred to me that this practice might be detrimental when applied to a smart cards in general and my Yubikeys in particular. After all, shouldn't a lost Yubikey be considered "tampered with/permanently lost" anyway, whether it's returned or not? And wouldn't an Email address on the key just increase the risk of some immediate abuse of the key's contents, i.e. GPG private keys, that would otherwise not be possible? Or am I overhtinking this?

www.zmescience.com

cross-posted from: https://lemmy.kevitprojects.com/post/8452 > What do you guys think about this?

It was a meme about a cyber security guy not giving out his personal information, not even to girls he likes. I can't find it on here anymore