home.social

#compsec — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #compsec, aggregated by home.social.

  1. You Have Been LaTeXpOsEd: A Systematic Analysis of Information Leakage in Preprint Archives Using Large Language Models
    arxiv.org/abs/2510.03761

    Research uncovered thousands of personally identifiable information (PII) leaks, GPS-tagged EXIF files, publicly available Google Drive and Dropbox folders, editable private SharePoint links, exposed GitHub and Google credentials, and cloud API keys. They also uncovered confidential author communications, internal disagreements, and conference submission credentials, exposing information that poses serious reputational risks to both researchers and institutions.

    (Real-world credential leakages
    from comments are manually reviewed and verified)

    #netsec #compsec #science #research #arxiv

  2. @fesshole
    I guess it's all part of natural selection weeding out the idiots who go with default passwords.
    #compsec

  3. @pawanjswal
    On a related subject, has anyone else noticed that #Proton seem to be blocking their own Onion address today?!
    🤪
    #JustSaying #email #ProtonMail #compsec #comsec

  4. @pawanjswal
    On a related subject, has anyone else noticed that #Proton seem to be blocking their own Onion address today?!
    🤪
    #JustSaying #email #ProtonMail #compsec #comsec

  5. I think my mail greylisting saved me from a scam.

    I received lot of mails today about accounts someone supposedly created for my mail address on dozens of sites and about as many newsletter subscription confirmation mails.

    I also received two mails from PayPal, that a SEPA direct debit mandate had been confirmed. The PayPal mail arrived 8 minutes before the first of the flooded mails and 12 minutes before the last arrived.

    Obviously this flood was supposed to hide the PayPal mail.

    #compsec

  6. Hmmm ... 🤔

    Commercial Vehicle Electronic Logging Device (ELD) Security: Unmasking the Risk of Truck-to-Truck Cyber Worms [PDF] ndss-symposium.org/wp-content/ #paper #compsec #security #malware #ELD

  7. GTFOBins is a curated list of #Unix binaries that can be used to bypass local #security restrictions in misconfigured systems gtfobins.github.io/ #compsec

  8. maybe some #compsec #infosec people could weigh in on this, but wouldn't it be nice if you had a "stub" (for lack of a better word) which you append or prepend to all your password manager generated passwords, but which they didn't actually store?
    For example, let's say my password manager generates a new amazon password of pwd123, but I append Wink69 to all my passwords, so I tell amazon that my actual password is pwd123Wink69.
    If my password vault is compromised (looking at no-one in 1/n

  9. Is the concern over TikTok and nefarious use by China a serious concern? Is the danger more, less or the same as any other privately-owned social media platform?
    #TikTok
    #Biden
    #China
    #Technology
    #compsec

  10. hey #infosec people, One area not getting the same coverage from the other site are national certs. I can see the EU's mastodon.ie/@[email protected] but not having luck locating any others. If you know of any then perhaps leave a reply with a link. Much appreciated. #cyber #compsec #infosec #CERT #nationalCyber

  11. "Cyber-liability insurance comes with a catch, however: It may make you more vulnerable to a ransomware attack. When cyber-criminals target cyber-insurance companies, they then have access to a list of their insured clients, which cyber-criminals can then use to their advantage to demand a ransom payment that mirrors the limit of a company’s coverage."

    "Attacker Target Selection" at:

    cs.columbia.edu/~smb/blog/2021

    #compsec