Posts by Guy de Loimbard

FFS.... basics

I've seen WordPress compromised repeatedly.

The moment you hand a CMS to a non technical team, there will be issues.

The maintenance and upkeep is ignored as let's be honest, how much change will a surgery operating under an NHS domain really need?

Do they really need something like Wordpress to tell the octogenarians that don't use the website how to get their prescriptions this week?

Business needs and an impact analysis would help.

I'm all for citizen developers, but once they've mastered security (never going to happen) then give them the keys to the kingdom, or give them a much more secure and watered down access to WP. i.e here's how you update the one page you'll need to tweak.

Ihren Ausweis, bitte

That is all.

I also note this statement from the article: ""Should the recently announced introduction of ID cards achieve universal coverage....." So it's a done deal is it?

So what is the point in this "consultation" apart from playing some weird theatrical act and of course, relieving the treasury of more taxpayer money.

Security Theatre and posturing

Yet more BS from that side of the pond's administration.

Reminds me of some of the bone sound bites you hear from political parties this side of the pond to point score on the run up to what ever local or national elections are coming.

I would like to think, that when this "idea" was started, it was with the best of intentions, but poorly executed, or I'm just really optimistic/naive :)

Well, if there's one thing I've learned over the last 10 or so years

Is that the EU is getting better at defining regulatory frameworks that appear, at least on the surface, to be well thought out.

Delivery of said regulations and actual policing/compliance checks are another matter all together.

The hyperscalers will see this as a threat and will likely do what they are good at, bluff, bluster, market, obfuscate etc., to maintain dominance.

Also, be wary of any European sovereign provider being bought out by VC/PE.

This will be an ongoing battle, perhaps a worthwhile one, it wouldn't hurt the rest of the planet to be less reliant on North American tech.

Surely some attack surface management

Would be well deployed here, if you have that much being flung at your organisation, you'd better be looking at why so much of your shite is online when it doesn't need to be.

Still, it wouldn't be a week on this planet without some article or another broadcasting AI nonsense "AI this and that.....AI was good... AI is coming for you" etcetera.

Read the article, didn't really see the point and also, give some details as to how, not more AI tech bro speak, such as Agentic AI tools.....

Also, this one guy is suggesting he's got more capability, funding and horsepower for a small army of "AI" gurus, than all the security vendors out there? Colour me pink if it's not so!?

Good intention perhaps

But the devil will be in the detail for any legal implementation.

It's a very strange area, we are dealing with multiple challenges and issues, not least the one being we've got scammers aplenty who are giving this the broadside approach and then clinging to any mark that seems to be drawn into the scam.

It's an ever moving set of rules and goalposts.

Whilst banks are very much loaded with cash, is it always the banks fault that a scammer has worked on their system to steal funds from a poor unsuspecting victim?

As soon as you put a control in place to deal with something, then the miscreant n'er do well, will work out a method to get around it.

Much like electricity and water, the thief will take the path of least resistance.

From the department of "what could possibly go wrong?"

You're not wrong there!!

Understandably most OS owners and operators will be jumping for joy at the prospect of completely stable and no risk patches being auto applied......

As you say What Could Possibly Go Wrong!!!

There's a lot to be said

For invoking societal convention.

A lot of these operators carry out these shitty scams, as they believe they will not be caught, but a huge angle on this as the Politie have pointed out, is the fact that they don't expect to be identified.

Shame is a good motivator, assuming one has been brought up in a society with a reasonable moral compass, covering what it believes to be right, or wrong.

I'm sure a wager would come up trumps betting that those societal norms don't cover ripping off your elderly neighbours, or cover off robbing your own grandmother.

Be interesting to see what comes of this deadline from the Nederlandse Politie.

An actual post about AI that's useful

I for one, am pleasantly surprised about the usefulness of this operational application of AI.

I wonder how much "Compute" was used, or how many Nuclear Power Plants came online to provide the necessary GWs?

Also, kudos to the cretin for outlining all the TTPs in use.

AI security company Irregular.....

I wonder how many of these AI Security Companies are sprouting up and how exactly does one create an AI Security company?

Is there a correlation against the number of "Security" companies per, say, the 100s of AI/LLMs that have been created?

I wonder if we can get a specific ratio?

There must be a load of tech bro's realising there's another revenue stream....?

India’s citizens seeing AI as “an enabler of opportunity..."

Really?

I think there's a few more existential things some of its citizens are thinking about, and I bet it's not AI.

Is anyone else tired of this "willy waving" in public of how much is being spent, or how much compute is available or how many GWs of power it's going to piss into the ether?

I mean FFS, with all the incredibly more important things going on in the world, solar system, galaxy, universe etc.... do we really think this is the only thing happening right now?

Bahhhhh!

Just wait for the

declaration that its LLM/AI thing "accidentally" trained on your research.....

We so sorry, here have some meaningless token of that fact we don't give a shit and we're too big to care about you little people!

author claims makes the "update process robust and effectively unexploitable."

Be careful with opening lines like that!

I'm sure there are one or two miscreants that would like to test that theory out, just for the kudos if they can prove the opposite!

You'd like to think

You should be able to maintain Sovereignty of the military hardware you purchase, particularly in these extremely software heavy defence tools, like aircraft.

I'd imagine, if you can't build your own kit, the one thing you should be able to do is control how it operates without some lunatic at the helm being able to turn it off on a whim, surely?

I for one would be looking to do that on pretty much any deal that involved buying kit from another nation, because, as we've just seen, an ally can turn into something not quite that, in a short tantrum or two.

The beauty of recorded minutes and accounts

Is that you can't change what was said.

You can of course, ask for an addendum, addition, footnote, call it what you will, but you can't erase what was said, just because you're not keen on the content some time later.

FFS!!

"...Time and again, leaders have looked the other way, only re-arming when disaster is upon them..."

Excuse me?

Isn't that exactly what Starmer is doing?

I'm not going to focus solely on him or his party, as every consecutive government in the UK has mined and pillaged the Ministry of Defence, like it's a personal fund to do with what you want.

We're always going to be behind the curve as we've not invested and that new investment, if it actually arrives, in actual material improvements for our troops, will be years, if not decades away from that Münchner Konferenz soundbite!

FFS, just get on a deliver, stop talking and take some bloody action.

This vvvv

"You must've activated my key fob!"

"Seriously? It's got less range than Ashton Kutcher.....

That, nearly had coffee spat across my laptop as I read!

Well played author, well played indeed!

Pint on me===>