toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

258
active users

#securityrisks

0 posts0 participants0 posts today

Thursday, July 10, 2025

In historic feat, Ukraine’s 3rd Brigade captures Russian troops using only drones and robots — Ukraine detains Chinese spies tasked with stealing Neptune missile technology — Kremlin exacts loyalty amid tightening crackdown on Russian elite — Hegseth reportedly authorized Ukraine weapons shipment pause without informing White House … and more

activitypub.writeworks.uk/2025

Gary Marcus’ most recent substack included this long tweet, detailing how an AI agent was easily jailbreaked to plan for and hire a hitman on the dark web. It was a red team hacking exercise performed in a safe environment so no harm done — but releasing AI agents carries enormous risks. This needs to be regulated massively.
#generativeAI #SecurityRisks

open.substack.com/pub/garymarc

(Text of tweet in next two toots since it is so long)

Replied in thread

@axios : I would have boosted your toot if it had not contained a t.co link.

Using URL shorteners leads to unneccesary privacy risks for internet users, while they *and you* have no warranties that each clicking user will actually be forwarded to your website.

Mastodon excellently truncates URL's. Below I've changed https into hxxps to prevent Mastodon from truncating it (and making it clickable) in 1), while following 2) is the original URL:

1) hxxps://www.axios.com/2024/09/18/hezbollah-pager-explosions-israel-suspicions
2) axios.com/2024/09/18/hezbollah

Please stop using URL-shorteners on Mastodon, or risk getting muted or even blocked by security/privacy aware readers.

Axios · Israel conducted Lebanon pager attack fearing Hezbollah was onto the operationBy Barak Ravid
Replied in thread

@kasperd : using Windows for sensitive tasks poses *way* more security risks than doing that on smartphones.

Side note: I've been trying to secure Windows desktops and servers for more than 25 years, and I can tell you this: YOU CAN'T. It's a huge legacy mess exposing an enormous attack surface. Properly fixing things would break too much. No way that throwing ISO 27k* at it will help - those are not even different worlds, but rather distant solar systems.

For most people, even using a Linux distro for critical tasks means taking more security risks than if they'd use a smartphone to do that.

On smartphones, users can still do stupid things, but -because of app separation- it is usually not the OS that introduces most security risks. Those risks are concentrated around installing apps with too many privileges (aka permissions) "to break the basic rules", such as required by RAT's (Remote Access Tools) like TeamViewer and AnyDesk.

Even knowing that there will always be risks that we're not (yet) aware of: in particular for ordinary users, Android and iOS significantly reduce risks compared to "desktop" operating systems.

Having said all that, IMO the risks of letting a smartphone represent our full identity is insane (such as when using eID/EDIW/EUDIW). Not primarily smartphones are to blame for that, but the internet is.

Authenticating mandates fully trusting the party that verifies and confirms your identity (*). The first step for trust is exactly knowing *which party* is verifying your identity. On the current internet, for most users it is impossible to distinguish between fake and authentic parties.

(*) For three reasons:
1) They won't let anyone in who claims to be you;
2) They won't, as an AitM, abuse your identity and verification data to authenticate as you elsewhere;
3) They *really* protect, and remove ASAP, all verification data immediately the verification took place (404media.co/id-verification-se).

404 Media · ID Verification Service for TikTok, Uber, X Exposed Driver LicensesAs social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.
Replied in thread

@stratosphere : it does not work, therefore it is misleading - just making things worse.

shouldiclick.org/?https%3A%2F%

says:
——
Submitted URL: bu-nq-regelen-nl.com/
Effective URL: google.com/

You can click!
——
Bunq is a Dutch bank. If you click the link from a Dutch IP adress, your browser is *NOT* redirected to Google.

Check virustotal.com/gui/domain/bu-n
and, in particular, virustotal.com/gui/ip-address/ (#91.215.85.79 : 12/90)

Please stop spamming us a DANGEROUSLY MISLEADING service.

www.shouldiclick.orgShould I click on a link? Protecting people from Cyber Attacks on the Web

⚡️ Risk Analyst Update: Emmanuel Macron's arrival in Tel Aviv amid the Israel-Hamas conflict suggests increasing diplomatic involvement. While Israel's ground response is awaited, tensions rise as 35 American university associations criticize Israel's treatment of Palestinians, labeling it an "apartheid regime." Ongoing encirclement maneuvers near Donetsk pose additional security concerns. #IsraelHamasWar #DiplomaticEngagement #SecurityRisks riskmap.com/incidents/1938248/

⚡️ Update: 23 soldiers killed, 10 injured in an ISIS attack on a military bus in Deir Ezzor, Syria. The number of fatalities expected to rise. ISIS still has active cells, particularly in the central Badia deserts. Russian air support aids Syrian army in anti-terrorism operations. In 2023, at least 402 people have died in militant ambushes and military operations in the desert region. #Syria #ISIS #securityrisks riskmap.com/incidents/1877918/